memory leak in dma_buf_ioctl
38 views
Skip to first unread message
syzbot
Jul 24, 2019, 5:48:06 AM7/24/19
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: abdfd52a Merge tag 'armsoc-defconfig' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=131441d0600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d31de3d88059b7fa
dashboard link: https://syzkaller.appspot.com/bug?extid=b2098bc44728a4efb3e9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12526e58600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=161784f0600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b2098b...@syzkaller.appspotmail.com
executing program
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888114034680 (size 32):
comm "syz-executor110", pid 6894, jiffies 4294947136 (age 13.580s)
hex dump (first 32 bytes):
00 64 6d 61 62 75 66 3a 00 00 00 00 00 00 00 00 .dmabuf:........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d259834b>] kmemleak_alloc_recursive
/./include/linux/kmemleak.h:43 [inline]
[<00000000d259834b>] slab_post_alloc_hook /mm/slab.h:522 [inline]
[<00000000d259834b>] slab_alloc /mm/slab.c:3319 [inline]
[<00000000d259834b>] __do_kmalloc /mm/slab.c:3653 [inline]
[<00000000d259834b>] __kmalloc_track_caller+0x165/0x300 /mm/slab.c:3670
[<00000000ab207ec1>] memdup_user+0x26/0xa0 /mm/util.c:165
[<00000000c0909d36>] strndup_user+0x62/0x80 /mm/util.c:224
[<00000000a34a2d25>] dma_buf_set_name /drivers/dma-buf/dma-buf.c:331
[inline]
[<00000000a34a2d25>] dma_buf_ioctl+0x60/0x1b0
/drivers/dma-buf/dma-buf.c:391
[<00000000d7817662>] vfs_ioctl /fs/ioctl.c:46 [inline]
[<00000000d7817662>] file_ioctl /fs/ioctl.c:509 [inline]
[<00000000d7817662>] do_vfs_ioctl+0x62a/0x810 /fs/ioctl.c:696
[<00000000d24a671a>] ksys_ioctl+0x86/0xb0 /fs/ioctl.c:713
[<00000000bd810f5d>] __do_sys_ioctl /fs/ioctl.c:720 [inline]
[<00000000bd810f5d>] __se_sys_ioctl /fs/ioctl.c:718 [inline]
[<00000000bd810f5d>] __x64_sys_ioctl+0x1e/0x30 /fs/ioctl.c:718
[<000000005a8e86d5>] do_syscall_64+0x76/0x1a0
/arch/x86/entry/common.c:296
[<000000007d83529f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888113b044a0 (size 32):
comm "syz-executor110", pid 6895, jiffies 4294947728 (age 7.660s)
hex dump (first 32 bytes):
00 64 6d 61 62 75 66 3a 00 00 00 00 00 00 00 00 .dmabuf:........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d259834b>] kmemleak_alloc_recursive
/./include/linux/kmemleak.h:43 [inline]
[<00000000d259834b>] slab_post_alloc_hook /mm/slab.h:522 [inline]
[<00000000d259834b>] slab_alloc /mm/slab.c:3319 [inline]
[<00000000d259834b>] __do_kmalloc /mm/slab.c:3653 [inline]
[<00000000d259834b>] __kmalloc_track_caller+0x165/0x300 /mm/slab.c:3670
[<00000000ab207ec1>] memdup_user+0x26/0xa0 /mm/util.c:165
[<00000000c0909d36>] strndup_user+0x62/0x80 /mm/util.c:224
[<00000000a34a2d25>] dma_buf_set_name /drivers/dma-buf/dma-buf.c:331
[inline]
[<00000000a34a2d25>] dma_buf_ioctl+0x60/0x1b0
/drivers/dma-buf/dma-buf.c:391
[<00000000d7817662>] vfs_ioctl /fs/ioctl.c:46 [inline]
[<00000000d7817662>] file_ioctl /fs/ioctl.c:509 [inline]
[<00000000d7817662>] do_vfs_ioctl+0x62a/0x810 /fs/ioctl.c:696
[<00000000d24a671a>] ksys_ioctl+0x86/0xb0 /fs/ioctl.c:713
[<00000000bd810f5d>] __do_sys_ioctl /fs/ioctl.c:720 [inline]
[<00000000bd810f5d>] __se_sys_ioctl /fs/ioctl.c:718 [inline]
[<00000000bd810f5d>] __x64_sys_ioctl+0x1e/0x30 /fs/ioctl.c:718
[<000000005a8e86d5>] do_syscall_64+0x76/0x1a0
/arch/x86/entry/common.c:296
[<000000007d83529f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: abdfd52a Merge tag 'armsoc-defconfig' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=131441d0600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d31de3d88059b7fa
