syzbot


memory leak in nft_chain_parse_hook

Status: fixed on 2023/02/24 13:50
Subsystems: netfilter
[Documentation on labels]
Reported-by: syzbot+5fcdbfab6d6744c57418@syzkaller.appspotmail.com
Fix commit: 77972a36ecc4 netfilter: nf_tables: clean up hook list when offload flags check fails
First crash: 604d, last: 604d
Discussions (7)
Title Replies (including bot) Last reply
[PATCH 5.10 00/79] 5.10.143-rc1 review 89 (89) 2022/09/17 03:18
[PATCH 5.15 000/121] 5.15.68-rc1 review 135 (135) 2022/09/16 09:27
[PATCH 5.19 000/192] 5.19.9-rc1 review 208 (208) 2022/09/15 08:35
[PATCH net 0/4] netfilter: bug fixes for net 9 (9) 2022/09/03 04:20
[PATCH nf] netfilter: nf_tables: clean up hook list when offload flags check fails 1 (1) 2022/08/31 11:27
[PATCH nf] netfilter: nf_tables: check offload flags before splicing hook list 1 (1) 2022/08/30 09:50
[syzbot] memory leak in nft_chain_parse_hook 0 (1) 2022/08/29 23:33

Sample crash report:
executing program
executing program
BUG: memory leak
unreferenced object 0xffff88810180b100 (size 96):
  comm "syz-executor133", pid 3619, jiffies 4294945714 (age 12.690s)
  hex dump (first 32 bytes):
    28 64 23 02 81 88 ff ff 28 64 23 02 81 88 ff ff  (d#.....(d#.....
    90 a8 aa 83 ff ff ff ff 00 00 b5 0f 81 88 ff ff  ................
  backtrace:
    [<ffffffff83a8c59b>] kmalloc include/linux/slab.h:600 [inline]
    [<ffffffff83a8c59b>] nft_netdev_hook_alloc+0x3b/0xc0 net/netfilter/nf_tables_api.c:1901
    [<ffffffff83a9239a>] nft_chain_parse_netdev net/netfilter/nf_tables_api.c:1998 [inline]
    [<ffffffff83a9239a>] nft_chain_parse_hook+0x33a/0x530 net/netfilter/nf_tables_api.c:2073
    [<ffffffff83a9b14b>] nf_tables_addchain.constprop.0+0x10b/0x950 net/netfilter/nf_tables_api.c:2218
    [<ffffffff83a9c41b>] nf_tables_newchain+0xa8b/0xc60 net/netfilter/nf_tables_api.c:2593
    [<ffffffff83a3d6a6>] nfnetlink_rcv_batch+0xa46/0xd20 net/netfilter/nfnetlink.c:517
    [<ffffffff83a3db79>] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:638 [inline]
    [<ffffffff83a3db79>] nfnetlink_rcv+0x1f9/0x220 net/netfilter/nfnetlink.c:656
    [<ffffffff83a13b17>] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
    [<ffffffff83a13b17>] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345
    [<ffffffff83a13fd6>] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921
    [<ffffffff83865ab6>] sock_sendmsg_nosec net/socket.c:714 [inline]
    [<ffffffff83865ab6>] sock_sendmsg+0x56/0x80 net/socket.c:734
    [<ffffffff8386601c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2482
    [<ffffffff8386a918>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2536
    [<ffffffff8386aaa8>] __sys_sendmsg+0x88/0x100 net/socket.c:2565
    [<ffffffff845e5955>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff845e5955>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd


Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/08/26 12:33 upstream 4c612826bec1 15195ea3 .config console log report syz C ci-upstream-gce-leak memory leak in nft_chain_parse_hook
* Struck through repros no longer work on HEAD.