syzbot


memory leak in create_ctx

Status: fixed on 2019/08/27 17:15
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+06537213db7ba2745c4a@syzkaller.appspotmail.com
Fix commit: 95fa145479fb bpf: sockmap/tls, close can race with map free
First crash: 1813d, last: 1813d
Discussions (8)
Title Replies (including bot) Last reply
[PATCH bpf v4 00/14] sockmap/tls fixes 19 (19) 2019/07/22 15:48
[bpf PATCH v3 0/8] sockmap/tls fixes 10 (10) 2019/07/17 04:03
[bpf PATCH v2 0/6] bpf: sockmap/tls fixes 27 (27) 2019/07/15 20:58
memory leak in create_ctx 3 (5) 2019/07/01 05:40
[PATCH 0/2] tls, add unhash callback 12 (12) 2019/06/29 03:46
Reminder: 17 open syzbot bugs in "net/tls" subsystem 1 (1) 2019/06/25 05:50
Re: memory leak in create_ctx 1 (1) 2019/06/14 04:21
Re: memory leak in create_ctx 2 (2) 2019/06/11 17:16
Last patch testing requests (1)
Created Duration User Patch Repo Result
2019/07/01 05:28 10m john.fastabend@gmail.com git://github.com/cilium/linux ktls-unhash report log

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
2019/06/08 14:55:51 executed programs: 15
2019/06/08 14:55:56 executed programs: 31
2019/06/08 14:56:02 executed programs: 51
BUG: memory leak
unreferenced object 0xffff888117ceae00 (size 512):
  comm "syz-executor.3", pid 7233, jiffies 4294949016 (age 13.640s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000e6550967>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
    [<00000000e6550967>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000e6550967>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000e6550967>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<0000000014132182>] kmalloc include/linux/slab.h:547 [inline]
    [<0000000014132182>] kzalloc include/linux/slab.h:742 [inline]
    [<0000000014132182>] create_ctx+0x25/0x70 net/tls/tls_main.c:601
    [<00000000e08e1a44>] tls_init net/tls/tls_main.c:787 [inline]
    [<00000000e08e1a44>] tls_init+0x97/0x1e0 net/tls/tls_main.c:769
    [<0000000037b0c43c>] __tcp_set_ulp net/ipv4/tcp_ulp.c:126 [inline]
    [<0000000037b0c43c>] tcp_set_ulp+0xe2/0x190 net/ipv4/tcp_ulp.c:147
    [<000000007a284277>] do_tcp_setsockopt.isra.0+0x19a/0xd60 net/ipv4/tcp.c:2784
    [<00000000f35f3415>] tcp_setsockopt+0x71/0x80 net/ipv4/tcp.c:3098
    [<00000000c840962c>] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3124
    [<0000000006b0801f>] __sys_setsockopt+0x98/0x120 net/socket.c:2072
    [<00000000a6309f52>] __do_sys_setsockopt net/socket.c:2083 [inline]
    [<00000000a6309f52>] __se_sys_setsockopt net/socket.c:2080 [inline]
    [<00000000a6309f52>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2080
    [<00000000fa555bbc>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<00000000a06d7d1a>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810965dc00 (size 512):
  comm "syz-executor.2", pid 7235, jiffies 4294949016 (age 13.640s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000e6550967>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
    [<00000000e6550967>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000e6550967>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000e6550967>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<0000000014132182>] kmalloc include/linux/slab.h:547 [inline]
    [<0000000014132182>] kzalloc include/linux/slab.h:742 [inline]
    [<0000000014132182>] create_ctx+0x25/0x70 net/tls/tls_main.c:601
    [<00000000e08e1a44>] tls_init net/tls/tls_main.c:787 [inline]
    [<00000000e08e1a44>] tls_init+0x97/0x1e0 net/tls/tls_main.c:769
    [<0000000037b0c43c>] __tcp_set_ulp net/ipv4/tcp_ulp.c:126 [inline]
    [<0000000037b0c43c>] tcp_set_ulp+0xe2/0x190 net/ipv4/tcp_ulp.c:147
    [<000000007a284277>] do_tcp_setsockopt.isra.0+0x19a/0xd60 net/ipv4/tcp.c:2784
    [<00000000f35f3415>] tcp_setsockopt+0x71/0x80 net/ipv4/tcp.c:3098
    [<00000000c840962c>] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3124
    [<0000000006b0801f>] __sys_setsockopt+0x98/0x120 net/socket.c:2072
    [<00000000a6309f52>] __do_sys_setsockopt net/socket.c:2083 [inline]
    [<00000000a6309f52>] __se_sys_setsockopt net/socket.c:2080 [inline]
    [<00000000a6309f52>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2080
    [<00000000fa555bbc>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<00000000a06d7d1a>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881207d7600 (size 512):
  comm "syz-executor.5", pid 7244, jiffies 4294949019 (age 13.610s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000e6550967>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
    [<00000000e6550967>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000e6550967>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000e6550967>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<0000000014132182>] kmalloc include/linux/slab.h:547 [inline]
    [<0000000014132182>] kzalloc include/linux/slab.h:742 [inline]
    [<0000000014132182>] create_ctx+0x25/0x70 net/tls/tls_main.c:601
    [<00000000e08e1a44>] tls_init net/tls/tls_main.c:787 [inline]
    [<00000000e08e1a44>] tls_init+0x97/0x1e0 net/tls/tls_main.c:769
    [<0000000037b0c43c>] __tcp_set_ulp net/ipv4/tcp_ulp.c:126 [inline]
    [<0000000037b0c43c>] tcp_set_ulp+0xe2/0x190 net/ipv4/tcp_ulp.c:147
    [<000000007a284277>] do_tcp_setsockopt.isra.0+0x19a/0xd60 net/ipv4/tcp.c:2784
    [<00000000f35f3415>] tcp_setsockopt+0x71/0x80 net/ipv4/tcp.c:3098
    [<00000000c840962c>] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3124
    [<0000000006b0801f>] __sys_setsockopt+0x98/0x120 net/socket.c:2072
    [<00000000a6309f52>] __do_sys_setsockopt net/socket.c:2083 [inline]
    [<00000000a6309f52>] __se_sys_setsockopt net/socket.c:2080 [inline]
    [<00000000a6309f52>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2080
    [<00000000fa555bbc>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<00000000a06d7d1a>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/08 15:09 upstream 79c3ba3206c7 0159583c .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.