syzbot


memory leak in llc_ui_sendmsg

Status: fixed on 2019/11/04 14:50
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+31c16aa4202dace3812e@syzkaller.appspotmail.com
Fix commit: c6ee11c39fcc llc: fix sk_buff leak in llc_sap_state_process()
First crash: 1829d, last: 1677d
Discussions (19)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 4.14 01/33] iommu/arm-smmu: Free context bitmap in the err path of arm_smmu_init_domain_context 37 (37) 2020/09/08 12:12
[PATCH 3.16 000/136] 3.16.80-rc1 review 140 (140) 2019/12/23 14:00
[PATCH 4.19 000/149] 4.19.82-stable review 169 (169) 2019/11/11 09:36
[PATCH 4.9 00/62] 4.9.199-stable review 72 (72) 2019/11/06 11:17
[PATCH 5.3 000/163] 5.3.9-stable review 174 (174) 2019/11/06 10:49
[PATCH 4.14 00/95] 4.14.152-stable review 102 (102) 2019/11/05 23:37
[PATCH 4.4 00/46] 4.4.199-stable review 52 (52) 2019/11/05 23:36
[PATCH AUTOSEL 4.4 01/17] iommu/arm-smmu: Free context bitmap in the err path of arm_smmu_init_domain_context 16 (16) 2019/10/26 13:23
[PATCH AUTOSEL 4.9 01/21] iommu/arm-smmu: Free context bitmap in the err path of arm_smmu_init_domain_context 20 (20) 2019/10/26 13:22
[PATCH AUTOSEL 4.19 01/59] tools: bpf: Use !building_out_of_srctree to determine srctree 59 (59) 2019/10/26 13:19
[PATCH AUTOSEL 5.3 01/99] tools: bpf: Use !building_out_of_srctree to determine srctree 98 (98) 2019/10/26 13:16
[PATCH AUTOSEL 4.19 01/37] PCI/ASPM: Do not initialize link state when aspm_disabled is set 37 (37) 2019/10/26 07:44
[PATCH AUTOSEL 5.3 01/33] net: ipv6: fix listify ip6_rcv_finish in case of forwarding 35 (35) 2019/10/25 15:49
[PATCH AUTOSEL 4.9 01/20] PCI/ASPM: Do not initialize link state when aspm_disabled is set 20 (20) 2019/10/25 15:32
[PATCH AUTOSEL 4.4 01/16] PCI/ASPM: Do not initialize link state when aspm_disabled is set 16 (16) 2019/10/25 13:58
[PATCH AUTOSEL 4.14 01/25] PCI/ASPM: Do not initialize link state when aspm_disabled is set 24 (24) 2019/10/25 13:57
[PATCH net 0/4] llc: fix sk_buff refcounting 6 (6) 2019/10/08 21:15
Reminder: 3 open syzbot bugs in "net/llc" subsystem 1 (1) 2019/07/24 02:39
memory leak in llc_ui_sendmsg 0 (1) 2019/05/21 13:40

Sample crash report:
executing program
BUG: memory leak
unreferenced object 0xffff8881196afe00 (size 224):
  comm "syz-executor983", pid 6961, jiffies 4294941078 (age 12.750s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 f0 3b 25 81 88 ff ff 00 f8 4a 1d 81 88 ff ff  ..;%......J.....
  backtrace:
    [<00000000eeaae93b>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000eeaae93b>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000eeaae93b>] slab_alloc_node mm/slab.c:3262 [inline]
    [<00000000eeaae93b>] kmem_cache_alloc_node+0x163/0x2f0 mm/slab.c:3574
    [<000000005bc539eb>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:197
    [<000000007d3587b1>] alloc_skb include/linux/skbuff.h:1049 [inline]
    [<000000007d3587b1>] alloc_skb_with_frags+0x5f/0x250 net/core/skbuff.c:5659
    [<00000000b67abc87>] sock_alloc_send_pskb+0x269/0x2a0 net/core/sock.c:2240
    [<000000000b344266>] sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2257
    [<00000000c7df6f24>] llc_ui_sendmsg+0x10a/0x540 net/llc/af_llc.c:933
    [<000000008ed306c6>] sock_sendmsg_nosec net/socket.c:637 [inline]
    [<000000008ed306c6>] sock_sendmsg+0x54/0x70 net/socket.c:657
    [<0000000035002b04>] ___sys_sendmsg+0x194/0x3c0 net/socket.c:2311
    [<0000000089d07f0c>] __sys_sendmmsg+0xf4/0x270 net/socket.c:2413
    [<00000000066cbbc8>] __do_sys_sendmmsg net/socket.c:2442 [inline]
    [<00000000066cbbc8>] __se_sys_sendmmsg net/socket.c:2439 [inline]
    [<00000000066cbbc8>] __x64_sys_sendmmsg+0x28/0x30 net/socket.c:2439
    [<00000000c088f8e9>] do_syscall_64+0x73/0x1f0 arch/x86/entry/common.c:290
    [<00000000aed5121d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881196afc00 (size 224):
  comm "syz-executor983", pid 6961, jiffies 4294941078 (age 12.750s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 f0 3b 25 81 88 ff ff 00 f8 4a 1d 81 88 ff ff  ..;%......J.....
