From: syzbot <syzbot+bb7ba8dd62c3cb6e3c78@syzkaller.appspotmail.com>
To: andriin@fb.com, ast@kernel.org, bpf@vger.kernel.org,
daniel@iogearbox.net, davem@davemloft.net,
john.fastabend@gmail.com, kafai@fb.com, kpsingh@chromium.org,
kuba@kernel.org, kuznet@ms2.inr.ac.ru,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
songliubraving@fb.com, syzkaller-bugs@googlegroups.com,
yhs@fb.com, yoshfuji@linux-ipv6.org
Subject: memory leak in inet_create (2)
Date: Mon, 27 Apr 2020 06:48:15 -0700 [thread overview]
Message-ID: <0000000000007bf88805a445f729@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: 5ef58e29 Merge tag 'scsi-fixes' of git://git.kernel.org/pu..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10f0f144100000
kernel config: https://syzkaller.appspot.com/x/.config?x=bb30a3887988ffff
dashboard link: https://syzkaller.appspot.com/bug?extid=bb7ba8dd62c3cb6e3c78
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=110e8fcfe00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+bb7ba8dd62c3cb6e3c78@syzkaller.appspotmail.com
2020/04/25 22:35:25 executed programs: 3
2020/04/25 22:35:30 executed programs: 5
2020/04/25 22:35:36 executed programs: 7
BUG: memory leak
unreferenced object 0xffff88811094b300 (size 2200):
comm "syz-executor.0", pid 6864, jiffies 4294947266 (age 13.790s)
hex dump (first 32 bytes):
ac 14 14 bb ac 14 14 0a 89 26 f2 70 40 01 00 00 .........&.p@...
02 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............
backtrace:
[<000000002efa2559>] sk_prot_alloc+0x3c/0x170 net/core/sock.c:1598
[<00000000a5b6b437>] sk_alloc+0x30/0x330 net/core/sock.c:1658
[<00000000494c18b6>] inet_create net/ipv4/af_inet.c:321 [inline]
[<00000000494c18b6>] inet_create+0x119/0x450 net/ipv4/af_inet.c:247
[<000000001239bbdb>] __sock_create+0x14a/0x220 net/socket.c:1433
[<00000000c1f7caa8>] sock_create net/socket.c:1484 [inline]
[<00000000c1f7caa8>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000d35154cc>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000d35154cc>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000d35154cc>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<00000000283ef9ec>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<000000004290d57b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88811b253f60 (size 32):
comm "syz-executor.0", pid 6864, jiffies 4294947266 (age 13.790s)
hex dump (first 32 bytes):
02 00 00 00 00 00 00 00 c0 3d 3f 15 81 88 ff ff .........=?.....
01 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 ................
backtrace:
[<000000007d627037>] kmalloc include/linux/slab.h:555 [inline]
[<000000007d627037>] kzalloc include/linux/slab.h:669 [inline]
[<000000007d627037>] selinux_sk_alloc_security+0x43/0xa0 security/selinux/hooks.c:5126
[<0000000076a22383>] security_sk_alloc+0x42/0x70 security/security.c:2120
[<0000000066acd291>] sk_prot_alloc+0x9c/0x170 net/core/sock.c:1607
[<00000000a5b6b437>] sk_alloc+0x30/0x330 net/core/sock.c:1658
[<00000000494c18b6>] inet_create net/ipv4/af_inet.c:321 [inline]
[<00000000494c18b6>] inet_create+0x119/0x450 net/ipv4/af_inet.c:247
[<000000001239bbdb>] __sock_create+0x14a/0x220 net/socket.c:1433
[<00000000c1f7caa8>] sock_create net/socket.c:1484 [inline]
[<00000000c1f7caa8>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000d35154cc>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000d35154cc>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000d35154cc>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<00000000283ef9ec>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<000000004290d57b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff8881153f3dc0 (size 64):
comm "syz-executor.0", pid 6864, jiffies 4294947266 (age 13.790s)
hex dump (first 32 bytes):
15 00 00 01 00 00 00 00 20 68 e9 1c 81 88 ff ff ........ h......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000dde82831>] kmalloc include/linux/slab.h:555 [inline]
[<00000000dde82831>] kzalloc include/linux/slab.h:669 [inline]
[<00000000dde82831>] netlbl_secattr_alloc include/net/netlabel.h:382 [inline]
[<00000000dde82831>] selinux_netlbl_sock_genattr+0x48/0x180 security/selinux/netlabel.c:76
[<00000000438c6346>] selinux_netlbl_socket_post_create+0x41/0xb0 security/selinux/netlabel.c:398
[<00000000b422abf2>] selinux_socket_post_create+0x182/0x390 security/selinux/hooks.c:4541
[<000000005be0d1ac>] security_socket_post_create+0x54/0x80 security/security.c:2032
[<00000000a0ec3d71>] __sock_create+0x1cc/0x220 net/socket.c:1449
[<00000000c1f7caa8>] sock_create net/socket.c:1484 [inline]
[<00000000c1f7caa8>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000d35154cc>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000d35154cc>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000d35154cc>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<00000000283ef9ec>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<000000004290d57b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88811ce96820 (size 32):
comm "syz-executor.0", pid 6864, jiffies 4294947266 (age 13.790s)
hex dump (first 32 bytes):
6b 65 72 6e 65 6c 5f 74 00 73 79 73 74 65 6d 5f kernel_t.system_
72 3a 6b 65 72 6e 65 6c 5f 74 3a 73 30 00 00 00 r:kernel_t:s0...
backtrace:
[<000000007edbec14>] kstrdup+0x36/0x70 mm/util.c:60
[<00000000b343d2c4>] security_netlbl_sid_to_secattr+0x97/0x100 security/selinux/ss/services.c:3739
[<00000000ddb8495a>] selinux_netlbl_sock_genattr+0x67/0x180 security/selinux/netlabel.c:79
[<00000000438c6346>] selinux_netlbl_socket_post_create+0x41/0xb0 security/selinux/netlabel.c:398
[<00000000b422abf2>] selinux_socket_post_create+0x182/0x390 security/selinux/hooks.c:4541
[<000000005be0d1ac>] security_socket_post_create+0x54/0x80 security/security.c:2032
[<00000000a0ec3d71>] __sock_create+0x1cc/0x220 net/socket.c:1449
[<00000000c1f7caa8>] sock_create net/socket.c:1484 [inline]
[<00000000c1f7caa8>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000d35154cc>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000d35154cc>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000d35154cc>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<00000000283ef9ec>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<000000004290d57b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff8881113aa400 (size 512):
comm "syz-executor.0", pid 6864, jiffies 4294947266 (age 13.790s)
hex dump (first 32 bytes):
00 b3 94 10 81 88 ff ff 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 ................
backtrace:
[<0000000031227790>] kmalloc_node include/linux/slab.h:573 [inline]
[<0000000031227790>] kzalloc_node include/linux/slab.h:680 [inline]
[<0000000031227790>] sk_psock_init+0x2a/0x180 net/core/skmsg.c:496
[<00000000a405c065>] sock_map_link.isra.0+0x469/0x4f0 net/core/sock_map.c:236
[<000000003b7d5922>] sock_map_update_common+0xa1/0x3c0 net/core/sock_map.c:451
[<00000000f12c515e>] sock_map_update_elem+0x1e9/0x220 net/core/sock_map.c:552
[<000000000fedde3d>] bpf_map_update_value.isra.0+0x141/0x2f0 kernel/bpf/syscall.c:169
[<000000004deb6133>] map_update_elem kernel/bpf/syscall.c:1098 [inline]
[<000000004deb6133>] __do_sys_bpf+0x16bf/0x1f00 kernel/bpf/syscall.c:3689
[<00000000283ef9ec>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<000000004290d57b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
next reply other threads:[~2020-04-27 13:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-27 13:48 syzbot [this message]
2020-11-23 17:31 ` memory leak in inet_create (2) syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000007bf88805a445f729@google.com \
--to=syzbot+bb7ba8dd62c3cb6e3c78@syzkaller.appspotmail.com \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@chromium.org \
--cc=kuba@kernel.org \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=yhs@fb.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.