syzbot


memory leak in h5_rx_pkt_start

Status: fixed on 2021/03/10 01:48
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com
Fix commit: 70f259a3f427 Bluetooth: hci_h5: close serdev device and free hu in h5_close 855af2d74c87 Bluetooth: hci_h5: fix memory leak in h5_close
First crash: 1849d, last: 1505d
Discussions (13)
Title Replies (including bot) Last reply
[PATCH 5.4 00/47] 5.4.87-rc1 review 58 (58) 2021/02/26 14:21
[PATCH 5.10 00/63] 5.10.5-rc1 review 75 (75) 2021/01/07 08:13
[PATCH 4.19 00/35] 4.19.165-rc1 review 44 (44) 2021/01/06 13:46
[PATCH 4.19 00/29] 4.19.165-rc2 review 36 (36) 2021/01/06 13:46
[PATCH 5.10 000/717] 5.10.4-rc1 review 747 (747) 2021/01/05 16:41
[PATCH 4.19 000/346] 4.19.164-rc1 review 356 (356) 2021/01/02 11:29
[PATCH 5.4 000/453] 5.4.86-rc1 review 465 (465) 2020/12/30 09:22
[PATCH v5] bluetooth: hci_h5: fix memory leak in h5_close 3 (3) 2020/11/09 13:04
[PATCH v4] bluetooth: hci_h5: fix memory leak in h5_close 4 (4) 2020/10/16 12:45
[Linux-kernel-mentees][PATCH v2] bluetooth: hci_h5: close serdev device and free hu in h5_close 8 (8) 2020/10/06 06:30
linux-next: Fixes tag needs some work in the bluetooth tree 2 (2) 2020/10/01 19:39
[Linux-kernel-mentees][PATCH] bluetooth: hci_h5: close serdev device and free hu in h5_close 3 (3) 2020/10/01 07:15
memory leak in h5_rx_pkt_start 0 (1) 2019/09/16 16:09
Last patch testing requests (11)
Created Duration User Patch Repo Result
2020/10/06 11:37 15m anant.thazhemadam@gmail.com patch upstream OK
2020/10/06 11:31 8m anant.thazhemadam@gmail.com upstream report log
2020/10/05 13:38 15m anant.thazhemadam@gmail.com patch upstream OK
2020/10/04 03:05 7m anant.thazhemadam@gmail.com upstream report log
2020/10/03 22:13 15m anant.thazhemadam@gmail.com patch upstream report log
2020/10/03 05:11 15m anant.thazhemadam@gmail.com patch upstream OK
2020/10/03 05:08 8m anant.thazhemadam@gmail.com upstream report log
2020/10/02 22:19 8m anant.thazhemadam@gmail.com patch upstream report log
2020/09/28 20:19 15m anant.thazhemadam@gmail.com patch upstream OK
2020/09/28 12:48 8m anant.thazhemadam@gmail.com upstream report log
2020/09/28 04:25 15m anant.thazhemadam@gmail.com patch upstream OK

Sample crash report:
BUG: memory leak
unreferenced object 0xffff8881171b8c00 (size 224):
  comm "syz-executor916", pid 6468, jiffies 4294953517 (age 25.760s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 e0 6b 18 81 88 ff ff 00 00 00 00 00 00 00 00  ..k.............
  backtrace:
    [<00000000ba5320d6>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
    [<00000000943712f1>] alloc_skb include/linux/skbuff.h:1085 [inline]
    [<00000000943712f1>] bt_skb_alloc include/net/bluetooth/bluetooth.h:389 [inline]
    [<00000000943712f1>] h5_rx_pkt_start+0x53/0x110 drivers/bluetooth/hci_h5.c:476
    [<000000002123baa4>] h5_recv+0x180/0x260 drivers/bluetooth/hci_h5.c:565
    [<00000000df4242f0>] hci_uart_tty_receive+0xae/0x230 drivers/bluetooth/hci_ldisc.c:613
    [<00000000a2f731b2>] tiocsti drivers/tty/tty_io.c:2196 [inline]
    [<00000000a2f731b2>] tty_ioctl+0x7ee/0xa30 drivers/tty/tty_io.c:2572
    [<00000000855a6035>] vfs_ioctl fs/ioctl.c:48 [inline]
    [<00000000855a6035>] __do_sys_ioctl fs/ioctl.c:753 [inline]
    [<00000000855a6035>] __se_sys_ioctl fs/ioctl.c:739 [inline]
    [<00000000855a6035>] __x64_sys_ioctl+0xd6/0x110 fs/ioctl.c:739
    [<00000000c66df643>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000035b289c5>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881171b8e00 (size 224):
  comm "syz-executor916", pid 6477, jiffies 4294953433 (age 29.510s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 c0 8d 19 81 88 ff ff 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000ba5320d6>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
    [<00000000943712f1>] alloc_skb include/linux/skbuff.h:1085 [inline]
    [<00000000943712f1>] bt_skb_alloc include/net/bluetooth/bluetooth.h:389 [inline]
    [<00000000943712f1>] h5_rx_pkt_start+0x53/0x110 drivers/bluetooth/hci_h5.c:476
    [<000000002123baa4>] h5_recv+0x180/0x260 drivers/bluetooth/hci_h5.c:565
    [<00000000df4242f0>] hci_uart_tty_receive+0xae/0x230 drivers/bluetooth/hci_ldisc.c:613
    [<00000000a2f731b2>] tiocsti drivers/tty/tty_io.c:2196 [inline]
    [<00000000a2f731b2>] tty_ioctl+0x7ee/0xa30 drivers/tty/tty_io.c:2572
    [<00000000855a6035>] vfs_ioctl fs/ioctl.c:48 [inline]
    [<00000000855a6035>] __do_sys_ioctl fs/ioctl.c:753 [inline]
    [<00000000855a6035>] __se_sys_ioctl fs/ioctl.c:739 [inline]
    [<00000000855a6035>] __x64_sys_ioctl+0xd6/0x110 fs/ioctl.c:739
    [<00000000c66df643>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000035b289c5>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881171b8c00 (size 224):
  comm "syz-executor916", pid 6468, jiffies 4294953517 (age 28.670s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 e0 6b 18 81 88 ff ff 00 00 00 00 00 00 00 00  ..k.............
  backtrace:
    [<00000000ba5320d6>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
    [<00000000943712f1>] alloc_skb include/linux/skbuff.h:1085 [inline]
    [<00000000943712f1>] bt_skb_alloc include/net/bluetooth/bluetooth.h:389 [inline]
    [<00000000943712f1>] h5_rx_pkt_start+0x53/0x110 drivers/bluetooth/hci_h5.c:476
    [<000000002123baa4>] h5_recv+0x180/0x260 drivers/bluetooth/hci_h5.c:565
    [<00000000df4242f0>] hci_uart_tty_receive+0xae/0x230 drivers/bluetooth/hci_ldisc.c:613
    [<00000000a2f731b2>] tiocsti drivers/tty/tty_io.c:2196 [inline]
    [<00000000a2f731b2>] tty_ioctl+0x7ee/0xa30 drivers/tty/tty_io.c:2572
    [<00000000855a6035>] vfs_ioctl fs/ioctl.c:48 [inline]
    [<00000000855a6035>] __do_sys_ioctl fs/ioctl.c:753 [inline]
    [<00000000855a6035>] __se_sys_ioctl fs/ioctl.c:739 [inline]
    [<00000000855a6035>] __x64_sys_ioctl+0xd6/0x110 fs/ioctl.c:739
    [<00000000c66df643>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000035b289c5>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881171b8e00 (size 224):
  comm "syz-executor916", pid 6477, jiffies 4294953433 (age 32.390s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 c0 8d 19 81 88 ff ff 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000ba5320d6>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
    [<00000000943712f1>] alloc_skb include/linux/skbuff.h:1085 [inline]
    [<00000000943712f1>] bt_skb_alloc include/net/bluetooth/bluetooth.h:389 [inline]
    [<00000000943712f1>] h5_rx_pkt_start+0x53/0x110 drivers/bluetooth/hci_h5.c:476
    [<000000002123baa4>] h5_recv+0x180/0x260 drivers/bluetooth/hci_h5.c:565
    [<00000000df4242f0>] hci_uart_tty_receive+0xae/0x230 drivers/bluetooth/hci_ldisc.c:613
    [<00000000a2f731b2>] tiocsti drivers/tty/tty_io.c:2196 [inline]
    [<00000000a2f731b2>] tty_ioctl+0x7ee/0xa30 drivers/tty/tty_io.c:2572
    [<00000000855a6035>] vfs_ioctl fs/ioctl.c:48 [inline]
    [<00000000855a6035>] __do_sys_ioctl fs/ioctl.c:753 [inline]
    [<00000000855a6035>] __se_sys_ioctl fs/ioctl.c:739 [inline]
    [<00000000855a6035>] __x64_sys_ioctl+0xd6/0x110 fs/ioctl.c:739
    [<00000000c66df643>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000035b289c5>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881171b8c00 (size 224):
  comm "syz-executor916", pid 6468, jiffies 4294953517 (age 31.550s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 e0 6b 18 81 88 ff ff 00 00 00 00 00 00 00 00  ..k.............
  backtrace:
    [<00000000ba5320d6>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
    [<00000000943712f1>] alloc_skb include/linux/skbuff.h:1085 [inline]
    [<00000000943712f1>] bt_skb_alloc include/net/bluetooth/bluetooth.h:389 [inline]
    [<00000000943712f1>] h5_rx_pkt_start+0x53/0x110 drivers/bluetooth/hci_h5.c:476
    [<000000002123baa4>] h5_recv+0x180/0x260 drivers/bluetooth/hci_h5.c:565
    [<00000000df4242f0>] hci_uart_tty_receive+0xae/0x230 drivers/bluetooth/hci_ldisc.c:613
    [<00000000a2f731b2>] tiocsti drivers/tty/tty_io.c:2196 [inline]
    [<00000000a2f731b2>] tty_ioctl+0x7ee/0xa30 drivers/tty/tty_io.c:2572
    [<00000000855a6035>] vfs_ioctl fs/ioctl.c:48 [inline]
    [<00000000855a6035>] __do_sys_ioctl fs/ioctl.c:753 [inline]
    [<00000000855a6035>] __se_sys_ioctl fs/ioctl.c:739 [inline]
    [<00000000855a6035>] __x64_sys_ioctl+0xd6/0x110 fs/ioctl.c:739
    [<00000000c66df643>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000035b289c5>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/08/25 00:34 upstream d012a7190fc1 67b599d1 .config console log report syz C ci-upstream-gce-leak
2020/03/30 06:18 upstream e595dd94515e 05736b29 .config console log report syz C ci-upstream-gce-leak
2020/01/26 14:08 upstream 2821e26f3a0a f4e7270e .config console log report syz C ci-upstream-gce-leak
2019/12/26 08:46 upstream 46cf053efec6 be5c2c81 .config console log report syz C ci-upstream-gce-leak
2019/09/15 03:18 upstream 1609d7604b84 32d59357 .config console log report syz C ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.