dashboard link: https://syzkaller.appspot.com/bug?extid=b2098bc44728a4efb3e9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12526e58600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=161784f0600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b2098b...@syzkaller.appspotmail.com
executing program
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888114034680 (size 32):
comm "syz-executor110", pid 6894, jiffies 4294947136 (age 13.580s)
hex dump (first 32 bytes):
00 64 6d 61 62 75 66 3a 00 00 00 00 00 00 00 00 .dmabuf:........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d259834b>] kmemleak_alloc_recursive
/./include/linux/kmemleak.h:43 [inline]
[<00000000d259834b>] slab_post_alloc_hook /mm/slab.h:522 [inline]
[<00000000d259834b>] slab_alloc /mm/slab.c:3319 [inline]
[<00000000d259834b>] __do_kmalloc /mm/slab.c:3653 [inline]
[<00000000d259834b>] __kmalloc_track_caller+0x165/0x300 /mm/slab.c:3670
[<00000000ab207ec1>] memdup_user+0x26/0xa0 /mm/util.c:165
[<00000000c0909d36>] strndup_user+0x62/0x80 /mm/util.c:224
[<00000000a34a2d25>] dma_buf_set_name /drivers/dma-buf/dma-buf.c:331
[inline]
[<00000000a34a2d25>] dma_buf_ioctl+0x60/0x1b0
/drivers/dma-buf/dma-buf.c:391
[<00000000d7817662>] vfs_ioctl /fs/ioctl.c:46 [inline]
[<00000000d7817662>] file_ioctl /fs/ioctl.c:509 [inline]
[<00000000d7817662>] do_vfs_ioctl+0x62a/0x810 /fs/ioctl.c:696
[<00000000d24a671a>] ksys_ioctl+0x86/0xb0 /fs/ioctl.c:713
[<00000000bd810f5d>] __do_sys_ioctl /fs/ioctl.c:720 [inline]
[<00000000bd810f5d>] __se_sys_ioctl /fs/ioctl.c:718 [inline]
[<00000000bd810f5d>] __x64_sys_ioctl+0x1e/0x30 /fs/ioctl.c:718
[<000000005a8e86d5>] do_syscall_64+0x76/0x1a0
/arch/x86/entry/common.c:296
[<000000007d83529f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888113b044a0 (size 32):
comm "syz-executor110", pid 6895, jiffies 4294947728 (age 7.660s)
hex dump (first 32 bytes):
00 64 6d 61 62 75 66 3a 00 00 00 00 00 00 00 00 .dmabuf:........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d259834b>] kmemleak_alloc_recursive
/./include/linux/kmemleak.h:43 [inline]
[<00000000d259834b>] slab_post_alloc_hook /mm/slab.h:522 [inline]
[<00000000d259834b>] slab_alloc /mm/slab.c:3319 [inline]
[<00000000d259834b>] __do_kmalloc /mm/slab.c:3653 [inline]
[<00000000d259834b>] __kmalloc_track_caller+0x165/0x300 /mm/slab.c:3670
[<00000000ab207ec1>] memdup_user+0x26/0xa0 /mm/util.c:165
[<00000000c0909d36>] strndup_user+0x62/0x80 /mm/util.c:224
[<00000000a34a2d25>] dma_buf_set_name /drivers/dma-buf/dma-buf.c:331
[inline]
[<00000000a34a2d25>] dma_buf_ioctl+0x60/0x1b0
/drivers/dma-buf/dma-buf.c:391
[<00000000d7817662>] vfs_ioctl /fs/ioctl.c:46 [inline]
[<00000000d7817662>] file_ioctl /fs/ioctl.c:509 [inline]
[<00000000d7817662>] do_vfs_ioctl+0x62a/0x810 /fs/ioctl.c:696
[<00000000d24a671a>] ksys_ioctl+0x86/0xb0 /fs/ioctl.c:713
[<00000000bd810f5d>] __do_sys_ioctl /fs/ioctl.c:720 [inline]
[<00000000bd810f5d>] __se_sys_ioctl /fs/ioctl.c:718 [inline]
[<00000000bd810f5d>] __x64_sys_ioctl+0x1e/0x30 /fs/ioctl.c:718
[<000000005a8e86d5>] do_syscall_64+0x76/0x1a0
/arch/x86/entry/common.c:296
[<000000007d83529f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Dmitry Vyukov
Jul 24, 2019, 5:59:34 AM7/24/19
to syzbot, Sumit Semwal, linux...@vger.kernel.org, DRI, linaro...@lists.linaro.org, LKML, syzkaller-bugs
On Wed, Jul 24, 2019 at 11:48 AM syzbot
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b68e04058e6a3421%40google.com.
