syzbot

 sign-in | mailing list | source | docs
🐞 Open [961] 🐞 Fixed [3806] 🐞 Invalid [8175] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

memory leak in __nf_hook_entries_try_shrink
Status: upstream: reported C repro on 2019/06/13 20:06
Reported-by: syzbot+c51f73e78e7e2ce3a31e@syzkaller.appspotmail.com
First crash: 1077d, last: 1054d

Cause bisection: introduced by (bisect log) :
commit fc79168a7c75423047d60a033dc4844955ccae0b
Author: Helge Deller <deller@gmx.de>
Date: Wed Apr 13 20:44:54 2016 +0000

  parisc: Add syscall tracepoint support

Crash: memory leak in next_bio (log)
Repro: C syz .config

Sample crash report:
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888121ce8880 (size 96):
  comm "syz-executor898", pid 6944, jiffies 4294951724 (age 15.520s)
  hex dump (first 32 bytes):
    02 00 00 00 00 00 00 00 20 06 bc 82 ff ff ff ff  ........ .......
    00 00 00 00 00 00 00 00 00 1a bc 82 ff ff ff ff  ................
  backtrace:
    [<00000000b1b49de8>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000b1b49de8>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000b1b49de8>] slab_alloc_node mm/slab.c:3269 [inline]
    [<00000000b1b49de8>] kmem_cache_alloc_node_trace+0x15b/0x2a0 mm/slab.c:3597
    [<00000000fb94d141>] __do_kmalloc_node mm/slab.c:3619 [inline]
    [<00000000fb94d141>] __kmalloc_node+0x38/0x50 mm/slab.c:3627
    [<00000000403fc4f1>] kmalloc_node include/linux/slab.h:590 [inline]
    [<00000000403fc4f1>] kvmalloc_node+0x4a/0xd0 mm/util.c:431
    [<00000000477c2f27>] kvmalloc include/linux/mm.h:648 [inline]
    [<00000000477c2f27>] kvzalloc include/linux/mm.h:656 [inline]
    [<00000000477c2f27>] allocate_hook_entries_size+0x3b/0x60 net/netfilter/core.c:61
    [<000000003680c5e7>] __nf_hook_entries_try_shrink+0xbd/0x190 net/netfilter/core.c:248
    [<000000005a7902d9>] __nf_unregister_net_hook+0x12f/0x1b0 net/netfilter/core.c:416
    [<00000000b7ae4d54>] nf_unregister_net_hook+0x32/0x70 net/netfilter/core.c:431
    [<0000000045b31790>] nf_unregister_net_hooks+0x3d/0x50 net/netfilter/core.c:499
    [<000000005e6b778b>] selinux_nf_unregister+0x22/0x30 security/selinux/hooks.c:7103
    [<00000000d9d86cef>] ops_exit_list.isra.0+0x4c/0x80 net/core/net_namespace.c:154
    [<000000003704c33e>] setup_net+0x14a/0x230 net/core/net_namespace.c:333
    [<00000000cae83c02>] copy_net_ns+0xf0/0x1e0 net/core/net_namespace.c:439
    [<0000000074a72560>] create_new_namespaces+0x141/0x2a0 kernel/nsproxy.c:103
    [<00000000447e141c>] unshare_nsproxy_namespaces+0x7f/0x100 kernel/nsproxy.c:202
    [<00000000c40130b5>] ksys_unshare+0x236/0x490 kernel/fork.c:2675
    [<0000000050077794>] __do_sys_unshare kernel/fork.c:2743 [inline]
    [<0000000050077794>] __se_sys_unshare kernel/fork.c:2741 [inline]
    [<0000000050077794>] __x64_sys_unshare+0x16/0x20 kernel/fork.c:2741

executing program
executing program
executing program
executing program

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2019/07/07 05:10 upstream 46713c3d2f8d f62e1e85 .config log report syz C
ci-upstream-gce-leak 2019/06/20 17:13 upstream abf02e2964b3 34bf9440 .config log report syz C
ci-upstream-gce-leak 2019/06/17 02:43 upstream 963172d9c7e8 442206d7 .config log report syz C
ci-upstream-gce-leak 2019/06/13 15:40 upstream b076173a309e 3f4e812b .config log report syz C