syzbot


memory leak in hsr_create_self_node

Status: fixed on 2019/08/05 13:45
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+c6167ec3de7def23d1e8@syzkaller.appspotmail.com
Fix commit: b9a1e627405d hsr: implement dellink to clean up resources
First crash: 1849d, last: 1818d
Discussions (4)
Title Replies (including bot) Last reply
[PATCH 5.2 000/143] 5.2.12-stable review 157 (157) 2019/09/06 08:16
[Patch net 0/3] hsr: a few bug fixes 5 (5) 2019/07/05 22:22
Reminder: 5 open syzbot bugs in "net/hsr" subsystem 1 (1) 2019/07/02 06:26
memory leak in hsr_create_self_node 0 (2) 2019/05/28 01:20

Sample crash report:
miscuous mode
BUG: memory leak
unreferenced object 0xffff8881162fad80 (size 128):
  comm "syz-executor290", pid 7097, jiffies 4294943825 (age 8.210s)
  hex dump (first 32 bytes):
    f0 58 27 16 81 88 ff ff f0 58 27 16 81 88 ff ff  .X'......X'.....
    be e9 d7 e8 71 f5 ca f1 90 3e 36 f9 ff ff ff ff  ....q....>6.....
  backtrace:
    [<000000002082649e>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
    [<000000002082649e>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000002082649e>] slab_alloc mm/slab.c:3326 [inline]
    [<000000002082649e>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<0000000020238602>] kmalloc include/linux/slab.h:547 [inline]
    [<0000000020238602>] hsr_create_self_node+0x42/0x150 net/hsr/hsr_framereg.c:84
    [<000000007a76cf66>] hsr_dev_finalize+0xa4/0x233 net/hsr/hsr_device.c:441
    [<0000000029b81039>] hsr_newlink+0xf3/0x140 net/hsr/hsr_netlink.c:69
    [<000000007917e230>] __rtnl_newlink+0x892/0xb30 net/core/rtnetlink.c:3187
    [<0000000025495afa>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3245
    [<00000000ce63ef98>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5214
    [<00000000cf3f099c>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2482
    [<00000000014b5389>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5232
    [<00000000860e50ff>] netlink_unicast_kernel net/netlink/af_netlink.c:1307 [inline]
    [<00000000860e50ff>] netlink_unicast+0x1ec/0x2d0 net/netlink/af_netlink.c:1333
    [<00000000380e2f4e>] netlink_sendmsg+0x26a/0x480 net/netlink/af_netlink.c:1922
    [<00000000e45e8183>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<00000000e45e8183>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<00000000f6a70b8f>] __sys_sendto+0x148/0x1f0 net/socket.c:1958
    [<00000000f6e17f36>] __do_sys_sendto net/socket.c:1970 [inline]
    [<00000000f6e17f36>] __se_sys_sendto net/socket.c:1966 [inline]
    [<00000000f6e17f36>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1966
    [<000000008c212dc2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<0000000090cb5d2f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888109154bc0 (size 64):
  comm "syz-executor290", pid 7097, jiffies 4294943825 (age 8.210s)
  hex dump (first 32 bytes):
    00 6f 95 0d 81 88 ff ff 00 02 00 00 00 00 ad de  .o..............
    00 50 27 16 81 88 ff ff c0 58 27 16 81 88 ff ff  .P'......X'.....
  backtrace:
    [<000000002082649e>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
    [<000000002082649e>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000002082649e>] slab_alloc mm/slab.c:3326 [inline]
    [<000000002082649e>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<000000006a6ad356>] kmalloc include/linux/slab.h:547 [inline]
    [<000000006a6ad356>] kzalloc include/linux/slab.h:742 [inline]
    [<000000006a6ad356>] hsr_add_port+0xe7/0x220 net/hsr/hsr_slave.c:142
    [<000000003c8d6a36>] hsr_dev_finalize+0x14f/0x233 net/hsr/hsr_device.c:472
    [<0000000029b81039>] hsr_newlink+0xf3/0x140 net/hsr/hsr_netlink.c:69
    [<000000007917e230>] __rtnl_newlink+0x892/0xb30 net/core/rtnetlink.c:3187
    [<0000000025495afa>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3245
    [<00000000ce63ef98>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5214
    [<00000000cf3f099c>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2482
    [<00000000014b5389>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5232
    [<00000000860e50ff>] netlink_unicast_kernel net/netlink/af_netlink.c:1307 [inline]
    [<00000000860e50ff>] netlink_unicast+0x1ec/0x2d0 net/netlink/af_netlink.c:1333
    [<00000000380e2f4e>] netlink_sendmsg+0x26a/0x480 net/netlink/af_netlink.c:1922
    [<00000000e45e8183>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<00000000e45e8183>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<00000000f6a70b8f>] __sys_sendto+0x148/0x1f0 net/socket.c:1958
    [<00000000f6e17f36>] __do_sys_sendto net/socket.c:1970 [inline]
    [<00000000f6e17f36>] __se_sys_sendto net/socket.c:1966 [inline]
    [<00000000f6e17f36>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1966
    [<000000008c212dc2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<0000000090cb5d2f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810d956f00 (size 64):
  comm "syz-executor290", pid 7097, jiffies 4294943830 (age 8.160s)
  hex dump (first 32 bytes):
    d0 58 27 16 81 88 ff ff 00 02 00 00 00 00 ad de  .X'.............
    00 30 cb 23 81 88 ff ff c0 58 27 16 81 88 ff ff  .0.#.....X'.....
  backtrace:
    [<000000002082649e>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
    [<000000002082649e>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000002082649e>] slab_alloc mm/slab.c:3326 [inline]
    [<000000002082649e>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<000000006a6ad356>] kmalloc include/linux/slab.h:547 [inline]
    [<000000006a6ad356>] kzalloc include/linux/slab.h:742 [inline]
    [<000000006a6ad356>] hsr_add_port+0xe7/0x220 net/hsr/hsr_slave.c:142
    [<0000000078ab58da>] hsr_dev_finalize+0x1d1/0x233 net/hsr/hsr_device.c:480
    [<0000000029b81039>] hsr_newlink+0xf3/0x140 net/hsr/hsr_netlink.c:69
    [<000000007917e230>] __rtnl_newlink+0x892/0xb30 net/core/rtnetlink.c:3187
    [<0000000025495afa>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3245
    [<00000000ce63ef98>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5214
    [<00000000cf3f099c>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2482
    [<00000000014b5389>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5232
    [<00000000860e50ff>] netlink_unicast_kernel net/netlink/af_netlink.c:1307 [inline]
    [<00000000860e50ff>] netlink_unicast+0x1ec/0x2d0 net/netlink/af_netlink.c:1333
    [<00000000380e2f4e>] netlink_sendmsg+0x26a/0x480 net/netlink/af_netlink.c:1922
    [<00000000e45e8183>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<00000000e45e8183>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<00000000f6a70b8f>] __sys_sendto+0x148/0x1f0 net/socket.c:1958
    [<00000000f6e17f36>] __do_sys_sendto net/socket.c:1970 [inline]
    [<00000000f6e17f36>] __se_sys_sendto net/socket.c:1966 [inline]
    [<00000000f6e17f36>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1966
    [<000000008c212dc2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<0000000090cb5d2f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/06 19:16 upstream 156c05917e09 698773cb .config console log report syz C ci-upstream-gce-leak
2019/05/28 01:19 upstream cd6c84d8f0cd 6bd61501 .config console log report syz C ci-upstream-gce-leak
2019/06/27 18:18 upstream 249155c20f9b 7509bf36 .config console log report syz ci-upstream-gce-leak
2019/06/27 06:10 upstream 249155c20f9b 7509bf36 .config console log report syz ci-upstream-gce-leak
2019/05/27 14:40 upstream cd6c84d8f0cd 562efd79 .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.