syzbot


memory leak in skb_copy

Status: closed as invalid on 2021/10/06 01:09
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 583d, last: 583d

Sample crash report:
Warning: Permanently added '10.128.0.150' (ECDSA) to the list of known hosts.
executing program
executing program
BUG: memory leak
unreferenced object 0xffff88810feb7100 (size 232):
  comm "syz-executor159", pid 8387, jiffies 4294943106 (age 12.530s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8364d00f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:412
    [<ffffffff83650fa5>] skb_copy+0x65/0xe0 net/core/skbuff.c:1561
    [<ffffffff83f4a7ab>] skb_unshare include/linux/skbuff.h:1766 [inline]
    [<ffffffff83f4a7ab>] tipc_buf_append+0xeb/0x340 net/tipc/msg.c:152
    [<ffffffff83f4c40d>] tipc_msg_reassemble+0xbd/0x1a0 net/tipc/msg.c:791
    [<ffffffff83f3a952>] tipc_mcast_xmit+0x392/0x7c0 net/tipc/bcast.c:392
    [<ffffffff83f62031>] tipc_send_group_bcast+0x2f1/0x3b0 net/tipc/socket.c:1132
    [<ffffffff83f6784a>] __tipc_sendmsg+0x5ba/0xa80 net/tipc/socket.c:1444
    [<ffffffff83f67d41>] tipc_sendmsg+0x31/0x50 net/tipc/socket.c:1409
    [<ffffffff8363cfa6>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363cfa6>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8364336f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2854
    [<ffffffff8363c8ab>] kernel_sendpage.part.0+0xeb/0x150 net/socket.c:3631
    [<ffffffff8363d58b>] kernel_sendpage net/socket.c:3628 [inline]
    [<ffffffff8363d58b>] sock_sendpage+0x5b/0x90 net/socket.c:947
    [<ffffffff815a5f02>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
    [<ffffffff815a7da2>] splice_from_pipe_feed fs/splice.c:418 [inline]
    [<ffffffff815a7da2>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
    [<ffffffff815a85cf>] splice_from_pipe fs/splice.c:597 [inline]
    [<ffffffff815a85cf>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
    [<ffffffff815a5fbb>] do_splice_from fs/splice.c:767 [inline]
    [<ffffffff815a5fbb>] direct_splice_actor+0x4b/0x70 fs/splice.c:936

BUG: memory leak
unreferenced object 0xffff88811045eb00 (size 232):
  comm "syz-executor159", pid 8387, jiffies 4294943106 (age 12.530s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8364d00f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:412
    [<ffffffff83650fa5>] skb_copy+0x65/0xe0 net/core/skbuff.c:1561
    [<ffffffff83f4a7ab>] skb_unshare include/linux/skbuff.h:1766 [inline]
    [<ffffffff83f4a7ab>] tipc_buf_append+0xeb/0x340 net/tipc/msg.c:152
    [<ffffffff83f4c40d>] tipc_msg_reassemble+0xbd/0x1a0 net/tipc/msg.c:791
    [<ffffffff83f3a952>] tipc_mcast_xmit+0x392/0x7c0 net/tipc/bcast.c:392
    [<ffffffff83f62031>] tipc_send_group_bcast+0x2f1/0x3b0 net/tipc/socket.c:1132
    [<ffffffff83f6784a>] __tipc_sendmsg+0x5ba/0xa80 net/tipc/socket.c:1444
    [<ffffffff83f67d41>] tipc_sendmsg+0x31/0x50 net/tipc/socket.c:1409
    [<ffffffff8363cfa6>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363cfa6>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8364336f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2854
    [<ffffffff8363c8ab>] kernel_sendpage.part.0+0xeb/0x150 net/socket.c:3631
    [<ffffffff8363d58b>] kernel_sendpage net/socket.c:3628 [inline]
    [<ffffffff8363d58b>] sock_sendpage+0x5b/0x90 net/socket.c:947
    [<ffffffff815a5f02>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
    [<ffffffff815a7da2>] splice_from_pipe_feed fs/splice.c:418 [inline]
    [<ffffffff815a7da2>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
    [<ffffffff815a85cf>] splice_from_pipe fs/splice.c:597 [inline]
    [<ffffffff815a85cf>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
    [<ffffffff815a5fbb>] do_splice_from fs/splice.c:767 [inline]
    [<ffffffff815a5fbb>] direct_splice_actor+0x4b/0x70 fs/splice.c:936

BUG: memory leak
unreferenced object 0xffff88810afc0b00 (size 232):
  comm "syz-executor159", pid 8387, jiffies 4294943106 (age 12.530s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8364d00f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:412
    [<ffffffff83650fa5>] skb_copy+0x65/0xe0 net/core/skbuff.c:1561
    [<ffffffff83f4a7ab>] skb_unshare include/linux/skbuff.h:1766 [inline]
    [<ffffffff83f4a7ab>] tipc_buf_append+0xeb/0x340 net/tipc/msg.c:152
    [<ffffffff83f4c40d>] tipc_msg_reassemble+0xbd/0x1a0 net/tipc/msg.c:791
    [<ffffffff83f3a952>] tipc_mcast_xmit+0x392/0x7c0 net/tipc/bcast.c:392
    [<ffffffff83f62031>] tipc_send_group_bcast+0x2f1/0x3b0 net/tipc/socket.c:1132
    [<ffffffff83f6784a>] __tipc_sendmsg+0x5ba/0xa80 net/tipc/socket.c:1444
    [<ffffffff83f67d41>] tipc_sendmsg+0x31/0x50 net/tipc/socket.c:1409
    [<ffffffff8363cfa6>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363cfa6>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8364336f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2854
    [<ffffffff8363c8ab>] kernel_sendpage.part.0+0xeb/0x150 net/socket.c:3631
    [<ffffffff8363d58b>] kernel_sendpage net/socket.c:3628 [inline]
    [<ffffffff8363d58b>] sock_sendpage+0x5b/0x90 net/socket.c:947
    [<ffffffff815a5f02>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
    [<ffffffff815a7da2>] splice_from_pipe_feed fs/splice.c:418 [inline]
    [<ffffffff815a7da2>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
    [<ffffffff815a85cf>] splice_from_pipe fs/splice.c:597 [inline]
    [<ffffffff815a85cf>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
    [<ffffffff815a5fbb>] do_splice_from fs/splice.c:767 [inline]
    [<ffffffff815a5fbb>] direct_splice_actor+0x4b/0x70 fs/splice.c:936


Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2021/04/24 21:16 upstream 8db5efb83fa9 17f0b706 .config log report syz C memory leak in skb_copy
* Struck through repros no longer work on HEAD.