syzbot


memory leak in sctp_packet_transmit

Status: upstream: reported C repro on 2020/07/22 20:32
Subsystems: sctp
[Documentation on labels]
Reported-by: syzbot+8bb053b5d63595ab47db@syzkaller.appspotmail.com
Fix commit: 4e45170d9acc net: sctp: fix skb leak in sctp_inq_free()
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-net-next-test-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 1335d, last: 118d
Discussions (3)
Title Replies (including bot) Last reply
[PATCH] [v3] net: sctp: fix skb leak in sctp_inq_free() 3 (3) 2024/02/15 16:00
[PATCH] net: sctp: fix memory leak in sctp_chunk_destroy() 8 (8) 2024/02/13 15:21
memory leak in sctp_packet_transmit 0 (1) 2020/07/22 20:32
Last patch testing requests (13)
Created Duration User Patch Repo Result
2024/01/31 22:11 10m retest repro upstream report log
2024/01/17 06:29 10m retest repro upstream report log
2024/01/17 06:29 20m retest repro upstream OK log
2023/11/22 06:12 10m retest repro upstream report log
2023/11/08 05:17 18m retest repro upstream report log
2023/11/08 05:17 14m retest repro upstream report log
2023/09/05 19:01 2h21m retest repro upstream OK log
2023/09/05 19:01 31m retest repro upstream OK log
2023/09/05 19:01 19m retest repro upstream OK log
2023/09/05 19:01 19m retest repro upstream report log
2021/08/04 01:06 16m phind.uet@gmail.com linux-next OK
2021/04/15 09:23 8m phil@philpotter.co.uk upstream report log
2020/10/16 23:42 8m anant.thazhemadam@gmail.com upstream report log

Sample crash report:
executing program
BUG: memory leak
unreferenced object 0xffff888109d36700 (size 240):
  comm "syz-executor319", pid 5010, jiffies 4294941811 (age 12.620s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff83e1bc7d>] __alloc_skb+0x1fd/0x230 net/core/skbuff.c:634
    [<ffffffff8464a9f7>] alloc_skb include/linux/skbuff.h:1289 [inline]
    [<ffffffff8464a9f7>] sctp_packet_pack net/sctp/output.c:472 [inline]
    [<ffffffff8464a9f7>] sctp_packet_transmit+0x447/0xcf0 net/sctp/output.c:621
    [<ffffffff8464b31e>] sctp_packet_transmit_chunk+0x7e/0xd0 net/sctp/output.c:194
    [<ffffffff8462f811>] sctp_outq_flush_data+0x521/0xae0 net/sctp/outqueue.c:1111
    [<ffffffff84630ad6>] sctp_outq_flush net/sctp/outqueue.c:1217 [inline]
    [<ffffffff84630ad6>] sctp_outq_uncork+0xa6/0xe0 net/sctp/outqueue.c:764
    [<ffffffff84617e06>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1818 [inline]
    [<ffffffff84617e06>] sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]
    [<ffffffff84617e06>] sctp_do_sm+0x1506/0x26a0 net/sctp/sm_sideeffect.c:1169
    [<ffffffff8461e087>] sctp_assoc_bh_rcv+0x1e7/0x300 net/sctp/associola.c:1051
    [<ffffffff8462d647>] sctp_inq_push+0x97/0xc0 net/sctp/inqueue.c:80
    [<ffffffff8464c216>] sctp_backlog_rcv+0xa6/0x520 net/sctp/input.c:331
    [<ffffffff83e1248d>] sk_backlog_rcv include/net/sock.h:1115 [inline]
    [<ffffffff83e1248d>] __release_sock+0xbd/0x140 net/core/sock.c:2970
    [<ffffffff83e12586>] release_sock+0x36/0xd0 net/core/sock.c:3507
    [<ffffffff8463981a>] sctp_wait_for_connect+0x22a/0x2a0 net/sctp/socket.c:9341
    [<ffffffff8463a7c0>] sctp_sendmsg_to_asoc+0xa50/0xa60 net/sctp/socket.c:1884
    [<ffffffff846435f0>] sctp_sendmsg+0x8e0/0x1070 net/sctp/socket.c:2030
    [<ffffffff841c4fa9>] inet_sendmsg+0x49/0x70 net/ipv4/af_inet.c:830
    [<ffffffff83e06238>] sock_sendmsg_nosec net/socket.c:725 [inline]
    [<ffffffff83e06238>] sock_sendmsg+0x58/0xb0 net/socket.c:748

