syzbot


memory leak in ___neigh_create (2)

Status: upstream: reported syz repro on 2024/01/05 17:32
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
Fix commit: net: stop syzbot
Patched on: [], missing on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-net-next-test-gce ci2-upstream-usb]
First crash: 594d, last: 209d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [net?] memory leak in ___neigh_create (2) 3 (77) 2024/05/16 18:28
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in ___neigh_create usb net syz 9 967d 1253d 0/26 closed as invalid on 2022/01/11 13:53
Last patch testing requests (11)
Created Duration User Patch Repo Result
2023/12/19 09:30 14m edumazet@google.com upstream report log
2023/11/19 02:27 14m retest repro upstream report log
2023/11/09 01:24 17m retest repro upstream OK log
2023/10/14 09:46 49m retest repro upstream OK log
2023/10/14 09:46 36m retest repro upstream OK log
2023/09/10 13:49 31m retest repro upstream OK log
2023/09/10 13:49 31m retest repro upstream OK log
2023/09/10 13:49 59m retest repro upstream OK log
2023/09/10 01:49 19m retest repro upstream OK log
2023/09/10 01:49 19m retest repro upstream OK log
2023/09/10 01:49 19m retest repro upstream OK log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
  comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
  hex dump (first 32 bytes):
    00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff  .........)#.....
    c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00  .yyD....rx......
  backtrace:
    [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
    [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
    [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
    [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
    [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
    [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
    [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
    [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
    [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
    [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
    [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
    [<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
    [<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
    [<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
    [<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
    [<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
    [<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
    [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
    [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
    [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
    [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
  comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff  .........)#.....
    00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00  .yyD....rx......
  backtrace:
    [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
    [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
    [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
    [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
    [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
    [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
    [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
    [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
    [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
    [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
    [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
    [<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
    [<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
    [<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
    [<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
    [<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
    [<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
    [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
    [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
    [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
    [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
  comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff  .........)#.....
    c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00  .vyD....sx......
  backtrace:
    [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
    [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
    [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
    [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
    [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
    [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
    [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
    [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
    [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
    [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
    [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
    [<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
    [<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
    [<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
    [<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
    [<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
    [<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
    [<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
    [<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
    [<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
    [<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
    [<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
    [<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
    [<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
  comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff  .........)#.....
    80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00  .wyD....sx......
  backtrace:
    [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
    [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
    [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
    [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
    [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
    [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
    [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
    [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
    [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
    [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
    [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
    [<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
    [<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
    [<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
    [<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
    [<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
    [<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
    [<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
    [<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
    [<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
    [<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
    [<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
    [<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
    [<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd


Crashes (26):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/12/30 10:27 upstream 2258c2dc850b 44712fbc .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/06/25 10:25 upstream a92b7d26c743 09ffe269 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2022/11/22 09:06 upstream eb7081409f94 1c576c23 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/10/26 00:26 upstream 4f82870119a4 72e794c4 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/09/30 09:06 upstream 71e58659bfc0 8e26a358 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/09/22 16:24 upstream 27bbf45eae9c 0b6a67ac .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in ___neigh_create
2023/07/31 21:18 upstream 5d0c230f1de8 2a0d0f29 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/07/23 07:00 upstream 725d444db6b0 27cbe77f .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/07/17 15:53 upstream fdf0eaf11452 e5f10889 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/07/04 01:10 upstream a901a3568fd2 6e553898 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/05/08 05:28 upstream 17784de648be 90c93c40 .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in ___neigh_create
2023/05/06 16:50 upstream 2e1e1337881b 90c93c40 .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in ___neigh_create
2023/03/19 15:12 upstream a3671bd86a97 7939252e .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/01/18 12:50 upstream c1649ec55708 42660d9e .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/01/14 22:12 upstream 97ec4d559d93 a63719e7 .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in ___neigh_create
2023/01/06 20:42 upstream 1f5abbd77e2c 1dac8c7a .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2022/12/01 19:57 upstream ef4d3ea40565 e080de16 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2022/11/19 06:31 upstream 84368d882b96 5bb70014 .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in ___neigh_create
2022/11/15 13:04 upstream e01d50cbd6ee 97de9cfc .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2022/11/14 06:15 upstream af7a05689189 3ead01ad .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2022/10/30 04:19 upstream 91562cf99364 2a71366b .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2022/10/15 12:02 upstream 9c9155a3509a 67cb024c .config console log report syz [disk image] [vmlinux] [mounted in repro #1] [mounted in repro #2] ci-upstream-gce-leak memory leak in ___neigh_create
2022/10/05 21:49 upstream 2bca25eaeba6 267e3bb1 .config console log report syz [disk image] [vmlinux] ci-upstream-gce-leak memory leak in ___neigh_create
2023/08/06 23:10 upstream f0ab9f34e59e 4ffcc9ef .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/08/06 06:18 upstream f6a691685962 4ffcc9ef .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
2023/08/04 15:46 upstream c1a515d3c027 74621247 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ___neigh_create
* Struck through repros no longer work on HEAD.