syzbot


memory leak in copy_net_ns

Status: fixed on 2019/11/23 02:56
Reported-by: syzbot+3b3296d032353c33184b@syzkaller.appspotmail.com
Fix commit: 82ecff655e79 keys: Fix memory leak in copy_net_ns
First crash: 1743d, last: 1628d
Cause bisection: introduced by (bisect log) :
commit 195bc0f8443d8d564ae95d2e9c19ac0edfd647c3
Author: Namhyung Kim <namhyung@kernel.org>
Date: Tue Sep 13 07:45:50 2016 +0000

  perf ui/stdio: Rename print_hierarchy_header()

Crash: unregister_netdevice: waiting for DEV to become free (log)
Repro: C syz .config
  
Discussions (3)
Title Replies (including bot) Last reply
[PATCH 5.3 000/140] 5.3.10-stable review 146 (146) 2019/11/09 15:50
[PATCH net] keys: Fix memory leak in copy_net_ns 1 (1) 2019/10/19 06:34
memory leak in copy_net_ns 1 (3) 2019/10/19 04:00
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in copy_net_ns (2) net syz 2 175d 137d 0/26 auto-obsoleted due to no activity on 2024/02/10 06:01
Last patch testing requests (1)
Created Duration User Patch Repo Result
2019/10/19 03:43 16m jeliantsurux@gmail.com patch https://github.com/google/kasan.git 43b815c6 OK

Sample crash report:
executing program
BUG: memory leak
unreferenced object 0xffff888107c22c60 (size 32):
  comm "syz-executor179", pid 7312, jiffies 4294942510 (age 29.690s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000009bbc2b5>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<0000000009bbc2b5>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<0000000009bbc2b5>] slab_alloc mm/slab.c:3319 [inline]
    [<0000000009bbc2b5>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
    [<000000003f4bb9e5>] kmalloc include/linux/slab.h:556 [inline]
    [<000000003f4bb9e5>] kzalloc include/linux/slab.h:690 [inline]
    [<000000003f4bb9e5>] net_alloc net/core/net_namespace.c:416 [inline]
    [<000000003f4bb9e5>] copy_net_ns+0xb2/0x220 net/core/net_namespace.c:463
    [<00000000379487db>] create_new_namespaces+0x141/0x2a0 kernel/nsproxy.c:103
    [<000000000b47c967>] unshare_nsproxy_namespaces+0x7f/0x100 kernel/nsproxy.c:202
    [<00000000335e32d6>] ksys_unshare+0x237/0x490 kernel/fork.c:2827
    [<000000007a17af5d>] __do_sys_unshare kernel/fork.c:2895 [inline]
    [<000000007a17af5d>] __se_sys_unshare kernel/fork.c:2893 [inline]
    [<000000007a17af5d>] __x64_sys_unshare+0x16/0x20 kernel/fork.c:2893
    [<0000000015b40c67>] do_syscall_64+0x73/0x1f0 arch/x86/entry/common.c:290
    [<0000000056dec0ba>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888107c22c60 (size 32):
  comm "syz-executor179", pid 7312, jiffies 4294942510 (age 32.220s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000009bbc2b5>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<0000000009bbc2b5>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<0000000009bbc2b5>] slab_alloc mm/slab.c:3319 [inline]
    [<0000000009bbc2b5>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
    [<000000003f4bb9e5>] kmalloc include/linux/slab.h:556 [inline]
    [<000000003f4bb9e5>] kzalloc include/linux/slab.h:690 [inline]
    [<000000003f4bb9e5>] net_alloc net/core/net_namespace.c:416 [inline]
    [<000000003f4bb9e5>] copy_net_ns+0xb2/0x220 net/core/net_namespace.c:463
    [<00000000379487db>] create_new_namespaces+0x141/0x2a0 kernel/nsproxy.c:103
    [<000000000b47c967>] unshare_nsproxy_namespaces+0x7f/0x100 kernel/nsproxy.c:202
    [<00000000335e32d6>] ksys_unshare+0x237/0x490 kernel/fork.c:2827
    [<000000007a17af5d>] __do_sys_unshare kernel/fork.c:2895 [inline]
    [<000000007a17af5d>] __se_sys_unshare kernel/fork.c:2893 [inline]
    [<000000007a17af5d>] __x64_sys_unshare+0x16/0x20 kernel/fork.c:2893
    [<0000000015b40c67>] do_syscall_64+0x73/0x1f0 arch/x86/entry/common.c:290
    [<0000000056dec0ba>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888107c22c60 (size 32):
  comm "syz-executor179", pid 7312, jiffies 4294942510 (age 32.300s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000009bbc2b5>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<0000000009bbc2b5>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<0000000009bbc2b5>] slab_alloc mm/slab.c:3319 [inline]
    [<0000000009bbc2b5>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
    [<000000003f4bb9e5>] kmalloc include/linux/slab.h:556 [inline]
    [<000000003f4bb9e5>] kzalloc include/linux/slab.h:690 [inline]
    [<000000003f4bb9e5>] net_alloc net/core/net_namespace.c:416 [inline]
    [<000000003f4bb9e5>] copy_net_ns+0xb2/0x220 net/core/net_namespace.c:463
    [<00000000379487db>] create_new_namespaces+0x141/0x2a0 kernel/nsproxy.c:103
    [<000000000b47c967>] unshare_nsproxy_namespaces+0x7f/0x100 kernel/nsproxy.c:202
    [<00000000335e32d6>] ksys_unshare+0x237/0x490 kernel/fork.c:2827
    [<000000007a17af5d>] __do_sys_unshare kernel/fork.c:2895 [inline]
    [<000000007a17af5d>] __se_sys_unshare kernel/fork.c:2893 [inline]
    [<000000007a17af5d>] __x64_sys_unshare+0x16/0x20 kernel/fork.c:2893
    [<0000000015b40c67>] do_syscall_64+0x73/0x1f0 arch/x86/entry/common.c:290
    [<0000000056dec0ba>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888107c22c60 (size 32):
  comm "syz-executor179", pid 7312, jiffies 4294942510 (age 32.370s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000009bbc2b5>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<0000000009bbc2b5>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<0000000009bbc2b5>] slab_alloc mm/slab.c:3319 [inline]
    [<0000000009bbc2b5>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
    [<000000003f4bb9e5>] kmalloc include/linux/slab.h:556 [inline]
    [<000000003f4bb9e5>] kzalloc include/linux/slab.h:690 [inline]
    [<000000003f4bb9e5>] net_alloc net/core/net_namespace.c:416 [inline]
    [<000000003f4bb9e5>] copy_net_ns+0xb2/0x220 net/core/net_namespace.c:463
    [<00000000379487db>] create_new_namespaces+0x141/0x2a0 kernel/nsproxy.c:103
    [<000000000b47c967>] unshare_nsproxy_namespaces+0x7f/0x100 kernel/nsproxy.c:202
    [<00000000335e32d6>] ksys_unshare+0x237/0x490 kernel/fork.c:2827
    [<000000007a17af5d>] __do_sys_unshare kernel/fork.c:2895 [inline]
    [<000000007a17af5d>] __se_sys_unshare kernel/fork.c:2893 [inline]
    [<000000007a17af5d>] __x64_sys_unshare+0x16/0x20 kernel/fork.c:2893
    [<0000000015b40c67>] do_syscall_64+0x73/0x1f0 arch/x86/entry/common.c:290
    [<0000000056dec0ba>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888107c22c60 (size 32):
  comm "syz-executor179", pid 7312, jiffies 4294942510 (age 32.450s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000009bbc2b5>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<0000000009bbc2b5>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<0000000009bbc2b5>] slab_alloc mm/slab.c:3319 [inline]
    [<0000000009bbc2b5>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
    [<000000003f4bb9e5>] kmalloc include/linux/slab.h:556 [inline]
    [<000000003f4bb9e5>] kzalloc include/linux/slab.h:690 [inline]
    [<000000003f4bb9e5>] net_alloc net/core/net_namespace.c:416 [inline]
    [<000000003f4bb9e5>] copy_net_ns+0xb2/0x220 net/core/net_namespace.c:463
    [<00000000379487db>] create_new_namespaces+0x141/0x2a0 kernel/nsproxy.c:103
    [<000000000b47c967>] unshare_nsproxy_namespaces+0x7f/0x100 kernel/nsproxy.c:202
    [<00000000335e32d6>] ksys_unshare+0x237/0x490 kernel/fork.c:2827
    [<000000007a17af5d>] __do_sys_unshare kernel/fork.c:2895 [inline]
    [<000000007a17af5d>] __se_sys_unshare kernel/fork.c:2893 [inline]
    [<000000007a17af5d>] __x64_sys_unshare+0x16/0x20 kernel/fork.c:2893
    [<0000000015b40c67>] do_syscall_64+0x73/0x1f0 arch/x86/entry/common.c:290
    [<0000000056dec0ba>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

executing program
executing program
executing program

Crashes (422):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/11/01 11:02 upstream e472c64aa4fa a41ca8fa .config console log report syz C ci-upstream-gce-leak
2019/10/31 11:33 upstream e472c64aa4fa a41ca8fa .config console log report syz C ci-upstream-gce-leak
2019/10/30 22:37 upstream 320000e72ec0 a41ca8fa .config console log report syz C ci-upstream-gce-leak
2019/10/30 20:09 upstream 320000e72ec0 5ea87a66 .config console log report syz C ci-upstream-gce-leak
2019/10/30 15:57 upstream 320000e72ec0 5ea87a66 .config console log report syz C ci-upstream-gce-leak
2019/10/30 04:10 upstream 23fdb198ae81 5ea87a66 .config console log report syz C ci-upstream-gce-leak
2019/10/29 20:56 upstream 23fdb198ae81 5ea87a66 .config console log report syz C ci-upstream-gce-leak
2019/10/29 15:01 upstream 8005803a2ca0 5ea87a66 .config console log report syz C ci-upstream-gce-leak
2019/10/29 07:03 upstream 8005803a2ca0 5ea87a66 .config console log report syz C ci-upstream-gce-leak
2019/10/29 04:01 upstream 9e5eefba3d09 439d7b14 .config console log report syz C ci-upstream-gce-leak
2019/10/29 03:31 upstream 9e5eefba3d09 439d7b14 .config console log report syz C ci-upstream-gce-leak
2019/10/28 19:02 upstream 9e5eefba3d09 439d7b14 .config console log report syz C ci-upstream-gce-leak
2019/10/28 18:25 upstream 9e5eefba3d09 439d7b14 .config console log report syz C ci-upstream-gce-leak
2019/10/28 17:58 upstream 9e5eefba3d09 439d7b14 .config console log report syz C ci-upstream-gce-leak
2019/10/28 03:49 upstream d6d5df1db6e9 25bb509e .config console log report syz C ci-upstream-gce-leak
2019/10/27 23:15 upstream d6d5df1db6e9 25bb509e .config console log report syz C ci-upstream-gce-leak
2019/10/27 14:03 upstream 5a1e843c66fa 25bb509e .config console log report syz C ci-upstream-gce-leak
2019/10/26 21:23 upstream f877bee5ea0b 25bb509e .config console log report syz C ci-upstream-gce-leak
2019/10/26 20:04 upstream f877bee5ea0b 25bb509e .config console log report syz C ci-upstream-gce-leak
2019/10/26 19:36 upstream f877bee5ea0b 25bb509e .config console log report syz C ci-upstream-gce-leak
2019/10/26 06:21 upstream 8caacaad78b6 413926c5 .config console log report syz C ci-upstream-gce-leak
2019/10/26 03:11 upstream 8caacaad78b6 c2e837da .config console log report syz C ci-upstream-gce-leak
2019/10/25 17:59 upstream 39a38bcba4ab c2e837da .config console log report syz C ci-upstream-gce-leak
2019/10/25 16:32 upstream 39a38bcba4ab c2e837da .config console log report syz C ci-upstream-gce-leak
2019/10/25 10:48 upstream 39a38bcba4ab d01bb02a .config console log report syz C ci-upstream-gce-leak
2019/10/25 07:23 upstream 39a38bcba4ab d01bb02a .config console log report syz C ci-upstream-gce-leak
2019/10/24 18:13 upstream f116b96685a0 d01bb02a .config console log report syz C ci-upstream-gce-leak
2019/10/24 10:23 upstream 13b86bc4cd64 d01bb02a .config console log report syz C ci-upstream-gce-leak
2019/10/23 17:08 upstream 13b86bc4cd64 b602d64b .config console log report syz C ci-upstream-gce-leak
2019/10/23 14:47 upstream 13b86bc4cd64 d0686497 .config console log report syz C ci-upstream-gce-leak
2019/07/09 13:43 upstream 5ad18b2e60b7 f62e1e85 .config console log report syz C ci-upstream-gce-leak
2019/11/01 08:14 upstream e472c64aa4fa a41ca8fa .config console log report syz ci-upstream-gce-leak
2019/10/31 00:39 upstream 320000e72ec0 a41ca8fa .config console log report syz ci-upstream-gce-leak
2019/10/29 08:28 upstream 8005803a2ca0 5ea87a66 .config console log report syz ci-upstream-gce-leak
2019/10/28 15:31 upstream 9e5eefba3d09 25bb509e .config console log report syz ci-upstream-gce-leak
2019/10/28 05:53 upstream d6d5df1db6e9 25bb509e .config console log report syz ci-upstream-gce-leak
2019/10/28 02:07 upstream d6d5df1db6e9 25bb509e .config console log report syz ci-upstream-gce-leak
2019/10/27 16:44 upstream 5a1e843c66fa 25bb509e .config console log report syz ci-upstream-gce-leak
2019/10/27 01:30 upstream f877bee5ea0b 25bb509e .config console log report syz ci-upstream-gce-leak
2019/10/26 09:53 upstream 8caacaad78b6 413926c5 .config console log report syz ci-upstream-gce-leak
2019/10/26 02:48 upstream 8caacaad78b6 c2e837da .config console log report syz ci-upstream-gce-leak
2019/10/23 20:56 upstream 13b86bc4cd64 b602d64b .config console log report syz ci-upstream-gce-leak
2019/10/23 19:20 upstream 13b86bc4cd64 b602d64b .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.