BUG: memory leak
unreferenced object 0xffff888140a4f800 (size 2048):
  comm "syz-executor319", pid 5010, jiffies 4294941811 (age 12.620s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8154c38b>] __do_kmalloc_node mm/slab_common.c:984 [inline]
    [<ffffffff8154c38b>] __kmalloc_node_track_caller+0x4b/0x120 mm/slab_common.c:1005
    [<ffffffff83e184ec>] kmalloc_reserve+0x9c/0x180 net/core/skbuff.c:575
    [<ffffffff83e1bb55>] __alloc_skb+0xd5/0x230 net/core/skbuff.c:644
    [<ffffffff8464a9f7>] alloc_skb include/linux/skbuff.h:1289 [inline]
    [<ffffffff8464a9f7>] sctp_packet_pack net/sctp/output.c:472 [inline]
    [<ffffffff8464a9f7>] sctp_packet_transmit+0x447/0xcf0 net/sctp/output.c:621
    [<ffffffff8464b31e>] sctp_packet_transmit_chunk+0x7e/0xd0 net/sctp/output.c:194
    [<ffffffff8462f811>] sctp_outq_flush_data+0x521/0xae0 net/sctp/outqueue.c:1111
    [<ffffffff84630ad6>] sctp_outq_flush net/sctp/outqueue.c:1217 [inline]
    [<ffffffff84630ad6>] sctp_outq_uncork+0xa6/0xe0 net/sctp/outqueue.c:764
    [<ffffffff84617e06>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1818 [inline]
    [<ffffffff84617e06>] sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]
    [<ffffffff84617e06>] sctp_do_sm+0x1506/0x26a0 net/sctp/sm_sideeffect.c:1169
    [<ffffffff8461e087>] sctp_assoc_bh_rcv+0x1e7/0x300 net/sctp/associola.c:1051
    [<ffffffff8462d647>] sctp_inq_push+0x97/0xc0 net/sctp/inqueue.c:80
    [<ffffffff8464c216>] sctp_backlog_rcv+0xa6/0x520 net/sctp/input.c:331
    [<ffffffff83e1248d>] sk_backlog_rcv include/net/sock.h:1115 [inline]
    [<ffffffff83e1248d>] __release_sock+0xbd/0x140 net/core/sock.c:2970
    [<ffffffff83e12586>] release_sock+0x36/0xd0 net/core/sock.c:3507
    [<ffffffff8463981a>] sctp_wait_for_connect+0x22a/0x2a0 net/sctp/socket.c:9341
    [<ffffffff8463a7c0>] sctp_sendmsg_to_asoc+0xa50/0xa60 net/sctp/socket.c:1884
    [<ffffffff846435f0>] sctp_sendmsg+0x8e0/0x1070 net/sctp/socket.c:2030

