syzbot


memory leak in batadv_tvlv_handler_register

Status: fixed on 2019/08/05 13:45
Subsystems: batman
[Documentation on labels]
Reported-by: syzbot+d454a826e670502484b8@syzkaller.appspotmail.com
Fix commit: 17f78dd1bd62 batman-adv: fix for leaked TVLV handler.
First crash: 1972d, last: 1920d
Discussions (18)
Title Replies (including bot) Last reply
[PATCH 4.9 000/223] 4.9.187-stable review 231 (231) 2019/08/28 03:02
[PATCH 5.2 000/413] 5.2.3-stable review 444 (444) 2019/08/05 12:40
[PATCH 4.4 000/158] 4.4.187-stable review 166 (166) 2019/08/03 15:57
[PATCH 4.14 000/293] 4.14.135-stable review 302 (302) 2019/07/31 09:35
[PATCH 4.19 000/271] 4.19.61-stable review 284 (284) 2019/07/27 10:51
[PATCH AUTOSEL 4.19 001/158] wil6210: fix potential out-of-bounds read 161 (161) 2019/07/26 18:07
[PATCH 5.1 000/371] 5.1.20-stable review 384 (384) 2019/07/26 12:24
[PATCH AUTOSEL 5.2 001/249] ath10k: Check tx_stats before use it 267 (267) 2019/07/24 03:35
[PATCH AUTOSEL 4.14 001/105] wil6210: fix potential out-of-bounds read 107 (107) 2019/07/22 00:40
[PATCH AUTOSEL 5.1 001/219] ath10k: Check tx_stats before use it 25 (25) 2019/07/22 00:39
[PATCH AUTOSEL 4.4 01/53] ath10k: Do not send probe response template for mesh 53 (53) 2019/07/15 14:45
[PATCH AUTOSEL 4.9 01/73] ath10k: Do not send probe response template for mesh 73 (73) 2019/07/15 14:36
[PATCH AUTOSEL 5.1 001/219] ath10k: Check tx_stats before use it 219 (219) 2019/07/15 14:03
[PATCH AUTOSEL 4.19 001/158] wil6210: fix potential out-of-bounds read 15 (15) 2019/07/15 13:37
[PATCH AUTOSEL 5.2 001/249] ath10k: Check tx_stats before use it 24 (24) 2019/07/15 13:32
[PATCH 0/2] pull request for net: batman-adv 2019-06-27 4 (4) 2019/06/28 16:45
[PATCH net] batadv: fix for leaked TVLV handler. 4 (4) 2019/05/24 09:59
memory leak in batadv_tvlv_handler_register 0 (1) 2019/05/21 13:39

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88811eac4a40 (size 64):
  comm "softirq", pid 0, jiffies 4294943273 (age 8.190s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 e0 5c cb 23 81 88 ff ff  .........\.#....
    00 00 00 00 00 00 00 00 50 b1 16 83 ff ff ff ff  ........P.......
  backtrace:
    [<00000000a9a2c0e6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000a9a2c0e6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000a9a2c0e6>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000a9a2c0e6>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<00000000358dcf44>] kmalloc include/linux/slab.h:547 [inline]
    [<00000000358dcf44>] kzalloc include/linux/slab.h:742 [inline]
    [<00000000358dcf44>] batadv_tvlv_handler_register+0xa3/0x170 net/batman-adv/tvlv.c:529
    [<0000000070c8d27e>] batadv_tt_init+0x78/0x180 net/batman-adv/translation-table.c:4411
    [<0000000096e5c01c>] batadv_mesh_init+0x196/0x230 net/batman-adv/main.c:208
    [<00000000d551a0f5>] batadv_softif_init_late+0x1ca/0x220 net/batman-adv/soft-interface.c:861
    [<00000000ad81e6db>] register_netdevice+0xbf/0x600 net/core/dev.c:8663
    [<0000000009fc31f2>] __rtnl_newlink+0xaca/0xb30 net/core/rtnetlink.c:3199
    [<000000007a7fc128>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3245
    [<000000000ea7ae98>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5214
    [<00000000f998b3a4>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2482
    [<000000008758a183>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5232
    [<00000000614a7eec>] netlink_unicast_kernel net/netlink/af_netlink.c:1307 [inline]
    [<00000000614a7eec>] netlink_unicast+0x1ec/0x2d0 net/netlink/af_netlink.c:1333
    [<00000000689cea77>] netlink_sendmsg+0x26a/0x480 net/netlink/af_netlink.c:1922
    [<000000003527f234>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<000000003527f234>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<00000000c8efca62>] __sys_sendto+0x148/0x1f0 net/socket.c:1958
    [<00000000dc128d87>] __do_sys_sendto net/socket.c:1970 [inline]
    [<00000000dc128d87>] __se_sys_sendto net/socket.c:1966 [inline]
    [<00000000dc128d87>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1966

BUG: memory leak
unreferenced object 0xffff88811a5e1200 (size 128):
  comm "syz-executor703", pid 7001, jiffies 4294943281 (age 8.110s)
  hex dump (first 32 bytes):
    f0 88 57 21 81 88 ff ff f0 88 57 21 81 88 ff ff  ..W!......W!....
