syzbot


memory leak in sctp_process_init

Status: fixed on 2019/07/10 21:40
Subsystems: sctp
[Documentation on labels]
Reported-by: syzbot+f7e9153b037eac9b1df8@syzkaller.appspotmail.com
Fix commit: 0a8dd9f67cd0 Fix memory leak in sctp_process_init ce950f1050ce sctp: Free cookie before we memdup a new one
First crash: 1967d, last: 1942d
Discussions (10)
Title Replies (including bot) Last reply
[PATCH 4.19 00/61] 4.19.54-stable review 66 (66) 2019/06/22 08:20
[PATCH 5.1 00/98] 5.1.13-stable review 106 (106) 2019/06/22 05:43
[PATCH 4.14 00/45] 4.14.129-stable review 49 (49) 2019/06/22 00:44
[PATCH] Free cookie before we memdup a new one 18 (18) 2019/06/15 02:27
[PATCH 5.1 00/70] 5.1.9-stable review 81 (81) 2019/06/11 07:21
[PATCH 4.19 00/51] 4.19.50-stable review 61 (61) 2019/06/10 21:57
[PATCH 4.14 00/35] 4.14.125-stable review 43 (43) 2019/06/10 21:56
[PATCH V2] Fix memory leak in sctp_process_init 10 (10) 2019/06/08 07:06
[PATCH] Fix memory leak in sctp_process_init 3 (3) 2019/06/03 18:14
memory leak in sctp_process_init 10 (11) 2019/05/31 16:43

Sample crash report:
E): veth1_to_hsr: link becomes ready
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888113939800 (size 1024):
  comm "syz-executor759", pid 7320, jiffies 4294942608 (age 36.870s)
  hex dump (first 32 bytes):
    71 6d 53 b6 db 3d ca 66 47 ca 4f 0b 43 e4 75 8b  qmS..=.fG.O.C.u.
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f0a1ee4a>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000f0a1ee4a>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000f0a1ee4a>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000f0a1ee4a>] __do_kmalloc mm/slab.c:3658 [inline]
    [<00000000f0a1ee4a>] __kmalloc_track_caller+0x15d/0x2c0 mm/slab.c:3675
    [<0000000037dea88e>] kmemdup+0x27/0x60 mm/util.c:119
    [<000000002521af7d>] kmemdup include/linux/string.h:432 [inline]
    [<000000002521af7d>] sctp_process_param net/sctp/sm_make_chunk.c:2586 [inline]
    [<000000002521af7d>] sctp_process_init+0x50a/0xc30 net/sctp/sm_make_chunk.c:2343
    [<00000000c5b6ed86>] sctp_cmd_process_init net/sctp/sm_sideeffect.c:667 [inline]
    [<00000000c5b6ed86>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1374 [inline]
    [<00000000c5b6ed86>] sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
    [<00000000c5b6ed86>] sctp_do_sm+0xbdc/0x1da0 net/sctp/sm_sideeffect.c:1155
    [<000000004e756771>] sctp_assoc_bh_rcv+0x13c/0x200 net/sctp/associola.c:1059
    [<00000000b8b3f7f0>] sctp_inq_push+0x7f/0xb0 net/sctp/inqueue.c:80
    [<00000000a96e742c>] sctp_backlog_rcv+0x5e/0x2a0 net/sctp/input.c:339
    [<000000009504f4e4>] sk_backlog_rcv include/net/sock.h:945 [inline]
    [<000000009504f4e4>] __release_sock+0xab/0x110 net/core/sock.c:2412
    [<000000001a2a7061>] release_sock+0x37/0xd0 net/core/sock.c:2928
    [<00000000ee8bd9c3>] sctp_sendmsg+0x2c0/0x990 net/sctp/socket.c:2107
    [<00000000eacb8ef8>] inet_sendmsg+0x64/0x120 net/ipv4/af_inet.c:798
    [<0000000010e09bf8>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<0000000010e09bf8>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<000000003982440f>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2286
    [<000000004f8acb36>] __sys_sendmsg+0x80/0xf0 net/socket.c:2324
    [<00000000423a0b91>] __do_sys_sendmsg net/socket.c:2333 [inline]
    [<00000000423a0b91>] __se_sys_sendmsg net/socket.c:2331 [inline]
    [<00000000423a0b91>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2331
    [<000000008cc8d077>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301