BUG: memory leak
unreferenced object 0xffff888110a76a00 (size 240):
  comm "syz-executor319", pid 5011, jiffies 4294942336 (age 7.370s)
  hex dump (first 32 bytes):
    00 6b a7 10 81 88 ff ff 00 00 00 00 00 00 00 00  .k..............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff83e1bc7d>] __alloc_skb+0x1fd/0x230 net/core/skbuff.c:634
    [<ffffffff8464a9f7>] alloc_skb include/linux/skbuff.h:1289 [inline]
    [<ffffffff8464a9f7>] sctp_packet_pack net/sctp/output.c:472 [inline]
    [<ffffffff8464a9f7>] sctp_packet_transmit+0x447/0xcf0 net/sctp/output.c:621
    [<ffffffff8464b31e>] sctp_packet_transmit_chunk+0x7e/0xd0 net/sctp/output.c:194
    [<ffffffff8462f811>] sctp_outq_flush_data+0x521/0xae0 net/sctp/outqueue.c:1111
    [<ffffffff84630ad6>] sctp_outq_flush net/sctp/outqueue.c:1217 [inline]
    [<ffffffff84630ad6>] sctp_outq_uncork+0xa6/0xe0 net/sctp/outqueue.c:764
    [<ffffffff84616dca>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1787 [inline]
    [<ffffffff84616dca>] sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]
    [<ffffffff84616dca>] sctp_do_sm+0x4ca/0x26a0 net/sctp/sm_sideeffect.c:1169
    [<ffffffff8461e087>] sctp_assoc_bh_rcv+0x1e7/0x300 net/sctp/associola.c:1051
    [<ffffffff8462d647>] sctp_inq_push+0x97/0xc0 net/sctp/inqueue.c:80
    [<ffffffff8464c216>] sctp_backlog_rcv+0xa6/0x520 net/sctp/input.c:331
    [<ffffffff83e1248d>] sk_backlog_rcv include/net/sock.h:1115 [inline]
    [<ffffffff83e1248d>] __release_sock+0xbd/0x140 net/core/sock.c:2970
    [<ffffffff83e12586>] release_sock+0x36/0xd0 net/core/sock.c:3507
    [<ffffffff8463981a>] sctp_wait_for_connect+0x22a/0x2a0 net/sctp/socket.c:9341
    [<ffffffff8463a7c0>] sctp_sendmsg_to_asoc+0xa50/0xa60 net/sctp/socket.c:1884
    [<ffffffff846435f0>] sctp_sendmsg+0x8e0/0x1070 net/sctp/socket.c:2030
    [<ffffffff841c4fa9>] inet_sendmsg+0x49/0x70 net/ipv4/af_inet.c:830
    [<ffffffff83e06238>] sock_sendmsg_nosec net/socket.c:725 [inline]
    [<ffffffff83e06238>] sock_sendmsg+0x58/0xb0 net/socket.c:748


Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/07/09 15:15 upstream 1c7873e33645 668cb1fa .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in sctp_packet_transmit
2022/05/13 16:46 upstream f3f19f939c11 107f6434 .config console log report syz C ci-upstream-gce-leak memory leak in sctp_packet_transmit
2021/03/11 18:32 upstream a74e6a014c9d c2ca1f2a .config console log report syz C ci-upstream-gce-leak memory leak in sctp_packet_transmit
2021/01/22 16:35 upstream 9f29bd8b2e71 d4f4eca5 .config console log report syz C ci-upstream-gce-leak memory leak in sctp_packet_transmit
2021/07/08 13:51 upstream 3dbdb38e2869 95793bce .config console log report syz C ci-upstream-gce-leak memory leak in sctp_packet_transmit
2021/06/10 05:42 upstream cd1245d75ce9 1ba81399 .config console log report syz C ci-upstream-gce-leak memory leak in sctp_packet_transmit
2021/04/14 16:43 upstream 50987beca096 3134b37f .config console log report syz C ci-upstream-gce-leak memory leak in sctp_packet_transmit
2021/02/07 01:49 upstream 964d069f93c4 0655e081 .config console log report syz C ci-upstream-gce-leak memory leak in sctp_packet_transmit
2021/02/03 11:47 upstream 3aaf0a27ffc2 624dad51 .config console log report syz C ci-upstream-gce-leak memory leak in sctp_packet_transmit
2021/02/01 04:27 upstream 6642d600b541 fc9fd31e .config console log report syz C ci-upstream-gce-leak memory leak in sctp_packet_transmit
2021/01/24 18:31 upstream e1ae4b0be158 52e37319 .config console log report syz C ci-upstream-gce-leak memory leak in sctp_packet_transmit
2021/01/16 22:00 upstream 1d94330a437a 65a7a854 .config console log report syz C ci-upstream-gce-leak
2020/07/22 17:57 upstream 4fa640dc5230 128cd85f .config console log report syz C ci-upstream-gce-leak
2023/10/25 01:25 upstream d88520ad73b7 17e6d526 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in sctp_packet_transmit
* Struck through repros no longer work on HEAD.