memory leak in drm_vma_node_allow
65 views
Skip to first unread message
syzbot
Apr 11, 2020, 3:59:16 AM4/11/20
to air...@linux.ie, dan...@ffwll.ch, dri-...@lists.freedesktop.org, linux-...@vger.kernel.org, maarten....@linux.intel.com, mri...@kernel.org, syzkall...@googlegroups.com, tzimm...@suse.de
Hello,
syzbot found the following crash on:
HEAD commit: 7e634208 Merge tag 'acpi-5.7-rc1-2' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=156ec43be00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d7f19fdf7ef2f5a4
dashboard link: https://syzkaller.appspot.com/bug?extid=04639d98c75c52e41b8a
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=121898ede00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+04639d...@syzkaller.appspotmail.com
2020/04/07 05:10:47 executed programs: 23
2020/04/07 05:10:53 executed programs: 35
2020/04/07 05:11:00 executed programs: 46
2020/04/07 05:11:06 executed programs: 62
BUG: memory leak
unreferenced object 0xffff888104682080 (size 64):
comm "syz-executor.5", pid 8616, jiffies 4294946318 (age 15.290s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 da bd 03 81 88 ff ff ................
backtrace:
[<00000000cac525e9>] kmalloc include/linux/slab.h:555 [inline]
[<00000000cac525e9>] drm_vma_node_allow+0x32/0x120 drivers/gpu/drm/drm_vma_manager.c:274
[<00000000ab055b7c>] drm_gem_handle_create_tail+0xd8/0x250 drivers/gpu/drm/drm_gem.c:403
[<00000000d1e67364>] vgem_gem_create drivers/gpu/drm/vgem/vgem_drv.c:198 [inline]
[<00000000d1e67364>] vgem_gem_dumb_create+0x73/0x100 drivers/gpu/drm/vgem/vgem_drv.c:218
[<00000000dd87232b>] drm_mode_create_dumb+0xbe/0xf0 drivers/gpu/drm/drm_dumb_buffers.c:94
[<00000000d7ff7e08>] drm_ioctl_kernel+0xcb/0x130 drivers/gpu/drm/drm_ioctl.c:787
[<0000000080a20f26>] drm_ioctl+0x25c/0x420 drivers/gpu/drm/drm_ioctl.c:887
[<00000000d53a93ee>] vfs_ioctl fs/ioctl.c:47 [inline]
[<00000000d53a93ee>] ksys_ioctl+0xa6/0xd0 fs/ioctl.c:763
[<00000000c5492a67>] __do_sys_ioctl fs/ioctl.c:772 [inline]
[<00000000c5492a67>] __se_sys_ioctl fs/ioctl.c:770 [inline]
[<00000000c5492a67>] __x64_sys_ioctl+0x1a/0x20 fs/ioctl.c:770
[<00000000becf688f>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<0000000050094727>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 7e634208 Merge tag 'acpi-5.7-rc1-2' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=156ec43be00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d7f19fdf7ef2f5a4
dashboard link: https://syzkaller.appspot.com/bug?extid=04639d98c75c52e41b8a
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=121898ede00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+04639d...@syzkaller.appspotmail.com
2020/04/07 05:10:47 executed programs: 23
2020/04/07 05:10:53 executed programs: 35
2020/04/07 05:11:00 executed programs: 46
2020/04/07 05:11:06 executed programs: 62
BUG: memory leak
unreferenced object 0xffff888104682080 (size 64):
comm "syz-executor.5", pid 8616, jiffies 4294946318 (age 15.290s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 da bd 03 81 88 ff ff ................
