From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-il1-f200.google.com (mail-il1-f200.google.com [209.85.166.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB8842F50A for ; Fri, 5 Jan 2024 18:32:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-il1-f200.google.com with SMTP id e9e14a558f8ab-35ffb5723e9so13469835ab.2 for ; Fri, 05 Jan 2024 10:32:21 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704479541; x=1705084341; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0J45BElnGsnlb+hcSi7W72v1ypQ+RzOOzGvT7znb7Wo=; b=sNbAHgsf1XCJidj7on/bt2W97lxMRNLGqPCDL0izU5+FHoj/oU9dNakZGxTZWJGFrU hS/9Iv2mTQz2ky27ikJzhQxU2XVqqkdo4b/w2w9qSazhIpxo1TUjtASWC/Yt0gDtGnfP GMSPyfBJGPlUKV3pLI+kn7tUAGHLgFgqTswaPBUQa9s80GMhBf2xjoYUVU0mQZG4w0jM xHqF50n5cXsrIjXVP8WTTJkAPYDbBnYjwYJslZfyOiegFrm7bprEDAg7TTnfrrnANbxg A8kEIlwRoTovTSP5TOqBnP/R/JwrIPWkH9LJu6v4+x/0TBbKrWyDyvDPQ7e2HsZDYXGx o9zg== X-Gm-Message-State: AOJu0Yz3Trol1MfZa6XLPDG801flp+q6KQzMzoEwYWbUrcnPACKNDkZk vA2KU3KyCya+UK0Ys2ncfVqKOahGaNt4omZ5SBpURFzHjgMz X-Google-Smtp-Source: AGHT+IF3MDgd6qrvcOf9O7j3paqcJ9pvkQKtSQ8eZF1LxpvdmItR2QxAXp03Lf1BZQ0FU4gNVujp6N3TcZr9t+ozB90n/Bguy7Qe Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6e02:18cc:b0:35f:ff56:c0fe with SMTP id s12-20020a056e0218cc00b0035fff56c0femr386306ilu.1.1704479541202; Fri, 05 Jan 2024 10:32:21 -0800 (PST) Date: Fri, 05 Jan 2024 10:32:21 -0800 In-Reply-To: <000000000000a62351060e363bdc@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <000000000000949803060e3711e3@google.com> Subject: Re: [syzbot] [net?] memory leak in ___neigh_create (2) From: syzbot To: alexander.mikhalitsyn@virtuozzo.com, davem@davemloft.net, den@openvz.org, dsahern@kernel.org, edumazet@google.com, f.fainelli@gmail.com, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, pabeni@redhat.com, razor@blackwall.org, syzkaller-bugs@googlegroups.com, thomas.zeitlhofer+lkml@ze-it.at, thomas.zeitlhofer@ze-it.at, wangyuweihx@gmail.com Content-Type: text/plain; charset="UTF-8" syzbot has found a reproducer for the following issue on: HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000 kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501 dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+42cfec52b6508887bbe8@syzkaller.appspotmail.com BUG: memory leak unreferenced object 0xffff88810b8ea400 (size 512): comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s) hex dump (first 32 bytes): 00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#..... c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx...... backtrace: [] __do_kmalloc_node mm/slab_common.c:967 [inline] [] __kmalloc+0x46/0x120 mm/slab_common.c:981 [] kmalloc include/linux/slab.h:584 [inline] [] kzalloc include/linux/slab.h:720 [inline] [] neigh_alloc net/core/neighbour.c:476 [inline] [] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661 [] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125 [] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline] [] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206 [] NF_HOOK_COND include/linux/netfilter.h:291 [inline] [] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227 [] dst_output include/net/dst.h:444 [inline] [] NF_HOOK include/linux/netfilter.h:302 [inline] [] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296 [] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820 [] mld_send_cr net/ipv6/mcast.c:2121 [inline] [] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653 [] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289 [] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436 [] kthread+0x125/0x160 kernel/kthread.c:376 [] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 BUG: memory leak unreferenced object 0xffff888109a7fa00 (size 512): comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#..... 00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx...... backtrace: [] __do_kmalloc_node mm/slab_common.c:967 [inline] [] __kmalloc+0x46/0x120 mm/slab_common.c:981 [] kmalloc include/linux/slab.h:584 [inline] [] kzalloc include/linux/slab.h:720 [inline] [] neigh_alloc net/core/neighbour.c:476 [inline] [] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661 [] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125 [] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline] [] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206 [] NF_HOOK_COND include/linux/netfilter.h:291 [inline] [] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227 [] dst_output include/net/dst.h:444 [inline] [] NF_HOOK include/linux/netfilter.h:302 [inline] [] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296 [] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820 [] mld_send_cr net/ipv6/mcast.c:2121 [inline] [] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653 [] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289 [] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436 [] kthread+0x125/0x160 kernel/kthread.c:376 [] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 BUG: memory leak unreferenced object 0xffff88810a9fb400 (size 512): comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#..... c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx...... backtrace: [] __do_kmalloc_node mm/slab_common.c:967 [inline] [] __kmalloc+0x46/0x120 mm/slab_common.c:981 [] kmalloc include/linux/slab.h:584 [inline] [] kzalloc include/linux/slab.h:720 [inline] [] neigh_alloc net/core/neighbour.c:476 [inline] [] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661 [] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125 [] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline] [] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206 [] NF_HOOK_COND include/linux/netfilter.h:291 [inline] [] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227 [] dst_output include/net/dst.h:444 [inline] [] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155 [] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971 [] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991 [] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline] [] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922 [] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827 [] sock_sendmsg_nosec net/socket.c:714 [inline] [] sock_sendmsg+0x56/0x80 net/socket.c:734 [] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476 [] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530 [] __sys_sendmsg+0x88/0x100 net/socket.c:2559 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff88810a9fba00 (size 512): comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#..... 80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx...... backtrace: [] __do_kmalloc_node mm/slab_common.c:967 [inline] [] __kmalloc+0x46/0x120 mm/slab_common.c:981 [] kmalloc include/linux/slab.h:584 [inline] [] kzalloc include/linux/slab.h:720 [inline] [] neigh_alloc net/core/neighbour.c:476 [inline] [] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661 [] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125 [] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline] [] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206 [] NF_HOOK_COND include/linux/netfilter.h:291 [inline] [] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227 [] dst_output include/net/dst.h:444 [inline] [] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155 [] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971 [] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991 [] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline] [] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922 [] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827 [] sock_sendmsg_nosec net/socket.c:714 [inline] [] sock_sendmsg+0x56/0x80 net/socket.c:734 [] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476 [] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530 [] __sys_sendmsg+0x88/0x100 net/socket.c:2559 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing.