* [syzbot] [net?] memory leak in ___neigh_create (2)
@ 2024-01-05 17:32 syzbot
2024-01-05 17:33 ` syzbot
` (73 more replies)
0 siblings, 74 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:32 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, wangyuweihx
Hello,
syzbot found the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
@ 2024-01-05 17:33 ` syzbot
2024-01-05 17:34 ` syzbot
` (72 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:33 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
2024-01-05 17:33 ` syzbot
@ 2024-01-05 17:34 ` syzbot
2024-01-05 17:35 ` syzbot
` (71 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:34 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
2024-01-05 17:33 ` syzbot
2024-01-05 17:34 ` syzbot
@ 2024-01-05 17:35 ` syzbot
2024-01-05 17:36 ` syzbot
` (70 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:35 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (2 preceding siblings ...)
2024-01-05 17:35 ` syzbot
@ 2024-01-05 17:36 ` syzbot
2024-01-05 17:37 ` syzbot
` (69 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:36 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (3 preceding siblings ...)
2024-01-05 17:36 ` syzbot
@ 2024-01-05 17:37 ` syzbot
2024-01-05 17:38 ` syzbot
` (68 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:37 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (4 preceding siblings ...)
2024-01-05 17:37 ` syzbot
@ 2024-01-05 17:38 ` syzbot
2024-01-05 17:39 ` syzbot
` (67 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:38 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (5 preceding siblings ...)
2024-01-05 17:38 ` syzbot
@ 2024-01-05 17:39 ` syzbot
2024-01-05 17:40 ` syzbot
` (66 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:39 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (6 preceding siblings ...)
2024-01-05 17:39 ` syzbot
@ 2024-01-05 17:40 ` syzbot
2024-01-05 17:41 ` syzbot
` (65 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:40 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (7 preceding siblings ...)
2024-01-05 17:40 ` syzbot
@ 2024-01-05 17:41 ` syzbot
2024-01-05 17:42 ` syzbot
` (64 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:41 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (8 preceding siblings ...)
2024-01-05 17:41 ` syzbot
@ 2024-01-05 17:42 ` syzbot
2024-01-05 17:43 ` syzbot
` (63 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:42 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (9 preceding siblings ...)
2024-01-05 17:42 ` syzbot
@ 2024-01-05 17:43 ` syzbot
2024-01-05 17:44 ` syzbot
` (62 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:43 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (10 preceding siblings ...)
2024-01-05 17:43 ` syzbot
@ 2024-01-05 17:44 ` syzbot
2024-01-05 17:45 ` syzbot
` (61 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:44 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (11 preceding siblings ...)
2024-01-05 17:44 ` syzbot
@ 2024-01-05 17:45 ` syzbot
2024-01-05 17:46 ` syzbot
` (60 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:45 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (12 preceding siblings ...)
2024-01-05 17:45 ` syzbot
@ 2024-01-05 17:46 ` syzbot
2024-01-05 17:47 ` syzbot
` (59 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:46 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (13 preceding siblings ...)
2024-01-05 17:46 ` syzbot
@ 2024-01-05 17:47 ` syzbot
2024-01-05 17:48 ` syzbot
` (58 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:47 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (14 preceding siblings ...)
2024-01-05 17:47 ` syzbot
@ 2024-01-05 17:48 ` syzbot
2024-01-05 17:49 ` syzbot
` (57 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:48 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (15 preceding siblings ...)
2024-01-05 17:48 ` syzbot
@ 2024-01-05 17:49 ` syzbot
2024-01-05 17:50 ` syzbot
` (56 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:49 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (16 preceding siblings ...)
2024-01-05 17:49 ` syzbot
@ 2024-01-05 17:50 ` syzbot
2024-01-05 17:51 ` syzbot
` (55 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:50 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (17 preceding siblings ...)
2024-01-05 17:50 ` syzbot
@ 2024-01-05 17:51 ` syzbot
2024-01-05 17:52 ` syzbot
` (54 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:51 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (18 preceding siblings ...)
2024-01-05 17:51 ` syzbot
@ 2024-01-05 17:52 ` syzbot
2024-01-05 17:53 ` syzbot
` (53 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:52 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (19 preceding siblings ...)
2024-01-05 17:52 ` syzbot
@ 2024-01-05 17:53 ` syzbot
2024-01-05 17:54 ` syzbot
` (52 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:53 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (20 preceding siblings ...)
