syzbot


memory leak in watch_queue_set_size

Status: upstream: reported C repro on 2022/03/26 18:43
Reported-by: syzbot+25ea042ae28f3888727a@syzkaller.appspotmail.com
Fix commit: b490207017ba watch_queue: Free the page array when watch_queue is dismantled
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 99d, last: 99d
Patch testing requests:
Created Duration User Patch Repo Result
2022/03/27 13:12 9m mail@anirudhrb.com patch upstream OK

Sample crash report:
Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff88810d9bc140 (size 32):
  comm "syz-executor335", pid 3603, jiffies 4294946994 (age 12.840s)
  hex dump (first 32 bytes):
    40 a7 40 04 00 ea ff ff 00 00 00 00 00 00 00 00  @.@.............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81459bff>] kmalloc_array include/linux/slab.h:621 [inline]
    [<ffffffff81459bff>] kcalloc include/linux/slab.h:652 [inline]
    [<ffffffff81459bff>] watch_queue_set_size+0x12f/0x2e0 kernel/watch_queue.c:251
    [<ffffffff8159fcf2>] pipe_ioctl+0x82/0x140 fs/pipe.c:632
    [<ffffffff815b601c>] vfs_ioctl fs/ioctl.c:51 [inline]
    [<ffffffff815b601c>] __do_sys_ioctl fs/ioctl.c:874 [inline]
    [<ffffffff815b601c>] __se_sys_ioctl fs/ioctl.c:860 [inline]
    [<ffffffff815b601c>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860
    [<ffffffff84493a05>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84493a05>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff88810d9b2440 (size 32):
  comm "syz-executor335", pid 3606, jiffies 4294947528 (age 7.500s)
  hex dump (first 32 bytes):
    40 4d 36 04 00 ea ff ff 00 00 00 00 00 00 00 00  @M6.............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81459bff>] kmalloc_array include/linux/slab.h:621 [inline]
    [<ffffffff81459bff>] kcalloc include/linux/slab.h:652 [inline]
    [<ffffffff81459bff>] watch_queue_set_size+0x12f/0x2e0 kernel/watch_queue.c:251
    [<ffffffff8159fcf2>] pipe_ioctl+0x82/0x140 fs/pipe.c:632
    [<ffffffff815b601c>] vfs_ioctl fs/ioctl.c:51 [inline]
    [<ffffffff815b601c>] __do_sys_ioctl fs/ioctl.c:874 [inline]
    [<ffffffff815b601c>] __se_sys_ioctl fs/ioctl.c:860 [inline]
    [<ffffffff815b601c>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860
    [<ffffffff84493a05>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84493a05>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae


Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2022/03/19 10:16 upstream 34e047aa16c0 e2d91b1d .config log report syz C memory leak in watch_queue_set_size