syzbot


memory leak in inet6_create (2)

Status: upstream: reported C repro on 2020/05/07 05:56
Reported-by: syzbot+db84db800df5aa102826@syzkaller.appspotmail.com
First crash: 876d, last: 95d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in inet6_create C 2 1204d 1207d 13/24 fixed on 2019/07/10 21:40

Sample crash report:
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
BUG: memory leak
unreferenced object 0xffff88810a304800 (size 2040):
  comm "syz-executor398", pid 3630, jiffies 4294960227 (age 12.450s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    0a 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............
  backtrace:
    [<ffffffff8385276e>] sk_prot_alloc+0x3e/0x1b0 net/core/sock.c:1969
    [<ffffffff838563c2>] sk_alloc+0x32/0x2e0 net/core/sock.c:2028
    [<ffffffff83cd3007>] inet6_create net/ipv6/af_inet6.c:184 [inline]
    [<ffffffff83cd3007>] inet6_create+0x167/0x5e0 net/ipv6/af_inet6.c:111
    [<ffffffff8384a8db>] __sock_create+0x1ab/0x2b0 net/socket.c:1515
    [<ffffffff8384db8e>] sock_create net/socket.c:1566 [inline]
    [<ffffffff8384db8e>] __sys_socket_create net/socket.c:1603 [inline]
    [<ffffffff8384db8e>] __sys_socket_create net/socket.c:1588 [inline]
    [<ffffffff8384db8e>] __sys_socket+0x9e/0x190 net/socket.c:1636
    [<ffffffff8384dc9a>] __do_sys_socket net/socket.c:1649 [inline]
    [<ffffffff8384dc9a>] __se_sys_socket net/socket.c:1647 [inline]
    [<ffffffff8384dc9a>] __x64_sys_socket+0x1a/0x20 net/socket.c:1647
    [<ffffffff845aaec5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff845aaec5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff8460006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

BUG: memory leak
unreferenced object 0xffff88810d074700 (size 32):
  comm "syz-executor398", pid 3630, jiffies 4294960227 (age 12.450s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff822752d3>] kmalloc include/linux/slab.h:600 [inline]
    [<ffffffff822752d3>] kzalloc include/linux/slab.h:733 [inline]
    [<ffffffff822752d3>] apparmor_sk_alloc_security+0x53/0xd0 security/apparmor/lsm.c:812
    [<ffffffff8223ade1>] security_sk_alloc+0x31/0x70 security/security.c:2273
    [<ffffffff838527c5>] sk_prot_alloc+0x95/0x1b0 net/core/sock.c:1978
    [<ffffffff838563c2>] sk_alloc+0x32/0x2e0 net/core/sock.c:2028
    [<ffffffff83cd3007>] inet6_create net/ipv6/af_inet6.c:184 [inline]
    [<ffffffff83cd3007>] inet6_create+0x167/0x5e0 net/ipv6/af_inet6.c:111
    [<ffffffff8384a8db>] __sock_create+0x1ab/0x2b0 net/socket.c:1515
    [<ffffffff8384db8e>] sock_create net/socket.c:1566 [inline]
    [<ffffffff8384db8e>] __sys_socket_create net/socket.c:1603 [inline]
    [<ffffffff8384db8e>] __sys_socket_create net/socket.c:1588 [inline]
    [<ffffffff8384db8e>] __sys_socket+0x9e/0x190 net/socket.c:1636
    [<ffffffff8384dc9a>] __do_sys_socket net/socket.c:1649 [inline]
    [<ffffffff8384dc9a>] __se_sys_socket net/socket.c:1647 [inline]
    [<ffffffff8384dc9a>] __x64_sys_socket+0x1a/0x20 net/socket.c:1647
    [<ffffffff845aaec5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff845aaec5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff8460006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

BUG: memory leak
unreferenced object 0xffff88810def7c40 (size 768):
  comm "syz-executor398", pid 3630, jiffies 4294960227 (age 12.450s)
  hex dump (first 32 bytes):
    01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 80 53 9d 07 81 88 ff ff  .........S......
  backtrace:
    [<ffffffff8384aeb3>] alloc_inode_sb include/linux/fs.h:2965 [inline]
    [<ffffffff8384aeb3>] sock_alloc_inode+0x23/0xa0 net/socket.c:304
    [<ffffffff8160be99>] alloc_inode+0x29/0x110 fs/inode.c:260
    [<ffffffff8160d953>] new_inode_pseudo+0x13/0x70 fs/inode.c:1018
    [<ffffffff8384a328>] sock_alloc+0x18/0x90 net/socket.c:627
    [<ffffffff8384a7e8>] __sock_create+0xb8/0x2b0 net/socket.c:1479
    [<ffffffff843a24ae>] mptcp_subflow_create_socket+0x5e/0x4b0 net/mptcp/subflow.c:1593
    [<ffffffff84396c01>] __mptcp_socket_create net/mptcp/protocol.c:110 [inline]
    [<ffffffff84396c01>] mptcp_init_sock net/mptcp/protocol.c:2642 [inline]
    [<ffffffff84396c01>] mptcp_init_sock+0xb1/0x2a0 net/mptcp/protocol.c:2627
    [<ffffffff83cd3224>] inet6_create net/ipv6/af_inet6.c:257 [inline]
    [<ffffffff83cd3224>] inet6_create+0x384/0x5e0 net/ipv6/af_inet6.c:111
    [<ffffffff8384a8db>] __sock_create+0x1ab/0x2b0 net/socket.c:1515
    [<ffffffff8384db8e>] sock_create net/socket.c:1566 [inline]
    [<ffffffff8384db8e>] __sys_socket_create net/socket.c:1603 [inline]
    [<ffffffff8384db8e>] __sys_socket_create net/socket.c:1588 [inline]
    [<ffffffff8384db8e>] __sys_socket+0x9e/0x190 net/socket.c:1636
    [<ffffffff8384dc9a>] __do_sys_socket net/socket.c:1649 [inline]
    [<ffffffff8384dc9a>] __se_sys_socket net/socket.c:1647 [inline]
    [<ffffffff8384dc9a>] __x64_sys_socket+0x1a/0x20 net/socket.c:1647
    [<ffffffff845aaec5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff845aaec5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff8460006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

BUG: memory leak
unreferenced object 0xffff888107c6be80 (size 32):
  comm "syz-executor398", pid 3630, jiffies 4294960227 (age 12.450s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8223791a>] kmem_cache_zalloc include/linux/slab.h:723 [inline]
    [<ffffffff8223791a>] lsm_inode_alloc security/security.c:594 [inline]
    [<ffffffff8223791a>] security_inode_alloc+0x2a/0xb0 security/security.c:1024
    [<ffffffff816093c4>] inode_init_always+0x114/0x230 fs/inode.c:195
    [<ffffffff8160beb6>] alloc_inode+0x46/0x110 fs/inode.c:267
    [<ffffffff8160d953>] new_inode_pseudo+0x13/0x70 fs/inode.c:1018
    [<ffffffff8384a328>] sock_alloc+0x18/0x90 net/socket.c:627
    [<ffffffff8384a7e8>] __sock_create+0xb8/0x2b0 net/socket.c:1479
    [<ffffffff843a24ae>] mptcp_subflow_create_socket+0x5e/0x4b0 net/mptcp/subflow.c:1593
    [<ffffffff84396c01>] __mptcp_socket_create net/mptcp/protocol.c:110 [inline]
    [<ffffffff84396c01>] mptcp_init_sock net/mptcp/protocol.c:2642 [inline]
    [<ffffffff84396c01>] mptcp_init_sock+0xb1/0x2a0 net/mptcp/protocol.c:2627
    [<ffffffff83cd3224>] inet6_create net/ipv6/af_inet6.c:257 [inline]
    [<ffffffff83cd3224>] inet6_create+0x384/0x5e0 net/ipv6/af_inet6.c:111
    [<ffffffff8384a8db>] __sock_create+0x1ab/0x2b0 net/socket.c:1515
    [<ffffffff8384db8e>] sock_create net/socket.c:1566 [inline]
    [<ffffffff8384db8e>] __sys_socket_create net/socket.c:1603 [inline]
    [<ffffffff8384db8e>] __sys_socket_create net/socket.c:1588 [inline]
    [<ffffffff8384db8e>] __sys_socket+0x9e/0x190 net/socket.c:1636
    [<ffffffff8384dc9a>] __do_sys_socket net/socket.c:1649 [inline]
    [<ffffffff8384dc9a>] __se_sys_socket net/socket.c:1647 [inline]
    [<ffffffff8384dc9a>] __x64_sys_socket+0x1a/0x20 net/socket.c:1647
    [<ffffffff845aaec5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff845aaec5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff8460006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2022/06/23 05:03 upstream 3abc3ae553c7 912f5df7 .config log report syz C memory leak in inet6_create
ci-upstream-gce-leak 2020/05/03 05:48 upstream f66ed1ebbfde 5457883a .config log report syz C
* Struck through repros no longer work on HEAD.