2024-01-05 17:53 ` syzbot
@ 2024-01-05 17:54 ` syzbot
2024-01-05 17:55 ` syzbot
` (51 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:54 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (21 preceding siblings ...)
2024-01-05 17:54 ` syzbot
@ 2024-01-05 17:55 ` syzbot
2024-01-05 17:56 ` syzbot
` (50 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:55 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (22 preceding siblings ...)
2024-01-05 17:55 ` syzbot
@ 2024-01-05 17:56 ` syzbot
2024-01-05 17:57 ` syzbot
` (49 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:56 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (23 preceding siblings ...)
2024-01-05 17:56 ` syzbot
@ 2024-01-05 17:57 ` syzbot
2024-01-05 17:58 ` syzbot
` (48 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:57 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (24 preceding siblings ...)
2024-01-05 17:57 ` syzbot
@ 2024-01-05 17:58 ` syzbot
2024-01-05 17:59 ` syzbot
` (47 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:58 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (25 preceding siblings ...)
2024-01-05 17:58 ` syzbot
@ 2024-01-05 17:59 ` syzbot
2024-01-05 18:00 ` syzbot
` (46 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 17:59 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (26 preceding siblings ...)
2024-01-05 17:59 ` syzbot
@ 2024-01-05 18:00 ` syzbot
2024-01-05 18:01 ` syzbot
` (45 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:00 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (27 preceding siblings ...)
2024-01-05 18:00 ` syzbot
@ 2024-01-05 18:01 ` syzbot
2024-01-05 18:02 ` syzbot
` (44 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:01 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (28 preceding siblings ...)
2024-01-05 18:01 ` syzbot
@ 2024-01-05 18:02 ` syzbot
2024-01-05 18:03 ` syzbot
` (43 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:02 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (29 preceding siblings ...)
2024-01-05 18:02 ` syzbot
@ 2024-01-05 18:03 ` syzbot
2024-01-05 18:04 ` syzbot
` (42 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:03 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (30 preceding siblings ...)
2024-01-05 18:03 ` syzbot
@ 2024-01-05 18:04 ` syzbot
2024-01-05 18:05 ` syzbot
` (41 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:04 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (31 preceding siblings ...)
2024-01-05 18:04 ` syzbot
@ 2024-01-05 18:05 ` syzbot
2024-01-05 18:06 ` syzbot
` (40 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:05 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (32 preceding siblings ...)
2024-01-05 18:05 ` syzbot
@ 2024-01-05 18:06 ` syzbot
2024-01-05 18:07 ` syzbot
` (39 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:06 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (33 preceding siblings ...)
2024-01-05 18:06 ` syzbot
@ 2024-01-05 18:07 ` syzbot
2024-01-05 18:08 ` syzbot
` (38 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:07 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (34 preceding siblings ...)
2024-01-05 18:07 ` syzbot
@ 2024-01-05 18:08 ` syzbot
2024-01-05 18:09 ` syzbot
` (37 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:08 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (35 preceding siblings ...)
2024-01-05 18:08 ` syzbot
@ 2024-01-05 18:09 ` syzbot
2024-01-05 18:10 ` syzbot
` (36 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:09 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (36 preceding siblings ...)
2024-01-05 18:09 ` syzbot
@ 2024-01-05 18:10 ` syzbot
2024-01-05 18:11 ` syzbot
` (35 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:10 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (37 preceding siblings ...)
2024-01-05 18:10 ` syzbot
@ 2024-01-05 18:11 ` syzbot
2024-01-05 18:12 ` syzbot
` (34 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:11 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (38 preceding siblings ...)
2024-01-05 18:11 ` syzbot
@ 2024-01-05 18:12 ` syzbot
2024-01-05 18:13 ` syzbot
` (33 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:12 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (39 preceding siblings ...)
2024-01-05 18:12 ` syzbot
@ 2024-01-05 18:13 ` syzbot
2024-01-05 18:14 ` syzbot
` (32 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:13 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (40 preceding siblings ...)
2024-01-05 18:13 ` syzbot
@ 2024-01-05 18:14 ` syzbot
2024-01-05 18:15 ` syzbot
` (31 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:14 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (41 preceding siblings ...)
