Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1174905pxb; Thu, 4 Mar 2021 05:24:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJwrvYThWaRkpX+xN18yj+WEHU7BW/w5ArLrjMZwEyZIikPtZzEfZj3g2LK/wekNcssWRGgx X-Received: by 2002:a17:907:c05:: with SMTP id ga5mr4096437ejc.380.1614864251383; Thu, 04 Mar 2021 05:24:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614864251; cv=none; d=google.com; s=arc-20160816; b=d9HEb8+nGCcAvd0Z8z0cLDi2+Lb/f8Caia0GWSbB82Lyf3Hk3g3Q8E/mcQKp/k/TD0 YN2eS4glkVP09hDTwUe+cnV69Vo8dMf3G4jRTXWzV72cMa+QeNxRhM5g/TCTW3Hr69yA JzXPGBNbc7yep/290eZXGebSNeU7if+yhXVKQi6aIFKymyveOuIvyxwbJsPQ5cMPezt1 9YJ8esTeEyYLgWO8qfJg/aDSl7q/1Hg8bmSQN29VLMQS+rACdbMhapKgLpa7hvkwO261 1n4hdHQcWpRAGL9mfewKPXFAo1iDQVXUqzANW+p0rV3ifcsaazSm/3AgfeetOU3UtTLA INXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:from:subject:message-id:in-reply-to:date :mime-version; bh=U0pQ8UeY3jjvyGIA/GmTExIy024e3Gh7t6G65nu29TY=; b=L+XsFvncIg3LzQ3tZmvNXfdj4ur7JXIOnUs515uqeg9/gcwkKfDQuIXaIWTBVhCJOn yeinZUX19vlNw7ORhEo3csf6uIOL+0KbLO5E+5yjcQPxjMHMR+4lSY+2iBz06EEjzZyN qUzJ8XPzn5v1bcEAz74q0ix6b2hyKUG97nHdvRGVAcUO3Ly7Y3FhdypKA54Tw4Ua4ciM T947GqGd2h7mTrcPvokIIm2dgNA224Wcbc5dcxpwQ+J1OM+vprwY0phXlLOItDOb91te RX0XaeVkK619k4PKviIl5DNyaxZWpbFfbWIJLB4HTJGQzx69SbsVkxxFf2z6gQ+b/+Ek h/pg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t4si3486976ejd.376.2021.03.04.05.23.47; Thu, 04 Mar 2021 05:24:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1355014AbhCDAJy (ORCPT + 99 others); Wed, 3 Mar 2021 19:09:54 -0500 Received: from mail-il1-f198.google.com ([209.85.166.198]:55585 "EHLO mail-il1-f198.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377179AbhCCWYr (ORCPT ); Wed, 3 Mar 2021 17:24:47 -0500 Received: by mail-il1-f198.google.com with SMTP id f2so18874526ils.22 for ; Wed, 03 Mar 2021 14:24:29 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:in-reply-to:message-id:subject :from:to; bh=U0pQ8UeY3jjvyGIA/GmTExIy024e3Gh7t6G65nu29TY=; b=XfOOaMNTy/0NzdxhJ/QTjmd4BZ7yVD9rt28C7YvPfkDeh3MFd1DCU6Ic8YFRbs7Ew2 6T5CBQwXaJD4x9KkEIOmhyRiUZ7k6VVNCeYWZ6ikOQrTcDKYDC+4pSZb11SGTzfS+R1s uKRhsKoDaQ2xrtm4xnhPiuC9FePCkhjbiIezartVvTlt0Da0VKfmLg3/nhpucA7jX0c3 nNdbkRJLquCs3DEUl3wUoqiHu8J0pbMDaAYEeTDrdxMBQZqTzFqHmwC7gA3K4kIpfyva iJc3nL71yCMYmBz+bFbyEDynXVeqlw3Qm1HOewiNcpTpV81PRvX2LDIVlu1himYozXdE W8Bg== X-Gm-Message-State: AOAM531XBk3M6ckpf2tr0ae8TsXI2mPMnX4/P1ccJ5m3PeAp8Oaqxcpa fOqPeNAluRV3GbD7qGcaZniCHklgU0q7cScIIJtOO0Ky9TKh MIME-Version: 1.0 X-Received: by 2002:a05:6e02:c7:: with SMTP id r7mr1408691ilq.288.1614810244587; Wed, 03 Mar 2021 14:24:04 -0800 (PST) Date: Wed, 03 Mar 2021 14:24:04 -0800 In-Reply-To: X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <00000000000002261d05bca94f7b@google.com> Subject: Re: memory leak in io_submit_sqes (2) From: syzbot To: asml.silence@gmail.com, axboe@kernel.dk, io-uring@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: memory leak in io_submit_sqes BUG: memory leak unreferenced object 0xffff88811043cc00 (size 232): comm "syz-executor.0", pid 10595, jiffies 4294944973 (age 10.850s) hex dump (first 32 bytes): 00 f0 40 10 81 88 ff ff 00 00 00 00 00 00 00 00 ..