From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9A49EB64D7 for ; Tue, 13 Jun 2023 23:37:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235629AbjFMXg7 (ORCPT ); Tue, 13 Jun 2023 19:36:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33094 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231341AbjFMXg5 (ORCPT ); Tue, 13 Jun 2023 19:36:57 -0400 Received: from mail-io1-f77.google.com (mail-io1-f77.google.com [209.85.166.77]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E8EB81727 for ; Tue, 13 Jun 2023 16:36:55 -0700 (PDT) Received: by mail-io1-f77.google.com with SMTP id ca18e2360f4ac-76c6c1b16d2so771696339f.1 for ; Tue, 13 Jun 2023 16:36:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686699415; x=1689291415; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qpzsuVrNoglwA7vam832+fL4Or5CLbaAmcZOxQ4ezY8=; b=YQO1aLC6LsMaANN1GgaS6aXh8JwvWRb4r0dRThaCCc+cQSXAmKe/XPIxCzHWOKf4Eg YY6Zd/93JfGRHK57MwCGP6sqjBa26M9kCn7wxiRcfth0ve58JRjUbfEjA2dT2NzEAz34 wGW2btouD0s3y56jnCtGyMWd+biMBSWv3LFOjXi2sKU+FK4aQjrbr8tax1Dd04DMBYZw /3aJ0r1cHL8BEa95uISRseUOIKb3c5qNMbZSv2glOW839LtpEawqRm44DxzmJrk+kWFf j8odUcKmecOwA8PqjrUT05QOd73++WCkmEqKk0M+L8bsq5wzefxGMsJHZ7V7A29CWP9C Eglg== X-Gm-Message-State: AC+VfDzIbjDnVZv489GDQP9oCd4ucXOkFK1ExNYfxUgt2/zWdUqPKdMg EyjX7fd8pXHlF/dHWEZWIo+MBMQmM1n0J3Sg4piCFzvb36sp X-Google-Smtp-Source: ACHHUZ5p0PUhsHjUdEm3xNlS191eQu7h67/ihxJbBXYCXrNqfCjlaPNKoRP/Gd7tH/aX450c1u2zszknknxab5IJwvlQXkN8EAeW MIME-Version: 1.0 X-Received: by 2002:a02:228b:0:b0:41d:70ff:9254 with SMTP id o133-20020a02228b000000b0041d70ff9254mr6168071jao.3.1686699415331; Tue, 13 Jun 2023 16:36:55 -0700 (PDT) Date: Tue, 13 Jun 2023 16:36:55 -0700 In-Reply-To: <0000000000009612bc05fe07c73f@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <0000000000007e6d7505fe0b4f4b@google.com> Subject: Re: [syzbot] [hams?] memory leak in nr_create (3) From: syzbot To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, linux-hams@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, pabeni@redhat.com, ralf@linux-mips.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org syzbot has found a reproducer for the following issue on: HEAD commit: fb054096aea0 Merge tag 'mm-hotfixes-stable-2023-06-12-12-2.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=17042a9d280000 kernel config: https://syzkaller.appspot.com/x/.config?x=62c3855f0661c072 dashboard link: https://syzkaller.appspot.com/bug?extid=d327a1f3b12e1e206c16 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=166d8d2d280000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=102f213b280000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/193c8ae2af09/disk-fb054096.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/eaa8cc7d62e7/vmlinux-fb054096.xz kernel image: https://storage.googleapis.com/syzbot-assets/4209ce6abb1d/bzImage-fb054096.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+d327a1f3b12e1e206c16@syzkaller.appspotmail.com BUG: memory leak unreferenced object 0xffff8881160a5800 (size 2048): comm "syz-executor386", pid 5102, jiffies 4294948540 (age 23.020s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 06 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ backtrace: [] __do_kmalloc_node mm/slab_common.c:965 [inline] [] __kmalloc+0x4a/0x120 mm/slab_common.c:979 [] kmalloc include/linux/slab.h:563 [inline] [] sk_prot_alloc+0xcd/0x1b0 net/core/sock.c:2035 [] sk_alloc+0x36/0x300 net/core/sock.c:2088 [] nr_create+0x84/0x1c0 net/netrom/af_netrom.c:438 [] __sock_create+0x1de/0x300 net/socket.c:1547 [] sock_create net/socket.c:1598 [inline] [] __sys_socket_create net/socket.c:1635 [inline] [] __sys_socket_create net/socket.c:1620 [inline] [] __sys_socket+0xa2/0x190 net/socket.c:1663 [] __do_sys_socket net/socket.c:1676 [inline] [] __se_sys_socket net/socket.c:1674 [inline] [] __x64_sys_socket+0x1e/0x30 net/socket.c:1674 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory BUG: memory leak unreferenced object 0xffff8881115ddde0 (size 32): comm "syz-executor386", pid 5003, jiffies 4294947794 (age 35.370s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmalloc_trace+0x24/0x90 mm/slab_common.c:1057 [] kmalloc include/linux/slab.h:559 [inline] [] kzalloc include/linux/slab.h:680 [inline] [] net_alloc net/core/net_namespace.c:422 [inline] [] copy_net_ns+0xdc/0x450 net/core/net_namespace.c:476 [] create_new_namespaces+0x199/0x4f0 kernel/nsproxy.c:110 [] unshare_nsproxy_namespaces+0x9f/0x120 kernel/nsproxy.c:228 [] ksys_unshare+0x302/0x600 kernel/fork.c:3441 [] __do_sys_unshare kernel/fork.c:3512 [inline] [] __se_sys_unshare kernel/fork.c:3510 [inline] [] __x64_sys_unshare+0x16/0x20 kernel/fork.c:3510 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff888109e8a600 (size 512): comm "syz-executor386", pid 5003, jiffies 4294947794 (age 35.370s) hex dump (first 32 bytes): 00 98 e8 09 81 88 ff ff 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 ea ff ff ff ff ff ff ff ................ backtrace: [] __do_kmalloc_node mm/slab_common.c:965 [inline] [] __kmalloc+0x4a/0x120 mm/slab_common.c:979 [] kmalloc include/linux/slab.h:563 [inline] [] kzalloc include/linux/slab.h:680 [inline] [] __register_sysctl_table+0x7f/0xac0 fs/proc/proc_sysctl.c:1376 [] netfilter_log_sysctl_init net/netfilter/nf_log.c:490 [inline] [] nf_log_net_init+0xc0/0x1e0 net/netfilter/nf_log.c:539 [] ops_init+0x54/0x1d0 net/core/net_namespace.c:136 [] setup_net+0x1d2/0x3f0 net/core/net_namespace.c:339 [] copy_net_ns+0x20d/0x450 net/core/net_namespace.c:491 [] create_new_namespaces+0x199/0x4f0 kernel/nsproxy.c:110 [] unshare_nsproxy_namespaces+0x9f/0x120 kernel/nsproxy.c:228 [] ksys_unshare+0x302/0x600 kernel/fork.c:3441 [] __do_sys_unshare kernel/fork.c:3512 [inline] [] __se_sys_unshare kernel/fork.c:3510 [inline] [] __x64_sys_unshare+0x16/0x20 kernel/fork.c:3510 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff88810e12b400 (size 256): comm "syz-executor386", pid 5003, jiffies 4294947794 (age 35.370s) hex dump (first 32 bytes): 78 b4 12 0e 81 88 ff ff 00 00 00 00 00 00 00 00 x............... 00 00 00 00 00 00 00 00 ea ff ff ff ff ff ff ff ................ backtrace: [] __do_kmalloc_node mm/slab_common.c:965 [inline] [] __kmalloc+0x4a/0x120 mm/slab_common.c:979 [] kmalloc include/linux/slab.h:563 [inline] [] kzalloc include/linux/slab.h:680 [inline] [] new_dir fs/proc/proc_sysctl.c:970 [inline] [] get_subdir fs/proc/proc_sysctl.c:1014 [inline] [] sysctl_mkdir_p fs/proc/proc_sysctl.c:1307 [inline] [] __register_sysctl_table+0x763/0xac0 fs/proc/proc_sysctl.c:1392 [] netfilter_log_sysctl_init net/netfilter/nf_log.c:490 [inline] [] nf_log_net_init+0xc0/0x1e0 net/netfilter/nf_log.c:539 [] ops_init+0x54/0x1d0 net/core/net_namespace.c:136 [] setup_net+0x1d2/0x3f0 net/core/net_namespace.c:339 [] copy_net_ns+0x20d/0x450 net/core/net_namespace.c:491 [] create_new_namespaces+0x199/0x4f0 kernel/nsproxy.c:110 [] unshare_nsproxy_namespaces+0x9f/0x120 kernel/nsproxy.c:228 [] ksys_unshare+0x302/0x600 kernel/fork.c:3441 [] __do_sys_unshare kernel/fork.c:3512 [inline] [] __se_sys_unshare kernel/fork.c:3510 [inline] [] __x64_sys_unshare+0x16/0x20 kernel/fork.c:3510 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff88810b613180 (size 192): comm "syz-executor386", pid 5003, jiffies 4294947794 (age 35.370s) hex dump (first 32 bytes): 00 1a 62 0a 81 88 ff ff 00 00 00 00 00 00 00 00 ..b............. 00 00 00 00 00 00 00 00 ea ff ff ff ff ff ff ff ................ backtrace: [] __do_kmalloc_node mm/slab_common.c:965 [inline] [] __kmalloc+0x4a/0x120 mm/slab_common.c:979 [] kmalloc include/linux/slab.h:563 [inline] [] kzalloc include/linux/slab.h:680 [inline] [] __register_sysctl_table+0x7f/0xac0 fs/proc/proc_sysctl.c:1376 [] sysctl_core_net_init+0x8e/0x130 net/core/sysctl_net_core.c:715 [] ops_init+0x54/0x1d0 net/core/net_namespace.c:136 [] setup_net+0x1d2/0x3f0 net/core/net_namespace.c:339 [] copy_net_ns+0x20d/0x450 net/core/net_namespace.c:491 [] create_new_namespaces+0x199/0x4f0 kernel/nsproxy.c:110 [] unshare_nsproxy_namespaces+0x9f/0x120 kernel/nsproxy.c:228 [] ksys_unshare+0x302/0x600 kernel/fork.c:3441 [] __do_sys_unshare kernel/fork.c:3512 [inline] [] __se_sys_unshare kernel/fork.c:3510 [inline] [] __x64_sys_unshare+0x16/0x20 kernel/fork.c:3510 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing.