syzbot

 sign-in | mailing list | source | docs
🐞 Open [1165] 🐞 Fixed [4326] 🐞 Invalid [9670] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

memory leak in inet6_create (2)

Status: upstream: reported C repro on 2020/05/07 05:56
Reported-by: syzbot+db84db800df5aa102826@syzkaller.appspotmail.com
First crash: 1011d, last: 49d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in inet6_create C 2 1339d 1342d 13/24 fixed on 2019/07/10 21:40
Last patch testing requests:
Created Duration User Patch Repo Result
2022/11/11 01:30 15m retest repro upstream report log
2022/11/11 00:30 17m retest repro upstream OK log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888110ef1800 (size 1840):
  comm "syz-executor783", pid 8417, jiffies 4294954395 (age 25.940s)
  hex dump (first 32 bytes):
    00 00 00 00 7f 00 00 06 15 14 f5 21 4e 20 22 dc  ...........!N ".
    0a 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............
  backtrace:
    [<000000007986323e>] sk_prot_alloc+0x3c/0x170 net/core/sock.c:1598
    [<000000002fc61b2a>] sk_alloc+0x30/0x330 net/core/sock.c:1658
    [<000000000d7242e5>] inet6_create net/ipv6/af_inet6.c:181 [inline]
    [<000000000d7242e5>] inet6_create+0x112/0x4d0 net/ipv6/af_inet6.c:108
    [<00000000ca79ca9d>] __sock_create+0x14a/0x220 net/socket.c:1433
    [<000000007253d628>] sock_create net/socket.c:1484 [inline]
    [<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
    [<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
    [<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
    [<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
    [<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
    [<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888110eaf620 (size 32):
  comm "syz-executor783", pid 8417, jiffies 4294954395 (age 25.940s)
  hex dump (first 32 bytes):
    02 00 00 00 00 00 00 00 c0 d8 f0 10 81 88 ff ff  ................
    01 00 00 00 03 00 00 00 33 00 00 00 00 00 00 00  ........3.......
  backtrace:
    [<000000000d2c6b3e>] kmalloc include/linux/slab.h:555 [inline]
    [<000000000d2c6b3e>] kzalloc include/linux/slab.h:669 [inline]
    [<000000000d2c6b3e>] selinux_sk_alloc_security+0x43/0xa0 security/selinux/hooks.c:5126
    [<00000000d4591378>] security_sk_alloc+0x42/0x70 security/security.c:2120
    [<000000009002ddd9>] sk_prot_alloc+0x9c/0x170 net/core/sock.c:1607
    [<000000002fc61b2a>] sk_alloc+0x30/0x330 net/core/sock.c:1658
    [<000000000d7242e5>] inet6_create net/ipv6/af_inet6.c:181 [inline]
    [<000000000d7242e5>] inet6_create+0x112/0x4d0 net/ipv6/af_inet6.c:108
    [<00000000ca79ca9d>] __sock_create+0x14a/0x220 net/socket.c:1433
    [<000000007253d628>] sock_create net/socket.c:1484 [inline]
    [<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
    [<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
    [<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
    [<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
    [<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
    [<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888110f0d8c0 (size 64):
  comm "syz-executor783", pid 8417, jiffies 4294954395 (age 25.940s)
  hex dump (first 32 bytes):
    15 00 00 01 00 00 00 00 a0 39 dc 10 81 88 ff ff  .........9......
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000002bb571e8>] kmalloc include/linux/slab.h:555 [inline]
    [<000000002bb571e8>] kzalloc include/linux/slab.h:669 [inline]
    [<000000002bb571e8>] netlbl_secattr_alloc include/net/netlabel.h:382 [inline]
    [<000000002bb571e8>] selinux_netlbl_sock_genattr+0x48/0x180 security/selinux/netlabel.c:76
    [<00000000201274d5>] selinux_netlbl_socket_post_create+0x41/0xb0 security/selinux/netlabel.c:398
    [<00000000189429bf>] selinux_socket_post_create+0x182/0x390 security/selinux/hooks.c:4541
    [<0000000054916bb2>] security_socket_post_create+0x54/0x80 security/security.c:2032
    [<0000000085ba4813>] __sock_create+0x1cc/0x220 net/socket.c:1449
    [<000000007253d628>] sock_create net/socket.c:1484 [inline]
    [<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
    [<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
    [<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
    [<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
    [<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
    [<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888110dc39a0 (size 32):
  comm "syz-executor783", pid 8417, jiffies 4294954395 (age 25.940s)
  hex dump (first 32 bytes):
    6b 65 72 6e 65 6c 5f 74 00 73 79 73 74 65 6d 5f  kernel_t.system_
    72 3a 6b 65 72 6e 65 6c 5f 74 3a 73 30 00 00 00  r:kernel_t:s0...
  backtrace:
    [<0000000090b931e1>] kstrdup+0x36/0x70 mm/util.c:60
    [<0000000079ad8987>] security_netlbl_sid_to_secattr+0x97/0x100 security/selinux/ss/services.c:3739
    [<000000006911d3c9>] selinux_netlbl_sock_genattr+0x67/0x180 security/selinux/netlabel.c:79
    [<00000000201274d5>] selinux_netlbl_socket_post_create+0x41/0xb0 security/selinux/netlabel.c:398
    [<00000000189429bf>] selinux_socket_post_create+0x182/0x390 security/selinux/hooks.c:4541
    [<0000000054916bb2>] security_socket_post_create+0x54/0x80 security/security.c:2032
    [<0000000085ba4813>] __sock_create+0x1cc/0x220 net/socket.c:1449
    [<000000007253d628>] sock_create net/socket.c:1484 [inline]
    [<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
    [<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
    [<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
    [<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
    [<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
    [<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888110ef1800 (size 1840):
  comm "syz-executor783", pid 8417, jiffies 4294954395 (age 30.410s)
  hex dump (first 32 bytes):
    00 00 00 00 7f 00 00 06 15 14 f5 21 4e 20 22 dc  ...........!N ".
    0a 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............
  backtrace:
    [<000000007986323e>] sk_prot_alloc+0x3c/0x170 net/core/sock.c:1598
    [<000000002fc61b2a>] sk_alloc+0x30/0x330 net/core/sock.c:1658
    [<000000000d7242e5>] inet6_create net/ipv6/af_inet6.c:181 [inline]
    [<000000000d7242e5>] inet6_create+0x112/0x4d0 net/ipv6/af_inet6.c:108
    [<00000000ca79ca9d>] __sock_create+0x14a/0x220 net/socket.c:1433
    [<000000007253d628>] sock_create net/socket.c:1484 [inline]
    [<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
    [<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
    [<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
    [<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
    [<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
    [<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888110eaf620 (size 32):
  comm "syz-executor783", pid 8417, jiffies 4294954395 (age 30.410s)
  hex dump (first 32 bytes):
    02 00 00 00 00 00 00 00 c0 d8 f0 10 81 88 ff ff  ................
    01 00 00 00 03 00 00 00 33 00 00 00 00 00 00 00  ........3.......
  backtrace:
    [<000000000d2c6b3e>] kmalloc include/linux/slab.h:555 [inline]
    [<000000000d2c6b3e>] kzalloc include/linux/slab.h:669 [inline]
    [<000000000d2c6b3e>] selinux_sk_alloc_security+0x43/0xa0 security/selinux/hooks.c:5126
    [<00000000d4591378>] security_sk_alloc+0x42/0x70 security/security.c:2120
    [<000000009002ddd9>] sk_prot_alloc+0x9c/0x170 net/core/sock.c:1607
    [<000000002fc61b2a>] sk_alloc+0x30/0x330 net/core/sock.c:1658
    [<000000000d7242e5>] inet6_create net/ipv6/af_inet6.c:181 [inline]
    [<000000000d7242e5>] inet6_create+0x112/0x4d0 net/ipv6/af_inet6.c:108
    [<00000000ca79ca9d>] __sock_create+0x14a/0x220 net/socket.c:1433
    [<000000007253d628>] sock_create net/socket.c:1484 [inline]
    [<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
    [<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
    [<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
    [<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
    [<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
    [<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888110f0d8c0 (size 64):
  comm "syz-executor783", pid 8417, jiffies 4294954395 (age 30.410s)
  hex dump (first 32 bytes):
    15 00 00 01 00 00 00 00 a0 39 dc 10 81 88 ff ff  .........9......
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000002bb571e8>] kmalloc include/linux/slab.h:555 [inline]
    [<000000002bb571e8>] kzalloc include/linux/slab.h:669 [inline]
    [<000000002bb571e8>] netlbl_secattr_alloc include/net/netlabel.h:382 [inline]
    [<000000002bb571e8>] selinux_netlbl_sock_genattr+0x48/0x180 security/selinux/netlabel.c:76
    [<00000000201274d5>] selinux_netlbl_socket_post_create+0x41/0xb0 security/selinux/netlabel.c:398
    [<00000000189429bf>] selinux_socket_post_create+0x182/0x390 security/selinux/hooks.c:4541
    [<0000000054916bb2>] security_socket_post_create+0x54/0x80 security/security.c:2032
    [<0000000085ba4813>] __sock_create+0x1cc/0x220 net/socket.c:1449
    [<000000007253d628>] sock_create net/socket.c:1484 [inline]
    [<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
    [<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
    [<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
    [<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
    [<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
    [<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888110dc39a0 (size 32):
  comm "syz-executor783", pid 8417, jiffies 4294954395 (age 30.410s)
  hex dump (first 32 bytes):
    6b 65 72 6e 65 6c 5f 74 00 73 79 73 74 65 6d 5f  kernel_t.system_
    72 3a 6b 65 72 6e 65 6c 5f 74 3a 73 30 00 00 00  r:kernel_t:s0...
  backtrace:
    [<0000000090b931e1>] kstrdup+0x36/0x70 mm/util.c:60
    [<0000000079ad8987>] security_netlbl_sid_to_secattr+0x97/0x100 security/selinux/ss/services.c:3739
    [<000000006911d3c9>] selinux_netlbl_sock_genattr+0x67/0x180 security/selinux/netlabel.c:79
    [<00000000201274d5>] selinux_netlbl_socket_post_create+0x41/0xb0 security/selinux/netlabel.c:398
    [<00000000189429bf>] selinux_socket_post_create+0x182/0x390 security/selinux/hooks.c:4541
    [<0000000054916bb2>] security_socket_post_create+0x54/0x80 security/security.c:2032
    [<0000000085ba4813>] __sock_create+0x1cc/0x220 net/socket.c:1449
    [<000000007253d628>] sock_create net/socket.c:1484 [inline]
    [<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
    [<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
    [<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
    [<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
    [<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
    [<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-leak 2020/05/03 05:48 upstream f66ed1ebbfde 5457883a .config console log report syz C
ci-upstream-gce-leak 2022/12/20 21:42 upstream 6feb57c2fd7c d3e76707 .config console log report syz [disk image] [vmlinux] [kernel image] memory leak in inet6_create
ci-upstream-gce-leak 2022/06/23 05:03 upstream 3abc3ae553c7 912f5df7 .config console log report syz C memory leak in inet6_create
* Struck through repros no longer work on HEAD.