syzbot


memory leak in register_netdevice

Status: fixed on 2020/01/08 01:06
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+6e13e65ffbaa33757bcb@syzkaller.appspotmail.com
Fix commit: 42c17fa69f98 net: fix a leak in register_netdevice()
First crash: 1641d, last: 1631d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH net] net: fix a leak in register_netdevice() 4 (4) 2019/12/03 19:19
memory leak in register_netdevice 0 (1) 2019/12/02 18:05

Sample crash report:
executing program
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff8881188db8c0 (size 64):
  comm "syz-executor987", pid 7131, jiffies 4294944915 (age 18.170s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    d0 b8 8d 18 81 88 ff ff d0 b8 8d 18 81 88 ff ff  ................
  backtrace:
    [<00000000e9e369cb>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000e9e369cb>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000e9e369cb>] slab_alloc mm/slab.c:3320 [inline]
    [<00000000e9e369cb>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3549
    [<00000000d25ee7bc>] kmalloc include/linux/slab.h:556 [inline]
    [<00000000d25ee7bc>] netdev_name_node_alloc+0x2a/0x70 net/core/dev.c:237
    [<0000000055a0a41b>] netdev_name_node_head_alloc net/core/dev.c:251 [inline]
    [<0000000055a0a41b>] register_netdevice+0xaf/0x650 net/core/dev.c:9239
    [<00000000c37f8a98>] bond_newlink drivers/net/bonding/bond_netlink.c:458 [inline]
    [<00000000c37f8a98>] bond_newlink+0x41/0x80 drivers/net/bonding/bond_netlink.c:448
    [<00000000425a41fc>] __rtnl_newlink+0x89a/0xb80 net/core/rtnetlink.c:3303
    [<0000000023c62818>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3361
    [<00000000ef8dddd8>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5422
    [<000000001d4f4528>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
    [<00000000bf341843>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5440
    [<00000000bf6d68b1>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
    [<00000000bf6d68b1>] netlink_unicast+0x223/0x310 net/netlink/af_netlink.c:1328
    [<00000000ccb699cf>] netlink_sendmsg+0x2c0/0x570 net/netlink/af_netlink.c:1917
    [<000000003c907a71>] sock_sendmsg_nosec net/socket.c:639 [inline]
    [<000000003c907a71>] sock_sendmsg+0x54/0x70 net/socket.c:659
    [<00000000c5a53a80>] ____sys_sendmsg+0x2d0/0x300 net/socket.c:2330
    [<00000000555e309c>] ___sys_sendmsg+0x8a/0xd0 net/socket.c:2384
    [<000000001ea9c29c>] __sys_sendmsg+0x80/0xf0 net/socket.c:2417
    [<000000004c27fd15>] __do_sys_sendmsg net/socket.c:2426 [inline]
    [<000000004c27fd15>] __se_sys_sendmsg net/socket.c:2424 [inline]
    [<000000004c27fd15>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2424

BUG: memory leak
unreferenced object 0xffff888120d4f580 (size 64):
  comm "syz-executor987", pid 7138, jiffies 4294944920 (age 18.120s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    90 f5 d4 20 81 88 ff ff 90 f5 d4 20 81 88 ff ff  ... ....... ....
  backtrace:
    [<00000000e9e369cb>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000e9e369cb>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000e9e369cb>] slab_alloc mm/slab.c:3320 [inline]
    [<00000000e9e369cb>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3549
    [<00000000d25ee7bc>] kmalloc include/linux/slab.h:556 [inline]
    [<00000000d25ee7bc>] netdev_name_node_alloc+0x2a/0x70 net/core/dev.c:237
    [<0000000055a0a41b>] netdev_name_node_head_alloc net/core/dev.c:251 [inline]
    [<0000000055a0a41b>] register_netdevice+0xaf/0x650 net/core/dev.c:9239
    [<00000000c37f8a98>] bond_newlink drivers/net/bonding/bond_netlink.c:458 [inline]
    [<00000000c37f8a98>] bond_newlink+0x41/0x80 drivers/net/bonding/bond_netlink.c:448
    [<00000000425a41fc>] __rtnl_newlink+0x89a/0xb80 net/core/rtnetlink.c:3303
    [<0000000023c62818>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3361
    [<00000000ef8dddd8>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5422
    [<000000001d4f4528>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
    [<00000000bf341843>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5440
    [<00000000bf6d68b1>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
    [<00000000bf6d68b1>] netlink_unicast+0x223/0x310 net/netlink/af_netlink.c:1328
    [<00000000ccb699cf>] netlink_sendmsg+0x2c0/0x570 net/netlink/af_netlink.c:1917
    [<000000003c907a71>] sock_sendmsg_nosec net/socket.c:639 [inline]
    [<000000003c907a71>] sock_sendmsg+0x54/0x70 net/socket.c:659
    [<00000000c5a53a80>] ____sys_sendmsg+0x2d0/0x300 net/socket.c:2330
    [<00000000555e309c>] ___sys_sendmsg+0x8a/0xd0 net/socket.c:2384
    [<000000001ea9c29c>] __sys_sendmsg+0x80/0xf0 net/socket.c:2417
    [<000000004c27fd15>] __do_sys_sendmsg net/socket.c:2426 [inline]
    [<000000004c27fd15>] __se_sys_sendmsg net/socket.c:2424 [inline]
    [<000000004c27fd15>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2424

BUG: memory leak
unreferenced object 0xffff8881188db8c0 (size 64):
  comm "syz-executor987", pid 7131, jiffies 4294944915 (age 19.400s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    d0 b8 8d 18 81 88 ff ff d0 b8 8d 18 81 88 ff ff  ................
  backtrace:
    [<00000000e9e369cb>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000e9e369cb>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000e9e369cb>] slab_alloc mm/slab.c:3320 [inline]
    [<00000000e9e369cb>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3549
    [<00000000d25ee7bc>] kmalloc include/linux/slab.h:556 [inline]
    [<00000000d25ee7bc>] netdev_name_node_alloc+0x2a/0x70 net/core/dev.c:237
    [<0000000055a0a41b>] netdev_name_node_head_alloc net/core/dev.c:251 [inline]
    [<0000000055a0a41b>] register_netdevice+0xaf/0x650 net/core/dev.c:9239
    [<00000000c37f8a98>] bond_newlink drivers/net/bonding/bond_netlink.c:458 [inline]
    [<00000000c37f8a98>] bond_newlink+0x41/0x80 drivers/net/bonding/bond_netlink.c:448
    [<00000000425a41fc>] __rtnl_newlink+0x89a/0xb80 net/core/rtnetlink.c:3303
    [<0000000023c62818>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3361
    [<00000000ef8dddd8>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5422
    [<000000001d4f4528>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
    [<00000000bf341843>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5440
    [<00000000bf6d68b1>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
    [<00000000bf6d68b1>] netlink_unicast+0x223/0x310 net/netlink/af_netlink.c:1328
    [<00000000ccb699cf>] netlink_sendmsg+0x2c0/0x570 net/netlink/af_netlink.c:1917
    [<000000003c907a71>] sock_sendmsg_nosec net/socket.c:639 [inline]
    [<000000003c907a71>] sock_sendmsg+0x54/0x70 net/socket.c:659
    [<00000000c5a53a80>] ____sys_sendmsg+0x2d0/0x300 net/socket.c:2330
    [<00000000555e309c>] ___sys_sendmsg+0x8a/0xd0 net/socket.c:2384
    [<000000001ea9c29c>] __sys_sendmsg+0x80/0xf0 net/socket.c:2417
    [<000000004c27fd15>] __do_sys_sendmsg net/socket.c:2426 [inline]
    [<000000004c27fd15>] __se_sys_sendmsg net/socket.c:2424 [inline]
    [<000000004c27fd15>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2424

