syzbot


memory leak in napi_get_frags

Status: internal: reported C repro on 2021/01/15 08:35
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: 07d120aa33cc net: tun: call napi_schedule_prep() to ensure we own a napi
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 744d, last: 723d
Last patch testing requests:
Created Duration User Patch Repo Result
2022/10/06 00:30 9m retest repro upstream report log
2022/10/05 21:30 8m retest repro upstream report log
2022/10/05 13:30 9m retest repro upstream report log
2022/10/05 11:30 10m retest repro upstream report log
2022/10/05 01:30 8m retest repro upstream report log
2022/10/05 00:30 8m retest repro upstream report log
2022/10/04 12:30 8m (2) retest repro upstream report log
2022/10/03 23:30 13m retest repro upstream error
2022/10/03 22:30 8m retest repro upstream report log
2022/10/03 21:30 8m retest repro upstream report log

Sample crash report:
Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts.
executing program
BUG: memory leak
unreferenced object 0xffff888110241c00 (size 232):
  comm "syz-executor221", pid 8439, jiffies 4294946018 (age 7.980s)
  hex dump (first 32 bytes):
    a0 c4 3c 0f 81 88 ff ff a0 c4 3c 0f 81 88 ff ff  ..<.......<.....
    00 00 9f 0e 81 88 ff ff 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000fa1d5243>] __alloc_skb+0x6d/0x280 net/core/skbuff.c:198
    [<00000000a72b5a79>] __napi_alloc_skb+0x67/0x170 net/core/skbuff.c:520
    [<00000000843f8603>] napi_alloc_skb include/linux/skbuff.h:2876 [inline]
    [<00000000843f8603>] napi_get_frags net/core/dev.c:6138 [inline]
    [<00000000843f8603>] napi_get_frags+0x3c/0x80 net/core/dev.c:6133
    [<00000000233bc753>] tun_napi_alloc_frags drivers/net/tun.c:1371 [inline]
    [<00000000233bc753>] tun_get_user+0xfda/0x1b40 drivers/net/tun.c:1734
    [<00000000bbe25bdd>] tun_chr_write_iter+0x84/0xe0 drivers/net/tun.c:1932
    [<000000001fa3d710>] call_write_iter include/linux/fs.h:1901 [inline]
    [<000000001fa3d710>] new_sync_write+0x1d7/0x2b0 fs/read_write.c:518
    [<00000000aa607bc2>] vfs_write+0x34c/0x400 fs/read_write.c:605
    [<0000000021b53f9a>] ksys_write+0x9d/0x160 fs/read_write.c:658
    [<000000003785fdca>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000fbecdad1>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (11):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-leak 2021/02/05 06:47 upstream 5c279c4cf206 23a562df .config console log report syz C memory leak in napi_get_frags
ci-upstream-gce-leak 2021/02/04 20:40 upstream 61556703b610 42b90a7c .config console log report syz C memory leak in napi_get_frags
ci-upstream-gce-leak 2021/02/01 18:36 upstream 1048ba83fb1c e6b95f32 .config console log report syz C memory leak in napi_get_frags
ci-upstream-gce-leak 2021/01/31 16:10 upstream 6642d600b541 fc9fd31e .config console log report syz C memory leak in napi_get_frags
ci-upstream-gce-leak 2021/01/30 09:42 upstream 0e9bcda5d286 fc9fd31e .config console log report syz C memory leak in napi_get_frags
ci-upstream-gce-leak 2021/01/27 02:13 upstream 13391c60da33 55a7d4df .config console log report syz C memory leak in napi_get_frags
ci-upstream-gce-leak 2021/01/24 11:21 upstream e1ae4b0be158 52e37319 .config console log report syz C memory leak in napi_get_frags
ci-upstream-gce-leak 2021/01/22 11:48 upstream 9f29bd8b2e71 d4f4eca5 .config console log report syz C memory leak in napi_get_frags
ci-upstream-gce-leak 2021/01/21 17:03 upstream 9791581c049c d4f4eca5 .config console log report syz C memory leak in napi_get_frags
ci-upstream-gce-leak 2021/01/17 21:09 upstream 0da0a8a0a0e1 813be542 .config console log report syz C memory leak in napi_get_frags
ci-upstream-gce-leak 2021/01/15 08:34 upstream 146620506274 65a7a854 .config console log report syz C
* Struck through repros no longer work on HEAD.