2024-01-05 18:14 ` syzbot
@ 2024-01-05 18:15 ` syzbot
2024-01-05 18:16 ` syzbot
` (30 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:15 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (42 preceding siblings ...)
2024-01-05 18:15 ` syzbot
@ 2024-01-05 18:16 ` syzbot
2024-01-05 18:17 ` syzbot
` (29 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:16 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (43 preceding siblings ...)
2024-01-05 18:16 ` syzbot
@ 2024-01-05 18:17 ` syzbot
2024-01-05 18:18 ` syzbot
` (28 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:17 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (44 preceding siblings ...)
2024-01-05 18:17 ` syzbot
@ 2024-01-05 18:18 ` syzbot
2024-01-05 18:19 ` syzbot
` (27 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:18 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (45 preceding siblings ...)
2024-01-05 18:18 ` syzbot
@ 2024-01-05 18:19 ` syzbot
2024-01-05 18:20 ` Florian Fainelli
` (26 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:19 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (46 preceding siblings ...)
2024-01-05 18:19 ` syzbot
@ 2024-01-05 18:20 ` Florian Fainelli
2024-01-05 18:20 ` syzbot
` (25 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: Florian Fainelli @ 2024-01-05 18:20 UTC (permalink / raw)
To: syzbot, alexander.mikhalitsyn, davem, den, dsahern, edumazet,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, wangyuweihx
On 1/5/24 09:32, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
> kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
> dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
Is there a way to stop sending multiple such duplicate reports?
--
Florian
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (47 preceding siblings ...)
2024-01-05 18:20 ` Florian Fainelli
@ 2024-01-05 18:20 ` syzbot
2024-01-05 18:21 ` syzbot
` (24 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:20 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (48 preceding siblings ...)
2024-01-05 18:20 ` syzbot
@ 2024-01-05 18:21 ` syzbot
2024-01-05 18:22 ` syzbot
` (23 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:21 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (49 preceding siblings ...)
2024-01-05 18:21 ` syzbot
@ 2024-01-05 18:22 ` syzbot
2024-01-05 18:23 ` syzbot
` (22 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:22 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (50 preceding siblings ...)
2024-01-05 18:22 ` syzbot
@ 2024-01-05 18:23 ` syzbot
2024-01-05 18:25 ` Eric Dumazet
2024-01-05 18:24 ` syzbot
` (21 subsequent siblings)
73 siblings, 1 reply; 77+ messages in thread
From: syzbot @ 2024-01-05 18:23 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (51 preceding siblings ...)
2024-01-05 18:23 ` syzbot
@ 2024-01-05 18:24 ` syzbot
2024-01-05 18:25 ` syzbot
` (20 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:24 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 18:23 ` syzbot
@ 2024-01-05 18:25 ` Eric Dumazet
0 siblings, 0 replies; 77+ messages in thread
From: Eric Dumazet @ 2024-01-05 18:25 UTC (permalink / raw)
To: syzbot
Cc: alexander.mikhalitsyn, davem, den, dsahern, f.fainelli, kuba,
linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
On Fri, Jan 5, 2024 at 7:23 PM syzbot
<syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com> wrote:
>
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
> kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
> dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
>
> BUG: memory leak
> unreferenced object 0xffff88810b8ea400 (size 512):
> comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
> hex dump (first 32 bytes):
> 00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
> c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
> [<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
> [<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
> [<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
> [<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
> [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
> [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
> [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
> [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>
> BUG: memory leak
> unreferenced object 0xffff888109a7fa00 (size 512):
> comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> 00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
> [<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
> [<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
> [<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
> [<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
> [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
> [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
> [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
> [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>
> BUG: memory leak
> unreferenced object 0xffff88810a9fb400 (size 512):
> comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
> [<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
> [<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
> [<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
> [<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
> [<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
> [<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
> [<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
> [<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
> [<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
> [<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
> [<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> [<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
> [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
>
> BUG: memory leak
> unreferenced object 0xffff88810a9fba00 (size 512):
> comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> 80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
> [<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
> [<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
> [<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
> [<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
> [<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
> [<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
> [<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
> [<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
> [<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
> [<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
> [<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> [<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
> [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
>
>
>
> ---
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
Not sure what happened with syzbot today ....
#syz fix: net: stop syzbot
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (52 preceding siblings ...)
2024-01-05 18:24 ` syzbot
@ 2024-01-05 18:25 ` syzbot
2024-01-05 18:26 ` syzbot
` (19 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:25 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (53 preceding siblings ...)