@............. 00 7a 5f 81 ff ff ff ff 00 00 00 00 00 00 00 00 .z_............. backtrace: [<000000005cfa592c>] io_alloc_req fs/io_uring.c:1610 [inline] [<000000005cfa592c>] io_submit_sqes+0x7ae/0x22f0 fs/io_uring.c:6518 [<00000000bffe23f4>] __do_sys_io_uring_enter+0x857/0x10c0 fs/io_uring.c:9108 [<000000002e2222f2>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 [<000000005e5fec34>] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff888124dd1300 (size 256): comm "syz-executor.0", pid 10595, jiffies 4294944973 (age 10.850s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000099ea7aac>] kmalloc include/linux/slab.h:559 [inline] [<0000000099ea7aac>] __io_alloc_async_data fs/io_uring.c:3060 [inline] [<0000000099ea7aac>] io_setup_async_rw fs/io_uring.c:3079 [inline] [<0000000099ea7aac>] io_setup_async_rw+0xa3/0x1e0 fs/io_uring.c:3072 [<0000000002d951db>] io_read+0x1fe/0x560 fs/io_uring.c:3257 [<00000000ca56953d>] io_issue_sqe+0x18d/0x23e0 fs/io_uring.c:5933 [<00000000a5a737fd>] __io_queue_sqe+0x9a/0x4f0 fs/io_uring.c:6200 [<00000000af920b23>] io_queue_sqe+0x361/0x560 fs/io_uring.c:6253 [<00000000deecb73d>] io_submit_sqe fs/io_uring.c:6417 [inline] [<00000000deecb73d>] io_submit_sqes+0x1fc1/0x22f0 fs/io_uring.c:6531 [<00000000bffe23f4>] __do_sys_io_uring_enter+0x857/0x10c0 fs/io_uring.c:9108 [<000000002e2222f2>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 [<000000005e5fec34>] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff88810d21fa00 (size 232): comm "syz-executor.0", pid 10613, jiffies 4294944997 (age 10.610s) hex dump (first 32 bytes): 00 47 b1 11 81 88 ff ff 00 00 00 00 00 00 00 00 .G.............. 00 7a 5f 81 ff ff ff ff 00 00 00 00 00 00 00 00 .z_............. backtrace: [<000000005cfa592c>] io_alloc_req fs/io_uring.c:1610 [inline] [<000000005cfa592c>] io_submit_sqes+0x7ae/0x22f0 fs/io_uring.c:6518 [<00000000bffe23f4>] __do_sys_io_uring_enter+0x857/0x10c0 fs/io_uring.c:9108 [<000000002e2222f2>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 [<000000005e5fec34>] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff888124e98500 (size 256): comm "syz-executor.0", pid 10613, jiffies 4294944997 (age 10.610s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000099ea7aac>] kmalloc include/linux/slab.h:559 [inline] [<0000000099ea7aac>] __io_alloc_async_data fs/io_uring.c:3060 [inline] [<0000000099ea7aac>] io_setup_async_rw