* [syzbot] [alsa?] memory leak in snd_seq_create_port
@ 2023-07-16 8:21 syzbot
2023-07-16 13:07 ` Takashi Iwai
0 siblings, 1 reply; 8+ messages in thread
From: syzbot @ 2023-07-16 8:21 UTC (permalink / raw)
To: alsa-devel, linux-kernel, perex, syzkaller-bugs, tiwai
Hello,
syzbot found the following issue on:
HEAD commit: 3f01e9fed845 Merge tag 'linux-watchdog-6.5-rc2' of git://w..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14b07344a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=75da4f0a455bdbd3
dashboard link: https://syzkaller.appspot.com/bug?extid=cf8e7fa4eeec59b3d485
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15877dc2a80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12905004a80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/441fb7ea58b8/disk-3f01e9fe.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8fa7790ba0c3/vmlinux-3f01e9fe.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5e7a6471dadf/bzImage-3f01e9fe.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cf8e7fa4eeec59b3d485@syzkaller.appspotmail.com
Warning: Permanently added '10.128.1.1' (ED25519) to the list of known hosts.
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888100877000 (size 512):
comm "syz-executor257", pid 5012, jiffies 4294941742 (age 12.790s)
hex dump (first 32 bytes):
80 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076
[<ffffffff83d29e28>] kmalloc include/linux/slab.h:582 [inline]
[<ffffffff83d29e28>] kzalloc include/linux/slab.h:703 [inline]
[<ffffffff83d29e28>] snd_seq_create_port+0x78/0x300 sound/core/seq/seq_ports.c:135
[<ffffffff83d1f681>] snd_seq_ioctl_create_port+0xe1/0x2a0 sound/core/seq/seq_clientmgr.c:1324
[<ffffffff83d20e5e>] snd_seq_ioctl+0x13e/0x290 sound/core/seq/seq_clientmgr.c:2327
[<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff81685173>] __do_sys_ioctl fs/ioctl.c:870 [inline]
[<ffffffff81685173>] __se_sys_ioctl fs/ioctl.c:856 [inline]
[<ffffffff81685173>] __x64_sys_ioctl+0x103/0x140 fs/ioctl.c:856
[<ffffffff84a77ff9>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84a77ff9>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888106742c00 (size 512):
comm "syz-executor257", pid 5013, jiffies 4294942276 (age 7.450s)
hex dump (first 32 bytes):
80 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076
[<ffffffff83d29e28>] kmalloc include/linux/slab.h:582 [inline]
[<ffffffff83d29e28>] kzalloc include/linux/slab.h:703 [inline]
[<ffffffff83d29e28>] snd_seq_create_port+0x78/0x300 sound/core/seq/seq_ports.c:135
[<ffffffff83d1f681>] snd_seq_ioctl_create_port+0xe1/0x2a0 sound/core/seq/seq_clientmgr.c:1324
[<ffffffff83d20e5e>] snd_seq_ioctl+0x13e/0x290 sound/core/seq/seq_clientmgr.c:2327
[<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff81685173>] __do_sys_ioctl fs/ioctl.c:870 [inline]
[<ffffffff81685173>] __se_sys_ioctl fs/ioctl.c:856 [inline]
[<ffffffff81685173>] __x64_sys_ioctl+0x103/0x140 fs/ioctl.c:856
[<ffffffff84a77ff9>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84a77ff9>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [syzbot] [alsa?] memory leak in snd_seq_create_port 2023-07-16 8:21 [syzbot] [alsa?] memory leak in snd_seq_create_port syzbot @ 2023-07-16 13:07 ` Takashi Iwai 2023-07-16 19:06 ` Geraldo Nascimento 0 siblings, 1 reply; 8+ messages in thread From: Takashi Iwai @ 2023-07-16 13:07 UTC (permalink / raw) To: syzbot; +Cc: alsa-devel, linux-kernel, perex, syzkaller-bugs, tiwai On Sun, 16 Jul 2023 10:21:49 +0200, syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: 3f01e9fed845 Merge tag 'linux-watchdog-6.5-rc2' of git://w.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=14b07344a80000 > kernel config: https://syzkaller.appspot.com/x/.config?x=75da4f0a455bdbd3 > dashboard link: https://syzkaller.appspot.com/bug?extid=cf8e7fa4eeec59b3d485 > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15877dc2a80000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12905004a80000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/441fb7ea58b8/disk-3f01e9fe.