[syzbot] memory leak in tty_init_dev (2)
23 views
Skip to first unread message
syzbot
May 24, 2022, 5:19:29 PM5/24/22
to gre...@linuxfoundation.org, jiri...@kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3d7285a335ed Merge tag 'v5.18-p2' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1590d0e6f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=50f4d49cdcacc43c
dashboard link: https://syzkaller.appspot.com/bug?extid=5e1694f5b0869a691915
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17647111f00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10ad531df00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5e1694...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810da76400 (size 1024):
comm "syz-executor299", pid 3683, jiffies 4294957001 (age 29.640s)
hex dump (first 32 bytes):
01 54 00 00 01 00 00 00 00 00 00 00 00 00 00 00 .T..............
40 95 0d 04 81 88 ff ff 00 fc c4 84 ff ff ff ff @...............
backtrace:
[<ffffffff825ee96c>] kmalloc include/linux/slab.h:581 [inline]
[<ffffffff825ee96c>] kzalloc include/linux/slab.h:714 [inline]
[<ffffffff825ee96c>] alloc_tty_struct+0x3c/0x2f0 drivers/tty/tty_io.c:3091
[<ffffffff825eec40>] tty_init_dev.part.0+0x20/0x2f0 drivers/tty/tty_io.c:1412
[<ffffffff825eef50>] tty_init_dev+0x40/0x60 drivers/tty/tty_io.c:1409
[<ffffffff825fd949>] ptmx_open drivers/tty/pty.c:834 [inline]
[<ffffffff825fd949>] ptmx_open+0xd9/0x210 drivers/tty/pty.c:800
[<ffffffff815c628d>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
[<ffffffff815b4c46>] do_dentry_open+0x1e6/0x650 fs/open.c:824
[<ffffffff815db101>] do_open fs/namei.c:3476 [inline]
[<ffffffff815db101>] path_openat+0x18a1/0x1e70 fs/namei.c:3609
[<ffffffff815dddd1>] do_filp_open+0xc1/0x1b0 fs/namei.c:3636
[<ffffffff815b841d>] do_sys_openat2+0xed/0x260 fs/open.c:1213
[<ffffffff815b8e6f>] do_sys_open fs/open.c:1229 [inline]
[<ffffffff815b8e6f>] __do_sys_openat fs/open.c:1245 [inline]
[<ffffffff815b8e6f>] __se_sys_openat fs/open.c:1240 [inline]
[<ffffffff815b8e6f>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1240
[<ffffffff84565f05>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84565f05>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff888109c1ce00 (size 512):
comm "syz-executor299", pid 3683, jiffies 4294957001 (age 29.640s)
hex dump (first 32 bytes):
50 ce c1 09 81 88 ff ff e0 ff ff ff 0f 00 00 00 P...............
10 ce c1 09 81 88 ff ff 10 ce c1 09 81 88 ff ff ................
backtrace:
[<ffffffff825fdb42>] kmalloc include/linux/slab.h:581 [inline]
[<ffffffff825fdb42>] pty_common_install+0x72/0x3d0 drivers/tty/pty.c:382
[<ffffffff825eec7b>] tty_driver_install_tty drivers/tty/tty_io.c:1307 [inline]
[<ffffffff825eec7b>] tty_init_dev.part.0+0x5b/0x2f0 drivers/tty/tty_io.c:1419
[<ffffffff825eef50>] tty_init_dev+0x40/0x60 drivers/tty/tty_io.c:1409
[<ffffffff825fd949>] ptmx_open drivers/tty/pty.c:834 [inline]
[<ffffffff825fd949>] ptmx_open+0xd9/0x210 drivers/tty/pty.c:800
[<ffffffff815c628d>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
[<ffffffff815b4c46>] do_dentry_open+0x1e6/0x650 fs/open.c:824
[<ffffffff815db101>] do_open fs/namei.c:3476 [inline]
[<ffffffff815db101>] path_openat+0x18a1/0x1e70 fs/namei.c:3609
[<ffffffff815dddd1>] do_filp_open+0xc1/0x1b0 fs/namei.c:3636
[<ffffffff815b841d>] do_sys_openat2+0xed/0x260 fs/open.c:1213
[<ffffffff815b8e6f>] do_sys_open fs/open.c:1229 [inline]
[<ffffffff815b8e6f>] __do_sys_openat fs/open.c:1245 [inline]
[<ffffffff815b8e6f>] __se_sys_openat fs/open.c:1240 [inline]
[<ffffffff815b8e6f>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1240
[<ffffffff84565f05>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84565f05>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 3d7285a335ed Merge tag 'v5.18-p2' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1590d0e6f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=50f4d49cdcacc43c
dashboard link: https://syzkaller.appspot.com/bug?extid=5e1694f5b0869a691915
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17647111f00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10ad531df00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5e1694...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810da76400 (size 1024):
comm "syz-executor299", pid 3683, jiffies 4294957001 (age 29.640s)
hex dump (first 32 bytes):
01 54 00 00 01 00 00 00 00 00 00 00 00 00 00 00 .T..............