backtrace:
[<00000000cac525e9>] kmalloc include/linux/slab.h:555 [inline]
[<00000000cac525e9>] drm_vma_node_allow+0x32/0x120 drivers/gpu/drm/drm_vma_manager.c:274
[<00000000ab055b7c>] drm_gem_handle_create_tail+0xd8/0x250 drivers/gpu/drm/drm_gem.c:403
[<00000000d1e67364>] vgem_gem_create drivers/gpu/drm/vgem/vgem_drv.c:198 [inline]
[<00000000d1e67364>] vgem_gem_dumb_create+0x73/0x100 drivers/gpu/drm/vgem/vgem_drv.c:218
[<00000000dd87232b>] drm_mode_create_dumb+0xbe/0xf0 drivers/gpu/drm/drm_dumb_buffers.c:94
[<00000000d7ff7e08>] drm_ioctl_kernel+0xcb/0x130 drivers/gpu/drm/drm_ioctl.c:787
[<0000000080a20f26>] drm_ioctl+0x25c/0x420 drivers/gpu/drm/drm_ioctl.c:887
[<00000000d53a93ee>] vfs_ioctl fs/ioctl.c:47 [inline]
[<00000000d53a93ee>] ksys_ioctl+0xa6/0xd0 fs/ioctl.c:763
[<00000000c5492a67>] __do_sys_ioctl fs/ioctl.c:772 [inline]
[<00000000c5492a67>] __se_sys_ioctl fs/ioctl.c:770 [inline]
[<00000000c5492a67>] __x64_sys_ioctl+0x1a/0x20 fs/ioctl.c:770
[<00000000becf688f>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<0000000050094727>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Igor Torrente
Mar 10, 2021, 8:38:03 AM3/10/21
to syzkaller-bugs
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ master
syzbot
Mar 10, 2021, 8:38:07 AM3/10/21
to Igor Torrente, igormt...@gmail.com, syzkall...@googlegroups.com
> #syz test:
I see the command but can't find the corresponding bug.
Please resend the email to syzbo...@syzkaller.appspotmail.com address
that is the sender of the bug report (also present in the Reported-by tag).
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/200669a6-96cc-4c96-a748-0b0be0c91477n%40googlegroups.com.
I see the command but can't find the corresponding bug.
Please resend the email to syzbo...@syzkaller.appspotmail.com address
that is the sender of the bug report (also present in the Reported-by tag).
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/200669a6-96cc-4c96-a748-0b0be0c91477n%40googlegroups.com.
syzbot
Mar 10, 2021, 9:47:10 AM3/10/21
to igormt...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in drm_vma_node_allow
2021/03/10 14:46:00 executed programs: 132
BUG: memory leak
unreferenced object 0xffff8881256ee280 (size 64):
comm "syz-executor.7", pid 11116, jiffies 4294949693 (age 16.450s)
backtrace:
[<000000001044f41c>] kmalloc include/linux/slab.h:554 [inline]
[<000000001044f41c>] drm_vma_node_allow+0x32/0x120 drivers/gpu/drm/drm_vma_manager.c:274
[<0000000039cdfb89>] drm_gem_handle_create_tail+0x107/0x250 drivers/gpu/drm/drm_gem.c:390
[<0000000069546020>] vgem_gem_create drivers/gpu/drm/vgem/vgem_drv.c:203 [inline]
[<0000000069546020>] vgem_gem_dumb_create+0x8d/0x240 drivers/gpu/drm/vgem/vgem_drv.c:223
[<000000005a419bcc>] drm_mode_create_dumb+0x121/0x150 drivers/gpu/drm/drm_dumb_buffers.c:96
[<00000000c7d2aa9d>] drm_ioctl_kernel+0xf0/0x160 drivers/gpu/drm/drm_ioctl.c:787
[<00000000e3de4c3c>] drm_ioctl+0x2c8/0x4c0 drivers/gpu/drm/drm_ioctl.c:887
[<00000000c6de34af>] vfs_ioctl fs/ioctl.c:48 [inline]
[<00000000c6de34af>] __do_sys_ioctl fs/ioctl.c:753 [inline]
[<00000000c6de34af>] __se_sys_ioctl fs/ioctl.c:739 [inline]
[<00000000c6de34af>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:739
[<0000000017fb1e54>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000267c1811>] entry_SYSCALL_64_after_hwframe+0x44/0xae
Tested on:
commit: 05a59d79 Merge git://git.kernel.org:/pub/scm/linux/kernel/..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ master
console output: https://syzkaller.appspot.com/x/log.txt?x=16a93152d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7f272e2e8f44941a
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in drm_vma_node_allow
2021/03/10 14:46:00 executed programs: 132
BUG: memory leak
unreferenced object 0xffff8881256ee280 (size 64):
comm "syz-executor.7", pid 11116, jiffies 4294949693 (age 16.450s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 0c 75 24 81 88 ff ff ..........u$....
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000001044f41c>] kmalloc include/linux/slab.h:554 [inline]
[<000000001044f41c>] drm_vma_node_allow+0x32/0x120 drivers/gpu/drm/drm_vma_manager.c:274
[<0000000039cdfb89>] drm_gem_handle_create_tail+0x107/0x250 drivers/gpu/drm/drm_gem.c:390
[<0000000069546020>] vgem_gem_create drivers/gpu/drm/vgem/vgem_drv.c:203 [inline]
[<0000000069546020>] vgem_gem_dumb_create+0x8d/0x240 drivers/gpu/drm/vgem/vgem_drv.c:223
[<000000005a419bcc>] drm_mode_create_dumb+0x121/0x150 drivers/gpu/drm/drm_dumb_buffers.c:96
[<00000000c7d2aa9d>] drm_ioctl_kernel+0xf0/0x160 drivers/gpu/drm/drm_ioctl.c:787
[<00000000e3de4c3c>] drm_ioctl+0x2c8/0x4c0 drivers/gpu/drm/drm_ioctl.c:887
[<00000000c6de34af>] vfs_ioctl fs/ioctl.c:48 [inline]
[<00000000c6de34af>] __do_sys_ioctl fs/ioctl.c:753 [inline]
[<00000000c6de34af>] __se_sys_ioctl fs/ioctl.c:739 [inline]
[<00000000c6de34af>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:739
[<0000000017fb1e54>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000267c1811>] entry_SYSCALL_64_after_hwframe+0x44/0xae
Tested on:
commit: 05a59d79 Merge git://git.kernel.org:/pub/scm/linux/kernel/..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ master
console output: https://syzkaller.appspot.com/x/log.txt?x=16a93152d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7f272e2e8f44941a
Igor Torrente
Mar 25, 2021, 9:30:58 AM3/25/21
to syzkaller-bugs
Hello,
Anyone can inform if there any special Qemu configuration or another thing necessary to reproduce this issue and drm_client_buffer_vunmap?
I generated three different .c (-collide, - threaded and one without any special option) from the syz-reproducer but none of them reproduce this issue. In fact, not a single message in dmesg shows up for this particular issue + reproducer.
Thanks,
Dmitry Vyukov
Mar 25, 2021, 10:27:50 AM3/25/21
to Igor Torrente, syzkaller-bugs, LKML
On Thu, Mar 25, 2021 at 2:31 PM Igor Torrente <igormt...@gmail.com> wrote:
>
> Hello,
>
> Anyone can inform if there any special Qemu configuration or another thing necessary to reproduce this issue and drm_client_buffer_vunmap?
>
> I generated three different .c (-collide, - threaded and one without any special option) from the syz-reproducer but none of them reproduce this issue. In fact, not a single message in dmesg shows up for this particular issue + reproducer.
>
> Thanks,
+lkml
>
> Hello,
>
> Anyone can inform if there any special Qemu configuration or another thing necessary to reproduce this issue and drm_client_buffer_vunmap?
>
> I generated three different .c (-collide, - threaded and one without any special option) from the syz-reproducer but none of them reproduce this issue. In fact, not a single message in dmesg shows up for this particular issue + reproducer.
>
> Thanks,
Hi Igor,
Both of these happened on GCE VMs, so there are no qemu flags per se.
If this depends on exact hardware and you want to recreate the
environment, you need to create a GCE VM with EnableDisplay property.
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/b0e69e38-f037-4823-a12b-82680c9494den%40googlegroups.com.
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
Igor Torrente
Mar 25, 2021, 11:02:57 AM3/25/21
to syzkaller-bugs
Thanks Dmitry !!
syzbot
Nov 9, 2022, 1:25:48 PM11/9/22
to 1111...@vivo.com, air...@gmail.com, air...@linux.ie, anant.th...@gmail.com, dan...@ffwll.ch, dri-...@lists.freedesktop.org, igormt...@gmail.com, linux-...@vger.kernel.org, maarten....@linux.intel.com, mri...@kernel.org, syzkall...@googlegroups.com, tzimm...@suse.de
syzbot has found a reproducer for the following issue on:
HEAD commit: f141df371335 Merge tag 'audit-pr-20221107' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=123bdcd1880000
kernel config: https://syzkaller.appspot.com/x/.config?x=f7ebe38e4b66a7b
dashboard link: https://syzkaller.appspot.com/bug?extid=04639d98c75c52e41b8a
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=158ec0c1880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120cc3e1880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d056ae4a8f32/disk-f141df37.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/02fdf71b87b4/vmlinux-f141df37.xz
kernel image: https://storage.googleapis.com/syzbot-assets/14078d70a64d/bzImage-f141df37.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+04639d...@syzkaller.appspotmail.com
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff88810f65f0c0 (size 64):
comm "syz-executor402", pid 3630, jiffies 4294948375 (age 13.410s)
backtrace:
[<ffffffff814cfce0>] kmalloc_trace+0x20/0x90 mm/slab_common.c:1046
[<ffffffff826b5bd2>] kmalloc include/linux/slab.h:576 [inline]
[<ffffffff826b5bd2>] drm_vma_node_allow+0x32/0x120 drivers/gpu/drm/drm_vma_manager.c:274
[<ffffffff8269bbda>] drm_gem_handle_create_tail+0x10a/0x250 drivers/gpu/drm/drm_gem.c:377
[<ffffffff826e45e9>] drm_gem_shmem_create_with_handle drivers/gpu/drm/drm_gem_shmem_helper.c:432 [inline]
[<ffffffff826e45e9>] drm_gem_shmem_dumb_create+0xb9/0x200 drivers/gpu/drm/drm_gem_shmem_helper.c:534
[<ffffffff826cb557>] drm_mode_create_dumb+0x117/0x150 drivers/gpu/drm/drm_dumb_buffers.c:96
[<ffffffff8269d094>] drm_ioctl_kernel+0x144/0x260 drivers/gpu/drm/drm_ioctl.c:788
[<ffffffff8269d49c>] drm_ioctl+0x2ec/0x4f0 drivers/gpu/drm/drm_ioctl.c:891
[<ffffffff81602aec>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff81602aec>] __do_sys_ioctl fs/ioctl.c:870 [inline]
[<ffffffff81602aec>] __se_sys_ioctl fs/ioctl.c:856 [inline]
[<ffffffff81602aec>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:856
[<ffffffff84608245>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84608245>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
HEAD commit: f141df371335 Merge tag 'audit-pr-20221107' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=123bdcd1880000
kernel config: https://syzkaller.appspot.com/x/.config?x=f7ebe38e4b66a7b
dashboard link: https://syzkaller.appspot.com/bug?extid=04639d98c75c52e41b8a
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=158ec0c1880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120cc3e1880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d056ae4a8f32/disk-f141df37.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/02fdf71b87b4/vmlinux-f141df37.xz
kernel image: https://storage.googleapis.com/syzbot-assets/14078d70a64d/bzImage-f141df37.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+04639d...@syzkaller.appspotmail.com
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff88810f65f0c0 (size 64):
comm "syz-executor402", pid 3630, jiffies 4294948375 (age 13.410s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 94 b3 05 81 88 ff ff ................
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff814cfce0>] kmalloc_trace+0x20/0x90 mm/slab_common.c:1046
[<ffffffff826b5bd2>] kmalloc include/linux/slab.h:576 [inline]
[<ffffffff826b5bd2>] drm_vma_node_allow+0x32/0x120 drivers/gpu/drm/drm_vma_manager.c:274
[<ffffffff8269bbda>] drm_gem_handle_create_tail+0x10a/0x250 drivers/gpu/drm/drm_gem.c:377
[<ffffffff826e45e9>] drm_gem_shmem_create_with_handle drivers/gpu/drm/drm_gem_shmem_helper.c:432 [inline]
[<ffffffff826e45e9>] drm_gem_shmem_dumb_create+0xb9/0x200 drivers/gpu/drm/drm_gem_shmem_helper.c:534
[<ffffffff826cb557>] drm_mode_create_dumb+0x117/0x150 drivers/gpu/drm/drm_dumb_buffers.c:96
[<ffffffff8269d094>] drm_ioctl_kernel+0x144/0x260 drivers/gpu/drm/drm_ioctl.c:788
[<ffffffff8269d49c>] drm_ioctl+0x2ec/0x4f0 drivers/gpu/drm/drm_ioctl.c:891
[<ffffffff81602aec>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff81602aec>] __do_sys_ioctl fs/ioctl.c:870 [inline]
[<ffffffff81602aec>] __se_sys_ioctl fs/ioctl.c:856 [inline]
[<ffffffff81602aec>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:856
[<ffffffff84608245>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84608245>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Reply all
Reply to author
Forward
0 new messages