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/8fa7790ba0c3/vmlinux-3f01e9fe.xz > kernel image: https://storage.googleapis.com/syzbot-assets/5e7a6471dadf/bzImage-3f01e9fe.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+cf8e7fa4eeec59b3d485@syzkaller.appspotmail.com > > Warning: Permanently added '10.128.1.1' (ED25519) to the list of known hosts. > executing program > executing program > BUG: memory leak > unreferenced object 0xffff888100877000 (size 512): > comm "syz-executor257", pid 5012, jiffies 4294941742 (age 12.790s) > hex dump (first 32 bytes): > 80 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076 > [<ffffffff83d29e28>] kmalloc include/linux/slab.h:582 [inline] > [<ffffffff83d29e28>] kzalloc include/linux/slab.h:703 [inline] > [<ffffffff83d29e28>] snd_seq_create_port+0x78/0x300 sound/core/seq/seq_ports.c:135 > [<ffffffff83d1f681>] snd_seq_ioctl_create_port+0xe1/0x2a0 sound/core/seq/seq_clientmgr.c:1324 > [<ffffffff83d20e5e>] snd_seq_ioctl+0x13e/0x290 sound/core/seq/seq_clientmgr.c:2327 > [<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline] > [<ffffffff81685173>] __do_sys_ioctl fs/ioctl.c:870 [inline] > [<ffffffff81685173>] __se_sys_ioctl fs/ioctl.c:856 [inline] > [<ffffffff81685173>] __x64_sys_ioctl+0x103/0x140 fs/ioctl.c:856 > [<ffffffff84a77ff9>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > [<ffffffff84a77ff9>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd > > BUG: memory leak > unreferenced object 0xffff888106742c00 (size 512): > comm "syz-executor257", pid 5013, jiffies 4294942276 (age 7.450s) > hex dump (first 32 bytes): > 80 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076 > [<ffffffff83d29e28>] kmalloc include/linux/slab.h:582 [inline] > [<ffffffff83d29e28>] kzalloc include/linux/slab.h:703 [inline] > [<ffffffff83d29e28>] snd_seq_create_port+0x78/0x300 sound/core/seq/seq_ports.c:135 > [<ffffffff83d1f681>] snd_seq_ioctl_create_port+0xe1/0x2a0 sound/core/seq/seq_clientmgr.c:1324 > [<ffffffff83d20e5e>] snd_seq_ioctl+0x13e/0x290 sound/core/seq/seq_clientmgr.c:2327 > [<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline] > [<ffffffff81685173>] __do_sys_ioctl fs/ioctl.c:870 [inline] > [<ffffffff81685173>] __se_sys_ioctl fs/ioctl.c:856 [inline] > [<ffffffff81685173>] __x64_sys_ioctl+0x103/0x140 fs/ioctl.c:856 > [<ffffffff84a77ff9>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > [<ffffffff84a77ff9>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd Likely a forgotten kfree() at the error path. The patch below should fix it. Takashi -- 8< -- From: Takashi Iwai <tiwai@suse.de> Subject: [PATCH] ALSA: seq: Fix memory leak at error path in snd_seq_create_port() We forgot to release a newly allocated item at the error path in snd_seq_create_port(). This patch fixes it. Reported-by: syzbot+cf8e7fa4eeec59b3d485@syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000098ed3a0600965f89@google.com Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> --- sound/core/seq/seq_ports.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/core/seq/seq_ports.c b/sound/core/seq/seq_ports.c index 9b80f8275026..f3f14ff0f80f 100644 --- a/sound/core/seq/seq_ports.c +++ b/sound/core/seq/seq_ports.c @@ -149,6 +149,7 @@ int snd_seq_create_port(struct snd_seq_client *client, int port, write_lock_irq(&client->ports_lock); list_for_each_entry(p, &client->ports_list_head, list) { if (p->addr.port == port) { + kfree(new_port); num = -EBUSY; goto unlock; } -- 2.35.3 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [syzbot] [alsa?] memory leak in snd_seq_create_port 2023-07-16 13:07 ` Takashi Iwai @ 2023-07-16 19:06 ` Geraldo Nascimento 2023-07-17 6:27 ` Takashi Iwai 2023-07-17 7:02 ` Dmitry Vyukov 0 siblings, 2 replies; 8+ messages in thread From: Geraldo Nascimento @ 2023-07-16 19:06 UTC (permalink / raw) To: Takashi Iwai Cc: syzbot, alsa-devel, linux-kernel, perex, syzkaller-bugs, tiwai On Sun, Jul 16, 2023 at 03:07:23PM +0200, Takashi Iwai wrote: > On Sun, 16 Jul 2023 10:21:49 +0200, > syzbot wrote: > > > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 3f01e9fed845 Merge tag 'linux-watchdog-6.5-rc2' of git://w.. > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=14b07344a80000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=75da4f0a455bdbd3 > > dashboard link: https://syzkaller.appspot.com/bug?extid=cf8e7fa4eeec59b3d485 > > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15877dc2a80000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12905004a80000 > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/441fb7ea58b8/disk-3f01e9fe.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/8fa7790ba0c3/vmlinux-3f01e9fe.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/5e7a6471dadf/bzImage-3f01e9fe.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+cf8e7fa4eeec59b3d485@syzkaller.appspotmail.com > > > > Warning: Permanently added '10.128.1.1' (ED25519) to the list of known hosts. > > executing program > > executing program > > BUG: memory leak > > unreferenced object 0xffff888100877000 (size 512): > > comm "syz-executor257", pid 5012, jiffies 4294941742 (age 12.790s) > > hex dump (first 32 bytes): > > 80 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > backtrace: > > [<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076 > > [<ffffffff83d29e28>] kmalloc include/linux/slab.h:582 [inline] > > [<ffffffff83d29e28>] kzalloc include/linux/slab.h:703 [inline] > > [<ffffffff83d29e28>] snd_seq_create_port+0x78/0x300 sound/core/seq/seq_ports.c:135 > > [<ffffffff83d1f681>] snd_seq_ioctl_create_port+0xe1/0x2a0 sound/core/seq/seq_clientmgr.c:1324 > > [<ffffffff83d20e5e>] snd_seq_ioctl+0x13e/0x290 sound/core/seq/seq_clientmgr.c:2327 > > [<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline] > > [<ffffffff81685173>] __do_sys_ioctl fs/ioctl.c:870 [inline] > > [<ffffffff81685173>] __se_sys_ioctl fs/ioctl.c:856 [inline] > > [<ffffffff81685173>] __x64_sys_ioctl+0x103/0x140 fs/ioctl.c:856 > > [<ffffffff84a77ff9>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > > [<ffffffff84a77ff9>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > > [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd > > > > BUG: memory leak > > unreferenced object 0xffff888106742c00 (size 512): > > comm "syz-executor257", pid 5013, jiffies 4294942276 (age 7.450s) > > hex dump (first 32 bytes): > > 80 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > backtrace: > > [<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076 > > [<ffffffff83d29e28>] kmalloc include/linux/slab.h:582 [inline] > > [<ffffffff83d29e28>] kzalloc include/linux/slab.h:703 [inline] > > [<ffffffff83d29e28>] snd_seq_create_port+0x78/0x300 sound/core/seq/seq_ports.c:135 > > [<ffffffff83d1f681>] snd_seq_ioctl_create_port+0xe1/0x2a0 sound/core/seq/seq_clientmgr.c:1324 > > [<ffffffff83d20e5e>] snd_seq_ioctl+0x13e/0x290 sound/core/seq/seq_clientmgr.c:2327 > > [<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline] > > [<ffffffff81685173>] __do_sys_ioctl fs/ioctl.c:870 [inline] > > [<ffffffff81685173>] __se_sys_ioctl fs/ioctl.c:856 [inline] > > [<ffffffff81685173>] __x64_sys_ioctl+0x103/0x140 fs/ioctl.c:856 > > [<ffffffff84a77ff9>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > > [<ffffffff84a77ff9>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > > [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd > > Likely a forgotten kfree() at the error path. > The patch below should fix it. > > > Takashi > > -- 8< -- > From: Takashi Iwai <tiwai@suse.de> > Subject: [PATCH] ALSA: seq: Fix memory leak at error path in > snd_seq_create_port() > > We forgot to release a newly allocated item at the error path in > snd_seq_create_port(). This patch fixes it. Thanks for the clarification and quick proposed resolution Takashi. As an ALSA novice these bots always stunt me, personally. I understand how helpful they are however, even if cryptic. But shouldn't this be reported to security? It's always prone to bad stuff when we forget a kfree() Thanks, Geraldo Nascimento > > Reported-by: syzbot+cf8e7fa4eeec59b3d485@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/r/00000000000098ed3a0600965f89@google.com > Cc: <stable@vger.kernel.org> > Signed-off-by: Takashi Iwai <tiwai@suse.de> > --- > sound/core/seq/seq_ports.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/sound/core/seq/seq_ports.c b/sound/core/seq/seq_ports.c > index 9b80f8275026..f3f14ff0f80f 100644 > --- a/sound/core/seq/seq_ports.c > +++ b/sound/core/seq/seq_ports.c > @@ -149,6 +149,7 @@ int snd_seq_create_port(struct snd_seq_client *client, int port, > write_lock_irq(&client->ports_lock); > list_for_each_entry(p, &client->ports_list_head, list) { > if (p->addr.port == port) { > + kfree(new_port); > num = -EBUSY; > goto unlock; > } > -- > 2.35.3 > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [alsa?] memory leak in snd_seq_create_port 2023-07-16 19:06 ` Geraldo Nascimento @ 2023-07-17 6:27 ` Takashi Iwai 2023-07-17 13:29 ` Geraldo Nascimento 2023-07-17 7:02 ` Dmitry Vyukov 1 sibling, 1 reply; 8+ messages in thread From: Takashi Iwai @ 2023-07-17 6:27 UTC (permalink / raw) To: Geraldo Nascimento Cc: syzbot, alsa-devel, linux-kernel, perex, syzkaller-bugs, tiwai On Sun, 16 Jul 2023 21:06:52 +0200, Geraldo Nascimento wrote: > > On Sun, Jul 16, 2023 at 03:07:23PM +0200, Takashi Iwai wrote: > > On Sun, 16 Jul 2023 10:21:49 +0200, > > syzbot wrote: > > > > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: 3f01e9fed845 Merge tag 'linux-watchdog-6.5-rc2' of git://w.. > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=14b07344a80000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=75da4f0a455bdbd3 > > > dashboard link: https://syzkaller.appspot.com/bug?extid=cf8e7fa4eeec59b3d485 > > > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15877dc2a80000 > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12905004a80000 > > > > > > Downloadable assets: > > > disk image: https://storage.googleapis.com/syzbot-assets/441fb7ea58b8/disk-3f01e9fe.raw.xz > > > vmlinux: https://storage.googleapis.com/syzbot-assets/8fa7790ba0c3/vmlinux-3f01e9fe.xz > > > kernel image: https://storage.googleapis.com/syzbot-assets/5e7a6471dadf/bzImage-3f01e9fe.xz > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > > Reported-by: syzbot+cf8e7fa4eeec59b3d485@syzkaller.appspotmail.com > > > > > > Warning: Permanently added '10.128.1.1' (ED25519) to the list of known hosts. > > > executing program > > > executing program > > > BUG: memory leak > > > unreferenced object 0xffff888100877000 (size 512): > > > comm "syz-executor257", pid 5012, jiffies 4294941742 (age 12.790s) > > > hex dump (first 32 bytes): > > > 80 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > > backtrace: > > > [<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076 > > > [<ffffffff83d29e28>] kmalloc include/linux/slab.h:582 [inline] > > > [<ffffffff83d29e28>] kzalloc include/linux/slab.h:703 [inline] > > > [<ffffffff83d29e28>] snd_seq_create_port+0x78/0x300 sound/core/seq/seq_ports.c:135 > > > [<ffffffff83d1f681>] snd_seq_ioctl_create_port+0xe1/0x2a0 sound/core/seq/seq_clientmgr.c:1324 > > > [<ffffffff83d20e5e>] snd_seq_ioctl+0x13e/0x290 sound/core/seq/seq_clientmgr.c:2327 > > > [<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline] > > > [<ffffffff81685173>] __do_sys_ioctl fs/ioctl.c:870 [inline] > > > [<ffffffff81685173>] __se_sys_ioctl fs/ioctl.c:856 [inline] > > > [<ffffffff81685173>] __x64_sys_ioctl+0x103/0x140 fs/ioctl.c:856 > > > [<ffffffff84a77ff9>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > > > [<ffffffff84a77ff9>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > > > [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd > > > > > > BUG: memory leak > > > unreferenced object 0xffff888106742c00 (size 512): > > > comm "syz-executor257", pid 5013, jiffies 4294942276 (age 7.450s) > > > hex dump (first 32 bytes): > > > 80 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > > backtrace: > > > [<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076 > > > [<ffffffff83d29e28>] kmalloc include/linux/slab.h:582 [inline] > > > [<ffffffff83d29e28>] kzalloc include/linux/slab.h:703 [inline] > > > [<ffffffff83d29e28>] snd_seq_create_port+0x78/0x300 sound/core/seq/seq_ports.c:135 > > > [<ffffffff83d1f681>] snd_seq_ioctl_create_port+0xe1/0x2a0 sound/core/seq/seq_clientmgr.c:1324 > > > [<ffffffff83d20e5e>] snd_seq_ioctl+0x13e/0x290 sound/core/seq/seq_clientmgr.c:2327 > > > [<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline] > > > [<ffffffff81685173>] __do_sys_ioctl fs/ioctl.c:870 [inline] > > > [<ffffffff81685173>] __se_sys_ioctl fs/ioctl.c:856 [inline] > > > [<ffffffff81685173>] __x64_sys_ioctl+0x103/0x140 fs/ioctl.c:856 > > > [<ffffffff84a77ff9>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > > > [<ffffffff84a77ff9>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > > > [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd > > > > Likely a forgotten kfree() at the error path. > > The patch below should fix it. > > > > > > Takashi > > > > -- 8< -- > > From: Takashi Iwai <tiwai@suse.de> > > Subject: [PATCH] ALSA: seq: Fix memory leak at error path in > > snd_seq_create_port() > > > > We forgot to release a newly allocated item at the error path in > > snd_seq_create_port(). This patch fixes it. > > Thanks for the clarification and quick proposed resolution Takashi. As > an ALSA novice these bots always stunt me, personally. I understand how > helpful they are however, even if cryptic. > > But shouldn't this be reported to security? It's always prone to bad > stuff when we forget a kfree() It's a bug that happened only on 6.5-rc1, so no need to bother too much with security issue fiasco for distros. Takashi ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [alsa?] memory leak in snd_seq_create_port 2023-07-17 6:27 ` Takashi Iwai @ 2023-07-17 13:29 ` Geraldo Nascimento 0 siblings, 0 replies; 8+ messages in thread From: Geraldo Nascimento @ 2023-07-17 13:29 UTC (permalink / raw) To: Takashi Iwai Cc: syzbot, alsa-devel, linux-kernel, perex, syzkaller-bugs, tiwai On Mon, Jul 17, 2023 at 08:27:48AM +0200, Takashi Iwai wrote: > > It's a bug that happened only on 6.5-rc1, so no need to bother too > much with security issue fiasco for distros. Thanks Takashi. I tried to create a DoS to exhaust all memory through this bug but ran on other unrelated issues with 6.5-rc1. Glad syzbot caught this. Thanks! Geraldo Nascimento > > > Takashi ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [alsa?] memory leak in snd_seq_create_port 2023-07-16 19:06 ` Geraldo Nascimento 2023-07-17 6:27 ` Takashi Iwai @ 2023-07-17 7:02 ` Dmitry Vyukov 2023-07-17 13:31 ` Geraldo Nascimento 2023-07-17 21:05 ` Geraldo Nascimento 1 sibling, 2 replies; 8+ messages in thread From: Dmitry Vyukov @ 2023-07-17 7:02 UTC (permalink / raw) To: Geraldo Nascimento Cc: Takashi Iwai, syzbot, alsa-devel, linux-kernel, perex, syzkaller-bugs, tiwai, syzkaller On Sun, 16 Jul 2023 at 22:47, Geraldo Nascimento <geraldogabriel@gmail.com> wrote: > > On Sun, Jul 16, 2023 at 03:07:23PM +0200, Takashi Iwai wrote: > > On Sun, 16 Jul 2023 10:21:49 +0200, > > syzbot wrote: > > > > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: 3f01e9fed845 Merge tag 'linux-watchdog-6.5-rc2' of git://w.. > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=14b07344a80000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=75da4f0a455bdbd3 > > > dashboard link: https://syzkaller.appspot.com/bug?extid=cf8e7fa4eeec59b3d485 > > > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15877dc2a80000 > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12905004a80000 > > > > > > Downloadable assets: > > > disk image: https://storage.googleapis.com/syzbot-assets/441fb7ea58b8/disk-3f01e9fe.raw.xz > > > vmlinux: https://storage.googleapis.com/syzbot-assets/8fa7790ba0c3/vmlinux-3f01e9fe.xz > > > kernel image: https://storage.googleapis.com/syzbot-assets/5e7a6471dadf/bzImage-3f01e9fe.xz > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > > Reported-by: syzbot+cf8e7fa4eeec59b3d485@syzkaller.appspotmail.com > > > > > > Warning: Permanently added '10.128.1.1' (ED25519) to the list of known hosts. > > > executing program > > > executing program > > > BUG: memory leak > > > unreferenced object 0xffff888100877000 (size 512): > > > comm "syz-executor257", pid 5012, jiffies 4294941742 (age 12.790s) > > > hex dump (first 32 bytes): > > > 80 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > > backtrace: > > > [<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076 > > > [<ffffffff83d29e28>] kmalloc include/linux/slab.h:582 [inline] > > > [<ffffffff83d29e28>] kzalloc include/linux/slab.h:703 [inline] > > > [<ffffffff83d29e28>] snd_seq_create_port+0x78/0x300 sound/core/seq/seq_ports.c:135 > > > [<ffffffff83d1f681>] snd_seq_ioctl_create_port+0xe1/0x2a0 sound/core/seq/seq_clientmgr.c:1324 > > > [<ffffffff83d20e5e>] snd_seq_ioctl+0x13e/0x290 sound/core/seq/seq_clientmgr.c:2327 > > > [<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline] > > > [<ffffffff81685173>] __do_sys_ioctl fs/ioctl.c:870 [inline] > > > [<ffffffff81685173>] __se_sys_ioctl fs/ioctl.c:856 [inline] > > > [<ffffffff81685173>] __x64_sys_ioctl+0x103/0x140 fs/ioctl.c:856 > > > [<ffffffff84a77ff9>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > > > [<ffffffff84a77ff9>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > > > [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd > > > > > > BUG: memory leak > > > unreferenced object 0xffff888106742c00 (size 512): > > > comm "syz-executor257", pid 5013, jiffies 4294942276 (age 7.450s) > > > hex dump (first 32 bytes): > > > 80 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > > backtrace: > > > [<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076 > > > [<ffffffff83d29e28>] kmalloc include/linux/slab.h:582 [inline] > > > [<ffffffff83d29e28>] kzalloc include/linux/slab.h:703 [inline] > > > [<ffffffff83d29e28>] snd_seq_create_port+0x78/0x300 sound/core/seq/seq_ports.c:135 > > > [<ffffffff83d1f681>] snd_seq_ioctl_create_port+0xe1/0x2a0 sound/core/seq/seq_clientmgr.c:1324 > > > [<ffffffff83d20e5e>] snd_seq_ioctl+0x13e/0x290 sound/core/seq/seq_clientmgr.c:2327 > > > [<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline] > > > [<ffffffff81685173>] __do_sys_ioctl fs/ioctl.c:870 [inline] > > > [<ffffffff81685173>] __se_sys_ioctl fs/ioctl.c:856 [inline] > > > [<ffffffff81685173>] __x64_sys_ioctl+0x103/0x140 fs/ioctl.c:856 > > > [<ffffffff84a77ff9>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > > > [<ffffffff84a77ff9>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > > > [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd > > > > Likely a forgotten kfree() at the error path. > > The patch below should fix it. > > > > > > Takashi > > > > -- 8< -- > > From: Takashi Iwai <tiwai@suse.de> > > Subject: [PATCH] ALSA: seq: Fix memory leak at error path in > > snd_seq_create_port() > > > > We forgot to release a newly allocated item at the error path in > > snd_seq_create_port(). This patch fixes it. > > Thanks for the clarification and quick proposed resolution Takashi. As > an ALSA novice these bots always stunt me, personally. I understand how > helpful they are however, even if cryptic. Hi Geraldo, What exactly is cryptic in the report? Is there anything that can be done to make it less cryptic? > But shouldn't this be reported to security? It's always prone to bad > stuff when we forget a kfree() > > Thanks, > Geraldo Nascimento > > > > > Reported-by: syzbot+cf8e7fa4eeec59b3d485@syzkaller.appspotmail.com > > Closes: https://lore.kernel.org/r/00000000000098ed3a0600965f89@google.com > > Cc: <stable@vger.kernel.org> > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > > --- > > sound/core/seq/seq_ports.