40 95 0d 04 81 88 ff ff 00 fc c4 84 ff ff ff ff @...............
backtrace:
[<ffffffff825ee96c>] kmalloc include/linux/slab.h:581 [inline]
[<ffffffff825ee96c>] kzalloc include/linux/slab.h:714 [inline]
[<ffffffff825ee96c>] alloc_tty_struct+0x3c/0x2f0 drivers/tty/tty_io.c:3091
[<ffffffff825eec40>] tty_init_dev.part.0+0x20/0x2f0 drivers/tty/tty_io.c:1412
[<ffffffff825eef50>] tty_init_dev+0x40/0x60 drivers/tty/tty_io.c:1409
[<ffffffff825fd949>] ptmx_open drivers/tty/pty.c:834 [inline]
[<ffffffff825fd949>] ptmx_open+0xd9/0x210 drivers/tty/pty.c:800
[<ffffffff815c628d>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
[<ffffffff815b4c46>] do_dentry_open+0x1e6/0x650 fs/open.c:824
[<ffffffff815db101>] do_open fs/namei.c:3476 [inline]
[<ffffffff815db101>] path_openat+0x18a1/0x1e70 fs/namei.c:3609
[<ffffffff815dddd1>] do_filp_open+0xc1/0x1b0 fs/namei.c:3636
[<ffffffff815b841d>] do_sys_openat2+0xed/0x260 fs/open.c:1213
[<ffffffff815b8e6f>] do_sys_open fs/open.c:1229 [inline]
[<ffffffff815b8e6f>] __do_sys_openat fs/open.c:1245 [inline]
[<ffffffff815b8e6f>] __se_sys_openat fs/open.c:1240 [inline]
[<ffffffff815b8e6f>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1240
[<ffffffff84565f05>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84565f05>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff888109c1ce00 (size 512):
comm "syz-executor299", pid 3683, jiffies 4294957001 (age 29.640s)
hex dump (first 32 bytes):
50 ce c1 09 81 88 ff ff e0 ff ff ff 0f 00 00 00 P...............
10 ce c1 09 81 88 ff ff 10 ce c1 09 81 88 ff ff ................
backtrace:
[<ffffffff825fdb42>] kmalloc include/linux/slab.h:581 [inline]
[<ffffffff825fdb42>] pty_common_install+0x72/0x3d0 drivers/tty/pty.c:382
[<ffffffff825eec7b>] tty_driver_install_tty drivers/tty/tty_io.c:1307 [inline]
[<ffffffff825eec7b>] tty_init_dev.part.0+0x5b/0x2f0 drivers/tty/tty_io.c:1419
[<ffffffff825eef50>] tty_init_dev+0x40/0x60 drivers/tty/tty_io.c:1409
[<ffffffff825fd949>] ptmx_open drivers/tty/pty.c:834 [inline]
[<ffffffff825fd949>] ptmx_open+0xd9/0x210 drivers/tty/pty.c:800
[<ffffffff815c628d>] chrdev_open+0x10d/0x340 fs/char_dev.c:414
[<ffffffff815b4c46>] do_dentry_open+0x1e6/0x650 fs/open.c:824
[<ffffffff815db101>] do_open fs/namei.c:3476 [inline]
[<ffffffff815db101>] path_openat+0x18a1/0x1e70 fs/namei.c:3609
[<ffffffff815dddd1>] do_filp_open+0xc1/0x1b0 fs/namei.c:3636
[<ffffffff815b841d>] do_sys_openat2+0xed/0x260 fs/open.c:1213
[<ffffffff815b8e6f>] do_sys_open fs/open.c:1229 [inline]
[<ffffffff815b8e6f>] __do_sys_openat fs/open.c:1245 [inline]
[<ffffffff815b8e6f>] __se_sys_openat fs/open.c:1240 [inline]
[<ffffffff815b8e6f>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1240
[<ffffffff84565f05>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84565f05>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 14, 2023, 3:29:42 AM4/14/23
to syzkall...@googlegroups.com
Auto-closing this bug as obsolete.
No recent activity, existing reproducers are no longer triggering the issue.
No recent activity, existing reproducers are no longer triggering the issue.
Reply all
Reply to author
Forward
0 new messages