2024-01-05 18:25 ` syzbot
@ 2024-01-05 18:26 ` syzbot
2024-01-05 18:27 ` syzbot
` (18 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:26 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (54 preceding siblings ...)
2024-01-05 18:26 ` syzbot
@ 2024-01-05 18:27 ` syzbot
2024-01-05 18:28 ` syzbot
` (17 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:27 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (55 preceding siblings ...)
2024-01-05 18:27 ` syzbot
@ 2024-01-05 18:28 ` syzbot
2024-01-05 18:29 ` syzbot
` (16 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:28 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (56 preceding siblings ...)
2024-01-05 18:28 ` syzbot
@ 2024-01-05 18:29 ` syzbot
2024-01-05 18:30 ` syzbot
` (15 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:29 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (57 preceding siblings ...)
2024-01-05 18:29 ` syzbot
@ 2024-01-05 18:30 ` syzbot
2024-01-05 18:31 ` syzbot
` (14 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:30 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (58 preceding siblings ...)
2024-01-05 18:30 ` syzbot
@ 2024-01-05 18:31 ` syzbot
2024-01-05 18:32 ` syzbot
` (13 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:31 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (59 preceding siblings ...)
2024-01-05 18:31 ` syzbot
@ 2024-01-05 18:32 ` syzbot
2024-01-05 18:33 ` syzbot
` (12 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:32 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (60 preceding siblings ...)
2024-01-05 18:32 ` syzbot
@ 2024-01-05 18:33 ` syzbot
2024-01-05 18:34 ` syzbot
` (11 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:33 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (61 preceding siblings ...)
2024-01-05 18:33 ` syzbot
@ 2024-01-05 18:34 ` syzbot
2024-01-05 18:35 ` syzbot
` (10 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:34 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (62 preceding siblings ...)
2024-01-05 18:34 ` syzbot
@ 2024-01-05 18:35 ` syzbot
2024-01-05 18:36 ` syzbot
` (9 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:35 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (63 preceding siblings ...)
2024-01-05 18:35 ` syzbot
@ 2024-01-05 18:36 ` syzbot
2024-01-05 18:37 ` syzbot
` (8 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:36 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (64 preceding siblings ...)
2024-01-05 18:36 ` syzbot
@ 2024-01-05 18:37 ` syzbot
2024-01-05 18:38 ` syzbot
` (7 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:37 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (65 preceding siblings ...)
2024-01-05 18:37 ` syzbot
@ 2024-01-05 18:38 ` syzbot
2024-01-05 18:39 ` syzbot
` (6 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:38 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (66 preceding siblings ...)
2024-01-05 18:38 ` syzbot
@ 2024-01-05 18:39 ` syzbot
2024-01-05 18:40 ` syzbot
` (5 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:39 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (67 preceding siblings ...)
2024-01-05 18:39 ` syzbot
@ 2024-01-05 18:40 ` syzbot
2024-01-05 18:41 ` syzbot
` (4 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-01-05 18:40 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (68 preceding siblings ...)
2024-01-05 18:40 ` syzbot
@ 2024-01-05 18:41 ` syzbot
2024-01-05 18:46 ` Aleksandr Nogikh
2024-04-04 18:26 ` [syzbot] " syzbot
` (3 subsequent siblings)
73 siblings, 1 reply; 77+ messages in thread
From: syzbot @ 2024-01-05 18:41 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] [net?] memory leak in ___neigh_create (2)
2024-01-05 18:41 ` syzbot
@ 2024-01-05 18:46 ` Aleksandr Nogikh
0 siblings, 0 replies; 77+ messages in thread
From: Aleksandr Nogikh @ 2024-01-05 18:46 UTC (permalink / raw)
To: syzbot
Cc: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, pabeni, razor, syzkaller-bugs,
thomas.zeitlhofer+lkml, thomas.zeitlhofer, wangyuweihx
I'm very sorry for the inconvenience due to the syzbot breakage!
The reporting was stopped.
We're figuring out what went wrong and will add more fine-grained
controls to prevent such situations in the future.
On Fri, Jan 5, 2024 at 7:41 PM syzbot
<syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com> wrote:
>
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
> kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
> dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com
>
> BUG: memory leak
> unreferenced object 0xffff88810b8ea400 (size 512):
> comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
> hex dump (first 32 bytes):
> 00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
> c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
> [<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
> [<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
> [<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
> [<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
> [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
> [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
> [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
> [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>
> BUG: memory leak
> unreferenced object 0xffff888109a7fa00 (size 512):
> comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> 00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
> [<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
> [<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
> [<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
> [<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
> [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
> [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
> [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
> [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>
> BUG: memory leak
> unreferenced object 0xffff88810a9fb400 (size 512):
> comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
> [<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
> [<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
> [<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
> [<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
> [<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
> [<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
> [<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
> [<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
> [<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
> [<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
> [<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> [<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
> [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
>
> BUG: memory leak
> unreferenced object 0xffff88810a9fba00 (size 512):
> comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> 80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
> [<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
> [<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
> [<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
> [<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
> [<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
> [<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
> [<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
> [<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
> [<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
> [<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
> [<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> [<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
> [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
>
>
>
> ---
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000d4a93c060e373195%40google.com.
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (69 preceding siblings ...)
2024-01-05 18:41 ` syzbot
@ 2024-04-04 18:26 ` syzbot
2024-04-18 18:27 ` syzbot
` (2 subsequent siblings)
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-04-04 18:26 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, nogikh, pabeni, razor,
syzkaller-bugs, thomas.zeitlhofer+lkml, thomas.zeitlhofer,
wangyuweihx
This bug is marked as fixed by commit:
net: stop syzbot
But I can't find it in the tested trees[1] for more than 90 days.
Is it a correct commit? Please update it by replying:
#syz fix: exact-commit-title
Until then the bug is still considered open and new crashes with
the same signature are ignored.
Kernel: Linux
Dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
---
[1] I expect the commit to be present in:
1. for-kernelci branch of
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
2. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
3. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
4. main branch of
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
The full list of 9 trees can be found at
https://syzkaller.appspot.com/upstream/repos
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (70 preceding siblings ...)
2024-04-04 18:26 ` [syzbot] " syzbot
@ 2024-04-18 18:27 ` syzbot
2024-05-02 18:28 ` syzbot
2024-05-16 18:28 ` syzbot
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-04-18 18:27 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, nogikh, pabeni, razor,
syzkaller-bugs, thomas.zeitlhofer+lkml, thomas.zeitlhofer,
wangyuweihx
This bug is marked as fixed by commit:
net: stop syzbot
But I can't find it in the tested trees[1] for more than 90 days.
Is it a correct commit? Please update it by replying:
#syz fix: exact-commit-title
Until then the bug is still considered open and new crashes with
the same signature are ignored.
Kernel: Linux
Dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
---
[1] I expect the commit to be present in:
1. for-kernelci branch of
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
2. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
3. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
4. main branch of
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
The full list of 9 trees can be found at
https://syzkaller.appspot.com/upstream/repos
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (71 preceding siblings ...)
2024-04-18 18:27 ` syzbot
@ 2024-05-02 18:28 ` syzbot
2024-05-16 18:28 ` syzbot
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-05-02 18:28 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, nogikh, pabeni, razor,
syzkaller-bugs, thomas.zeitlhofer+lkml, thomas.zeitlhofer,
wangyuweihx
This bug is marked as fixed by commit:
net: stop syzbot
But I can't find it in the tested trees[1] for more than 90 days.
Is it a correct commit? Please update it by replying:
#syz fix: exact-commit-title
Until then the bug is still considered open and new crashes with
the same signature are ignored.
Kernel: Linux
Dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
---
[1] I expect the commit to be present in:
1. for-kernelci branch of
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
2. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
3. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
4. main branch of
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
The full list of 9 trees can be found at
https://syzkaller.appspot.com/upstream/repos
^ permalink raw reply [flat|nested] 77+ messages in thread
* Re: [syzbot] memory leak in ___neigh_create (2)
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
` (72 preceding siblings ...)
2024-05-02 18:28 ` syzbot
@ 2024-05-16 18:28 ` syzbot
73 siblings, 0 replies; 77+ messages in thread
From: syzbot @ 2024-05-16 18:28 UTC (permalink / raw)
To: alexander.mikhalitsyn, davem, den, dsahern, edumazet, f.fainelli,
kuba, linux-kernel, netdev, nogikh, pabeni, razor,
syzkaller-bugs, thomas.zeitlhofer+lkml, thomas.zeitlhofer,
wangyuweihx
This bug is marked as fixed by commit:
net: stop syzbot
But I can't find it in the tested trees[1] for more than 90 days.
