syzbot

 sign-in | mailing list | source | docs
🐞 Open [1166] 🐞 Fixed [4324] 🐞 Invalid [9668] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

memory leak in skb_clone

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+1f68113fa907bf0695a8@syzkaller.appspotmail.com
Fix commit: 1090340f7ee5 net: Fix memory leak in ieee802154_raw_deliver
First crash: 668d, last: 563d
Last patch testing requests:
Created Duration User Patch Repo Result
2021/06/14 13:01 16m jeliantsurux@gmail.com patch https://github.com/google/kasan.git 17e7124a OK
2021/06/07 13:19 17m jeliantsurux@gmail.com patch https://github.com/google/kasan.git 17e7124a report log
2021/05/23 08:52 13m jeliantsurux@gmail.com patch https://github.com/google/kasan.git 17e7124a report log

Sample crash report:
executing program
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888113349600 (size 232):
  comm "softirq", pid 0, jiffies 4294998178 (age 13.050s)
  hex dump (first 32 bytes):
    50 6d 99 13 81 88 ff ff 50 6d 99 13 81 88 ff ff  Pm......Pm......
    00 00 00 00 00 00 00 00 80 6c 99 13 81 88 ff ff  .........l......
  backtrace:
    [<ffffffff836e7212>] skb_clone+0xa2/0x190 net/core/skbuff.c:1516
    [<ffffffff840a57c0>] ieee802154_raw_deliver net/ieee802154/socket.c:369 [inline]
    [<ffffffff840a57c0>] ieee802154_rcv+0x100/0x340 net/ieee802154/socket.c:1070
    [<ffffffff83712aea>] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5498
    [<ffffffff83712b74>] __netif_receive_skb+0x24/0xa0 net/core/dev.c:5612
    [<ffffffff83712c46>] netif_receive_skb_internal net/core/dev.c:5717 [inline]
    [<ffffffff83712c46>] netif_receive_skb+0x56/0x250 net/core/dev.c:5776
    [<ffffffff840aa712>] ieee802154_deliver_skb net/mac802154/rx.c:29 [inline]
    [<ffffffff840aa712>] ieee802154_subif_frame net/mac802154/rx.c:102 [inline]
    [<ffffffff840aa712>] __ieee802154_rx_handle_packet net/mac802154/rx.c:212 [inline]
    [<ffffffff840aa712>] ieee802154_rx+0x612/0x620 net/mac802154/rx.c:284
    [<ffffffff840a9db6>] ieee802154_tasklet_handler+0x86/0xa0 net/mac802154/main.c:35
    [<ffffffff8123b40f>] tasklet_action_common.constprop.0+0x9f/0x110 kernel/softirq.c:783
    [<ffffffff846000bf>] __do_softirq+0xbf/0x29e kernel/softirq.c:558
    [<ffffffff8123b81a>] do_softirq kernel/softirq.c:459 [inline]
    [<ffffffff8123b81a>] do_softirq+0x5a/0x80 kernel/softirq.c:446
    [<ffffffff8123b891>] __local_bh_enable_ip+0x51/0x60 kernel/softirq.c:383
    [<ffffffff837104af>] local_bh_enable include/linux/bottom_half.h:32 [inline]
    [<ffffffff837104af>] rcu_read_unlock_bh include/linux/rcupdate.h:757 [inline]
    [<ffffffff837104af>] __dev_queue_xmit+0x7df/0x12f0 net/core/dev.c:4312
    [<ffffffff840a70b1>] raw_sendmsg+0x221/0x340 net/ieee802154/socket.c:295
    [<ffffffff836cfed6>] sock_sendmsg_nosec net/socket.c:703 [inline]
    [<ffffffff836cfed6>] sock_sendmsg+0x56/0x80 net/socket.c:723
    [<ffffffff836d043c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2392
    [<ffffffff836d448b>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2446

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-leak 2021/07/24 04:58 upstream 8baef6386baa bc5f1d88 .config console log report syz C memory leak in skb_clone
ci-upstream-gce-leak 2021/04/10 08:01 upstream 17e7124aad76 6a81331a .config console log report syz C memory leak in skb_clone
* Struck through repros no longer work on HEAD.