syzbot


memory leak in fdb_create

Status: fixed on 2019/08/27 17:15
Reported-by: syzbot+88533dc8b582309bf3ee@syzkaller.appspotmail.com
Fix commit: d7bae09fa008 net: bridge: delete local fdb on device init failure
First crash: 1322d, last: 1281d

Cause bisection: introduced by (bisect log) :
commit 04cf31a759ef575f750a63777cee95500e410994
Author: Michael Ellerman <mpe@ellerman.id.au>
Date: Thu Mar 24 11:04:01 2016 +0000

  ftrace: Make ftrace_location_range() global

Crash: INFO: rcu detected stall in cleanup_net (log)
Repro: C syz .config
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in fdb_create (2) C 1 1159d 1159d 16/24 fixed on 2020/01/08 01:07

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888129536e80 (size 128):
  comm "syz-executor753", pid 6969, jiffies 4294943434 (age 8.460s)
  hex dump (first 32 bytes):
    09 a9 50 20 81 88 ff ff 00 00 00 00 00 00 00 00  ..P ............
    c2 87 e6 96 80 17 01 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006b9afd7e>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006b9afd7e>] slab_post_alloc_hook mm/slab.h:522 [inline]
    [<000000006b9afd7e>] slab_alloc mm/slab.c:3319 [inline]
    [<000000006b9afd7e>] kmem_cache_alloc+0x13f/0x2c0 mm/slab.c:3483
    [<000000001bdab6f3>] fdb_create+0x3a/0x530 net/bridge/br_fdb.c:492
    [<00000000ad2283c2>] fdb_insert+0xb7/0x100 net/bridge/br_fdb.c:536
    [<000000003219240f>] br_fdb_insert+0x3b/0x60 net/bridge/br_fdb.c:552
    [<0000000086a89d21>] __vlan_add+0x620/0xde0 net/bridge/br_vlan.c:284
    [<000000000623387e>] br_vlan_add+0x27e/0x490 net/bridge/br_vlan.c:678
    [<0000000031d7517c>] br_vlan_init+0xe9/0x130 net/bridge/br_vlan.c:1071
    [<00000000c221bb7e>] br_dev_init+0xa6/0x170 net/bridge/br_device.c:138
    [<00000000a99e4e99>] register_netdevice+0xbf/0x600 net/core/dev.c:8653
    [<00000000ca84706d>] br_dev_newlink+0x26/0xb0 net/bridge/br_netlink.c:1315
    [<00000000ad7dd340>] __rtnl_newlink+0x892/0xb30 net/core/rtnetlink.c:3196
    [<000000003c6321c2>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3254
    [<00000000120d2639>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5223
    [<00000000973e6f59>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
    [<000000001a71dfef>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5241
    [<000000004954f074>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
    [<000000004954f074>] netlink_unicast+0x1ec/0x2d0 net/netlink/af_netlink.c:1328

BUG: memory leak
unreferenced object 0xffff88811aca3c40 (size 32):
  comm "syz-executor753", pid 6969, jiffies 4294943434 (age 8.460s)
  hex dump (first 32 bytes):
    62 72 69 64 67 65 31 00 6b 2f 36 39 36 39 00 6d  bridge1.k/6969.m
    30 00 74 65 00 00 00 00 00 00 00 00 00 00 00 00  0.te............
  backtrace:
    [<00000000134fb0c9>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000134fb0c9>] slab_post_alloc_hook mm/slab.h:522 [inline]
    [<00000000134fb0c9>] slab_alloc mm/slab.c:3319 [inline]
    [<00000000134fb0c9>] __do_kmalloc mm/slab.c:3653 [inline]
    [<00000000134fb0c9>] __kmalloc_track_caller+0x165/0x300 mm/slab.c:3670
    [<0000000023371275>] kstrdup+0x3a/0x70 mm/util.c:53
    [<000000000c9057ca>] kstrdup_const+0x48/0x60 mm/util.c:75
    [<0000000069f9ab1c>] kvasprintf_const+0x7e/0xe0 lib/kasprintf.c:48
    [<0000000094f87bfc>] kobject_set_name_vargs+0x40/0xe0 lib/kobject.c:289
    [<00000000400e0504>] dev_set_name+0x63/0x90 drivers/base/core.c:1918
    [<00000000f350f639>] netdev_register_kobject+0x5a/0x1b0 net/core/net-sysfs.c:1727
    [<00000000b226d650>] register_netdevice+0x397/0x600 net/core/dev.c:8723
    [<00000000ca84706d>] br_dev_newlink+0x26/0xb0 net/bridge/br_netlink.c:1315
    [<00000000ad7dd340>] __rtnl_newlink+0x892/0xb30 net/core/rtnetlink.c:3196
    [<000000003c6321c2>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3254
    [<00000000120d2639>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5223
    [<00000000973e6f59>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
    [<000000001a71dfef>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5241
    [<000000004954f074>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
    [<000000004954f074>] netlink_unicast+0x1ec/0x2d0 net/netlink/af_netlink.c:1328
    [<000000004d340424>] netlink_sendmsg+0x270/0x480 net/netlink/af_netlink.c:1917


Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-leak 2019/08/02 18:52 upstream 1e78030e5e5b 835dffe7 .config console log report syz C
ci-upstream-gce-leak 2019/06/24 21:13 upstream 241e39004581 472f0082 .config console log report syz C
ci-upstream-gce-leak 2019/06/22 17:23 upstream abf02e2964b3 34bf9440 .config console log report syz C
ci-upstream-gce-leak 2019/06/22 16:59 upstream abf02e2964b3 34bf9440 .config console log report syz C
* Struck through repros no longer work on HEAD.