From: syzbot <syzbot+7ec324747ce876a29db6@syzkaller.appspotmail.com>
To: alexios.zavras@intel.com, allison@lohutok.net,
davem@davemloft.net, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, rfontana@redhat.com, swinslow@gmail.com,
syzkaller-bugs@googlegroups.com, tglx@linutronix.de
Subject: Re: memory leak in cfserl_create
Date: Tue, 17 Sep 2019 02:43:06 -0700 [thread overview]
Message-ID: <0000000000002590570592bc8c42@google.com> (raw)
In-Reply-To: <00000000000053d7e9058a97f4ca@google.com>
syzbot has found a reproducer for the following crash on:
HEAD commit: cef72982 Merge tag 'armsoc-dt' of git://git.kernel.org/pub..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1042ac45600000
kernel config: https://syzkaller.appspot.com/x/.config?x=779aef2b86e19d75
dashboard link: https://syzkaller.appspot.com/bug?extid=7ec324747ce876a29db6
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16ef2331600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17f0c091600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7ec324747ce876a29db6@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810a3b7380 (size 128):
comm "syz-executor868", pid 7100, jiffies 4294943513 (age 21.740s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000004f492e65>] kmemleak_alloc_recursive
include/linux/kmemleak.h:43 [inline]
[<000000004f492e65>] slab_post_alloc_hook mm/slab.h:522 [inline]
[<000000004f492e65>] slab_alloc mm/slab.c:3319 [inline]
[<000000004f492e65>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
[<00000000478a63c3>] kmalloc include/linux/slab.h:552 [inline]
[<00000000478a63c3>] kzalloc include/linux/slab.h:748 [inline]
[<00000000478a63c3>] cfserl_create+0x24/0x76 net/caif/cfserl.c:36
[<0000000097ca7138>] caif_device_notify+0x347/0x3bc
net/caif/caif_dev.c:388
[<0000000078bf2b15>] notifier_call_chain+0x66/0xb0 kernel/notifier.c:95
[<000000001a557d7e>] __raw_notifier_call_chain kernel/notifier.c:396
[inline]
[<000000001a557d7e>] raw_notifier_call_chain+0x2e/0x40
kernel/notifier.c:403
[<00000000de93bbde>] call_netdevice_notifiers_info+0x33/0x70
net/core/dev.c:1749
[<0000000004467db0>] call_netdevice_notifiers_extack
net/core/dev.c:1761 [inline]
[<0000000004467db0>] call_netdevice_notifiers net/core/dev.c:1775
[inline]
[<0000000004467db0>] register_netdevice+0x445/0x610 net/core/dev.c:8757
[<000000007e97ac10>] ldisc_open+0x1f7/0x350
drivers/net/caif/caif_serial.c:359
[<000000003eb33d8f>] tty_ldisc_open.isra.0+0x44/0x70
drivers/tty/tty_ldisc.c:469
[<00000000ded1208b>] tty_set_ldisc+0x149/0x240
drivers/tty/tty_ldisc.c:596
[<00000000df974937>] tiocsetd drivers/tty/tty_io.c:2334 [inline]
[<00000000df974937>] tty_ioctl+0x366/0xa30 drivers/tty/tty_io.c:2594
[<00000000739f048c>] vfs_ioctl fs/ioctl.c:46 [inline]
[<00000000739f048c>] file_ioctl fs/ioctl.c:509 [inline]
[<00000000739f048c>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
[<00000000e122cb0c>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
[<0000000067a2ba29>] __do_sys_ioctl fs/ioctl.c:720 [inline]
[<0000000067a2ba29>] __se_sys_ioctl fs/ioctl.c:718 [inline]
[<0000000067a2ba29>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
[<0000000071a2e1c5>] do_syscall_64+0x76/0x1a0
arch/x86/entry/common.c:296
[<00000000c342e2c0>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88810a3b7400 (size 128):
comm "syz-executor868", pid 7101, jiffies 4294943519 (age 21.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000004f492e65>] kmemleak_alloc_recursive
include/linux/kmemleak.h:43 [inline]
[<000000004f492e65>] slab_post_alloc_hook mm/slab.h:522 [inline]
[<000000004f492e65>] slab_alloc mm/slab.c:3319 [inline]
[<000000004f492e65>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
[<00000000478a63c3>] kmalloc include/linux/slab.h:552 [inline]
[<00000000478a63c3>] kzalloc include/linux/slab.h:748 [inline]
[<00000000478a63c3>] cfserl_create+0x24/0x76 net/caif/cfserl.c:36
[<0000000097ca7138>] caif_device_notify+0x347/0x3bc
net/caif/caif_dev.c:388
[<0000000078bf2b15>] notifier_call_chain+0x66/0xb0 kernel/notifier.c:95
[<000000001a557d7e>] __raw_notifier_call_chain kernel/notifier.c:396
[inline]