BUG: memory leak
unreferenced object 0xffff888120d4f580 (size 64):
  comm "syz-executor987", pid 7138, jiffies 4294944920 (age 19.350s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    90 f5 d4 20 81 88 ff ff 90 f5 d4 20 81 88 ff ff  ... ....... ....
  backtrace:
    [<00000000e9e369cb>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000e9e369cb>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000e9e369cb>] slab_alloc mm/slab.c:3320 [inline]
    [<00000000e9e369cb>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3549
    [<00000000d25ee7bc>] kmalloc include/linux/slab.h:556 [inline]
    [<00000000d25ee7bc>] netdev_name_node_alloc+0x2a/0x70 net/core/dev.c:237
    [<0000000055a0a41b>] netdev_name_node_head_alloc net/core/dev.c:251 [inline]
    [<0000000055a0a41b>] register_netdevice+0xaf/0x650 net/core/dev.c:9239
    [<00000000c37f8a98>] bond_newlink drivers/net/bonding/bond_netlink.c:458 [inline]
    [<00000000c37f8a98>] bond_newlink+0x41/0x80 drivers/net/bonding/bond_netlink.c:448
    [<00000000425a41fc>] __rtnl_newlink+0x89a/0xb80 net/core/rtnetlink.c:3303
    [<0000000023c62818>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3361
    [<00000000ef8dddd8>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5422
    [<000000001d4f4528>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
    [<00000000bf341843>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5440
    [<00000000bf6d68b1>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
    [<00000000bf6d68b1>] netlink_unicast+0x223/0x310 net/netlink/af_netlink.c:1328
    [<00000000ccb699cf>] netlink_sendmsg+0x2c0/0x570 net/netlink/af_netlink.c:1917
    [<000000003c907a71>] sock_sendmsg_nosec net/socket.c:639 [inline]
    [<000000003c907a71>] sock_sendmsg+0x54/0x70 net/socket.c:659
    [<00000000c5a53a80>] ____sys_sendmsg+0x2d0/0x300 net/socket.c:2330
    [<00000000555e309c>] ___sys_sendmsg+0x8a/0xd0 net/socket.c:2384
    [<000000001ea9c29c>] __sys_sendmsg+0x80/0xf0 net/socket.c:2417
    [<000000004c27fd15>] __do_sys_sendmsg net/socket.c:2426 [inline]
    [<000000004c27fd15>] __se_sys_sendmsg net/socket.c:2424 [inline]
    [<000000004c27fd15>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2424

executing program
executing program
executing program
executing program

Crashes (19):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/12/07 22:51 upstream ad910e36da4c 1508f453 .config console log report syz C ci-upstream-gce-leak
2019/12/07 07:02 upstream 7ada90eb9c7a 85f26751 .config console log report syz C ci-upstream-gce-leak
2019/12/06 07:06 upstream b0d4beaa5a4b 98b4ef2d .config console log report syz C ci-upstream-gce-leak
2019/12/03 12:13 upstream 596cf45cbf6e ab342da3 .config console log report syz C ci-upstream-gce-leak
2019/12/03 01:12 upstream 596cf45cbf6e ab342da3 .config console log report syz C ci-upstream-gce-leak
2019/12/02 17:41 upstream ceb307474506 f879db37 .config console log report syz C ci-upstream-gce-leak
2019/12/02 07:52 upstream ceb307474506 f879db37 .config console log report syz C ci-upstream-gce-leak
2019/11/29 03:03 upstream 81b6b96475ac 76357d6f .config console log report syz C ci-upstream-gce-leak
2019/11/28 20:07 upstream a6ed68d6468b 46869e3e .config console log report syz C ci-upstream-gce-leak
2019/12/06 19:29 upstream b0d4beaa5a4b 85f26751 .config console log report syz ci-upstream-gce-leak
2019/12/04 15:26 upstream 63de37476ebd b2088328 .config console log report syz ci-upstream-gce-leak
2019/12/04 14:57 upstream 63de37476ebd b2088328 .config console log report syz ci-upstream-gce-leak
2019/12/03 19:52 upstream 76bb8b05960c ae13a849 .config console log report syz ci-upstream-gce-leak
2019/12/02 23:38 upstream 596cf45cbf6e ab342da3 .config console log report syz ci-upstream-gce-leak
2019/12/01 19:17 upstream b94ae8ad9fe7 a76bf83f .config console log report syz ci-upstream-gce-leak
2019/12/01 12:35 upstream 32ef9553635a a76bf83f .config console log report syz ci-upstream-gce-leak
2019/11/30 13:14 upstream 81b6b96475ac 3a75be00 .config console log report syz ci-upstream-gce-leak
2019/11/30 03:02 upstream 81b6b96475ac 3a75be00 .config console log report syz ci-upstream-gce-leak
2019/11/28 17:03 upstream a6ed68d6468b 46869e3e .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.