BUG: memory leak
unreferenced object 0xffff888113939800 (size 1024):
  comm "syz-executor759", pid 7320, jiffies 4294942608 (age 36.940s)
  hex dump (first 32 bytes):
    71 6d 53 b6 db 3d ca 66 47 ca 4f 0b 43 e4 75 8b  qmS..=.fG.O.C.u.
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f0a1ee4a>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000f0a1ee4a>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000f0a1ee4a>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000f0a1ee4a>] __do_kmalloc mm/slab.c:3658 [inline]
    [<00000000f0a1ee4a>] __kmalloc_track_caller+0x15d/0x2c0 mm/slab.c:3675
    [<0000000037dea88e>] kmemdup+0x27/0x60 mm/util.c:119
    [<000000002521af7d>] kmemdup include/linux/string.h:432 [inline]
    [<000000002521af7d>] sctp_process_param net/sctp/sm_make_chunk.c:2586 [inline]
    [<000000002521af7d>] sctp_process_init+0x50a/0xc30 net/sctp/sm_make_chunk.c:2343
    [<00000000c5b6ed86>] sctp_cmd_process_init net/sctp/sm_sideeffect.c:667 [inline]
    [<00000000c5b6ed86>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1374 [inline]
    [<00000000c5b6ed86>] sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
    [<00000000c5b6ed86>] sctp_do_sm+0xbdc/0x1da0 net/sctp/sm_sideeffect.c:1155
    [<000000004e756771>] sctp_assoc_bh_rcv+0x13c/0x200 net/sctp/associola.c:1059
    [<00000000b8b3f7f0>] sctp_inq_push+0x7f/0xb0 net/sctp/inqueue.c:80
    [<00000000a96e742c>] sctp_backlog_rcv+0x5e/0x2a0 net/sctp/input.c:339
    [<000000009504f4e4>] sk_backlog_rcv include/net/sock.h:945 [inline]
    [<000000009504f4e4>] __release_sock+0xab/0x110 net/core/sock.c:2412
    [<000000001a2a7061>] release_sock+0x37/0xd0 net/core/sock.c:2928
    [<00000000ee8bd9c3>] sctp_sendmsg+0x2c0/0x990 net/sctp/socket.c:2107
    [<00000000eacb8ef8>] inet_sendmsg+0x64/0x120 net/ipv4/af_inet.c:798
    [<0000000010e09bf8>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<0000000010e09bf8>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<000000003982440f>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2286
    [<000000004f8acb36>] __sys_sendmsg+0x80/0xf0 net/socket.c:2324
    [<00000000423a0b91>] __do_sys_sendmsg net/socket.c:2333 [inline]
    [<00000000423a0b91>] __se_sys_sendmsg net/socket.c:2331 [inline]
    [<00000000423a0b91>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2331
    [<000000008cc8d077>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301

BUG: memory leak
unreferenced object 0xffff888113939800 (size 1024):
  comm "syz-executor759", pid 7320, jiffies 4294942608 (age 37.010s)
  hex dump (first 32 bytes):
    71 6d 53 b6 db 3d ca 66 47 ca 4f 0b 43 e4 75 8b  qmS..=.fG.O.C.u.
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f0a1ee4a>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000f0a1ee4a>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000f0a1ee4a>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000f0a1ee4a>] __do_kmalloc mm/slab.c:3658 [inline]
    [<00000000f0a1ee4a>] __kmalloc_track_caller+0x15d/0x2c0 mm/slab.c:3675
    [<0000000037dea88e>] kmemdup+0x27/0x60 mm/util.c:119
    [<000000002521af7d>] kmemdup include/linux/string.h:432 [inline]
    [<000000002521af7d>] sctp_process_param net/sctp/sm_make_chunk.c:2586 [inline]
    [<000000002521af7d>] sctp_process_init+0x50a/0xc30 net/sctp/sm_make_chunk.c:2343
    [<00000000c5b6ed86>] sctp_cmd_process_init net/sctp/sm_sideeffect.c:667 [inline]
    [<00000000c5b6ed86>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1374 [inline]
    [<00000000c5b6ed86>] sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
    [<00000000c5b6ed86>] sctp_do_sm+0xbdc/0x1da0 net/sctp/sm_sideeffect.c:1155
    [<000000004e756771>] sctp_assoc_bh_rcv+0x13c/0x200 net/sctp/associola.c:1059
    [<00000000b8b3f7f0>] sctp_inq_push+0x7f/0xb0 net/sctp/inqueue.c:80
    [<00000000a96e742c>] sctp_backlog_rcv+0x5e/0x2a0 net/sctp/input.c:339
    [<000000009504f4e4>] sk_backlog_rcv include/net/sock.h:945 [inline]
    [<000000009504f4e4>] __release_sock+0xab/0x110 net/core/sock.c:2412
    [<000000001a2a7061>] release_sock+0x37/0xd0 net/core/sock.c:2928
    [<00000000ee8bd9c3>] sctp_sendmsg+0x2c0/0x990 net/sctp/socket.c:2107
    [<00000000eacb8ef8>] inet_sendmsg+0x64/0x120 net/ipv4/af_inet.c:798
    [<0000000010e09bf8>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<0000000010e09bf8>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<000000003982440f>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2286
    [<000000004f8acb36>] __sys_sendmsg+0x80/0xf0 net/socket.c:2324
    [<00000000423a0b91>] __do_sys_sendmsg net/socket.c:2333 [inline]
    [<00000000423a0b91>] __se_sys_sendmsg net/socket.c:2331 [inline]
    [<00000000423a0b91>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2331
    [<000000008cc8d077>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301

BUG: memory leak
unreferenced object 0xffff888113939800 (size 1024):
  comm "syz-executor759", pid 7320, jiffies 4294942608 (age 37.080s)
  hex dump (first 32 bytes):
    71 6d 53 b6 db 3d ca 66 47 ca 4f 0b 43 e4 75 8b  qmS..=.fG.O.C.u.
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f0a1ee4a>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000f0a1ee4a>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000f0a1ee4a>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000f0a1ee4a>] __do_kmalloc mm/slab.c:3658 [inline]
    [<00000000f0a1ee4a>] __kmalloc_track_caller+0x15d/0x2c0 mm/slab.c:3675
    [<0000000037dea88e>] kmemdup+0x27/0x60 mm/util.c:119
    [<000000002521af7d>] kmemdup include/linux/string.h:432 [inline]
    [<000000002521af7d>] sctp_process_param net/sctp/sm_make_chunk.c:2586 [inline]
    [<000000002521af7d>] sctp_process_init+0x50a/0xc30 net/sctp/sm_make_chunk.c:2343
    [<00000000c5b6ed86>] sctp_cmd_process_init net/sctp/sm_sideeffect.c:667 [inline]
    [<00000000c5b6ed86>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1374 [inline]
    [<00000000c5b6ed86>] sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
    [<00000000c5b6ed86>] sctp_do_sm+0xbdc/0x1da0 net/sctp/sm_sideeffect.c:1155
    [<000000004e756771>] sctp_assoc_bh_rcv+0x13c/0x200 net/sctp/associola.c:1059
    [<00000000b8b3f7f0>] sctp_inq_push+0x7f/0xb0 net/sctp/inqueue.c:80
    [<00000000a96e742c>] sctp_backlog_rcv+0x5e/0x2a0 net/sctp/input.c:339
    [<000000009504f4e4>] sk_backlog_rcv include/net/sock.h:945 [inline]
    [<000000009504f4e4>] __release_sock+0xab/0x110 net/core/sock.c:2412
    [<000000001a2a7061>] release_sock+0x37/0xd0 net/core/sock.c:2928
    [<00000000ee8bd9c3>] sctp_sendmsg+0x2c0/0x990 net/sctp/socket.c:2107
    [<00000000eacb8ef8>] inet_sendmsg+0x64/0x120 net/ipv4/af_inet.c:798
    [<0000000010e09bf8>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<0000000010e09bf8>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<000000003982440f>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2286
    [<000000004f8acb36>] __sys_sendmsg+0x80/0xf0 net/socket.c:2324
    [<00000000423a0b91>] __do_sys_sendmsg net/socket.c:2333 [inline]
    [<00000000423a0b91>] __se_sys_sendmsg net/socket.c:2331 [inline]
    [<00000000423a0b91>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2331
    [<000000008cc8d077>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301