    b6 64 1d 58 7a 97 82 40 dc 0f 83 db 00 00 00 00  .d.Xz..@........
  backtrace:
    [<00000000a9a2c0e6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000a9a2c0e6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000a9a2c0e6>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000a9a2c0e6>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<00000000508a7206>] kmalloc include/linux/slab.h:547 [inline]
    [<00000000508a7206>] hsr_create_self_node+0x42/0x150 net/hsr/hsr_framereg.c:84
    [<00000000d3669a18>] hsr_dev_finalize+0xa4/0x233 net/hsr/hsr_device.c:441
    [<00000000df29ddf9>] hsr_newlink+0xf3/0x140 net/hsr/hsr_netlink.c:69
    [<0000000059d3c8cb>] __rtnl_newlink+0x892/0xb30 net/core/rtnetlink.c:3187
    [<000000007a7fc128>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3245
    [<000000000ea7ae98>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5214
    [<00000000f998b3a4>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2482
    [<000000008758a183>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5232
    [<00000000614a7eec>] netlink_unicast_kernel net/netlink/af_netlink.c:1307 [inline]
    [<00000000614a7eec>] netlink_unicast+0x1ec/0x2d0 net/netlink/af_netlink.c:1333
    [<00000000689cea77>] netlink_sendmsg+0x26a/0x480 net/netlink/af_netlink.c:1922
    [<000000003527f234>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<000000003527f234>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<00000000c8efca62>] __sys_sendto+0x148/0x1f0 net/socket.c:1958
    [<00000000dc128d87>] __do_sys_sendto net/socket.c:1970 [inline]
    [<00000000dc128d87>] __se_sys_sendto net/socket.c:1966 [inline]
    [<00000000dc128d87>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1966
    [<00000000831f347e>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:296
    [<00000000b32c52eb>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811c1325c0 (size 64):
  comm "syz-executor703", pid 7001, jiffies 4294943281 (age 8.110s)
  hex dump (first 32 bytes):
    40 05 81 1e 81 88 ff ff 00 02 00 00 00 00 ad de  @...............
    00 80 57 21 81 88 ff ff c0 88 57 21 81 88 ff ff  ..W!......W!....
  backtrace:
    [<00000000a9a2c0e6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000a9a2c0e6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000a9a2c0e6>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000a9a2c0e6>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<00000000fb1ba6e2>] kmalloc include/linux/slab.h:547 [inline]
    [<00000000fb1ba6e2>] kzalloc include/linux/slab.h:742 [inline]
    [<00000000fb1ba6e2>] hsr_add_port+0xe7/0x220 net/hsr/hsr_slave.c:142
    [<00000000564977a6>] hsr_dev_finalize+0x14f/0x233 net/hsr/hsr_device.c:472
    [<00000000df29ddf9>] hsr_newlink+0xf3/0x140 net/hsr/hsr_netlink.c:69
    [<0000000059d3c8cb>] __rtnl_newlink+0x892/0xb30 net/core/rtnetlink.c:3187
    [<000000007a7fc128>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3245
    [<000000000ea7ae98>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5214
    [<00000000f998b3a4>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2482
    [<000000008758a183>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5232
    [<00000000614a7eec>] netlink_unicast_kernel net/netlink/af_netlink.c:1307 [inline]
    [<00000000614a7eec>] netlink_unicast+0x1ec/0x2d0 net/netlink/af_netlink.c:1333
    [<00000000689cea77>] netlink_sendmsg+0x26a/0x480 net/netlink/af_netlink.c:1922
    [<000000003527f234>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<000000003527f234>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<00000000c8efca62>] __sys_sendto+0x148/0x1f0 net/socket.c:1958
    [<00000000dc128d87>] __do_sys_sendto net/socket.c:1970 [inline]
    [<00000000dc128d87>] __se_sys_sendto net/socket.c:1966 [inline]
    [<00000000dc128d87>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1966
    [<00000000831f347e>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:296
    [<00000000b32c52eb>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (313):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/11 21:32 upstream 5450e8a316a6 186a30b9 .config console log report syz C ci-upstream-gce-leak
