syzbot

 sign-in | mailing list | source | docs
🐞 Open [978] Subsystems 🐞 Fixed [5208] 🐞 Invalid [12459] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

memory leak in nr_rx_frame

Status: fixed on 2019/08/05 13:45
Subsystems: hams
[Documentation on labels]
Reported-by: syzbot+d6636a36d3c34bd88938@syzkaller.appspotmail.com
Fix commit: c8c8218ec5af netrom: fix a memory leak in nr_rx_frame()
First crash: 1786d, last: 1722d
Discussions (9)
Title Replies (including bot) Last reply
[PATCH 4.9 000/223] 4.9.187-stable review 231 (231) 2019/08/28 03:02
[PATCH 4.4 000/158] 4.4.187-stable review 166 (166) 2019/08/03 15:57
[PATCH 4.14 000/293] 4.14.135-stable review 302 (302) 2019/07/31 09:35
[PATCH 5.2 00/66] 5.2.4-stable review 78 (78) 2019/07/29 15:12
[PATCH 5.1 00/62] 5.1.21-stable review 68 (68) 2019/07/29 09:02
[PATCH 4.19 00/50] 4.19.62-stable review 56 (56) 2019/07/29 09:02
[Patch net] netrom: fix a memory leak in nr_rx_frame() 2 (2) 2019/07/02 02:01
Reminder: 7 open syzbot bugs in "net/netrom" subsystem 1 (1) 2019/06/27 03:50
memory leak in nr_rx_frame 0 (1) 2019/05/28 01:58
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in nr_rx_frame (2) hams C 92 101d 1691d 0/26 upstream: reported C repro on 2019/08/30 19:28

Sample crash report:
executing program
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff88811dc03800 (size 2048):
  comm "softirq", pid 0, jiffies 4295009706 (age 254.640s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    06 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............
  backtrace:
    [<000000008b20d9bb>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000008b20d9bb>] slab_post_alloc_hook mm/slab.h:522 [inline]
    [<000000008b20d9bb>] slab_alloc mm/slab.c:3319 [inline]
    [<000000008b20d9bb>] __do_kmalloc mm/slab.c:3653 [inline]
    [<000000008b20d9bb>] __kmalloc+0x169/0x300 mm/slab.c:3664
    [<0000000069f60d8e>] kmalloc include/linux/slab.h:557 [inline]
    [<0000000069f60d8e>] sk_prot_alloc+0x112/0x170 net/core/sock.c:1603
    [<000000004323d1c8>] sk_alloc+0x35/0x2f0 net/core/sock.c:1657
    [<0000000032f67ae2>] nr_make_new net/netrom/af_netrom.c:476 [inline]
    [<0000000032f67ae2>] nr_rx_frame+0x339/0x8e0 net/netrom/af_netrom.c:959
    [<00000000ac592abe>] nr_loopback_timer+0x4e/0xd0 net/netrom/nr_loopback.c:59
    [<000000007caa51a7>] call_timer_fn+0x45/0x1e0 kernel/time/timer.c:1322
    [<00000000680cc5bc>] expire_timers kernel/time/timer.c:1366 [inline]
    [<00000000680cc5bc>] __run_timers kernel/time/timer.c:1685 [inline]
    [<00000000680cc5bc>] __run_timers kernel/time/timer.c:1653 [inline]
    [<00000000680cc5bc>] run_timer_softirq+0x256/0x740 kernel/time/timer.c:1698
    [<000000000de75c29>] __do_softirq+0x115/0x33f kernel/softirq.c:292
    [<0000000082a77fdc>] invoke_softirq kernel/softirq.c:373 [inline]
    [<0000000082a77fdc>] irq_exit+0xbb/0xe0 kernel/softirq.c:413
    [<000000001a948dac>] exiting_irq arch/x86/include/asm/apic.h:537 [inline]
    [<000000001a948dac>] smp_apic_timer_interrupt+0x96/0x190 arch/x86/kernel/apic/apic.c:1095
    [<000000004f99c462>] apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:828
    [<000000000fd1942e>] native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:60
    [<0000000027fcc059>] arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:571
    [<0000000000f71db4>] default_idle_call+0x1e/0x40 kernel/sched/idle.c:94
    [<00000000036400c5>] cpuidle_idle_call kernel/sched/idle.c:154 [inline]
    [<00000000036400c5>] do_idle+0x1ea/0x2c0 kernel/sched/idle.c:263
    [<0000000090888f96>] cpu_startup_entry+0x1b/0x20 kernel/sched/idle.c:354

