syzbot


memory leak in skb_clone

Status: fixed on 2021/11/10 00:50
Subsystems: wpan
[Documentation on labels]
Reported-by: syzbot+1f68113fa907bf0695a8@syzkaller.appspotmail.com
Fix commit: 1090340f7ee5 net: Fix memory leak in ieee802154_raw_deliver
First crash: 1054d, last: 949d
Discussions (9)
Title Replies (including bot) Last reply
[PATCH 5.13 000/151] 5.13.12-rc1 review 157 (157) 2021/11/15 13:58
[PATCH 4.4 00/31] 4.4.282-rc1 review 38 (38) 2021/08/26 12:31
[PATCH 4.14 00/64] 4.14.245-rc1 review 68 (68) 2021/08/26 01:01
[PATCH 4.19 00/84] 4.19.205-rc1 review 91 (91) 2021/08/26 01:01
[PATCH 4.9 00/43] 4.9.281-rc1 review 47 (47) 2021/08/25 22:37
[PATCH 5.4 00/62] 5.4.142-rc1 review 67 (67) 2021/08/18 19:30
[PATCH 5.10 00/96] 5.10.60-rc1 review 112 (112) 2021/08/18 19:28
[PATCH net] net: Fix memory leak in ieee802154_raw_deliver 4 (4) 2021/08/10 10:49
[syzbot] memory leak in skb_clone 0 (1) 2021/04/10 10:19
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in skb_clone (2) batman syz 2 129d 184d 0/26 auto-obsoleted due to no activity on 2024/01/29 21:56
Last patch testing requests (3)
Created Duration User Patch Repo Result
2021/06/14 13:01 16m jeliantsurux@gmail.com patch https://github.com/google/kasan.git 17e7124a OK
2021/06/07 13:19 17m jeliantsurux@gmail.com patch https://github.com/google/kasan.git 17e7124a report log
2021/05/23 08:52 13m jeliantsurux@gmail.com patch https://github.com/google/kasan.git 17e7124a report log

Sample crash report:
executing program
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888113349600 (size 232):
  comm "softirq", pid 0, jiffies 4294998178 (age 13.050s)
  hex dump (first 32 bytes):
    50 6d 99 13 81 88 ff ff 50 6d 99 13 81 88 ff ff  Pm......Pm......
    00 00 00 00 00 00 00 00 80 6c 99 13 81 88 ff ff  .........l......
  backtrace:
    [<ffffffff836e7212>] skb_clone+0xa2/0x190 net/core/skbuff.c:1516
    [<ffffffff840a57c0>] ieee802154_raw_deliver net/ieee802154/socket.c:369 [inline]
    [<ffffffff840a57c0>] ieee802154_rcv+0x100/0x340 net/ieee802154/socket.c:1070
    [<ffffffff83712aea>] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5498
    [<ffffffff83712b74>] __netif_receive_skb+0x24/0xa0 net/core/dev.c:5612
    [<ffffffff83712c46>] netif_receive_skb_internal net/core/dev.c:5717 [inline]
    [<ffffffff83712c46>] netif_receive_skb+0x56/0x250 net/core/dev.c:5776
    [<ffffffff840aa712>] ieee802154_deliver_skb net/mac802154/rx.c:29 [inline]
    [<ffffffff840aa712>] ieee802154_subif_frame net/mac802154/rx.c:102 [inline]
    [<ffffffff840aa712>] __ieee802154_rx_handle_packet net/mac802154/rx.c:212 [inline]
    [<ffffffff840aa712>] ieee802154_rx+0x612/0x620 net/mac802154/rx.c:284
    [<ffffffff840a9db6>] ieee802154_tasklet_handler+0x86/0xa0 net/mac802154/main.c:35
    [<ffffffff8123b40f>] tasklet_action_common.constprop.0+0x9f/0x110 kernel/softirq.c:783
    [<ffffffff846000bf>] __do_softirq+0xbf/0x29e kernel/softirq.c:558
    [<ffffffff8123b81a>] do_softirq kernel/softirq.c:459 [inline]
    [<ffffffff8123b81a>] do_softirq+0x5a/0x80 kernel/softirq.c:446
    [<ffffffff8123b891>] __local_bh_enable_ip+0x51/0x60 kernel/softirq.c:383
    [<ffffffff837104af>] local_bh_enable include/linux/bottom_half.h:32 [inline]
    [<ffffffff837104af>] rcu_read_unlock_bh include/linux/rcupdate.h:757 [inline]
    [<ffffffff837104af>] __dev_queue_xmit+0x7df/0x12f0 net/core/dev.c:4312
    [<ffffffff840a70b1>] raw_sendmsg+0x221/0x340 net/ieee802154/socket.c:295
    [<ffffffff836cfed6>] sock_sendmsg_nosec net/socket.c:703 [inline]
    [<ffffffff836cfed6>] sock_sendmsg+0x56/0x80 net/socket.c:723
    [<ffffffff836d043c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2392
    [<ffffffff836d448b>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2446


Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/07/24 04:58 upstream 8baef6386baa bc5f1d88 .config console log report syz C ci-upstream-gce-leak memory leak in skb_clone
2021/04/10 08:01 upstream 17e7124aad76 6a81331a .config console log report syz C ci-upstream-gce-leak memory leak in skb_clone
* Struck through repros no longer work on HEAD.