syzbot


memory leak in inet_create (2)

Status: upstream: reported C repro on 2020/04/27 13:48
Reported-by: syzbot+bb7ba8dd62c3cb6e3c78@syzkaller.appspotmail.com
First crash: 885d, last: 671d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in inet_create C 2 1209d 1224d 13/24 fixed on 2019/06/18 17:49
Patch testing requests:
Created Duration User Patch Repo Result
2022/03/04 07:48 6m phind.uet@gmail.com linux-next report log

Sample crash report:
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff88810e85adc0 (size 1728):
  comm "syz-executor376", pid 8506, jiffies 4294946899 (age 13.430s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    02 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............
  backtrace:
    [<00000000cb2829d9>] sk_prot_alloc+0x3e/0x1c0 net/core/sock.c:1660
    [<0000000023bd8ef8>] sk_alloc+0x30/0x3f0 net/core/sock.c:1720
    [<00000000a4a7ed0a>] inet_create net/ipv4/af_inet.c:322 [inline]
    [<00000000a4a7ed0a>] inet_create+0x16a/0x560 net/ipv4/af_inet.c:248
    [<000000003b729101>] __sock_create+0x1ab/0x2b0 net/socket.c:1427
    [<00000000ebee6fd5>] sock_create net/socket.c:1478 [inline]
    [<00000000ebee6fd5>] __sys_socket+0x6f/0x140 net/socket.c:1520
    [<00000000bcf20e68>] __do_sys_socket net/socket.c:1529 [inline]
    [<00000000bcf20e68>] __se_sys_socket net/socket.c:1527 [inline]
    [<00000000bcf20e68>] __x64_sys_socket+0x1a/0x20 net/socket.c:1527
    [<00000000732fe45a>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000091e76b15>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810fec3c80 (size 768):
  comm "syz-executor376", pid 8506, jiffies 4294946899 (age 13.430s)
  hex dump (first 32 bytes):
    01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 c0 72 a0 0e 81 88 ff ff  .........r......
  backtrace:
    [<00000000681cd6ae>] sock_alloc_inode+0x18/0x90 net/socket.c:253
    [<00000000fa9d2004>] alloc_inode+0x27/0x100 fs/inode.c:234
    [<00000000f3a018c7>] new_inode_pseudo+0x13/0x70 fs/inode.c:930
    [<00000000549f715a>] sock_alloc+0x18/0x90 net/socket.c:573
    [<00000000a044e0d4>] __sock_create+0xb8/0x2b0 net/socket.c:1391
    [<00000000973ca39c>] mptcp_subflow_create_socket+0x57/0x280 net/mptcp/subflow.c:1152
    [<00000000a3724864>] __mptcp_socket_create net/mptcp/protocol.c:97 [inline]
    [<00000000a3724864>] mptcp_init_sock net/mptcp/protocol.c:1859 [inline]
    [<00000000a3724864>] mptcp_init_sock+0x12f/0x270 net/mptcp/protocol.c:1844
    [<00000000c97baf32>] inet_create net/ipv4/af_inet.c:380 [inline]
    [<00000000c97baf32>] inet_create+0x2ed/0x560 net/ipv4/af_inet.c:248
    [<000000003b729101>] __sock_create+0x1ab/0x2b0 net/socket.c:1427
    [<00000000ebee6fd5>] sock_create net/socket.c:1478 [inline]
    [<00000000ebee6fd5>] __sys_socket+0x6f/0x140 net/socket.c:1520
    [<00000000bcf20e68>] __do_sys_socket net/socket.c:1529 [inline]
    [<00000000bcf20e68>] __se_sys_socket net/socket.c:1527 [inline]
    [<00000000bcf20e68>] __x64_sys_socket+0x1a/0x20 net/socket.c:1527
    [<00000000732fe45a>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000091e76b15>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810de87bb8 (size 24):
  comm "syz-executor376", pid 8506, jiffies 4294946899 (age 13.430s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<00000000bea9ec8c>] kmem_cache_zalloc include/linux/slab.h:654 [inline]
    [<00000000bea9ec8c>] lsm_inode_alloc security/security.c:589 [inline]
    [<00000000bea9ec8c>] security_inode_alloc+0x2a/0xb0 security/security.c:972
    [<00000000543365c5>] inode_init_always+0x10c/0x250 fs/inode.c:171
    [<000000004da5c777>] alloc_inode+0x44/0x100 fs/inode.c:241
    [<00000000f3a018c7>] new_inode_pseudo+0x13/0x70 fs/inode.c:930
    [<00000000549f715a>] sock_alloc+0x18/0x90 net/socket.c:573
    [<00000000a044e0d4>] __sock_create+0xb8/0x2b0 net/socket.c:1391
    [<00000000973ca39c>] mptcp_subflow_create_socket+0x57/0x280 net/mptcp/subflow.c:1152
    [<00000000a3724864>] __mptcp_socket_create net/mptcp/protocol.c:97 [inline]
    [<00000000a3724864>] mptcp_init_sock net/mptcp/protocol.c:1859 [inline]
    [<00000000a3724864>] mptcp_init_sock+0x12f/0x270 net/mptcp/protocol.c:1844
    [<00000000c97baf32>] inet_create net/ipv4/af_inet.c:380 [inline]
    [<00000000c97baf32>] inet_create+0x2ed/0x560 net/ipv4/af_inet.c:248
    [<000000003b729101>] __sock_create+0x1ab/0x2b0 net/socket.c:1427
    [<00000000ebee6fd5>] sock_create net/socket.c:1478 [inline]
    [<00000000ebee6fd5>] __sys_socket+0x6f/0x140 net/socket.c:1520
    [<00000000bcf20e68>] __do_sys_socket net/socket.c:1529 [inline]
    [<00000000bcf20e68>] __se_sys_socket net/socket.c:1527 [inline]
    [<00000000bcf20e68>] __x64_sys_socket+0x1a/0x20 net/socket.c:1527
    [<00000000732fe45a>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000091e76b15>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810ea072c0 (size 2208):
  comm "syz-executor376", pid 8506, jiffies 4294946899 (age 13.430s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    02 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............
  backtrace:
    [<00000000cb2829d9>] sk_prot_alloc+0x3e/0x1c0 net/core/sock.c:1660
    [<0000000023bd8ef8>] sk_alloc+0x30/0x3f0 net/core/sock.c:1720
    [<00000000a4a7ed0a>] inet_create net/ipv4/af_inet.c:322 [inline]
    [<00000000a4a7ed0a>] inet_create+0x16a/0x560 net/ipv4/af_inet.c:248
    [<000000003b729101>] __sock_create+0x1ab/0x2b0 net/socket.c:1427
    [<00000000973ca39c>] mptcp_subflow_create_socket+0x57/0x280 net/mptcp/subflow.c:1152
    [<00000000a3724864>] __mptcp_socket_create net/mptcp/protocol.c:97 [inline]
    [<00000000a3724864>] mptcp_init_sock net/mptcp/protocol.c:1859 [inline]
    [<00000000a3724864>] mptcp_init_sock+0x12f/0x270 net/mptcp/protocol.c:1844
    [<00000000c97baf32>] inet_create net/ipv4/af_inet.c:380 [inline]
    [<00000000c97baf32>] inet_create+0x2ed/0x560 net/ipv4/af_inet.c:248
    [<000000003b729101>] __sock_create+0x1ab/0x2b0 net/socket.c:1427
    [<00000000ebee6fd5>] sock_create net/socket.c:1478 [inline]
    [<00000000ebee6fd5>] __sys_socket+0x6f/0x140 net/socket.c:1520
    [<00000000bcf20e68>] __do_sys_socket net/socket.c:1529 [inline]
    [<00000000bcf20e68>] __se_sys_socket net/socket.c:1527 [inline]
    [<00000000bcf20e68>] __x64_sys_socket+0x1a/0x20 net/socket.c:1527
    [<00000000732fe45a>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<0000000091e76b15>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (10):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2020/11/23 17:30 upstream 418baf2c28f3 878fb17a .config log report syz C
ci-upstream-gce-leak 2020/05/09 23:43 upstream 1d3962ae3b3d 88cb3e92 .config log report syz
ci-upstream-gce-leak 2020/05/04 10:23 upstream 0e698dfa2822 58ae5e18 .config log report syz
ci-upstream-gce-leak 2020/05/02 18:23 upstream 690e2aba7beb 58da4c35 .config log report syz
ci-upstream-gce-leak 2020/05/01 15:20 upstream c45e8bccecaf a4d01b80 .config log report syz
ci-upstream-gce-leak 2020/05/01 09:29 upstream c45e8bccecaf a4d01b80 .config log report syz
ci-upstream-gce-leak 2020/04/29 00:37 upstream 3f777e19d171 e3ecea2e .config log report syz
ci-upstream-gce-leak 2020/04/25 22:39 upstream 5ef58e290782 b8bb8e5f .config log report syz
ci-upstream-gce-leak 2020/04/24 12:03 upstream c578ddb39e56 2e44d63e .config log report syz
ci-upstream-gce-leak 2020/04/23 13:38 upstream c578ddb39e56 2e44d63e .config log report syz
* Struck through repros no longer work on HEAD.