BUG: memory leak
unreferenced object 0xffff888113939800 (size 1024):
  comm "syz-executor759", pid 7320, jiffies 4294942608 (age 37.140s)
  hex dump (first 32 bytes):
    71 6d 53 b6 db 3d ca 66 47 ca 4f 0b 43 e4 75 8b  qmS..=.fG.O.C.u.
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f0a1ee4a>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000f0a1ee4a>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000f0a1ee4a>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000f0a1ee4a>] __do_kmalloc mm/slab.c:3658 [inline]
    [<00000000f0a1ee4a>] __kmalloc_track_caller+0x15d/0x2c0 mm/slab.c:3675
    [<0000000037dea88e>] kmemdup+0x27/0x60 mm/util.c:119
    [<000000002521af7d>] kmemdup include/linux/string.h:432 [inline]
    [<000000002521af7d>] sctp_process_param net/sctp/sm_make_chunk.c:2586 [inline]
    [<000000002521af7d>] sctp_process_init+0x50a/0xc30 net/sctp/sm_make_chunk.c:2343
    [<00000000c5b6ed86>] sctp_cmd_process_init net/sctp/sm_sideeffect.c:667 [inline]
    [<00000000c5b6ed86>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1374 [inline]
    [<00000000c5b6ed86>] sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
    [<00000000c5b6ed86>] sctp_do_sm+0xbdc/0x1da0 net/sctp/sm_sideeffect.c:1155
    [<000000004e756771>] sctp_assoc_bh_rcv+0x13c/0x200 net/sctp/associola.c:1059
    [<00000000b8b3f7f0>] sctp_inq_push+0x7f/0xb0 net/sctp/inqueue.c:80
    [<00000000a96e742c>] sctp_backlog_rcv+0x5e/0x2a0 net/sctp/input.c:339
    [<000000009504f4e4>] sk_backlog_rcv include/net/sock.h:945 [inline]
    [<000000009504f4e4>] __release_sock+0xab/0x110 net/core/sock.c:2412
    [<000000001a2a7061>] release_sock+0x37/0xd0 net/core/sock.c:2928
    [<00000000ee8bd9c3>] sctp_sendmsg+0x2c0/0x990 net/sctp/socket.c:2107
    [<00000000eacb8ef8>] inet_sendmsg+0x64/0x120 net/ipv4/af_inet.c:798
    [<0000000010e09bf8>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<0000000010e09bf8>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<000000003982440f>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2286
    [<000000004f8acb36>] __sys_sendmsg+0x80/0xf0 net/socket.c:2324
    [<00000000423a0b91>] __do_sys_sendmsg net/socket.c:2333 [inline]
    [<00000000423a0b91>] __se_sys_sendmsg net/socket.c:2331 [inline]
    [<00000000423a0b91>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2331
    [<000000008cc8d077>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301

