From: syzbot <syzbot+db84db800df5aa102826@syzkaller.appspotmail.com>
To: andriin@fb.com, ast@kernel.org, bpf@vger.kernel.org,
daniel@iogearbox.net, davem@davemloft.net,
john.fastabend@gmail.com, kafai@fb.com, kpsingh@chromium.org,
kuba@kernel.org, kuznet@ms2.inr.ac.ru,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
songliubraving@fb.com, syzkaller-bugs@googlegroups.com,
yhs@fb.com, yoshfuji@linux-ipv6.org
Subject: memory leak in inet6_create (2)
Date: Wed, 06 May 2020 22:56:16 -0700 [thread overview]
Message-ID: <000000000000f6592a05a5088904@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: f66ed1eb Merge tag 'iomap-5.7-fixes-1' of git://git.kernel..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12cf3c4c100000
kernel config: https://syzkaller.appspot.com/x/.config?x=36dc1e5ad3e26c41
dashboard link: https://syzkaller.appspot.com/bug?extid=db84db800df5aa102826
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1269d24c100000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16d01c4c100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+db84db800df5aa102826@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888110ef1800 (size 1840):
comm "syz-executor783", pid 8417, jiffies 4294954395 (age 25.940s)
hex dump (first 32 bytes):
00 00 00 00 7f 00 00 06 15 14 f5 21 4e 20 22 dc ...........!N ".
0a 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............
backtrace:
[<000000007986323e>] sk_prot_alloc+0x3c/0x170 net/core/sock.c:1598
[<000000002fc61b2a>] sk_alloc+0x30/0x330 net/core/sock.c:1658
[<000000000d7242e5>] inet6_create net/ipv6/af_inet6.c:181 [inline]
[<000000000d7242e5>] inet6_create+0x112/0x4d0 net/ipv6/af_inet6.c:108
[<00000000ca79ca9d>] __sock_create+0x14a/0x220 net/socket.c:1433
[<000000007253d628>] sock_create net/socket.c:1484 [inline]
[<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888110eaf620 (size 32):
comm "syz-executor783", pid 8417, jiffies 4294954395 (age 25.940s)
hex dump (first 32 bytes):
02 00 00 00 00 00 00 00 c0 d8 f0 10 81 88 ff ff ................
01 00 00 00 03 00 00 00 33 00 00 00 00 00 00 00 ........3.......
backtrace:
[<000000000d2c6b3e>] kmalloc include/linux/slab.h:555 [inline]
[<000000000d2c6b3e>] kzalloc include/linux/slab.h:669 [inline]
[<000000000d2c6b3e>] selinux_sk_alloc_security+0x43/0xa0 security/selinux/hooks.c:5126
[<00000000d4591378>] security_sk_alloc+0x42/0x70 security/security.c:2120
[<000000009002ddd9>] sk_prot_alloc+0x9c/0x170 net/core/sock.c:1607
[<000000002fc61b2a>] sk_alloc+0x30/0x330 net/core/sock.c:1658
[<000000000d7242e5>] inet6_create net/ipv6/af_inet6.c:181 [inline]
[<000000000d7242e5>] inet6_create+0x112/0x4d0 net/ipv6/af_inet6.c:108
[<00000000ca79ca9d>] __sock_create+0x14a/0x220 net/socket.c:1433
[<000000007253d628>] sock_create net/socket.c:1484 [inline]
[<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888110f0d8c0 (size 64):
comm "syz-executor783", pid 8417, jiffies 4294954395 (age 25.940s)
hex dump (first 32 bytes):
15 00 00 01 00 00 00 00 a0 39 dc 10 81 88 ff ff .........9......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000002bb571e8>] kmalloc include/linux/slab.h:555 [inline]
[<000000002bb571e8>] kzalloc include/linux/slab.h:669 [inline]
[<000000002bb571e8>] netlbl_secattr_alloc include/net/netlabel.h:382 [inline]
[<000000002bb571e8>] selinux_netlbl_sock_genattr+0x48/0x180 security/selinux/netlabel.c:76
[<00000000201274d5>] selinux_netlbl_socket_post_create+0x41/0xb0 security/selinux/netlabel.c:398
[<00000000189429bf>] selinux_socket_post_create+0x182/0x390 security/selinux/hooks.c:4541
[<0000000054916bb2>] security_socket_post_create+0x54/0x80 security/security.c:2032
[<0000000085ba4813>] __sock_create+0x1cc/0x220 net/socket.c:1449
[<000000007253d628>] sock_create net/socket.c:1484 [inline]
[<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888110dc39a0 (size 32):
comm "syz-executor783", pid 8417, jiffies 4294954395 (age 25.940s)
hex dump (first 32 bytes):
6b 65 72 6e 65 6c 5f 74 00 73 79 73 74 65 6d 5f kernel_t.system_
72 3a 6b 65 72 6e 65 6c 5f 74 3a 73 30 00 00 00 r:kernel_t:s0...
backtrace:
[<0000000090b931e1>] kstrdup+0x36/0x70 mm/util.c:60
[<0000000079ad8987>] security_netlbl_sid_to_secattr+0x97/0x100 security/selinux/ss/services.c:3739
[<000000006911d3c9>] selinux_netlbl_sock_genattr+0x67/0x180 security/selinux/netlabel.c:79
[<00000000201274d5>] selinux_netlbl_socket_post_create+0x41/0xb0 security/selinux/netlabel.c:398
[<00000000189429bf>] selinux_socket_post_create+0x182/0x390 security/selinux/hooks.c:4541
[<0000000054916bb2>] security_socket_post_create+0x54/0x80 security/security.c:2032
[<0000000085ba4813>] __sock_create+0x1cc/0x220 net/socket.c:1449
[<000000007253d628>] sock_create net/socket.c:1484 [inline]
[<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888110ef1800 (size 1840):
comm "syz-executor783", pid 8417, jiffies 4294954395 (age 30.410s)
hex dump (first 32 bytes):
00 00 00 00 7f 00 00 06 15 14 f5 21 4e 20 22 dc ...........!N ".
