syzbot


memory leak in ppp_write

Status: fixed on 2019/10/15 23:40
Subsystems: ppp
[Documentation on labels]
Reported-by: syzbot+d9c8bf24e56416d7ce2c@syzkaller.appspotmail.com
Fix commit: 4c247de564f1 ppp: Fix memory leak in ppp_write
First crash: 1894d, last: 1849d
Discussions (12)
Title Replies (including bot) Last reply
[PATCH 5.2 000/313] 5.2.19-stable review 324 (324) 2020/06/23 22:07
[PATCH 4.19 000/211] 4.19.77-stable review 227 (227) 2019/11/12 00:25
[PATCH 5.3 000/344] 5.3.4-stable review 360 (360) 2019/11/11 06:01
[PATCH AUTOSEL 5.3 01/71] drivers: thermal: qcom: tsens: Fix memory leak from qfprom read 74 (74) 2019/10/09 03:45
[PATCH 4.14 000/185] 4.14.147-stable review 191 (191) 2019/10/05 00:10
[PATCH 4.9 000/129] 4.9.195-stable review 135 (135) 2019/10/04 22:56
[PATCH AUTOSEL 4.9 01/19] ima: always return negative code for error 19 (19) 2019/10/01 16:45
[PATCH AUTOSEL 4.14 01/29] ima: always return negative code for error 29 (29) 2019/10/01 16:44
[PATCH AUTOSEL 4.19 01/43] ima: always return negative code for error 43 (43) 2019/10/01 16:43
[PATCH AUTOSEL 5.2 01/63] drivers: thermal: qcom: tsens: Fix memory leak from qfprom read 63 (63) 2019/10/01 16:41
[PATCH net] ppp: Fix memory leak in ppp_write 3 (3) 2019/09/25 11:45
memory leak in ppp_write 1 (4) 2019/09/12 15:17
Last patch testing requests (1)
Created Duration User Patch Repo Result
2019/09/12 13:34 17m jeliantsurux@gmail.com patch https://github.com/google/kasan.git 6525771f OK

Sample crash report:
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff88812a17bc00 (size 224):
  comm "syz-executor673", pid 6952, jiffies 4294942888 (age 13.040s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000d110fff9>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000d110fff9>] slab_post_alloc_hook mm/slab.h:522 [inline]
    [<00000000d110fff9>] slab_alloc_node mm/slab.c:3262 [inline]
    [<00000000d110fff9>] kmem_cache_alloc_node+0x163/0x2f0 mm/slab.c:3574
    [<000000002d616113>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:197
    [<000000000167fc45>] alloc_skb include/linux/skbuff.h:1055 [inline]
    [<000000000167fc45>] ppp_write+0x48/0x120 drivers/net/ppp/ppp_generic.c:502
    [<000000009ab42c0b>] __vfs_write+0x43/0xa0 fs/read_write.c:494
    [<00000000086b2e22>] vfs_write fs/read_write.c:558 [inline]
    [<00000000086b2e22>] vfs_write+0xee/0x210 fs/read_write.c:542
    [<00000000a2b70ef9>] ksys_write+0x7c/0x130 fs/read_write.c:611
    [<00000000ce5e0fdd>] __do_sys_write fs/read_write.c:623 [inline]
    [<00000000ce5e0fdd>] __se_sys_write fs/read_write.c:620 [inline]
    [<00000000ce5e0fdd>] __x64_sys_write+0x1e/0x30 fs/read_write.c:620
    [<00000000d9d7b370>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:296
    [<0000000006e6d506>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888121203900 (size 224):
  comm "syz-executor673", pid 6965, jiffies 4294943430 (age 7.620s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000d110fff9>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000d110fff9>] slab_post_alloc_hook mm/slab.h:522 [inline]
    [<00000000d110fff9>] slab_alloc_node mm/slab.c:3262 [inline]
    [<00000000d110fff9>] kmem_cache_alloc_node+0x163/0x2f0 mm/slab.c:3574
    [<000000002d616113>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:197
    [<000000000167fc45>] alloc_skb include/linux/skbuff.h:1055 [inline]
    [<000000000167fc45>] ppp_write+0x48/0x120 drivers/net/ppp/ppp_generic.c:502
    [<000000009ab42c0b>] __vfs_write+0x43/0xa0 fs/read_write.c:494
    [<00000000086b2e22>] vfs_write fs/read_write.c:558 [inline]
    [<00000000086b2e22>] vfs_write+0xee/0x210 fs/read_write.c:542
    [<00000000a2b70ef9>] ksys_write+0x7c/0x130 fs/read_write.c:611
    [<00000000ce5e0fdd>] __do_sys_write fs/read_write.c:623 [inline]
    [<00000000ce5e0fdd>] __se_sys_write fs/read_write.c:620 [inline]
    [<00000000ce5e0fdd>] __x64_sys_write+0x1e/0x30 fs/read_write.c:620
    [<00000000d9d7b370>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:296
    [<0000000006e6d506>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d0cf800 (size 512):
  comm "syz-executor673", pid 6965, jiffies 4294943430 (age 7.620s)
  hex dump (first 32 bytes):
    06 00 00 00 05 00 00 00 40 00 00 00 00 00 00 00  ........@.......
    40 00 40 00 00 00 00 00 40 00 40 00 00 00 00 00  @.@.....@.@.....
  backtrace:
    [<00000000b9629d4c>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000b9629d4c>] slab_post_alloc_hook mm/slab.h:522 [inline]
    [<00000000b9629d4c>] slab_alloc_node mm/slab.c:3262 [inline]
    [<00000000b9629d4c>] kmem_cache_alloc_node_trace+0x161/0x2f0 mm/slab.c:3592
    [<00000000a9b92035>] __do_kmalloc_node mm/slab.c:3614 [inline]
    [<00000000a9b92035>] __kmalloc_node_track_caller+0x38/0x50 mm/slab.c:3629
    [<00000000fad050db>] __kmalloc_reserve.isra.0+0x40/0xb0 net/core/skbuff.c:141
    [<00000000a1025904>] __alloc_skb+0xa0/0x210 net/core/skbuff.c:209
    [<000000000167fc45>] alloc_skb include/linux/skbuff.h:1055 [inline]
    [<000000000167fc45>] ppp_write+0x48/0x120 drivers/net/ppp/ppp_generic.c:502
    [<000000009ab42c0b>] __vfs_write+0x43/0xa0 fs/read_write.c:494
    [<00000000086b2e22>] vfs_write fs/read_write.c:558 [inline]
    [<00000000086b2e22>] vfs_write+0xee/0x210 fs/read_write.c:542
    [<00000000a2b70ef9>] ksys_write+0x7c/0x130 fs/read_write.c:611
    [<00000000ce5e0fdd>] __do_sys_write fs/read_write.c:623 [inline]
    [<00000000ce5e0fdd>] __se_sys_write fs/read_write.c:620 [inline]
    [<00000000ce5e0fdd>] __x64_sys_write+0x1e/0x30 fs/read_write.c:620
    [<00000000d9d7b370>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:296
    [<0000000006e6d506>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/08/29 15:31 upstream 6525771f58cb fd37b39e .config console log report syz C ci-upstream-gce-leak
2019/09/18 21:17 upstream 35f7a9526615 c2dcd700 .config console log report syz ci-upstream-gce-leak
2019/09/06 07:05 upstream 3b47fd5ca9ea 040fda58 .config console log report syz ci-upstream-gce-leak
2019/08/24 13:18 upstream 9140d8bdd4c5 78ded196 .config console log report syz ci-upstream-gce-leak
2019/08/04 10:49 upstream d8778f13b73f 6affd8e8 .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.