syzbot


memory leak in fbcon_set_font (2)

Status: upstream: reported C repro on 2022/12/05 04:34
Reported-by: syzbot+25bdb7b1703639abd498@syzkaller.appspotmail.com
Fix commit: 3c3bfb8586f8 fbdev: fbcon: release buffer when fbcon_do_set_font() failed
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 62d, last: 62d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in fbcon_set_font C 1 753d 752d 0/24 auto-obsoleted due to no activity on 2022/10/03 19:40
Last patch testing requests:
Created Duration User Patch Repo Result
2022/12/05 10:56 16m penguin-kernel@i-love.sakura.ne.jp patch upstream OK log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888111648000 (size 18448):
  comm "syz-executor148", pid 3653, jiffies 4294970435 (age 13.520s)
  hex dump (first 32 bytes):
    85 44 7e c7 00 00 00 00 00 48 00 00 00 00 00 00  .D~......H......
    92 30 86 d2 8c 38 30 9e e7 a3 05 00 9f 09 33 bb  .0...80.......3.
  backtrace:
    [<ffffffff814ee6d3>] __do_kmalloc_node mm/slab_common.c:943 [inline]
    [<ffffffff814ee6d3>] __kmalloc+0xb3/0x120 mm/slab_common.c:968
    [<ffffffff8250c359>] kmalloc include/linux/slab.h:558 [inline]
    [<ffffffff8250c359>] fbcon_set_font+0x1a9/0x470 drivers/video/fbdev/core/fbcon.c:2508
    [<ffffffff8262cd59>] con_font_set drivers/tty/vt/vt.c:4667 [inline]
    [<ffffffff8262cd59>] con_font_op+0x3a9/0x600 drivers/tty/vt/vt.c:4713
    [<ffffffff82618e3d>] vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline]
    [<ffffffff82618e3d>] vt_ioctl+0x14fd/0x1a80 drivers/tty/vt/vt_ioctl.c:752
    [<ffffffff825fdaf5>] tty_ioctl+0x6d5/0xbe0 drivers/tty/tty_io.c:2771
    [<ffffffff816200bc>] vfs_ioctl fs/ioctl.c:51 [inline]
    [<ffffffff816200bc>] __do_sys_ioctl fs/ioctl.c:870 [inline]
    [<ffffffff816200bc>] __se_sys_ioctl fs/ioctl.c:856 [inline]
    [<ffffffff816200bc>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:856
    [<ffffffff8485c5e5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff8485c5e5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff888110b18000 (size 18448):
  comm "syz-executor148", pid 3655, jiffies 4294971001 (age 7.860s)
  hex dump (first 32 bytes):
    85 44 7e c7 00 00 00 00 00 48 00 00 00 00 00 00  .D~......H......
    92 30 86 d2 8c 38 30 9e e7 a3 05 00 9f 09 33 bb  .0...80.......3.
  backtrace:
    [<ffffffff814ee6d3>] __do_kmalloc_node mm/slab_common.c:943 [inline]
    [<ffffffff814ee6d3>] __kmalloc+0xb3/0x120 mm/slab_common.c:968
    [<ffffffff8250c359>] kmalloc include/linux/slab.h:558 [inline]
    [<ffffffff8250c359>] fbcon_set_font+0x1a9/0x470 drivers/video/fbdev/core/fbcon.c:2508
    [<ffffffff8262cd59>] con_font_set drivers/tty/vt/vt.c:4667 [inline]
    [<ffffffff8262cd59>] con_font_op+0x3a9/0x600 drivers/tty/vt/vt.c:4713
    [<ffffffff82618e3d>] vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline]
    [<ffffffff82618e3d>] vt_ioctl+0x14fd/0x1a80 drivers/tty/vt/vt_ioctl.c:752
    [<ffffffff825fdaf5>] tty_ioctl+0x6d5/0xbe0 drivers/tty/tty_io.c:2771
    [<ffffffff816200bc>] vfs_ioctl fs/ioctl.c:51 [inline]
    [<ffffffff816200bc>] __do_sys_ioctl fs/ioctl.c:870 [inline]
    [<ffffffff816200bc>] __se_sys_ioctl fs/ioctl.c:856 [inline]
    [<ffffffff816200bc>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:856
    [<ffffffff8485c5e5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff8485c5e5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-leak 2022/12/04 20:31 upstream c2bf05db6c78 e080de16 .config console log report syz C [disk image] [vmlinux] [kernel image] memory leak in fbcon_set_font
* Struck through repros no longer work on HEAD.