<syzbot+b2098b...@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: abdfd52a Merge tag 'armsoc-defconfig' of git://git.kernel...
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=131441d0600000
> kernel config: https://syzkaller.appspot.com/x/.config?x=d31de3d88059b7fa
> dashboard link: https://syzkaller.appspot.com/bug?extid=b2098bc44728a4efb3e9
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12526e58600000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=161784f0600000
+drivers/dma-buf/dma-buf.c maintainers
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: abdfd52a Merge tag 'armsoc-defconfig' of git://git.kernel...
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=131441d0600000
> kernel config: https://syzkaller.appspot.com/x/.config?x=d31de3d88059b7fa
> dashboard link: https://syzkaller.appspot.com/bug?extid=b2098bc44728a4efb3e9
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12526e58600000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=161784f0600000
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000b68e04058e6a3421%40google.com.
syzbot
Jul 25, 2019, 10:34:01 PM7/25/19
to bsing...@gmail.com, core...@netfilter.org, da...@davemloft.net, dri-...@lists.freedesktop.org, du...@suse.de, dvy...@google.com, ka...@trash.net, kad...@blackhole.kfki.hu, linaro...@lists.linaro.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, mi...@redhat.com, m...@ellerman.id.au, net...@vger.kernel.org, netfilt...@vger.kernel.org, pa...@netfilter.org, ros...@goodmis.org, sumit....@linaro.org, syzkall...@googlegroups.com
syzbot has bisected this bug to:
commit 04cf31a759ef575f750a63777cee95500e410994
Author: Michael Ellerman <m...@ellerman.id.au>
Date: Thu Mar 24 11:04:01 2016 +0000
ftrace: Make ftrace_location_range() global
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=154293f4600000
start commit: abdfd52a Merge tag 'armsoc-defconfig' of git://git.kernel...
git tree: upstream
final crash: https://syzkaller.appspot.com/x/report.txt?x=174293f4600000
console output: https://syzkaller.appspot.com/x/log.txt?x=134293f4600000
Fixes: 04cf31a759ef ("ftrace: Make ftrace_location_range() global")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 04cf31a759ef575f750a63777cee95500e410994
Author: Michael Ellerman <m...@ellerman.id.au>
Date: Thu Mar 24 11:04:01 2016 +0000
ftrace: Make ftrace_location_range() global
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=154293f4600000
start commit: abdfd52a Merge tag 'armsoc-defconfig' of git://git.kernel...
git tree: upstream
final crash: https://syzkaller.appspot.com/x/report.txt?x=174293f4600000
console output: https://syzkaller.appspot.com/x/log.txt?x=134293f4600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d31de3d88059b7fa
dashboard link: https://syzkaller.appspot.com/bug?extid=b2098bc44728a4efb3e9
dashboard link: https://syzkaller.appspot.com/bug?extid=b2098bc44728a4efb3e9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12526e58600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=161784f0600000
Reported-by: syzbot+b2098b...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=161784f0600000
Fixes: 04cf31a759ef ("ftrace: Make ftrace_location_range() global")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Steven Rostedt
Jul 25, 2019, 10:46:45 PM7/25/19
to syzbot, bsing...@gmail.com, core...@netfilter.org, da...@davemloft.net, dri-...@lists.freedesktop.org, du...@suse.de, dvy...@google.com, ka...@trash.net, kad...@blackhole.kfki.hu, linaro...@lists.linaro.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, mi...@redhat.com, m...@ellerman.id.au, net...@vger.kernel.org, netfilt...@vger.kernel.org, pa...@netfilter.org, sumit....@linaro.org, syzkall...@googlegroups.com
On Thu, 25 Jul 2019 19:34:01 -0700
setting a function from static to global will cause a memory leak in a
completely unrelated area of the kernel?
I'm about to set these to my /dev/null folder.
-- Steve
syzbot <syzbot+b2098b...@syzkaller.appspotmail.com> wrote:
> syzbot has bisected this bug to:
>
> commit 04cf31a759ef575f750a63777cee95500e410994
> Author: Michael Ellerman <m...@ellerman.id.au>
> Date: Thu Mar 24 11:04:01 2016 +0000
>
> ftrace: Make ftrace_location_range() global
It's sad that I have yet to find a single syzbot bisect useful. Really?
> syzbot has bisected this bug to:
>
> commit 04cf31a759ef575f750a63777cee95500e410994
> Author: Michael Ellerman <m...@ellerman.id.au>
> Date: Thu Mar 24 11:04:01 2016 +0000
>
> ftrace: Make ftrace_location_range() global
setting a function from static to global will cause a memory leak in a
completely unrelated area of the kernel?
I'm about to set these to my /dev/null folder.
-- Steve
Reply all
Reply to author
Forward
0 new messages