fs/io_uring.c:3079 [inline] [<0000000099ea7aac>] io_setup_async_rw+0xa3/0x1e0 fs/io_uring.c:3072 [<0000000002d951db>] io_read+0x1fe/0x560 fs/io_uring.c:3257 [<00000000ca56953d>] io_issue_sqe+0x18d/0x23e0 fs/io_uring.c:5933 [<00000000a5a737fd>] __io_queue_sqe+0x9a/0x4f0 fs/io_uring.c:6200 [<00000000af920b23>] io_queue_sqe+0x361/0x560 fs/io_uring.c:6253 [<00000000deecb73d>] io_submit_sqe fs/io_uring.c:6417 [inline] [<00000000deecb73d>] io_submit_sqes+0x1fc1/0x22f0 fs/io_uring.c:6531 [<00000000bffe23f4>] __do_sys_io_uring_enter+0x857/0x10c0 fs/io_uring.c:9108 [<000000002e2222f2>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 [<000000005e5fec34>] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff88810edcff00 (size 232): comm "syz-executor.0", pid 10633, jiffies 4294945010 (age 10.480s) hex dump (first 32 bytes): 00 99 b3 11 81 88 ff ff 00 00 00 00 00 00 00 00 ................ 00 7a 5f 81 ff ff ff ff 00 00 00 00 00 00 00 00 .z_............. backtrace: [<000000005cfa592c>] io_alloc_req fs/io_uring.c:1610 [inline] [<000000005cfa592c>] io_submit_sqes+0x7ae/0x22f0 fs/io_uring.c:6518 [<00000000bffe23f4>] __do_sys_io_uring_enter+0x857/0x10c0 fs/io_uring.c:9108 [<000000002e2222f2>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 [<000000005e5fec34>] entry_SYSCALL_64_after_hwframe+0x44/0xae BUG: memory leak unreferenced object 0xffff888124c06300 (size 256): comm "syz-executor.0", pid 10633, jiffies 4294945010 (age 10.480s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000099ea7aac>] kmalloc include/linux/slab.h:559 [inline] [<0000000099ea7aac>] __io_alloc_async_data fs/io_uring.c:3060 [inline] [<0000000099ea7aac>] io_setup_async_rw fs/io_uring.c:3079 [inline] [<0000000099ea7aac>] io_setup_async_rw+0xa3/0x1e0 fs/io_uring.c:3072 [<0000000002d951db>] io_read+0x1fe/0x560 fs/io_uring.c:3257 [<00000000ca56953d>] io_issue_sqe+0x18d/0x23e0 fs/io_uring.c:5933 [<00000000a5a737fd>] __io_queue_sqe+0x9a/0x4f0 fs/io_uring.c:6200 [<00000000af920b23>] io_queue_sqe+0x361/0x560 fs/io_uring.c:6253 [<00000000deecb73d>] io_submit_sqe fs/io_uring.c:6417 [inline] [<00000000deecb73d>] io_submit_sqes+0x1fc1/0x22f0 fs/io_uring.c:6531 [<00000000bffe23f4>] __do_sys_io_uring_enter+0x857/0x10c0 fs/io_uring.c:9108 [<000000002e2222f2>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 [<000000005e5fec34>] entry_SYSCALL_64_after_hwframe+0x44/0xae Tested on: commit: 4f766d6f io_uring: ensure that threads freeze on suspend git tree: git://git.kernel.dk/linux-block io_uring-5.12 console output: https://syzkaller.appspot.com/x/log.txt?x=143ce02ad00000 kernel config: https://syzkaller.appspot.com/x/.config?x=c43bda1f1543d72b dashboard link: https://syzkaller.appspot.com/bug?extid=91b4b56ead187d35c9d3 compiler: