syzbot


memory leak in __pskb_copy_fclone

Status: fixed on 2022/01/07 15:08
Subsystems: wpan
[Documentation on labels]
Reported-by: syzbot+44b651863a17760a893b@syzkaller.appspotmail.com
Fix commit: 1090340f7ee5 net: Fix memory leak in ieee802154_raw_deliver
First crash: 1249d, last: 1105d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH wpan 00/17] ieee802154: syzbot fixes 25 (25) 2021/03/06 23:35
memory leak in __pskb_copy_fclone 0 (1) 2021/02/22 09:25
Last patch testing requests (2)
Created Duration User Patch Repo Result
2021/03/19 00:07 8m tseewald@gmail.com patch git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git master report log
2021/03/09 23:36 8m tseewald@gmail.com git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git master report log

Sample crash report:
executing program
BUG: memory leak
unreferenced object 0xffff88810da1a700 (size 232):
  comm "syz-executor321", pid 8470, jiffies 4294956228 (age 12.600s)
  hex dump (first 32 bytes):
    10 a1 7f 01 81 88 ff ff 10 a1 7f 01 81 88 ff ff  ................
    00 00 00 00 00 00 00 00 40 a0 7f 01 81 88 ff ff  ........@.......
  backtrace:
    [<ffffffff836e04af>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:414
    [<ffffffff836e7f13>] __pskb_copy_fclone+0x73/0x340 net/core/skbuff.c:1609
    [<ffffffff82b36e13>] __pskb_copy include/linux/skbuff.h:1176 [inline]
    [<ffffffff82b36e13>] pskb_copy include/linux/skbuff.h:3207 [inline]
    [<ffffffff82b36e13>] hwsim_hw_xmit+0xd3/0x140 drivers/net/ieee802154/mac802154_hwsim.c:132
    [<ffffffff840a7f57>] drv_xmit_async net/mac802154/driver-ops.h:16 [inline]
    [<ffffffff840a7f57>] ieee802154_tx+0xc7/0x190 net/mac802154/tx.c:83
    [<ffffffff840a8148>] ieee802154_subif_start_xmit+0x58/0x70 net/mac802154/tx.c:132
    [<ffffffff8370ea51>] __netdev_start_xmit include/linux/netdevice.h:4944 [inline]
    [<ffffffff8370ea51>] netdev_start_xmit include/linux/netdevice.h:4958 [inline]
    [<ffffffff8370ea51>] xmit_one net/core/dev.c:3658 [inline]
    [<ffffffff8370ea51>] dev_hard_start_xmit+0xe1/0x330 net/core/dev.c:3674
    [<ffffffff837b81c8>] sch_direct_xmit+0xf8/0x520 net/sched/sch_generic.c:342
    [<ffffffff8370f7b4>] __dev_xmit_skb net/core/dev.c:3874 [inline]
    [<ffffffff8370f7b4>] __dev_queue_xmit+0x9e4/0x12f0 net/core/dev.c:4241
    [<ffffffff840a44d5>] dgram_sendmsg+0x445/0x570 net/ieee802154/socket.c:682
    [<ffffffff836cf396>] sock_sendmsg_nosec net/socket.c:702 [inline]
    [<ffffffff836cf396>] sock_sendmsg+0x56/0x80 net/socket.c:722
    [<ffffffff836cf70a>] ____sys_sendmsg+0x17a/0x390 net/socket.c:2385
    [<ffffffff836d394b>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2439
    [<ffffffff836d3c05>] __sys_sendmmsg+0x105/0x330 net/socket.c:2525
    [<ffffffff836d3e54>] __do_sys_sendmmsg net/socket.c:2554 [inline]
    [<ffffffff836d3e54>] __se_sys_sendmmsg net/socket.c:2551 [inline]
    [<ffffffff836d3e54>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2551
    [<ffffffff843b01c5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff843b01c5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff88811146d400 (size 512):
  comm "syz-executor321", pid 8470, jiffies 4294956228 (age 12.600s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff836e037f>] kmalloc_reserve net/core/skbuff.c:355 [inline]
    [<ffffffff836e037f>] __alloc_skb+0xdf/0x280 net/core/skbuff.c:426
    [<ffffffff836e7f13>] __pskb_copy_fclone+0x73/0x340 net/core/skbuff.c:1609
    [<ffffffff82b36e13>] __pskb_copy include/linux/skbuff.h:1176 [inline]
    [<ffffffff82b36e13>] pskb_copy include/linux/skbuff.h:3207 [inline]
    [<ffffffff82b36e13>] hwsim_hw_xmit+0xd3/0x140 drivers/net/ieee802154/mac802154_hwsim.c:132
    [<ffffffff840a7f57>] drv_xmit_async net/mac802154/driver-ops.h:16 [inline]
    [<ffffffff840a7f57>] ieee802154_tx+0xc7/0x190 net/mac802154/tx.c:83
    [<ffffffff840a8148>] ieee802154_subif_start_xmit+0x58/0x70 net/mac802154/tx.c:132
    [<ffffffff8370ea51>] __netdev_start_xmit include/linux/netdevice.h:4944 [inline]
    [<ffffffff8370ea51>] netdev_start_xmit include/linux/netdevice.h:4958 [inline]
    [<ffffffff8370ea51>] xmit_one net/core/dev.c:3658 [inline]
    [<ffffffff8370ea51>] dev_hard_start_xmit+0xe1/0x330 net/core/dev.c:3674
    [<ffffffff837b81c8>] sch_direct_xmit+0xf8/0x520 net/sched/sch_generic.c:342
    [<ffffffff8370f7b4>] __dev_xmit_skb net/core/dev.c:3874 [inline]
    [<ffffffff8370f7b4>] __dev_queue_xmit+0x9e4/0x12f0 net/core/dev.c:4241
    [<ffffffff840a44d5>] dgram_sendmsg+0x445/0x570 net/ieee802154/socket.c:682
    [<ffffffff836cf396>] sock_sendmsg_nosec net/socket.c:702 [inline]
    [<ffffffff836cf396>] sock_sendmsg+0x56/0x80 net/socket.c:722
    [<ffffffff836cf70a>] ____sys_sendmsg+0x17a/0x390 net/socket.c:2385
    [<ffffffff836d394b>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2439
    [<ffffffff836d3c05>] __sys_sendmmsg+0x105/0x330 net/socket.c:2525
    [<ffffffff836d3e54>] __do_sys_sendmmsg net/socket.c:2554 [inline]
    [<ffffffff836d3e54>] __se_sys_sendmmsg net/socket.c:2551 [inline]
    [<ffffffff836d3e54>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2551
    [<ffffffff843b01c5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff843b01c5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae


Crashes (21):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/07/14 10:50 upstream 40226a3d96ef 484502bd .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/05/05 06:48 upstream e4adffb8daf4 06c27ff5 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/04/21 10:51 upstream 1fe5501ba1ab 95777977 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/04/20 17:32 upstream 7af08140979a c0ced557 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/04/20 03:18 upstream 7af08140979a 4285c989 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/04/18 13:53 upstream c98ff1d013d2 7e2b734b .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/04/15 23:05 upstream 7e25f40eab52 c59079a6 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/04/14 03:19 upstream eebe426d32e1 a184b83e .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/04/11 11:48 upstream 52e44129fba5 bfeda1b1 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/04/08 20:11 upstream 454859c552da 6a81331a .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/04/04 16:15 upstream 2023a53bdf41 6a81331a .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/04/02 07:52 upstream ffd9fb546d49 6a81331a .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/03/29 10:50 upstream 36a14638f7c0 a8529b82 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/03/28 05:44 upstream 0f4498cef9f5 a8529b82 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/03/26 01:53 upstream e138138003eb 6a383ecf .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/03/10 05:22 upstream 144c79ef3353 26967e35 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/03/08 17:21 upstream 144c79ef3353 09fbf400 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/03/06 23:00 upstream a38fd8748464 e4b4d570 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/02/28 16:31 upstream 5695e5161974 4c37c133 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/02/20 15:08 upstream f40ddce88593 3e5ed8b4 .config console log report syz C ci-upstream-gce-leak memory leak in __pskb_copy_fclone
2021/05/19 08:47 upstream 8ac91e6c6033 a343ba6b .config console log report syz ci-upstream-gce-leak memory leak in __pskb_copy_fclone
* Struck through repros no longer work on HEAD.