Is it a correct commit? Please update it by replying:
#syz fix: exact-commit-title
Until then the bug is still considered open and new crashes with
the same signature are ignored.
Kernel: Linux
Dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
---
[1] I expect the commit to be present in:
1. for-kernelci branch of
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
2. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
3. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
4. main branch of
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
The full list of 9 trees can be found at
https://syzkaller.appspot.com/upstream/repos
^ permalink raw reply [flat|nested] 77+ messages in thread
end of thread, other threads:[~2024-05-16 18:28 UTC | newest]
Thread overview: 77+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-05 17:32 [syzbot] [net?] memory leak in ___neigh_create (2) syzbot
2024-01-05 17:33 ` syzbot
2024-01-05 17:34 ` syzbot
2024-01-05 17:35 ` syzbot
2024-01-05 17:36 ` syzbot
2024-01-05 17:37 ` syzbot
2024-01-05 17:38 ` syzbot
2024-01-05 17:39 ` syzbot
2024-01-05 17:40 ` syzbot
2024-01-05 17:41 ` syzbot
2024-01-05 17:42 ` syzbot
2024-01-05 17:43 ` syzbot
2024-01-05 17:44 ` syzbot
2024-01-05 17:45 ` syzbot
2024-01-05 17:46 ` syzbot
2024-01-05 17:47 ` syzbot
2024-01-05 17:48 ` syzbot
2024-01-05 17:49 ` syzbot
2024-01-05 17:50 ` syzbot
2024-01-05 17:51 ` syzbot
2024-01-05 17:52 ` syzbot
2024-01-05 17:53 ` syzbot
2024-01-05 17:54 ` syzbot
2024-01-05 17:55 ` syzbot
2024-01-05 17:56 ` syzbot
2024-01-05 17:57 ` syzbot
2024-01-05 17:58 ` syzbot
2024-01-05 17:59 ` syzbot
2024-01-05 18:00 ` syzbot
2024-01-05 18:01 ` syzbot
2024-01-05 18:02 ` syzbot
2024-01-05 18:03 ` syzbot
2024-01-05 18:04 ` syzbot
2024-01-05 18:05 ` syzbot
2024-01-05 18:06 ` syzbot
2024-01-05 18:07 ` syzbot
2024-01-05 18:08 ` syzbot
2024-01-05 18:09 ` syzbot
2024-01-05 18:10 ` syzbot
2024-01-05 18:11 ` syzbot
2024-01-05 18:12 ` syzbot
2024-01-05 18:13 ` syzbot
2024-01-05 18:14 ` syzbot
2024-01-05 18:15 ` syzbot
2024-01-05 18:16 ` syzbot
2024-01-05 18:17 ` syzbot
2024-01-05 18:18 ` syzbot
2024-01-05 18:19 ` syzbot
2024-01-05 18:20 ` Florian Fainelli
2024-01-05 18:20 ` syzbot
2024-01-05 18:21 ` syzbot
2024-01-05 18:22 ` syzbot
2024-01-05 18:23 ` syzbot
2024-01-05 18:25 ` Eric Dumazet
2024-01-05 18:24 ` syzbot
2024-01-05 18:25 ` syzbot
2024-01-05 18:26 ` syzbot
2024-01-05 18:27 ` syzbot
2024-01-05 18:28 ` syzbot
2024-01-05 18:29 ` syzbot
2024-01-05 18:30 ` syzbot
2024-01-05 18:31 ` syzbot
2024-01-05 18:32 ` syzbot
2024-01-05 18:33 ` syzbot
2024-01-05 18:34 ` syzbot
2024-01-05 18:35 ` syzbot
2024-01-05 18:36 ` syzbot
2024-01-05 18:37 ` syzbot
2024-01-05 18:38 ` syzbot
2024-01-05 18:39 ` syzbot
2024-01-05 18:40 ` syzbot
2024-01-05 18:41 ` syzbot
2024-01-05 18:46 ` Aleksandr Nogikh
2024-04-04 18:26 ` [syzbot] " syzbot
2024-04-18 18:27 ` syzbot
2024-05-02 18:28 ` syzbot
2024-05-16 18:28 ` syzbot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.