syzbot

 sign-in | mailing list | source | docs
🐞 Open [1166] 🐞 Fixed [4299] 🐞 Invalid [9646] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

memory leak in tty_init_dev

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+f303e045423e617d2cad@syzkaller.appspotmail.com
Fix commit: 58af3d3d54e8 net: caif: fix memory leak in ldisc_open
First crash: 1253d, last: 605d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in tty_init_dev (2) C 1 254d 250d 0/24 upstream: reported C repro on 2022/05/24 21:19
Last patch testing requests:
Created Duration User Patch Repo Result
2021/06/12 12:59 15m paskripkin@gmail.com patch upstream OK
2020/09/23 10:40 3m anant.thazhemadam@gmail.com upstream error

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88810b6a1c00 (size 1024):
  comm "syz-executor275", pid 8485, jiffies 4294949277 (age 13.800s)
  hex dump (first 32 bytes):
    01 54 00 00 01 00 00 00 00 cc 9c 42 81 88 ff ff  .T.........B....
    80 24 8c 42 81 88 ff ff a0 1a a3 84 ff ff ff ff  .$.B............
  backtrace:
    [<00000000b792389d>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000b792389d>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000b792389d>] alloc_tty_struct+0x3c/0x2e0 drivers/tty/tty_io.c:2987
    [<000000000483200f>] tty_init_dev.part.0+0x20/0x250 drivers/tty/tty_io.c:1335
    [<00000000c124343d>] tty_init_dev drivers/tty/tty_io.c:1979 [inline]
    [<00000000c124343d>] tty_open_by_driver drivers/tty/tty_io.c:1987 [inline]
    [<00000000c124343d>] tty_open+0x882/0xa20 drivers/tty/tty_io.c:2035
    [<00000000004c360e>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<00000000dcb15ca5>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<0000000071c204de>] do_open fs/namei.c:3254 [inline]
    [<0000000071c204de>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<0000000003c24a4a>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<000000003bc2b77f>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<00000000374986fc>] do_sys_open fs/open.c:1188 [inline]
    [<00000000374986fc>] __do_sys_openat fs/open.c:1204 [inline]
    [<00000000374986fc>] __se_sys_openat fs/open.c:1199 [inline]
    [<00000000374986fc>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<00000000d3bdaba6>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000010c109c7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810eff5c00 (size 1024):
  comm "syz-executor275", pid 8489, jiffies 4294949855 (age 8.020s)
  hex dump (first 32 bytes):
    01 54 00 00 01 00 00 00 00 cc 9c 42 81 88 ff ff  .T.........B....
    80 24 8c 42 81 88 ff ff a0 1a a3 84 ff ff ff ff  .$.B............
  backtrace:
    [<00000000b792389d>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000b792389d>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000b792389d>] alloc_tty_struct+0x3c/0x2e0 drivers/tty/tty_io.c:2987
    [<000000000483200f>] tty_init_dev.part.0+0x20/0x250 drivers/tty/tty_io.c:1335
    [<00000000c124343d>] tty_init_dev drivers/tty/tty_io.c:1979 [inline]
    [<00000000c124343d>] tty_open_by_driver drivers/tty/tty_io.c:1987 [inline]
    [<00000000c124343d>] tty_open+0x882/0xa20 drivers/tty/tty_io.c:2035
    [<00000000004c360e>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<00000000dcb15ca5>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<0000000071c204de>] do_open fs/namei.c:3254 [inline]
    [<0000000071c204de>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<0000000003c24a4a>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<000000003bc2b77f>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<00000000374986fc>] do_sys_open fs/open.c:1188 [inline]
    [<00000000374986fc>] __do_sys_openat fs/open.c:1204 [inline]
    [<00000000374986fc>] __se_sys_openat fs/open.c:1199 [inline]
    [<00000000374986fc>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<00000000d3bdaba6>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000010c109c7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

Crashes (9):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-leak 2021/01/17 17:16 upstream 0da0a8a0a0e1 813be542 .config console log report syz C memory leak in tty_init_dev
ci-upstream-gce-leak 2020/12/19 06:43 upstream a409ed156a90 04201c06 .config console log report syz C
ci-upstream-gce-leak 2019/10/31 05:58 upstream 320000e72ec0 a41ca8fa .config console log report syz C
ci-upstream-gce-leak 2019/08/25 19:38 upstream e67095fd2f72 d21c5d9d .config console log report syz C
ci-upstream-gce-leak 2021/06/03 17:34 upstream 324c92e5e0ee 0740de69 .config console log report syz memory leak in tty_init_dev
ci-upstream-gce-leak 2021/01/02 11:10 upstream eda809aef534 79264ae3 .config console log report syz
ci-upstream-gce-leak 2020/12/14 01:28 upstream 6bff9bb8a292 b22a7ec3 .config console log report syz
ci-upstream-gce-leak 2020/12/13 14:39 upstream 7b1b868e1d91 bca53db9 .config console log report syz
ci-upstream-gce-leak 2019/11/08 14:05 upstream 847120f859cc 1e35461e .config console log report syz
* Struck through repros no longer work on HEAD.