Hello, syzbot found the following issue on: HEAD commit: 0bb80ecc33a8 Linux 6.6-rc1 git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=10a8aad8680000 kernel config: https://syzkaller.appspot.com/x/.config?x=99ce3535087fc27 dashboard link: https://syzkaller.appspot.com/bug?extid=b5d1f455d385b2c7da3c compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=163a9e30680000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14fcd4a0680000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/ce21ae500663/disk-0bb80ecc.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/1d2f34908198/vmlinux-0bb80ecc.xz kernel image: https://storage.googleapis.com/syzbot-assets/9c6f5eecda20/bzImage-0bb80ecc.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b5d1f455d385b2c7da3c@xxxxxxxxxxxxxxxxxxxxxxxxx BUG: memory leak unreferenced object 0xffff888101230c00 (size 1024): comm "syz-executor201", pid 5036, jiffies 4294942174 (age 8.190s) hex dump (first 32 bytes): 00 78 0f 11 81 88 ff ff 00 00 00 00 00 00 00 00 .x.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff81573b75>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1114 [<ffffffff827ec407>] kmalloc include/linux/slab.h:599 [inline] [<ffffffff827ec407>] kzalloc include/linux/slab.h:720 [inline] [<ffffffff827ec407>] gsm_dlci_alloc+0x27/0x1f0 drivers/tty/n_gsm.c:2640 [<ffffffff827ec5ec>] gsm_activate_mux+0x1c/0x1c0 drivers/tty/n_gsm.c:3129 [<ffffffff827f310f>] gsm_config_ext drivers/tty/n_gsm.c:3434 [inline] [<ffffffff827f310f>] gsmld_ioctl+0x6cf/0x9f0 drivers/tty/n_gsm.c:3798 [<ffffffff827d7bbb>] tty_ioctl+0x3eb/0xc70 drivers/tty/tty_io.c:2785 [<ffffffff816b25f2>] vfs_ioctl fs/ioctl.c:51 [inline] [<ffffffff816b25f2>] __do_sys_ioctl fs/ioctl.c:871 [inline] [<ffffffff816b25f2>] __se_sys_ioctl fs/ioctl.c:857 [inline] [<ffffffff816b25f2>] __x64_sys_ioctl+0xf2/0x140 fs/ioctl.c:857 [<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff888104f38000 (size 4096): comm "syz-executor201", pid 5036, jiffies 4294942174 (age 8.190s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff815742ab>] __do_kmalloc_node mm/slab_common.c:1022 [inline] [<ffffffff815742ab>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036 [<ffffffff824f9f89>] kmalloc_array include/linux/slab.h:636 [inline] [<ffffffff824f9f89>] __kfifo_alloc+0x89/0xe0 lib/kfifo.c:43 [<ffffffff827ec451>] gsm_dlci_alloc+0x71/0x1f0 drivers/tty/n_gsm.c:2645 [<ffffffff827ec5ec>] gsm_activate_mux+0x1c/0x1c0 drivers/tty/n_gsm.c:3129 [<ffffffff827f310f>] gsm_config_ext drivers/tty/n_gsm.c:3434 [inline] [<ffffffff827f310f>] gsmld_ioctl+0x6cf/0x9f0 drivers/tty/n_gsm.c:3798 [<ffffffff827d7bbb>] tty_ioctl+0x3eb/0xc70 drivers/tty/tty_io.c:2785 [<ffffffff816b25f2>] vfs_ioctl fs/ioctl.c:51 [inline] [<ffffffff816b25f2>] __do_sys_ioctl fs/ioctl.c:871 [inline] [<ffffffff816b25f2>] __se_sys_ioctl fs/ioctl.c:857 [inline] [<ffffffff816b25f2>] __x64_sys_ioctl+0xf2/0x140 fs/ioctl.c:857 [<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