BUG: memory leak
unreferenced object 0xffff88810dff5900 (size 32):
  comm "softirq", pid 0, jiffies 4295009706 (age 254.640s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    03 00 00 00 03 00 00 00 0f 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000055f95cd1>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<0000000055f95cd1>] slab_post_alloc_hook mm/slab.h:522 [inline]
    [<0000000055f95cd1>] slab_alloc mm/slab.c:3319 [inline]
    [<0000000055f95cd1>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
    [<0000000048adbcfa>] kmalloc include/linux/slab.h:552 [inline]
    [<0000000048adbcfa>] kzalloc include/linux/slab.h:748 [inline]
    [<0000000048adbcfa>] selinux_sk_alloc_security+0x48/0xb0 security/selinux/hooks.c:5073
    [<00000000ffdc10c8>] security_sk_alloc+0x49/0x70 security/security.c:2029
    [<000000001d72e35a>] sk_prot_alloc+0x12d/0x170 net/core/sock.c:1606
    [<000000004323d1c8>] sk_alloc+0x35/0x2f0 net/core/sock.c:1657
    [<0000000032f67ae2>] nr_make_new net/netrom/af_netrom.c:476 [inline]
    [<0000000032f67ae2>] nr_rx_frame+0x339/0x8e0 net/netrom/af_netrom.c:959
    [<00000000ac592abe>] nr_loopback_timer+0x4e/0xd0 net/netrom/nr_loopback.c:59
    [<000000007caa51a7>] call_timer_fn+0x45/0x1e0 kernel/time/timer.c:1322
    [<00000000680cc5bc>] expire_timers kernel/time/timer.c:1366 [inline]
    [<00000000680cc5bc>] __run_timers kernel/time/timer.c:1685 [inline]
    [<00000000680cc5bc>] __run_timers kernel/time/timer.c:1653 [inline]
    [<00000000680cc5bc>] run_timer_softirq+0x256/0x740 kernel/time/timer.c:1698
    [<000000000de75c29>] __do_softirq+0x115/0x33f kernel/softirq.c:292
    [<0000000082a77fdc>] invoke_softirq kernel/softirq.c:373 [inline]
    [<0000000082a77fdc>] irq_exit+0xbb/0xe0 kernel/softirq.c:413
    [<000000001a948dac>] exiting_irq arch/x86/include/asm/apic.h:537 [inline]
    [<000000001a948dac>] smp_apic_timer_interrupt+0x96/0x190 arch/x86/kernel/apic/apic.c:1095
    [<000000004f99c462>] apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:828
    [<000000000fd1942e>] native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:60
    [<0000000027fcc059>] arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:571
    [<0000000000f71db4>] default_idle_call+0x1e/0x40 kernel/sched/idle.c:94

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/30 07:28 upstream 2a11c76e5301 f67095ee .config console log report syz C ci-upstream-gce-leak
2019/07/02 11:30 upstream 6fbc7275c7a9 cccc4302 .config console log report syz C ci-upstream-gce-leak
2019/07/01 23:48 upstream 6fbc7275c7a9 907bf746 .config console log report syz C ci-upstream-gce-leak
2019/06/29 02:53 upstream 556e2f6020bf 7509bf36 .config console log report syz C ci-upstream-gce-leak
2019/05/27 08:47 upstream c5b440951a19 85c57315 .config console log report syz C ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.