[<000000001a557d7e>] raw_notifier_call_chain+0x2e/0x40
kernel/notifier.c:403
[<00000000de93bbde>] call_netdevice_notifiers_info+0x33/0x70
net/core/dev.c:1749
[<0000000004467db0>] call_netdevice_notifiers_extack
net/core/dev.c:1761 [inline]
[<0000000004467db0>] call_netdevice_notifiers net/core/dev.c:1775
[inline]
[<0000000004467db0>] register_netdevice+0x445/0x610 net/core/dev.c:8757
[<000000007e97ac10>] ldisc_open+0x1f7/0x350
drivers/net/caif/caif_serial.c:359
[<000000003eb33d8f>] tty_ldisc_open.isra.0+0x44/0x70
drivers/tty/tty_ldisc.c:469
[<00000000ded1208b>] tty_set_ldisc+0x149/0x240
drivers/tty/tty_ldisc.c:596
[<00000000df974937>] tiocsetd drivers/tty/tty_io.c:2334 [inline]
[<00000000df974937>] tty_ioctl+0x366/0xa30 drivers/tty/tty_io.c:2594
[<00000000739f048c>] vfs_ioctl fs/ioctl.c:46 [inline]
[<00000000739f048c>] file_ioctl fs/ioctl.c:509 [inline]
[<00000000739f048c>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
[<00000000e122cb0c>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
[<0000000067a2ba29>] __do_sys_ioctl fs/ioctl.c:720 [inline]
[<0000000067a2ba29>] __se_sys_ioctl fs/ioctl.c:718 [inline]
[<0000000067a2ba29>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
[<0000000071a2e1c5>] do_syscall_64+0x76/0x1a0
arch/x86/entry/common.c:296
[<00000000c342e2c0>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88810a3b7780 (size 128):
comm "syz-executor868", pid 7138, jiffies 4294943524 (age 21.630s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000004f492e65>] kmemleak_alloc_recursive
include/linux/kmemleak.h:43 [inline]
[<000000004f492e65>] slab_post_alloc_hook mm/slab.h:522 [inline]
[<000000004f492e65>] slab_alloc mm/slab.c:3319 [inline]
[<000000004f492e65>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
[<00000000478a63c3>] kmalloc include/linux/slab.h:552 [inline]
[<00000000478a63c3>] kzalloc include/linux/slab.h:748 [inline]
[<00000000478a63c3>] cfserl_create+0x24/0x76 net/caif/cfserl.c:36
[<0000000097ca7138>] caif_device_notify+0x347/0x3bc
net/caif/caif_dev.c:388
[<0000000078bf2b15>] notifier_call_chain+0x66/0xb0 kernel/notifier.c:95
[<000000001a557d7e>] __raw_notifier_call_chain kernel/notifier.c:396
[inline]
[<000000001a557d7e>] raw_notifier_call_chain+0x2e/0x40
kernel/notifier.c:403
[<00000000de93bbde>] call_netdevice_notifiers_info+0x33/0x70
net/core/dev.c:1749
[<0000000004467db0>] call_netdevice_notifiers_extack
net/core/dev.c:1761 [inline]
[<0000000004467db0>] call_netdevice_notifiers net/core/dev.c:1775
[inline]
[<0000000004467db0>] register_netdevice+0x445/0x610 net/core/dev.c:8757
[<000000007e97ac10>] ldisc_open+0x1f7/0x350
drivers/net/caif/caif_serial.c:359
[<000000003eb33d8f>] tty_ldisc_open.isra.0+0x44/0x70
drivers/tty/tty_ldisc.c:469
[<00000000ded1208b>] tty_set_ldisc+0x149/0x240
drivers/tty/tty_ldisc.c:596
[<00000000df974937>] tiocsetd drivers/tty/tty_io.c:2334 [inline]
[<00000000df974937>] tty_ioctl+0x366/0xa30 drivers/tty/tty_io.c:2594
[<00000000739f048c>] vfs_ioctl fs/ioctl.c:46 [inline]
[<00000000739f048c>] file_ioctl fs/ioctl.c:509 [inline]
[<00000000739f048c>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
[<00000000e122cb0c>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
[<0000000067a2ba29>] __do_sys_ioctl fs/ioctl.c:720 [inline]
[<0000000067a2ba29>] __se_sys_ioctl fs/ioctl.c:718 [inline]
[<0000000067a2ba29>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
[<0000000071a2e1c5>] do_syscall_64+0x76/0x1a0
arch/x86/entry/common.c:296
[<00000000c342e2c0>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
executing program
executing program
executing program
executing program
prev parent reply other threads:[~2019-09-17 9:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-05 18:42 memory leak in cfserl_create syzbot
2019-09-17 9:43 ` syzbot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000002590570592bc8c42@google.com \
--to=syzbot+7ec324747ce876a29db6@syzkaller.appspotmail.com \
--cc=alexios.zavras@intel.com \
--cc=allison@lohutok.net \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rfontana@redhat.com \
--cc=swinslow@gmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.