syzbot


memory leak in __tcp_send_ack

Status: internal: reported C repro on 2021/04/26 19:21
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: 07d120aa33cc net: tun: call napi_schedule_prep() to ensure we own a napi
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 654d, last: 118d

Sample crash report:
executing program
executing program
BUG: memory leak
unreferenced object 0xffff88810f285900 (size 240):
  comm "sshd", pid 3389, jiffies 4294939275 (age 140.250s)
  hex dump (first 32 bytes):
    e0 e4 34 06 81 88 ff ff e0 e4 34 06 81 88 ff ff  ..4.......4.....
    00 00 01 13 81 88 ff ff 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff83884c09>] __alloc_skb+0x1f9/0x270 net/core/skbuff.c:497
    [<ffffffff83bf367a>] alloc_skb include/linux/skbuff.h:1265 [inline]
    [<ffffffff83bf367a>] __tcp_send_ack.part.0+0x3a/0x1d0 net/ipv4/tcp_output.c:3960
    [<ffffffff83bf8562>] __tcp_send_ack net/ipv4/tcp_output.c:3992 [inline]
    [<ffffffff83bf8562>] tcp_send_ack+0x32/0x40 net/ipv4/tcp_output.c:3992
    [<ffffffff83bcd08d>] __tcp_cleanup_rbuf+0x15d/0x1b0 net/ipv4/tcp.c:1616
    [<ffffffff83bd3845>] tcp_recvmsg_locked+0x3c5/0xfc0 net/ipv4/tcp.c:2648
    [<ffffffff83bd55ba>] tcp_recvmsg+0x9a/0x320 net/ipv4/tcp.c:2678
    [<ffffffff83c2f908>] inet_recvmsg+0x78/0x180 net/ipv4/af_inet.c:850
    [<ffffffff83873dbf>] sock_recvmsg_nosec net/socket.c:995 [inline]
    [<ffffffff83873dbf>] sock_recvmsg net/socket.c:1013 [inline]
    [<ffffffff83873dbf>] sock_recvmsg net/socket.c:1009 [inline]
    [<ffffffff83873dbf>] sock_read_iter+0x15f/0x1b0 net/socket.c:1086
    [<ffffffff815e0e31>] call_read_iter include/linux/fs.h:2184 [inline]
    [<ffffffff815e0e31>] new_sync_read fs/read_write.c:389 [inline]
    [<ffffffff815e0e31>] vfs_read+0x3b1/0x400 fs/read_write.c:470
    [<ffffffff815e1a9b>] ksys_read+0x12b/0x160 fs/read_write.c:613
    [<ffffffff845fd895>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff845fd895>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd


Crashes (10):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-leak 2022/10/09 21:00 upstream a6afa4199d3d aea5da89 .config console log report syz C [disk image] [vmlinux] memory leak in __tcp_send_ack
ci-upstream-gce-leak 2022/10/09 20:45 upstream a6afa4199d3d aea5da89 .config console log report syz C [disk image] [vmlinux] memory leak in __tcp_send_ack
ci-upstream-gce-leak 2022/07/20 09:51 upstream ca85855bdcae 775344bc .config console log report syz C memory leak in __tcp_send_ack
ci-upstream-gce-leak 2022/07/19 10:28 upstream 80e19f34c288 ff988920 .config console log report syz C memory leak in __tcp_send_ack
ci-upstream-gce-leak 2022/07/16 03:53 upstream 9b59ec8d50a1 95cb00d1 .config console log report syz C memory leak in __tcp_send_ack
ci-upstream-gce-leak 2021/09/28 11:35 upstream 0513e464f900 78494d16 .config console log report syz C memory leak in __tcp_send_ack
ci-upstream-gce-leak 2021/04/22 00:53 upstream 16fc44d6387e 2bc8999a .config console log report syz C memory leak in __tcp_send_ack
ci-upstream-gce-leak 2021/10/12 10:49 upstream fa5878760579 838e7e2c .config console log report syz memory leak in __tcp_send_ack
ci-upstream-gce-leak 2021/09/29 04:34 upstream d33bec7b3dfa d82cb927 .config console log report syz memory leak in __tcp_send_ack
ci-upstream-gce-leak 2021/07/25 14:12 upstream 6498f6151825 4d1b57d4 .config console log report syz memory leak in __tcp_send_ack
* Struck through repros no longer work on HEAD.