syzbot


memory leak in qrtr_tun_open

Status: fixed on 2021/04/09 19:46
Subsystems: arm-msm net
[Documentation on labels]
Reported-by: syzbot+5d6e4af21385f5cfc56a@syzkaller.appspotmail.com
Fix commit: fc0494ead639 net: qrtr: Fix memory leak in qrtr_tun_open
First crash: 1214d, last: 1166d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 4.19 000/247] 4.19.178-rc1 review 277 (277) 2022/03/02 15:52
[PATCH 5.10 000/663] 5.10.20-rc1 review 673 (673) 2021/03/05 18:03
[PATCH 5.4 000/340] 5.4.102-rc1 review 348 (348) 2021/03/04 09:26
[PATCH 5.11 000/775] 5.11.3-rc1 review 776 (776) 2021/03/01 16:15
[PATCH net] net: qrtr: Fix memory leak in qrtr_tun_open 2 (2) 2021/02/23 23:39
memory leak in qrtr_tun_open 1 (3) 2021/01/03 12:25
Last patch testing requests (2)
Created Duration User Patch Repo Result
2021/02/07 06:27 16m jeliantsurux@gmail.com patch https://github.com/google/kasan.git b8323f72 OK
2021/01/03 12:10 14m jeliantsurux@gmail.com patch https://github.com/google/kasan.git 509a1542 report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88810de80580 (size 64):
  comm "syz-executor537", pid 8473, jiffies 4294964413 (age 17.490s)
  hex dump (first 32 bytes):
    30 e2 07 84 ff ff ff ff 00 00 00 00 00 00 00 00  0...............
    90 05 e8 0d 81 88 ff ff 90 05 e8 0d 81 88 ff ff  ................
  backtrace:
    [<00000000e0732b97>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000e0732b97>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000e0732b97>] qrtr_tun_open+0x22/0x90 net/qrtr/tun.c:35
    [<000000008b62c2fb>] misc_open+0x19c/0x1e0 drivers/char/misc.c:141
    [<000000009078b23a>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<0000000039d2b995>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<00000000d767c294>] do_open fs/namei.c:3254 [inline]
    [<00000000d767c294>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<00000000b7a038ec>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<00000000239e7ec7>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<0000000044ae1540>] do_sys_open fs/open.c:1188 [inline]
    [<0000000044ae1540>] __do_sys_openat fs/open.c:1204 [inline]
    [<0000000044ae1540>] __se_sys_openat fs/open.c:1199 [inline]
    [<0000000044ae1540>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<000000000dd5320d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000003fb8326b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810dcf1ac0 (size 64):
  comm "syz-executor537", pid 8474, jiffies 4294964438 (age 17.240s)
  hex dump (first 32 bytes):
    30 e2 07 84 ff ff ff ff 00 00 00 00 00 00 00 00  0...............
    d0 1a cf 0d 81 88 ff ff d0 1a cf 0d 81 88 ff ff  ................
  backtrace:
    [<00000000e0732b97>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000e0732b97>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000e0732b97>] qrtr_tun_open+0x22/0x90 net/qrtr/tun.c:35
    [<000000008b62c2fb>] misc_open+0x19c/0x1e0 drivers/char/misc.c:141
    [<000000009078b23a>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<0000000039d2b995>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<00000000d767c294>] do_open fs/namei.c:3254 [inline]
    [<00000000d767c294>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<00000000b7a038ec>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<00000000239e7ec7>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<0000000044ae1540>] do_sys_open fs/open.c:1188 [inline]
    [<0000000044ae1540>] __do_sys_openat fs/open.c:1204 [inline]
    [<0000000044ae1540>] __se_sys_openat fs/open.c:1199 [inline]
    [<0000000044ae1540>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<000000000dd5320d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000003fb8326b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810dcf1f80 (size 64):
  comm "syz-executor537", pid 8476, jiffies 4294964465 (age 16.970s)
  hex dump (first 32 bytes):
    30 e2 07 84 ff ff ff ff 00 00 00 00 00 00 00 00  0...............
    90 1f cf 0d 81 88 ff ff 90 1f cf 0d 81 88 ff ff  ................
  backtrace:
    [<00000000e0732b97>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000e0732b97>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000e0732b97>] qrtr_tun_open+0x22/0x90 net/qrtr/tun.c:35
