From: syzbot <syzbot+9b4adfed366b14496e7e@syzkaller.appspotmail.com>
To: eadavis@qq.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [dri?] [media?] memory leak in get_sg_table
Date: Sun, 31 Dec 2023 19:07:04 -0800 [thread overview]
Message-ID: <0000000000002be800060dd9ad75@google.com> (raw)
In-Reply-To: <tencent_1C4C8CE7D046CC52DC0664498C6ED52EDB06@qq.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in get_sg_table
2024/01/01 02:58:28 executed programs: 1
BUG: memory leak
unreferenced object 0xffff88811b080600 (size 16):
comm "syz-executor.0", pid 5492, jiffies 4294944266 (age 13.620s)
hex dump (first 16 bytes):
80 22 25 1b 81 88 ff ff 04 00 00 00 04 00 00 00 ."%.............
backtrace:
[<ffffffff816346ed>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
[<ffffffff816346ed>] slab_post_alloc_hook mm/slab.h:766 [inline]
[<ffffffff816346ed>] slab_alloc_node mm/slub.c:3478 [inline]
[<ffffffff816346ed>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517
[<ffffffff8157f315>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098
[<ffffffff82cfd82a>] kmalloc include/linux/slab.h:600 [inline]
[<ffffffff82cfd82a>] kzalloc include/linux/slab.h:721 [inline]
[<ffffffff82cfd82a>] get_sg_table.isra.0+0x2a/0xe0 drivers/dma-buf/udmabuf.c:93
[<ffffffff82cfd986>] begin_cpu_udmabuf+0x76/0xb0 drivers/dma-buf/udmabuf.c:157
[<ffffffff82cf114b>] dma_buf_begin_cpu_access+0x3b/0xc0 drivers/dma-buf/dma-buf.c:1405
[<ffffffff82cf1bd4>] dma_buf_ioctl+0x394/0x690 drivers/dma-buf/dma-buf.c:477
[<ffffffff816bf4a2>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff816bf4a2>] __do_sys_ioctl fs/ioctl.c:871 [inline]
[<ffffffff816bf4a2>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816bf4a2>] __x64_sys_ioctl+0xf2/0x140 fs/ioctl.c:857
[<ffffffff84b71e2f>] do_syscall_x64 arch/x86/entry/common.c:52 [inline]
[<ffffffff84b71e2f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b
BUG: memory leak
unreferenced object 0xffff88811b252280 (size 128):
comm "syz-executor.0", pid 5492, jiffies 4294944266 (age 13.620s)
hex dump (first 32 bytes):
00 b1 52 04 00 ea ff ff 00 00 00 00 00 10 00 00 ..R.............
00 40 ac 14 01 00 00 00 00 10 00 00 00 00 00 00 .@..............
backtrace:
[<ffffffff816346ed>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
[<ffffffff816346ed>] slab_post_alloc_hook mm/slab.h:766 [inline]
[<ffffffff816346ed>] slab_alloc_node mm/slub.c:3478 [inline]
[<ffffffff816346ed>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517
[<ffffffff8157f9bb>] __do_kmalloc_node mm/slab_common.c:1006 [inline]
[<ffffffff8157f9bb>] __kmalloc+0x4b/0x150 mm/slab_common.c:1020
[<ffffffff8251661f>] kmalloc_array include/linux/slab.h:637 [inline]
[<ffffffff8251661f>] sg_kmalloc lib/scatterlist.c:167 [inline]
[<ffffffff8251661f>] get_next_sg lib/scatterlist.c:402 [inline]
[<ffffffff8251661f>] sg_alloc_append_table_from_pages+0x35f/0x770 lib/scatterlist.c:526
[<ffffffff82516abc>] sg_alloc_table_from_pages_segment+0x8c/0x120 lib/scatterlist.c:586
[<ffffffff82cfd85e>] sg_alloc_table_from_pages include/linux/scatterlist.h:477 [inline]
[<ffffffff82cfd85e>] get_sg_table.isra.0+0x5e/0xe0 drivers/dma-buf/udmabuf.c:96
[<ffffffff82cfd986>] begin_cpu_udmabuf+0x76/0xb0 drivers/dma-buf/udmabuf.c:157
[<ffffffff82cf114b>] dma_buf_begin_cpu_access+0x3b/0xc0 drivers/dma-buf/dma-buf.c:1405
[<ffffffff82cf1bd4>] dma_buf_ioctl+0x394/0x690 drivers/dma-buf/dma-buf.c:477
[<ffffffff816bf4a2>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff816bf4a2>] __do_sys_ioctl fs/ioctl.c:871 [inline]
[<ffffffff816bf4a2>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816bf4a2>] __x64_sys_ioctl+0xf2/0x140 fs/ioctl.c:857
[<ffffffff84b71e2f>] do_syscall_x64 arch/x86/entry/common.c:52 [inline]
[<ffffffff84b71e2f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b
Tested on:
commit: fbafc3e6 Merge tag 'for_linus' of git://git.kernel.org..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=13cf2909e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=e81921f96ae24ec0
dashboard link: https://syzkaller.appspot.com/bug?extid=9b4adfed366b14496e7e
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=14778665e80000
next prev parent reply other threads:[~2024-01-01 3:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-31 23:38 [syzbot] [dri?] [media?] memory leak in get_sg_table syzbot
2024-01-01 2:25 ` Hillf Danton
2024-01-01 2:45 ` syzbot
2024-01-01 2:42 ` Edward Adam Davis
2024-01-01 3:07 ` syzbot [this message]
2024-01-01 4:01 ` Edward Adam Davis
2024-01-01 4:27 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000002be800060dd9ad75@google.com \
--to=syzbot+9b4adfed366b14496e7e@syzkaller.appspotmail.com \
--cc=eadavis@qq.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox