syzbot


memory leak in kcm_sendmsg

Status: fixed on 2021/11/10 00:50
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
Fix commit: c47cc304990a net: kcm: fix memory leak in kcm_sendmsg
First crash: 1562d, last: 1422d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] net: kcm: fix memory leak in kcm_sendmsg 4 (4) 2021/06/04 11:38
memory leak in kcm_sendmsg 0 (1) 2020/02/13 18:37
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in kcm_sendmsg (2) net C 1 268d 302d 25/26 fixed on 2023/12/21 03:45
Last patch testing requests (3)
Created Duration User Patch Repo Result
2021/06/02 19:06 16m paskripkin@gmail.com patch upstream OK
2020/10/05 05:57 7m anant.thazhemadam@gmail.com patch upstream report log
2020/10/05 02:54 8m anant.thazhemadam@gmail.com upstream report log

Sample crash report:
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888118cc4700 (size 224):
  comm "syz-executor425", pid 6443, jiffies 4294943726 (age 13.140s)
  hex dump (first 32 bytes):
    00 45 cc 18 81 88 ff ff 00 00 00 00 00 00 00 00  .E..............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
    [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
    [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967
    [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
    [<00000000aba7096c>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
    [<000000007cd4be39>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
    [<0000000098b1ee50>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
    [<000000009a409d75>] __do_sys_sendmmsg net/socket.c:2525 [inline]
    [<000000009a409d75>] __se_sys_sendmmsg net/socket.c:2522 [inline]
    [<000000009a409d75>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
    [<0000000045f49211>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
    [<0000000053b1fefd>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811c5e9200 (size 512):
  comm "syz-executor425", pid 6443, jiffies 4294943726 (age 13.140s)
  hex dump (first 32 bytes):
    6c 69 62 75 64 65 76 00 fe ed ca fe 28 00 00 00  libudev.....(...
    28 00 00 00 94 00 00 00 8a fa 90 c8 00 00 00 00  (...............
  backtrace:
    [<00000000f3b93311>] __kmalloc_reserve net/core/skbuff.c:142 [inline]
    [<00000000f3b93311>] __alloc_skb+0x99/0x250 net/core/skbuff.c:210
    [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
    [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967
    [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
    [<00000000aba7096c>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
    [<000000007cd4be39>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
    [<0000000098b1ee50>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
    [<000000009a409d75>] __do_sys_sendmmsg net/socket.c:2525 [inline]
    [<000000009a409d75>] __se_sys_sendmmsg net/socket.c:2522 [inline]
    [<000000009a409d75>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
    [<0000000045f49211>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
    [<0000000053b1fefd>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888118cc4500 (size 224):
  comm "syz-executor425", pid 6443, jiffies 4294943726 (age 13.140s)
  hex dump (first 32 bytes):
    00 44 cc 18 81 88 ff ff 00 00 00 00 00 00 00 00  .D..............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
    [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
    [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967
    [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
    [<00000000aba7096c>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
    [<000000007cd4be39>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
    [<0000000098b1ee50>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
    [<000000009a409d75>] __do_sys_sendmmsg net/socket.c:2525 [inline]
    [<000000009a409d75>] __se_sys_sendmmsg net/socket.c:2522 [inline]
    [<000000009a409d75>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
    [<0000000045f49211>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
    [<0000000053b1fefd>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811c5e9800 (size 512):
  comm "syz-executor425", pid 6443, jiffies 4294943726 (age 13.140s)
  hex dump (first 32 bytes):
    61 64 64 40 2f 64 65 76 69 63 65 73 2f 76 69 72  add@/devices/vir
    74 75 61 6c 2f 74 74 79 2f 70 74 79 72 31 00 41  tual/tty/ptyr1.A
  backtrace:
    [<00000000f3b93311>] __kmalloc_reserve net/core/skbuff.c:142 [inline]
    [<00000000f3b93311>] __alloc_skb+0x99/0x250 net/core/skbuff.c:210
    [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
    [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967
    [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
    [<00000000aba7096c>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
    [<000000007cd4be39>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
    [<0000000098b1ee50>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
    [<000000009a409d75>] __do_sys_sendmmsg net/socket.c:2525 [inline]
    [<000000009a409d75>] __se_sys_sendmmsg net/socket.c:2522 [inline]
    [<000000009a409d75>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
    [<0000000045f49211>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
    [<0000000053b1fefd>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888118cc4400 (size 224):
  comm "syz-executor425", pid 6443, jiffies 4294943726 (age 13.140s)
  hex dump (first 32 bytes):
    00 46 cc 18 81 88 ff ff 00 00 00 00 00 00 00 00  .F..............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
    [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
    [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967
    [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
    [<00000000aba7096c>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
    [<000000007cd4be39>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
    [<0000000098b1ee50>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
    [<000000009a409d75>] __do_sys_sendmmsg net/socket.c:2525 [inline]
    [<000000009a409d75>] __se_sys_sendmmsg net/socket.c:2522 [inline]
    [<000000009a409d75>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
    [<0000000045f49211>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
    [<0000000053b1fefd>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/02 08:53 upstream cd77006e01b3 bed10395 .config console log report syz C ci-upstream-gce-leak
2020/02/13 09:30 upstream f2850dd5ee01 84f4fc8a .config console log report syz C ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.