  backtrace:
    [<00000000eeaae93b>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000eeaae93b>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000eeaae93b>] slab_alloc_node mm/slab.c:3262 [inline]
    [<00000000eeaae93b>] kmem_cache_alloc_node+0x163/0x2f0 mm/slab.c:3574
    [<000000005bc539eb>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:197
    [<000000007d3587b1>] alloc_skb include/linux/skbuff.h:1049 [inline]
    [<000000007d3587b1>] alloc_skb_with_frags+0x5f/0x250 net/core/skbuff.c:5659
    [<00000000b67abc87>] sock_alloc_send_pskb+0x269/0x2a0 net/core/sock.c:2240
    [<000000000b344266>] sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2257
    [<00000000c7df6f24>] llc_ui_sendmsg+0x10a/0x540 net/llc/af_llc.c:933
    [<000000008ed306c6>] sock_sendmsg_nosec net/socket.c:637 [inline]
    [<000000008ed306c6>] sock_sendmsg+0x54/0x70 net/socket.c:657
    [<0000000035002b04>] ___sys_sendmsg+0x194/0x3c0 net/socket.c:2311
    [<0000000089d07f0c>] __sys_sendmmsg+0xf4/0x270 net/socket.c:2413
    [<00000000066cbbc8>] __do_sys_sendmmsg net/socket.c:2442 [inline]
    [<00000000066cbbc8>] __se_sys_sendmmsg net/socket.c:2439 [inline]
    [<00000000066cbbc8>] __x64_sys_sendmmsg+0x28/0x30 net/socket.c:2439
    [<00000000c088f8e9>] do_syscall_64+0x73/0x1f0 arch/x86/entry/common.c:290
    [<00000000aed5121d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d5e5800 (size 512):
  comm "syz-executor983", pid 6961, jiffies 4294941078 (age 12.750s)
  hex dump (first 32 bytes):
    06 00 00 00 05 00 00 00 40 00 00 00 00 00 00 00  ........@.......
    40 00 00 00 c0 c0 bf 81 03 00 00 00 00 00 00 00  @...............
  backtrace:
    [<00000000bc5d4b2e>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000bc5d4b2e>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000bc5d4b2e>] slab_alloc_node mm/slab.c:3262 [inline]
    [<00000000bc5d4b2e>] kmem_cache_alloc_node_trace+0x161/0x2f0 mm/slab.c:3592
    [<00000000155eebdb>] __do_kmalloc_node mm/slab.c:3614 [inline]
    [<00000000155eebdb>] __kmalloc_node_track_caller+0x38/0x50 mm/slab.c:3629
    [<000000004197a47d>] __kmalloc_reserve.isra.0+0x40/0xb0 net/core/skbuff.c:141
    [<00000000da414281>] __alloc_skb+0xa0/0x210 net/core/skbuff.c:209
    [<000000007d3587b1>] alloc_skb include/linux/skbuff.h:1049 [inline]
    [<000000007d3587b1>] alloc_skb_with_frags+0x5f/0x250 net/core/skbuff.c:5659
    [<00000000b67abc87>] sock_alloc_send_pskb+0x269/0x2a0 net/core/sock.c:2240
    [<000000000b344266>] sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2257
    [<00000000c7df6f24>] llc_ui_sendmsg+0x10a/0x540 net/llc/af_llc.c:933
    [<000000008ed306c6>] sock_sendmsg_nosec net/socket.c:637 [inline]
    [<000000008ed306c6>] sock_sendmsg+0x54/0x70 net/socket.c:657
    [<0000000035002b04>] ___sys_sendmsg+0x194/0x3c0 net/socket.c:2311
    [<0000000089d07f0c>] __sys_sendmmsg+0xf4/0x270 net/socket.c:2413
    [<00000000066cbbc8>] __do_sys_sendmmsg net/socket.c:2442 [inline]
    [<00000000066cbbc8>] __se_sys_sendmmsg net/socket.c:2439 [inline]
    [<00000000066cbbc8>] __x64_sys_sendmmsg+0x28/0x30 net/socket.c:2439
    [<00000000c088f8e9>] do_syscall_64+0x73/0x1f0 arch/x86/entry/common.c:290
    [<00000000aed5121d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881208d7200 (size 224):
  comm "syz-executor983", pid 6961, jiffies 4294941078 (age 12.750s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 f0 3b 25 81 88 ff ff 00 f8 4a 1d 81 88 ff ff  ..;%......J.....
  backtrace:
    [<00000000eeaae93b>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000eeaae93b>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000eeaae93b>] slab_alloc_node mm/slab.c:3262 [inline]
    [<00000000eeaae93b>] kmem_cache_alloc_node+0x163/0x2f0 mm/slab.c:3574
    [<000000005bc539eb>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:197
    [<000000007d3587b1>] alloc_skb include/linux/skbuff.h:1049 [inline]
    [<000000007d3587b1>] alloc_skb_with_frags+0x5f/0x250 net/core/skbuff.c:5659
    [<00000000b67abc87>] sock_alloc_send_pskb+0x269/0x2a0 net/core/sock.c:2240
    [<000000000b344266>] sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2257
    [<00000000c7df6f24>] llc_ui_sendmsg+0x10a/0x540 net/llc/af_llc.c:933
    [<000000008ed306c6>] sock_sendmsg_nosec net/socket.c:637 [inline]
    [<000000008ed306c6>] sock_sendmsg+0x54/0x70 net/socket.c:657
    [<0000000035002b04>] ___sys_sendmsg+0x194/0x3c0 net/socket.c:2311
    [<0000000089d07f0c>] __sys_sendmmsg+0xf4/0x270 net/socket.c:2413
    [<00000000066cbbc8>] __do_sys_sendmmsg net/socket.c:2442 [inline]
    [<00000000066cbbc8>] __se_sys_sendmmsg net/socket.c:2439 [inline]
    [<00000000066cbbc8>] __x64_sys_sendmmsg+0x28/0x30 net/socket.c:2439
    [<00000000c088f8e9>] do_syscall_64+0x73/0x1f0 arch/x86/entry/common.c:290
    [<00000000aed5121d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (125):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/19 21:58 upstream 998d75510e37 8c88c9c1 .config console log report syz C ci-upstream-gce-leak
2019/10/19 02:05 upstream b9959c7a347d 8c88c9c1 .config console log report syz C ci-upstream-gce-leak
2019/10/18 15:27 upstream 0e2adab6cf28 8c88c9c1 .config console log report syz C ci-upstream-gce-leak
2019/10/16 09:28 upstream 3b1f00aceb7a d4ea592f .config console log report syz C ci-upstream-gce-leak
2019/10/16 08:44 upstream 3b1f00aceb7a d4ea592f .config console log report syz C ci-upstream-gce-leak
2019/10/14 22:34 upstream 4f5cafb5cb84 05ad7292 .config console log report syz C ci-upstream-gce-leak
2019/10/12 15:46 upstream 1c0cc5f1ae5e 426631dd .config console log report syz C ci-upstream-gce-leak
2019/10/12 15:16 upstream 1c0cc5f1ae5e 426631dd .config console log report syz C ci-upstream-gce-leak
2019/10/12 05:05 upstream 9892f9f6cf83 426631dd .config console log report syz C ci-upstream-gce-leak
2019/10/10 00:51 upstream 8a8c600de5dc c4b9981b .config console log report syz C ci-upstream-gce-leak
2019/10/09 01:29 upstream eda57a0e4299 b1ebbfef .config console log report syz C ci-upstream-gce-leak
2019/10/08 23:56 upstream eda57a0e4299 b1ebbfef .config console log report syz C ci-upstream-gce-leak
2019/10/04 05:08 upstream cc3a7bfe62b9 fc17ba49 .config console log report syz C ci-upstream-gce-leak
2019/10/04 04:38 upstream cc3a7bfe62b9 fc17ba49 .config console log report syz C ci-upstream-gce-leak
2019/10/03 14:19 upstream 0f1a7b3fac05 fc17ba49 .config console log report syz C ci-upstream-gce-leak
2019/10/03 03:24 upstream 65aa35c93cc0 2e29b534 .config console log report syz C ci-upstream-gce-leak
2019/10/02 04:26 upstream 54ecb8f7028c b7a87a83 .config console log report syz C ci-upstream-gce-leak
2019/10/01 18:39 upstream 54ecb8f7028c b7a87a83 .config console log report syz C ci-upstream-gce-leak
2019/09/30 17:26 upstream 97f9a3c4eee5 c7a4fb99 .config console log report syz C ci-upstream-gce-leak
2019/09/29 09:56 upstream 02dc96ef6c25 c1ad5441 .config console log report syz C ci-upstream-gce-leak
2019/09/28 21:02 upstream f1f2f614d535 eb6b9855 .config console log report syz C ci-upstream-gce-leak
2019/09/26 22:14 upstream cbafe18c7102 2f1548bc .config console log report syz C ci-upstream-gce-leak
2019/09/26 03:02 upstream f41def397161 a3355dba .config console log report syz C ci-upstream-gce-leak
2019/09/24 11:00 upstream e94f8ccde471 c68252d2 .config console log report syz C ci-upstream-gce-leak
2019/09/23 19:02 upstream 3c6a6910a81e 1e9788a0 .config console log report syz C ci-upstream-gce-leak
2019/09/23 07:04 upstream 619e17cf75dd d96e88f3 .config console log report syz C ci-upstream-gce-leak
2019/09/21 04:51 upstream f97c81dc6ca5 d96e88f3 .config console log report syz C ci-upstream-gce-leak
2019/09/21 04:26 upstream f97c81dc6ca5 d96e88f3 .config console log report syz C ci-upstream-gce-leak
2019/09/20 14:56 upstream 574cc4539762 d96e88f3 .config console log report syz C ci-upstream-gce-leak
2019/09/20 05:14 upstream 3c2edc36a774 4d3ae0b7 .config console log report syz C ci-upstream-gce-leak
2019/09/20 04:53 upstream 3c2edc36a774 4d3ae0b7 .config console log report syz C ci-upstream-gce-leak
2019/09/18 08:45 upstream 7f2444d38f6b 03e0d245 .config console log report syz C ci-upstream-gce-leak
2019/09/17 16:19 upstream ad062195731b 13dcda9b .config console log report syz C ci-upstream-gce-leak
2019/09/17 15:27 upstream ad062195731b 13dcda9b .config console log report syz C ci-upstream-gce-leak
2019/09/17 03:45 upstream cef7298262e9 51ca0454 .config console log report syz C ci-upstream-gce-leak
2019/09/16 22:27 upstream 4d856f72c10e cb936299 .config console log report syz C ci-upstream-gce-leak
2019/09/16 11:31 upstream 4d856f72c10e cb936299 .config console log report syz C ci-upstream-gce-leak
2019/09/16 11:05 upstream 4d856f72c10e cb936299 .config console log report syz C ci-upstream-gce-leak
2019/09/13 16:03 upstream 505a8ec7e11a 40fa42bc .config console log report syz C ci-upstream-gce-leak
2019/09/13 15:31 upstream 505a8ec7e11a 40fa42bc .config console log report syz C ci-upstream-gce-leak
2019/09/12 21:59 upstream ad32b4800c2b 0b7672ee .config console log report syz C ci-upstream-gce-leak
2019/09/11 23:35 upstream 3120b9a6a3f7 f4e53c10 .config console log report syz C ci-upstream-gce-leak
2019/09/08 21:16 upstream 950b07c14e8c a60cb4cd .config console log report syz C ci-upstream-gce-leak
2019/09/08 20:47 upstream 950b07c14e8c a60cb4cd .config console log report syz C ci-upstream-gce-leak
2019/09/08 07:46 upstream b3a9964cfa69 a60cb4cd .config console log report syz C ci-upstream-gce-leak
2019/05/20 23:43 upstream f49aa1de9836 8285069f .config console log report syz C ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.