syzbot


memory leak in ___neigh_create

Status: closed as invalid on 2022/01/11 13:53
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 713d, last: 427d

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888128cc9800 (size 512):
  comm "kworker/0:7", pid 9227, jiffies 4294970896 (age 30.390s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 ed e0 85 ff ff ff ff  ................
    40 e8 a1 25 81 88 ff ff a0 f6 ff ff 00 00 00 00  @..%............
  backtrace:
    [<ffffffff8374f412>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff8374f412>] kzalloc include/linux/slab.h:721 [inline]
    [<ffffffff8374f412>] neigh_alloc net/core/neighbour.c:405 [inline]
    [<ffffffff8374f412>] ___neigh_create+0xd2/0xca0 net/core/neighbour.c:583
    [<ffffffff83b626b5>] ip6_finish_output2+0x7c5/0x990 net/ipv6/ip6_output.c:123
    [<ffffffff83b6778f>] __ip6_finish_output.part.0+0x22f/0x380 net/ipv6/ip6_output.c:191
    [<ffffffff83b67a01>] __ip6_finish_output net/ipv6/ip6_output.c:206 [inline]
    [<ffffffff83b67a01>] ip6_finish_output+0x121/0x190 net/ipv6/ip6_output.c:201
    [<ffffffff83b67b13>] NF_HOOK_COND include/linux/netfilter.h:296 [inline]
    [<ffffffff83b67b13>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:224
    [<ffffffff83b9da05>] dst_output include/net/dst.h:450 [inline]
    [<ffffffff83b9da05>] NF_HOOK include/linux/netfilter.h:307 [inline]
    [<ffffffff83b9da05>] ndisc_send_skb+0x385/0x430 net/ipv6/ndisc.c:508
    [<ffffffff83ba1fa9>] ndisc_send_rs+0x79/0x2a0 net/ipv6/ndisc.c:702
    [<ffffffff83b7877e>] addrconf_dad_completed+0x17e/0x560 net/ipv6/addrconf.c:4211
    [<ffffffff83b78f3d>] addrconf_dad_work+0x3dd/0x900 net/ipv6/addrconf.c:4121
    [<ffffffff81265d0f>] process_one_work+0x2cf/0x620 kernel/workqueue.c:2297
    [<ffffffff81266619>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2444
    [<ffffffff8126fb18>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

BUG: memory leak
unreferenced object 0xffff888117a5c800 (size 256):
  comm "syz-executor.5", pid 9646, jiffies 4294971857 (age 20.780s)
  hex dump (first 32 bytes):
    80 2e e4 28 81 88 ff ff 30 55 57 81 ff ff ff ff  ...(....0UW.....
    e0 92 9e 10 81 88 ff ff c0 63 52 00 81 88 ff ff  .........cR.....
  backtrace:
    [<ffffffff815755af>] kmem_cache_zalloc include/linux/slab.h:711 [inline]
    [<ffffffff815755af>] __alloc_file+0x1f/0xf0 fs/file_table.c:101
    [<ffffffff81575d19>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
    [<ffffffff8158d27e>] path_openat+0x4e/0x1b70 fs/namei.c:3547
    [<ffffffff81591351>] do_filp_open+0xc1/0x1b0 fs/namei.c:3588
    [<ffffffff8156cdad>] do_sys_openat2+0xed/0x260 fs/open.c:1200
    [<ffffffff8156d65f>] do_sys_open fs/open.c:1216 [inline]
    [<ffffffff8156d65f>] __do_sys_openat fs/open.c:1232 [inline]
    [<ffffffff8156d65f>] __se_sys_openat fs/open.c:1227 [inline]
    [<ffffffff8156d65f>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1227
    [<ffffffff843fbcd5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff843fbcd5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888112a108e8 (size 760):
  comm "systemd-udevd", pid 9648, jiffies 4294971862 (age 20.730s)
  hex dump (first 32 bytes):
    00 00 00 00 01 00 00 00 00 00 20 00 00 00 00 00  .......... .....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81478f48>] shmem_alloc_inode+0x18/0x40 mm/shmem.c:3738
    [<ffffffff815a6b47>] alloc_inode+0x27/0x100 fs/inode.c:237
    [<ffffffff815a6c43>] new_inode_pseudo fs/inode.c:938 [inline]
    [<ffffffff815a6c43>] new_inode+0x23/0x100 fs/inode.c:967
    [<ffffffff81479e7d>] shmem_get_inode+0xcd/0x460 mm/shmem.c:2288
    [<ffffffff8147a337>] shmem_mknod+0x37/0x130 mm/shmem.c:2827
    [<ffffffff8158ea17>] lookup_open fs/namei.c:3282 [inline]
    [<ffffffff8158ea17>] open_last_lookups fs/namei.c:3352 [inline]
    [<ffffffff8158ea17>] path_openat+0x17e7/0x1b70 fs/namei.c:3558
    [<ffffffff81591351>] do_filp_open+0xc1/0x1b0 fs/namei.c:3588
    [<ffffffff8156cdad>] do_sys_openat2+0xed/0x260 fs/open.c:1200
    [<ffffffff8156d49d>] do_sys_open fs/open.c:1216 [inline]
    [<ffffffff8156d49d>] __do_sys_open fs/open.c:1224 [inline]
    [<ffffffff8156d49d>] __se_sys_open fs/open.c:1220 [inline]
    [<ffffffff8156d49d>] __x64_sys_open+0x7d/0xe0 fs/open.c:1220
    [<ffffffff843fbcd5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff843fbcd5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888126ad8020 (size 32):
  comm "systemd-udevd", pid 9648, jiffies 4294971862 (age 20.730s)
  hex dump (first 32 bytes):
    98 0a a1 12 81 88 ff ff 40 ca 13 82 ff ff ff ff  ........@.......
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8213dfda>] kmem_cache_zalloc include/linux/slab.h:711 [inline]
    [<ffffffff8213dfda>] lsm_inode_alloc security/security.c:593 [inline]
    [<ffffffff8213dfda>] security_inode_alloc+0x2a/0xb0 security/security.c:1018
    [<ffffffff815a4a44>] inode_init_always+0x114/0x270 fs/inode.c:170
    [<ffffffff815a6b64>] alloc_inode+0x44/0x100 fs/inode.c:244
    [<ffffffff815a6c43>] new_inode_pseudo fs/inode.c:938 [inline]
    [<ffffffff815a6c43>] new_inode+0x23/0x100 fs/inode.c:967
    [<ffffffff81479e7d>] shmem_get_inode+0xcd/0x460 mm/shmem.c:2288
    [<ffffffff8147a337>] shmem_mknod+0x37/0x130 mm/shmem.c:2827
    [<ffffffff8158ea17>] lookup_open fs/namei.c:3282 [inline]
    [<ffffffff8158ea17>] open_last_lookups fs/namei.c:3352 [inline]
    [<ffffffff8158ea17>] path_openat+0x17e7/0x1b70 fs/namei.c:3558
    [<ffffffff81591351>] do_filp_open+0xc1/0x1b0 fs/namei.c:3588
    [<ffffffff8156cdad>] do_sys_openat2+0xed/0x260 fs/open.c:1200
    [<ffffffff8156d49d>] do_sys_open fs/open.c:1216 [inline]
    [<ffffffff8156d49d>] __do_sys_open fs/open.c:1224 [inline]
    [<ffffffff8156d49d>] __se_sys_open fs/open.c:1220 [inline]
    [<ffffffff8156d49d>] __x64_sys_open+0x7d/0xe0 fs/open.c:1220
    [<ffffffff843fbcd5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff843fbcd5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

[  366.831151][    C1

Crashes (9):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2021/09/28 08:30 upstream 0513e464f900 78494d16 .config log report syz memory leak in ___neigh_create
ci-upstream-gce-leak 2021/06/17 09:22 upstream 6b00bc639f1f aba2b2fb .config log report syz memory leak in ___neigh_create
ci-upstream-gce-leak 2021/06/11 03:29 upstream f09eacca59d2 1ba81399 .config log report syz memory leak in ___neigh_create
ci-upstream-gce-leak 2021/04/29 22:01 upstream d2b6f8a17919 77e2b668 .config log report syz memory leak in ___neigh_create
ci-upstream-gce-leak 2021/04/17 17:29 upstream 9cdbf6467424 7e2b734b .config log report syz memory leak in ___neigh_create
ci-upstream-gce-leak 2021/04/03 10:18 upstream d93a0d43e3d0 6a81331a .config log report syz memory leak in ___neigh_create
ci-upstream-gce-leak 2021/01/27 17:18 upstream 2ab38c17aac1 a0ebf917 .config log report syz memory leak in ___neigh_create
ci-upstream-gce-leak 2020/12/23 11:06 upstream 614cb5894306 04201c06 .config log report syz
ci-upstream-gce-leak 2020/12/15 22:30 upstream 148842c98a24 97183ed7 .config log report syz
* Struck through repros no longer work on HEAD.