BUG: memory leak
unreferenced object 0xffff888113939800 (size 1024):
  comm "syz-executor759", pid 7320, jiffies 4294942608 (age 37.210s)
  hex dump (first 32 bytes):
    71 6d 53 b6 db 3d ca 66 47 ca 4f 0b 43 e4 75 8b  qmS..=.fG.O.C.u.
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f0a1ee4a>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000f0a1ee4a>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000f0a1ee4a>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000f0a1ee4a>] __do_kmalloc mm/slab.c:3658 [inline]
    [<00000000f0a1ee4a>] __kmalloc_track_caller+0x15d/0x2c0 mm/slab.c:3675
    [<0000000037dea88e>] kmemdup+0x27/0x60 mm/util.c:119
    [<000000002521af7d>] kmemdup include/linux/string.h:432 [inline]
    [<000000002521af7d>] sctp_process_param net/sctp/sm_make_chunk.c:2586 [inline]
    [<000000002521af7d>] sctp_process_init+0x50a/0xc30 net/sctp/sm_make_chunk.c:2343
    [<00000000c5b6ed86>] sctp_cmd_process_init net/sctp/sm_sideeffect.c:667 [inline]
    [<00000000c5b6ed86>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1374 [inline]
    [<00000000c5b6ed86>] sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
    [<00000000c5b6ed86>] sctp_do_sm+0xbdc/0x1da0 net/sctp/sm_sideeffect.c:1155
    [<000000004e756771>] sctp_assoc_bh_rcv+0x13c/0x200 net/sctp/associola.c:1059
    [<00000000b8b3f7f0>] sctp_inq_push+0x7f/0xb0 net/sctp/inqueue.c:80
    [<00000000a96e742c>] sctp_backlog_rcv+0x5e/0x2a0 net/sctp/input.c:339
    [<000000009504f4e4>] sk_backlog_rcv include/net/sock.h:945 [inline]
    [<000000009504f4e4>] __release_sock+0xab/0x110 net/core/sock.c:2412
    [<000000001a2a7061>] release_sock+0x37/0xd0 net/core/sock.c:2928
    [<00000000ee8bd9c3>] sctp_sendmsg+0x2c0/0x990 net/sctp/socket.c:2107
    [<00000000eacb8ef8>] inet_sendmsg+0x64/0x120 net/ipv4/af_inet.c:798
    [<0000000010e09bf8>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<0000000010e09bf8>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<000000003982440f>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2286
    [<000000004f8acb36>] __sys_sendmsg+0x80/0xf0 net/socket.c:2324
    [<00000000423a0b91>] __do_sys_sendmsg net/socket.c:2333 [inline]
    [<00000000423a0b91>] __se_sys_sendmsg net/socket.c:2331 [inline]
    [<00000000423a0b91>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2331
    [<000000008cc8d077>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301

BUG: memory leak
unreferenced object 0xffff888113939800 (size 1024):
  comm "syz-executor759", pid 7320, jiffies 4294942608 (age 37.270s)
  hex dump (first 32 bytes):
    71 6d 53 b6 db 3d ca 66 47 ca 4f 0b 43 e4 75 8b  qmS..=.fG.O.C.u.
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f0a1ee4a>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000f0a1ee4a>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000f0a1ee4a>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000f0a1ee4a>] __do_kmalloc mm/slab.c:3658 [inline]
    [<00000000f0a1ee4a>] __kmalloc_track_caller+0x15d/0x2c0 mm/slab.c:3675
    [<0000000037dea88e>] kmemdup+0x27/0x60 mm/util.c:119
    [<000000002521af7d>] kmemdup include/linux/string.h:432 [inline]
    [<000000002521af7d>] sctp_process_param net/sctp/sm_make_chunk.c:2586 [inline]
    [<000000002521af7d>] sctp_process_init+0x50a/0xc30 net/sctp/sm_make_chunk.c:2343
    [<00000000c5b6ed86>] sctp_cmd_process_init net/sctp/sm_sideeffect.c:667 [inline]
    [<00000000c5b6ed86>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1374 [inline]
    [<00000000c5b6ed86>] sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
    [<00000000c5b6ed86>] sctp_do_sm+0xbdc/0x1da0 net/sctp/sm_sideeffect.c:1155
    [<000000004e756771>] sctp_assoc_bh_rcv+0x13c/0x200 net/sctp/associola.c:1059
    [<00000000b8b3f7f0>] sctp_inq_push+0x7f/0xb0 net/sctp/inqueue.c:80
    [<00000000a96e742c>] sctp_backlog_rcv+0x5e/0x2a0 net/sctp/input.c:339
    [<000000009504f4e4>] sk_backlog_rcv include/net/sock.h:945 [inline]
    [<000000009504f4e4>] __release_sock+0xab/0x110 net/core/sock.c:2412
    [<000000001a2a7061>] release_sock+0x37/0xd0 net/core/sock.c:2928
    [<00000000ee8bd9c3>] sctp_sendmsg+0x2c0/0x990 net/sctp/socket.c:2107
    [<00000000eacb8ef8>] inet_sendmsg+0x64/0x120 net/ipv4/af_inet.c:798
    [<0000000010e09bf8>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<0000000010e09bf8>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<000000003982440f>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2286
    [<000000004f8acb36>] __sys_sendmsg+0x80/0xf0 net/socket.c:2324
    [<00000000423a0b91>] __do_sys_sendmsg net/socket.c:2333 [inline]
    [<00000000423a0b91>] __se_sys_sendmsg net/socket.c:2331 [inline]
    [<00000000423a0b91>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2331
    [<000000008cc8d077>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301

BUG: memory leak
unreferenced object 0xffff888113939800 (size 1024):
  comm "syz-executor759", pid 7320, jiffies 4294942608 (age 37.340s)
  hex dump (first 32 bytes):
    71 6d 53 b6 db 3d ca 66 47 ca 4f 0b 43 e4 75 8b  qmS..=.fG.O.C.u.
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f0a1ee4a>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000f0a1ee4a>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000f0a1ee4a>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000f0a1ee4a>] __do_kmalloc mm/slab.c:3658 [inline]
    [<00000000f0a1ee4a>] __kmalloc_track_caller+0x15d/0x2c0 mm/slab.c:3675
    [<0000000037dea88e>] kmemdup+0x27/0x60 mm/util.c:119
    [<000000002521af7d>] kmemdup include/linux/string.h:432 [inline]
    [<000000002521af7d>] sctp_process_param net/sctp/sm_make_chunk.c:2586 [inline]
    [<000000002521af7d>] sctp_process_init+0x50a/0xc30 net/sctp/sm_make_chunk.c:2343
    [<00000000c5b6ed86>] sctp_cmd_process_init net/sctp/sm_sideeffect.c:667 [inline]
    [<00000000c5b6ed86>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1374 [inline]
    [<00000000c5b6ed86>] sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
    [<00000000c5b6ed86>] sctp_do_sm+0xbdc/0x1da0 net/sctp/sm_sideeffect.c:1155
    [<000000004e756771>] sctp_assoc_bh_rcv+0x13c/0x200 net/sctp/associola.c:1059
    [<00000000b8b3f7f0>] sctp_inq_push+0x7f/0xb0 net/sctp/inqueue.c:80
    [<00000000a96e742c>] sctp_backlog_rcv+0x5e/0x2a0 net/sctp/input.c:339
    [<000000009504f4e4>] sk_backlog_rcv include/net/sock.h:945 [inline]
    [<000000009504f4e4>] __release_sock+0xab/0x110 net/core/sock.c:2412
    [<000000001a2a7061>] release_sock+0x37/0xd0 net/core/sock.c:2928
    [<00000000ee8bd9c3>] sctp_sendmsg+0x2c0/0x990 net/sctp/socket.c:2107
    [<00000000eacb8ef8>] inet_sendmsg+0x64/0x120 net/ipv4/af_inet.c:798
    [<0000000010e09bf8>] sock_sendmsg_nosec net/socket.c:646 [inline]
    [<0000000010e09bf8>] sock_sendmsg+0x54/0x70 net/socket.c:665
    [<000000003982440f>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2286
    [<000000004f8acb36>] __sys_sendmsg+0x80/0xf0 net/socket.c:2324
    [<00000000423a0b91>] __do_sys_sendmsg net/socket.c:2333 [inline]
    [<00000000423a0b91>] __se_sys_sendmsg net/socket.c:2331 [inline]
    [<00000000423a0b91>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2331
    [<000000008cc8d077>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301


Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/15 13:12 upstream 0011572c8830 442206d7 .config console log report syz C ci-upstream-gce-leak
2019/06/12 16:13 upstream aa7235483a83 794a1ad7 .config console log report syz C ci-upstream-gce-leak
2019/06/09 21:16 upstream d1fdb6d8f6a4 0159583c .config console log report syz C ci-upstream-gce-leak
2019/06/09 06:36 upstream 8d72e5bd86cb 0159583c .config console log report syz C ci-upstream-gce-leak
2019/05/30 14:28 upstream bec7550cca10 d9aaf3c2 .config console log report syz C ci-upstream-gce-leak
2019/05/29 16:14 upstream 9fb67d643f6f 5457ef34 .config console log report syz C ci-upstream-gce-leak
2019/05/26 19:43 upstream 35efb51eee22 85c57315 .config console log report syz C ci-upstream-gce-leak
2019/05/22 14:55 upstream 9c7db5004280 84b9d384 .config console log report syz C ci-upstream-gce-leak
2019/06/16 15:56 upstream e01e060fe00d 442206d7 .config console log report syz ci-upstream-gce-leak
2019/05/28 08:40 upstream cd6c84d8f0cd 6bd61501 .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.