0a 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............
backtrace:
[<000000007986323e>] sk_prot_alloc+0x3c/0x170 net/core/sock.c:1598
[<000000002fc61b2a>] sk_alloc+0x30/0x330 net/core/sock.c:1658
[<000000000d7242e5>] inet6_create net/ipv6/af_inet6.c:181 [inline]
[<000000000d7242e5>] inet6_create+0x112/0x4d0 net/ipv6/af_inet6.c:108
[<00000000ca79ca9d>] __sock_create+0x14a/0x220 net/socket.c:1433
[<000000007253d628>] sock_create net/socket.c:1484 [inline]
[<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888110eaf620 (size 32):
comm "syz-executor783", pid 8417, jiffies 4294954395 (age 30.410s)
hex dump (first 32 bytes):
02 00 00 00 00 00 00 00 c0 d8 f0 10 81 88 ff ff ................
01 00 00 00 03 00 00 00 33 00 00 00 00 00 00 00 ........3.......
backtrace:
[<000000000d2c6b3e>] kmalloc include/linux/slab.h:555 [inline]
[<000000000d2c6b3e>] kzalloc include/linux/slab.h:669 [inline]
[<000000000d2c6b3e>] selinux_sk_alloc_security+0x43/0xa0 security/selinux/hooks.c:5126
[<00000000d4591378>] security_sk_alloc+0x42/0x70 security/security.c:2120
[<000000009002ddd9>] sk_prot_alloc+0x9c/0x170 net/core/sock.c:1607
[<000000002fc61b2a>] sk_alloc+0x30/0x330 net/core/sock.c:1658
[<000000000d7242e5>] inet6_create net/ipv6/af_inet6.c:181 [inline]
[<000000000d7242e5>] inet6_create+0x112/0x4d0 net/ipv6/af_inet6.c:108
[<00000000ca79ca9d>] __sock_create+0x14a/0x220 net/socket.c:1433
[<000000007253d628>] sock_create net/socket.c:1484 [inline]
[<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888110f0d8c0 (size 64):
comm "syz-executor783", pid 8417, jiffies 4294954395 (age 30.410s)
hex dump (first 32 bytes):
15 00 00 01 00 00 00 00 a0 39 dc 10 81 88 ff ff .........9......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000002bb571e8>] kmalloc include/linux/slab.h:555 [inline]
[<000000002bb571e8>] kzalloc include/linux/slab.h:669 [inline]
[<000000002bb571e8>] netlbl_secattr_alloc include/net/netlabel.h:382 [inline]
[<000000002bb571e8>] selinux_netlbl_sock_genattr+0x48/0x180 security/selinux/netlabel.c:76
[<00000000201274d5>] selinux_netlbl_socket_post_create+0x41/0xb0 security/selinux/netlabel.c:398
[<00000000189429bf>] selinux_socket_post_create+0x182/0x390 security/selinux/hooks.c:4541
[<0000000054916bb2>] security_socket_post_create+0x54/0x80 security/security.c:2032
[<0000000085ba4813>] __sock_create+0x1cc/0x220 net/socket.c:1449
[<000000007253d628>] sock_create net/socket.c:1484 [inline]
[<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888110dc39a0 (size 32):
comm "syz-executor783", pid 8417, jiffies 4294954395 (age 30.410s)
hex dump (first 32 bytes):
6b 65 72 6e 65 6c 5f 74 00 73 79 73 74 65 6d 5f kernel_t.system_
72 3a 6b 65 72 6e 65 6c 5f 74 3a 73 30 00 00 00 r:kernel_t:s0...
backtrace:
[<0000000090b931e1>] kstrdup+0x36/0x70 mm/util.c:60
[<0000000079ad8987>] security_netlbl_sid_to_secattr+0x97/0x100 security/selinux/ss/services.c:3739
[<000000006911d3c9>] selinux_netlbl_sock_genattr+0x67/0x180 security/selinux/netlabel.c:79
[<00000000201274d5>] selinux_netlbl_socket_post_create+0x41/0xb0 security/selinux/netlabel.c:398
[<00000000189429bf>] selinux_socket_post_create+0x182/0x390 security/selinux/hooks.c:4541
[<0000000054916bb2>] security_socket_post_create+0x54/0x80 security/security.c:2032
[<0000000085ba4813>] __sock_create+0x1cc/0x220 net/socket.c:1449
[<000000007253d628>] sock_create net/socket.c:1484 [inline]
[<000000007253d628>] __sys_socket+0x60/0x110 net/socket.c:1526
[<00000000503be95b>] __do_sys_socket net/socket.c:1535 [inline]
[<00000000503be95b>] __se_sys_socket net/socket.c:1533 [inline]
[<00000000503be95b>] __x64_sys_socket+0x1a/0x20 net/socket.c:1533
[<0000000042ce79c0>] do_syscall_64+0x6e/0x220 arch/x86/entry/common.c:295
[<00000000b1aeae16>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
reply other threads:[~2020-05-07 5:56 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000f6592a05a5088904@google.com \
--to=syzbot+db84db800df5aa102826@syzkaller.appspotmail.com \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@chromium.org \
--cc=kuba@kernel.org \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=yhs@fb.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).