Dear Linux Developers for DVB, We encountered "memory leak in dvb_dmxdev_add_pid" when testing the DVB driver with Syzkaller and our generated specifications. The C reproducer and the config for the kernel are attached. The memory leak originates from the allocated dmxdev_feed structure, as referenced in the code at [https://elixir.bootlin.com/linux/latest/source/drivers/media/dvb-core/dmxdev.c#L881]. This structure fails to be freed upon entering the code branch found at [https://elixir.bootlin.com/linux/latest/source/drivers/media/dvb-core/dmxdev.c#L891]. ``` ioctl$KGPT_DMX_START(r0, 0x6f29, 0x0) BUG: memory leak unreferenced object 0xffff88802e9ae7e0 (size 32): comm "syz-executor.0", pid 27777, jiffies 4295115050 (age 15.550s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 08 c0 6a 05 00 c9 ff ff 08 c0 6a 05 00 c9 ff ff ..j.......j..... backtrace: [<ffffffff8169126f>] kmemleak_alloc_recursive scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/./include/linux/kmemleak.h:42 [inline] [<ffffffff8169126f>] slab_post_alloc_hook scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/mm/slab.h:766 [inline] [<ffffffff8169126f>] slab_alloc_node scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/mm/slub.c:3478 [inline] [<ffffffff8169126f>] __kmem_cache_alloc_node+0x2ff/0x3e0 scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/mm/slub.c:3517 [<ffffffff815d9da9>] kmalloc_trace+0x29/0x90 scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/mm/slab_common.c:1098 [<ffffffff83db2e09>] kmalloc scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/./include/linux/slab.h:600 [inline] [<ffffffff83db2e09>] kzalloc scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/./include/linux/slab.h:721 [inline] [<ffffffff83db2e09>] dvb_dmxdev_add_pid+0xa9/0x160 scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/drivers/media/dvb-core/dmxdev.c:881 [<ffffffff83db48de>] dvb_dmxdev_pes_filter_set scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/drivers/media/dvb-core/dmxdev.c:956 [inline] [<ffffffff83db48de>] dvb_demux_do_ioctl+0x67e/0xa80 scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/drivers/media/dvb-core/dmxdev.c:1076 [<ffffffff83db1252>] dvb_usercopy+0x82/0x220 scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/drivers/media/dvb-core/dvbdev.c:986 [<ffffffff83db1b51>] dvb_demux_ioctl+0x31/0x40 scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/drivers/media/dvb-core/dmxdev.c:1185 [<ffffffff8171ca88>] vfs_ioctl scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/fs/ioctl.c:51 [inline] [<ffffffff8171ca88>] __do_sys_ioctl scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/fs/ioctl.c:871 [inline] [<ffffffff8171ca88>] __se_sys_ioctl scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/fs/ioctl.c:857 [inline] [<ffffffff8171ca88>] __x64_sys_ioctl+0x108/0x150 scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/fs/ioctl.c:857 [<ffffffff8540b150>] do_syscall_x64 scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/arch/x86/entry/common.c:51 [inline] [<ffffffff8540b150>] do_syscall_64+0x40/0x110 scratch/zijie-data/LLM-Kernel/spec-eval/shared_linux_builds/syzbot-leak-more_631373bc9e824969/arch/x86/entry/common.c:82 [<ffffffff8560008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b ``` If you have any questions or require more information, please feel free to contact us. Reported-by: Chenyuan Yang <chenyuan0y@xxxxxxxxx> Best, Chenyuan
Attachment:
config
Description: Binary data
Attachment:
dvb_memleak.c
Description: Binary data