    [<000000008b62c2fb>] misc_open+0x19c/0x1e0 drivers/char/misc.c:141
    [<000000009078b23a>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<0000000039d2b995>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<00000000d767c294>] do_open fs/namei.c:3254 [inline]
    [<00000000d767c294>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<00000000b7a038ec>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<00000000239e7ec7>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<0000000044ae1540>] do_sys_open fs/open.c:1188 [inline]
    [<0000000044ae1540>] __do_sys_openat fs/open.c:1204 [inline]
    [<0000000044ae1540>] __se_sys_openat fs/open.c:1199 [inline]
    [<0000000044ae1540>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<000000000dd5320d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000003fb8326b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810de805c0 (size 64):
  comm "syz-executor537", pid 8477, jiffies 4294964490 (age 16.720s)
  hex dump (first 32 bytes):
    30 e2 07 84 ff ff ff ff 00 00 00 00 00 00 00 00  0...............
    d0 05 e8 0d 81 88 ff ff d0 05 e8 0d 81 88 ff ff  ................
  backtrace:
    [<00000000e0732b97>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000e0732b97>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000e0732b97>] qrtr_tun_open+0x22/0x90 net/qrtr/tun.c:35
    [<000000008b62c2fb>] misc_open+0x19c/0x1e0 drivers/char/misc.c:141
    [<000000009078b23a>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<0000000039d2b995>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<00000000d767c294>] do_open fs/namei.c:3254 [inline]
    [<00000000d767c294>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<00000000b7a038ec>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<00000000239e7ec7>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<0000000044ae1540>] do_sys_open fs/open.c:1188 [inline]
    [<0000000044ae1540>] __do_sys_openat fs/open.c:1204 [inline]
    [<0000000044ae1540>] __se_sys_openat fs/open.c:1199 [inline]
    [<0000000044ae1540>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<000000000dd5320d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000003fb8326b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810dcf1f40 (size 64):
  comm "syz-executor537", pid 8475, jiffies 4294964515 (age 16.470s)
  hex dump (first 32 bytes):
    30 e2 07 84 ff ff ff ff 00 00 00 00 00 00 00 00  0...............
    50 1f cf 0d 81 88 ff ff 50 1f cf 0d 81 88 ff ff  P.......P.......
  backtrace:
    [<00000000e0732b97>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000e0732b97>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000e0732b97>] qrtr_tun_open+0x22/0x90 net/qrtr/tun.c:35
    [<000000008b62c2fb>] misc_open+0x19c/0x1e0 drivers/char/misc.c:141
    [<000000009078b23a>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
    [<0000000039d2b995>] do_dentry_open+0x1e6/0x620 fs/open.c:817
    [<00000000d767c294>] do_open fs/namei.c:3254 [inline]
    [<00000000d767c294>] path_openat+0x74a/0x1b00 fs/namei.c:3371
    [<00000000b7a038ec>] do_filp_open+0xa0/0x190 fs/namei.c:3398
    [<00000000239e7ec7>] do_sys_openat2+0xed/0x230 fs/open.c:1172
    [<0000000044ae1540>] do_sys_open fs/open.c:1188 [inline]
    [<0000000044ae1540>] __do_sys_openat fs/open.c:1204 [inline]
    [<0000000044ae1540>] __se_sys_openat fs/open.c:1199 [inline]
    [<0000000044ae1540>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1199
    [<000000000dd5320d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000003fb8326b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
executing program
executing program
executing program
executing program
executing program
executing program
executing program
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/fs/mount-max failed: Bad address

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/01/08 09:34 upstream f5e6c330254a c104d4a3 .config console log report syz C ci-upstream-gce-leak
2020/12/25 18:22 upstream 71c5f03154ac b982b3ea .config console log report syz C ci-upstream-gce-leak
2020/12/02 22:17 upstream 509a15421674 8c9190ef .config console log report syz C ci-upstream-gce-leak
2020/11/21 01:59 upstream 4d02da974ea8 740ff461 .config console log report syz C ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.