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/sound/core/seq/seq_ports.c b/sound/core/seq/seq_ports.c > > index 9b80f8275026..f3f14ff0f80f 100644 > > --- a/sound/core/seq/seq_ports.c > > +++ b/sound/core/seq/seq_ports.c > > @@ -149,6 +149,7 @@ int snd_seq_create_port(struct snd_seq_client *client, int port, > > write_lock_irq(&client->ports_lock); > > list_for_each_entry(p, &client->ports_list_head, list) { > > if (p->addr.port == port) { > > + kfree(new_port); > > num = -EBUSY; > > goto unlock; > > } > > -- > > 2.35.3 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [alsa?] memory leak in snd_seq_create_port 2023-07-17 7:02 ` Dmitry Vyukov @ 2023-07-17 13:31 ` Geraldo Nascimento 2023-07-17 21:05 ` Geraldo Nascimento 1 sibling, 0 replies; 8+ messages in thread From: Geraldo Nascimento @ 2023-07-17 13:31 UTC (permalink / raw) To: Dmitry Vyukov Cc: Takashi Iwai, syzbot, alsa-devel, linux-kernel, perex, syzkaller-bugs, tiwai, syzkaller On Mon, Jul 17, 2023 at 09:02:07AM +0200, Dmitry Vyukov wrote: > > Hi Geraldo, > > What exactly is cryptic in the report? Is there anything that can be > done to make it less cryptic? > Hi Dmitry, It's cryptic for a novice only, of course, in the same sense that kernel stack traces are a pain for a novice do decode. Unfortunately I believe it's only AI/LLMs that will make it easier to abstract the low-level details and give a high-level explanation of the bug. Thanks, Geraldo Nascimento ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [alsa?] memory leak in snd_seq_create_port 2023-07-17 7:02 ` Dmitry Vyukov 2023-07-17 13:31 ` Geraldo Nascimento @ 2023-07-17 21:05 ` Geraldo Nascimento 1 sibling, 0 replies; 8+ messages in thread From: Geraldo Nascimento @ 2023-07-17 21:05 UTC (permalink / raw) To: Dmitry Vyukov Cc: Takashi Iwai, syzbot, alsa-devel, linux-kernel, perex, syzkaller-bugs, tiwai, syzkaller On Mon, Jul 17, 2023 at 09:02:07AM +0200, Dmitry Vyukov wrote: > > Hi Geraldo, > > What exactly is cryptic in the report? Is there anything that can be > done to make it less cryptic? Hi again, Dmitry. Perhaps also a bad choice of words. Cryptic borders on the undecipharable while esoteric is the more proper word here. Those kernel hackers with esoteric C and assembly skills like Takashi Iwai or you will quickly infer that a kfree() is missing in such and such scope. In my other message, I meant to say that such esoteric knowledge is barely possessed by a novice kernel hacker, and they end up adding noise to the lists specially if they are involved in the patch acceptance process, specially as author of the patch, which I'm neither in this case. Now, if somebody were to apply LLMs to the build and checker bots and actually get to a point where they were getting good patch propositions from the machine rather than a bunch of hallucinations, that would be quite the feat. It's only a faint dream right now, but you did specifically ask for the "vision" :) Thank you, Geraldo Nascimento ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-07-17 21:05 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-07-16 8:21 [syzbot] [alsa?] memory leak in snd_seq_create_port syzbot 2023-07-16 13:07 ` Takashi Iwai 2023-07-16 19:06 ` Geraldo Nascimento 2023-07-17 6:27 ` Takashi Iwai 2023-07-17 13:29 ` Geraldo Nascimento 2023-07-17 7:02 ` Dmitry Vyukov 2023-07-17 13:31 ` Geraldo Nascimento 2023-07-17 21:05 ` Geraldo Nascimento
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox