syzbot


memory leak in garp_request_join

Status: fixed on 2021/11/10 00:50
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+13ad608e190b5f8ad8a8@syzkaller.appspotmail.com
Fix commit: 42ca63f98084 net/802/garp: fix memleak in garp_request_join()
First crash: 1604d, last: 1077d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] net: 802: fix memory leak in garp_uninit_applicant 3 (3) 2021/07/19 10:29
memory leak in garp_request_join 0 (1) 2020/01/27 19:27
Last patch testing requests (6)
Created Duration User Patch Repo Result
2021/07/18 20:00 16m paskripkin@gmail.com patch upstream OK
2021/07/18 19:57 16m paskripkin@gmail.com patch upstream OK
2021/03/25 21:13 8m igormtorrente@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ master report log
2020/08/16 23:40 7m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git vlan report log
2020/08/16 22:02 7m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git net report log
2020/08/16 19:36 7m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git net report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888117503a00 (size 64):
  comm "syz-executor000", pid 8627, jiffies 4294942270 (age 12.640s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 08 00 00 00 01 02 00 00  ................
  backtrace:
    [<ffffffff8376f218>] kmalloc include/linux/slab.h:561 [inline]
    [<ffffffff8376f218>] garp_attr_create net/802/garp.c:187 [inline]
    [<ffffffff8376f218>] garp_request_join+0x138/0x220 net/802/garp.c:350
    [<ffffffff83da9816>] vlan_gvrp_request_join+0x96/0xa0 net/8021q/vlan_gvrp.c:34
    [<ffffffff83da8059>] vlan_dev_open+0x1f9/0x330 net/8021q/vlan_dev.c:289
    [<ffffffff836d4fd5>] __dev_open+0x175/0x260 net/core/dev.c:1609
    [<ffffffff836d56fa>] __dev_change_flags+0x2fa/0x390 net/core/dev.c:8741
    [<ffffffff836e5d94>] rtnl_configure_link+0x64/0x130 net/core/rtnetlink.c:3134
    [<ffffffff836ed814>] __rtnl_newlink+0xa74/0xdb0 net/core/rtnetlink.c:3460
    [<ffffffff836edb99>] rtnl_newlink+0x49/0x70 net/core/rtnetlink.c:3500
    [<ffffffff836e8d7c>] rtnetlink_rcv_msg+0x1fc/0x520 net/core/rtnetlink.c:5562
    [<ffffffff83821117>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2502
    [<ffffffff83820302>] netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
    [<ffffffff83820302>] netlink_unicast+0x392/0x4c0 net/netlink/af_netlink.c:1338
    [<ffffffff83820798>] netlink_sendmsg+0x368/0x6a0 net/netlink/af_netlink.c:1927
    [<ffffffff8368e946>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8368e946>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8368eeac>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2350
    [<ffffffff83692efb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2404
    [<ffffffff83692ff8>] __sys_sendmsg+0x88/0x100 net/socket.c:2433

BUG: memory leak
unreferenced object 0xffff8881175039c0 (size 64):
  comm "syz-executor000", pid 8627, jiffies 4294942270 (age 12.640s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 01 02 00 00  ................
  backtrace:
    [<ffffffff83770b23>] kmalloc include/linux/slab.h:561 [inline]
    [<ffffffff83770b23>] mrp_attr_create net/802/mrp.c:276 [inline]
    [<ffffffff83770b23>] mrp_request_join+0x153/0x260 net/802/mrp.c:530
    [<ffffffff83da99b6>] vlan_mvrp_request_join+0x96/0xa0 net/8021q/vlan_mvrp.c:40
    [<ffffffff83da8047>] vlan_dev_open+0x1e7/0x330 net/8021q/vlan_dev.c:292
    [<ffffffff836d4fd5>] __dev_open+0x175/0x260 net/core/dev.c:1609
    [<ffffffff836d56fa>] __dev_change_flags+0x2fa/0x390 net/core/dev.c:8741
    [<ffffffff836e5d94>] rtnl_configure_link+0x64/0x130 net/core/rtnetlink.c:3134
    [<ffffffff836ed814>] __rtnl_newlink+0xa74/0xdb0 net/core/rtnetlink.c:3460
    [<ffffffff836edb99>] rtnl_newlink+0x49/0x70 net/core/rtnetlink.c:3500
    [<ffffffff836e8d7c>] rtnetlink_rcv_msg+0x1fc/0x520 net/core/rtnetlink.c:5562
    [<ffffffff83821117>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2502
    [<ffffffff83820302>] netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
    [<ffffffff83820302>] netlink_unicast+0x392/0x4c0 net/netlink/af_netlink.c:1338
    [<ffffffff83820798>] netlink_sendmsg+0x368/0x6a0 net/netlink/af_netlink.c:1927
    [<ffffffff8368e946>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8368e946>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8368eeac>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2350
    [<ffffffff83692efb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2404
    [<ffffffff83692ff8>] __sys_sendmsg+0x88/0x100 net/socket.c:2433

BUG: memory leak
unreferenced object 0xffff888117503b80 (size 64):
  comm "syz-executor000", pid 8634, jiffies 4294942798 (age 7.360s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 08 00 00 00 01 02 00 00  ................
  backtrace:
    [<ffffffff8376f218>] kmalloc include/linux/slab.h:561 [inline]
    [<ffffffff8376f218>] garp_attr_create net/802/garp.c:187 [inline]
    [<ffffffff8376f218>] garp_request_join+0x138/0x220 net/802/garp.c:350
    [<ffffffff83da9816>] vlan_gvrp_request_join+0x96/0xa0 net/8021q/vlan_gvrp.c:34
    [<ffffffff83da8059>] vlan_dev_open+0x1f9/0x330 net/8021q/vlan_dev.c:289
    [<ffffffff836d4fd5>] __dev_open+0x175/0x260 net/core/dev.c:1609
    [<ffffffff836d56fa>] __dev_change_flags+0x2fa/0x390 net/core/dev.c:8741
    [<ffffffff836e5d94>] rtnl_configure_link+0x64/0x130 net/core/rtnetlink.c:3134
    [<ffffffff836ed814>] __rtnl_newlink+0xa74/0xdb0 net/core/rtnetlink.c:3460
    [<ffffffff836edb99>] rtnl_newlink+0x49/0x70 net/core/rtnetlink.c:3500
    [<ffffffff836e8d7c>] rtnetlink_rcv_msg+0x1fc/0x520 net/core/rtnetlink.c:5562
    [<ffffffff83821117>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2502
    [<ffffffff83820302>] netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
    [<ffffffff83820302>] netlink_unicast+0x392/0x4c0 net/netlink/af_netlink.c:1338
    [<ffffffff83820798>] netlink_sendmsg+0x368/0x6a0 net/netlink/af_netlink.c:1927
    [<ffffffff8368e946>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8368e946>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8368eeac>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2350
    [<ffffffff83692efb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2404
    [<ffffffff83692ff8>] __sys_sendmsg+0x88/0x100 net/socket.c:2433


Crashes (414):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/05/18 08:08 upstream 8ac91e6c6033 a343ba6b .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/05/04 12:05 upstream 5e321ded302d 09efdd63 .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/04/25 06:55 upstream 8db5efb83fa9 17f0b706 .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/04/18 12:35 upstream c98ff1d013d2 7e2b734b .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/04/12 16:00 upstream d434405aaab7 bfeda1b1 .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/02/18 03:06 upstream f40ddce88593 14052202 .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/02/17 22:59 upstream f40ddce88593 14052202 .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/02/17 18:20 upstream f40ddce88593 052f8d9f .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/02/15 16:55 upstream f40ddce88593 98682e5e .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/02/14 21:00 upstream 358feceebbf6 98682e5e .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/02/14 18:51 upstream 358feceebbf6 98682e5e .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/02/12 08:17 upstream 291009f656e8 a5f86b15 .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/02/10 08:00 upstream e0756cfc7d7c 2bd9619f .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/02/09 12:32 upstream e0756cfc7d7c 2bd9619f .config console log report syz C ci-upstream-gce-leak memory leak in garp_request_join
2021/01/15 09:01 upstream 146620506274 65a7a854 .config console log report syz C ci-upstream-gce-leak
2020/08/16 21:53 upstream 2cc3c4b3c2e9 424dd8e7 .config console log report syz C ci-upstream-gce-leak
2020/08/16 18:02 upstream 4b6c093e21d3 424dd8e7 .config console log report syz C ci-upstream-gce-leak
2020/01/27 19:02 upstream d5226fa6dbae dd56146d .config console log report syz C ci-upstream-gce-leak
2020/01/23 19:24 upstream 131701c697e8 3334d684 .config console log report syz C ci-upstream-gce-leak
2021/07/03 17:44 upstream 3dbdb38e2869 55aa55c2 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/07/03 11:03 upstream 3dbdb38e2869 55aa55c2 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/06/26 15:18 upstream b7050b242430 9d2ab5df .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/06/25 20:34 upstream 44db63d1ad8d ae6bf8dd .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/06/25 10:56 upstream 4a09d388f2ab 0edbbe31 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/06/18 21:55 upstream fd0aa1a4567d aba2b2fb .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/06/09 08:54 upstream 4c8684fe555e 5c2fe346 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/06/07 18:38 upstream 614124bea77e e59537be .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/06/04 21:24 upstream f88cd3fb9df2 966a236b .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/06/01 13:56 upstream c2131f7e73c9 032639db .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/30 21:52 upstream b90e90f40b4f 325a8dab .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/28 08:04 upstream 97e5bf604b7a 858ea628 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/28 00:57 upstream d7c5303fbc8a 858ea628 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/26 13:05 upstream ad9f25d33860 54f0bcf1 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/24 03:47 upstream 6ebb6814a1ef 3c7fef33 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/23 07:31 upstream 23d729263037 3c7fef33 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/21 07:38 upstream ba816d3c265c 3c7fef33 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/19 11:45 upstream 8ac91e6c6033 a343ba6b .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/18 20:18 upstream 8ac91e6c6033 a343ba6b .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/18 16:00 upstream 8ac91e6c6033 a343ba6b .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/18 12:17 upstream 8ac91e6c6033 a343ba6b .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/13 09:09 upstream dbb5afad100a ed7d41c5 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/12 16:06 upstream 88b06399c9c7 da958a4d .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/12 09:05 upstream 88b06399c9c7 b3c3bb8e .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/05/09 04:30 upstream dd860052c99b bc5434be .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/04/28 01:24 upstream 57fa2369ab17 805b5003 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/04/25 21:09 upstream 2a1d7946fa53 36c88236 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/04/10 21:45 upstream d4961772226d bfeda1b1 .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/04/06 00:53 upstream 0a50438c8436 6a81331a .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/03/31 06:04 upstream 2bb25b3a748a 6a81331a .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/03/18 08:22 upstream 6417f03132a6 fdb2bb2c .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
2021/03/15 20:29 upstream 1e28eed17697 fdb2bb2c .config console log report syz ci-upstream-gce-leak memory leak in garp_request_join
* Struck through repros no longer work on HEAD.