memory leak in qrtr_tun

memory leak in qrtr_tun_open
Status: upstream: reported C repro on 2020/11/25 02:05
Reported-by: syzbot+5d6e4af21385f5cfc56a@syzkaller.appspotmail.com
Fix commit: fc0494ea net: qrtr: Fix memory leak in qrtr_tun_open
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32 ci-upstream-bpf-next-kasan-gce ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-net-kasan-gce]
First crash: 106d, last: 58d

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/02/07 06:27	16m	jeliantsurux@gmail.com	patch	https://github.com/google/kasan.git b8323f72	OK
2021/01/03 12:10	14m	jeliantsurux@gmail.com	patch	https://github.com/google/kasan.git 509a1542	report log

Sample crash report:

BUG: memory leak
unreferenced object 0xffff88810de80580 (size 64):
  comm "syz-executor537", pid 8473, jiffies 4294964413 (age 17.490s)
  hex dump (first 32 bytes):
    30 e2 07 84 ff ff ff ff 00 00 00 00 00 00 00 00  0...............
    90 05 e8 0d 81 88 ff ff 90 05 e8 0d 81 88 ff ff  ................
  backtrace:
    [<00000000e0732b97>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000e0732b97>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000e0732b97>] qrtr_tun_open+0x22/0x90 net/qrtr/tun.c:35
    [<000000008b62c2fb>] misc_open+0x19c/0x1e0 drivers/char/misc.c:141
    [<000000009078b23a>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<0000000039d2b995>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<00000000d767c294>] do_open fs/namei.c:3254 [inline]
    [<00000000d767c294>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<00000000b7a038ec>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<00000000239e7ec7>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<0000000044ae1540>] do_sys_open fs/open.c:1188 [inline]
    [<0000000044ae1540>] __do_sys_openat fs/open.c:1204 [inline]
    [<0000000044ae1540>] __se_sys_openat fs/open.c:1199 [inline]
    [<0000000044ae1540>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<000000000dd5320d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000003fb8326b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810dcf1ac0 (size 64):
  comm "syz-executor537", pid 8474, jiffies 4294964438 (age 17.240s)
  hex dump (first 32 bytes):
    30 e2 07 84 ff ff ff ff 00 00 00 00 00 00 00 00  0...............
    d0 1a cf 0d 81 88 ff ff d0 1a cf 0d 81 88 ff ff  ................
  backtrace:
    [<00000000e0732b97>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000e0732b97>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000e0732b97>] qrtr_tun_open+0x22/0x90 net/qrtr/tun.c:35
    [<000000008b62c2fb>] misc_open+0x19c/0x1e0 drivers/char/misc.c:141
    [<000000009078b23a>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<0000000039d2b995>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<00000000d767c294>] do_open fs/namei.c:3254 [inline]
    [<00000000d767c294>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<00000000b7a038ec>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<00000000239e7ec7>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<0000000044ae1540>] do_sys_open fs/open.c:1188 [inline]
    [<0000000044ae1540>] __do_sys_openat fs/open.c:1204 [inline]
    [<0000000044ae1540>] __se_sys_openat fs/open.c:1199 [inline]
    [<0000000044ae1540>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<000000000dd5320d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000003fb8326b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810dcf1f80 (size 64):
  comm "syz-executor537", pid 8476, jiffies 4294964465 (age 16.970s)
  hex dump (first 32 bytes):
    30 e2 07 84 ff ff ff ff 00 00 00 00 00 00 00 00  0...............
    90 1f cf 0d 81 88 ff ff 90 1f cf 0d 81 88 ff ff  ................
  backtrace:
    [<00000000e0732b97>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000e0732b97>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000e0732b97>] qrtr_tun_open+0x22/0x90 net/qrtr/tun.c:35
    [<000000008b62c2fb>] misc_open+0x19c/0x1e0 drivers/char/misc.c:141
    [<000000009078b23a>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<0000000039d2b995>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<00000000d767c294>] do_open fs/namei.c:3254 [inline]
    [<00000000d767c294>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<00000000b7a038ec>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<00000000239e7ec7>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<0000000044ae1540>] do_sys_open fs/open.c:1188 [inline]
    [<0000000044ae1540>] __do_sys_openat fs/open.c:1204 [inline]
    [<0000000044ae1540>] __se_sys_openat fs/open.c:1199 [inline]
    [<0000000044ae1540>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<000000000dd5320d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000003fb8326b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810de805c0 (size 64):
  comm "syz-executor537", pid 8477, jiffies 4294964490 (age 16.720s)
  hex dump (first 32 bytes):
    30 e2 07 84 ff ff ff ff 00 00 00 00 00 00 00 00  0...............
    d0 05 e8 0d 81 88 ff ff d0 05 e8 0d 81 88 ff ff  ................
  backtrace:
    [<00000000e0732b97>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000e0732b97>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000e0732b97>] qrtr_tun_open+0x22/0x90 net/qrtr/tun.c:35
    [<000000008b62c2fb>] misc_open+0x19c/0x1e0 drivers/char/misc.c:141
    [<000000009078b23a>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<0000000039d2b995>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<00000000d767c294>] do_open fs/namei.c:3254 [inline]
    [<00000000d767c294>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<00000000b7a038ec>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<00000000239e7ec7>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<0000000044ae1540>] do_sys_open fs/open.c:1188 [inline]
    [<0000000044ae1540>] __do_sys_openat fs/open.c:1204 [inline]
    [<0000000044ae1540>] __se_sys_openat fs/open.c:1199 [inline]
    [<0000000044ae1540>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<000000000dd5320d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000003fb8326b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810dcf1f40 (size 64):
  comm "syz-executor537", pid 8475, jiffies 4294964515 (age 16.470s)
  hex dump (first 32 bytes):
    30 e2 07 84 ff ff ff ff 00 00 00 00 00 00 00 00  0...............
    50 1f cf 0d 81 88 ff ff 50 1f cf 0d 81 88 ff ff  P.......P.......
  backtrace:
    [<00000000e0732b97>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000e0732b97>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000e0732b97>] qrtr_tun_open+0x22/0x90 net/qrtr/tun.c:35
    [<000000008b62c2fb>] misc_open+0x19c/0x1e0 drivers/char/misc.c:141
    [<000000009078b23a>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<0000000039d2b995>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<00000000d767c294>] do_open fs/namei.c:3254 [inline]
    [<00000000d767c294>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<00000000b7a038ec>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<00000000239e7ec7>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<0000000044ae1540>] do_sys_open fs/open.c:1188 [inline]
    [<0000000044ae1540>] __do_sys_openat fs/open.c:1204 [inline]
    [<0000000044ae1540>] __se_sys_openat fs/open.c:1199 [inline]
    [<0000000044ae1540>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<000000000dd5320d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000003fb8326b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
executing program
executing program
executing program
executing program
executing program
executing program
executing program
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address

Crashes (4):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-gce-leak	2021/01/08 09:34	upstream	f5e6c330	c104d4a3	.config	log	report	syz	C
ci-upstream-gce-leak	2020/12/25 18:22	upstream	71c5f031	b982b3ea	.config	log	report	syz	C
ci-upstream-gce-leak	2020/12/02 22:17	upstream	509a1542	8c9190ef	.config	log	report	syz	C
ci-upstream-gce-leak	2020/11/21 01:59	upstream	4d02da97	740ff461	.config	log	report	syz	C