2019/07/09 02:57 upstream 223cea6a4f05 f62e1e85 .config console log report syz C ci-upstream-gce-leak
2019/07/08 07:42 upstream 0ecfebd2b524 f62e1e85 .config console log report syz C ci-upstream-gce-leak
2019/07/07 19:50 upstream 46713c3d2f8d f62e1e85 .config console log report syz C ci-upstream-gce-leak
2019/07/05 00:37 upstream c212ddaee2fd 429efa16 .config console log report syz C ci-upstream-gce-leak
2019/07/04 13:27 upstream 550d1f5bda33 55565fa0 .config console log report syz C ci-upstream-gce-leak
2019/07/04 05:04 upstream 550d1f5bda33 55565fa0 .config console log report syz C ci-upstream-gce-leak
2019/05/21 01:35 upstream f49aa1de9836 8285069f .config console log report syz C ci-upstream-gce-leak
2019/07/11 18:36 upstream 5450e8a316a6 186a30b9 .config console log report syz ci-upstream-gce-leak
2019/07/11 15:18 upstream 5450e8a316a6 186a30b9 .config console log report syz ci-upstream-gce-leak
2019/07/11 12:06 upstream d2b6b4c832f7 ff7bf04c .config console log report syz ci-upstream-gce-leak
2019/07/11 11:20 upstream d2b6b4c832f7 ff7bf04c .config console log report syz ci-upstream-gce-leak
2019/07/11 10:56 upstream d2b6b4c832f7 ff7bf04c .config console log report syz ci-upstream-gce-leak
2019/07/11 10:34 upstream d2b6b4c832f7 ff7bf04c .config console log report syz ci-upstream-gce-leak
2019/07/11 10:24 upstream d2b6b4c832f7 ff7bf04c .config console log report syz ci-upstream-gce-leak
2019/07/11 06:27 upstream d2b6b4c832f7 ff7bf04c .config console log report syz ci-upstream-gce-leak
2019/07/11 00:30 upstream e9a83bd23220 ff7bf04c .config console log report syz ci-upstream-gce-leak
2019/07/10 18:11 upstream e9a83bd23220 f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/10 17:33 upstream e9a83bd23220 f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/10 17:00 upstream e9a83bd23220 f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/10 16:56 upstream e9a83bd23220 f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/09 23:24 upstream 5ad18b2e60b7 f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/09 16:29 upstream 5ad18b2e60b7 f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/09 02:22 upstream 223cea6a4f05 f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/08 05:32 upstream 0ecfebd2b524 f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/08 01:14 upstream 0ecfebd2b524 f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/07 10:57 upstream 46713c3d2f8d f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/07 07:22 upstream 46713c3d2f8d f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/07 03:01 upstream 46713c3d2f8d f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/06 23:46 upstream 69bf4b6b54fb f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/06 23:08 upstream 69bf4b6b54fb f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/06 23:03 upstream 69bf4b6b54fb f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/06 22:37 upstream 69bf4b6b54fb f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/06 21:09 upstream 69bf4b6b54fb f62e1e85 .config console log report syz ci-upstream-gce-leak
2019/07/05 02:47 upstream c212ddaee2fd 429efa16 .config console log report syz ci-upstream-gce-leak
2019/07/04 09:37 upstream 550d1f5bda33 55565fa0 .config console log report syz ci-upstream-gce-leak
2019/07/04 07:49 upstream 550d1f5bda33 55565fa0 .config console log report syz ci-upstream-gce-leak
2019/07/03 17:32 upstream eca94432934f 55565fa0 .config console log report syz ci-upstream-gce-leak
2019/07/03 16:59 upstream eca94432934f 55565fa0 .config console log report syz ci-upstream-gce-leak
2019/07/03 16:18 upstream eca94432934f 55565fa0 .config console log report syz ci-upstream-gce-leak
2019/07/03 13:06 upstream eca94432934f 55565fa0 .config console log report syz ci-upstream-gce-leak
2019/07/03 06:21 upstream 6fbc7275c7a9 55565fa0 .config console log report syz ci-upstream-gce-leak
2019/07/03 01:44 upstream 6fbc7275c7a9 55565fa0 .config console log report syz ci-upstream-gce-leak
2019/07/02 22:14 upstream 6fbc7275c7a9 55565fa0 .config console log report syz ci-upstream-gce-leak
2019/05/20 21:15 upstream f49aa1de9836 8285069f .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.