Hello,
syzbot found the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
On 1/5/24 09:32, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
> kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
> dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: [email protected]
Is there a way to stop sending multiple such duplicate reports?
--
Florian
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
On Fri, Jan 5, 2024 at 7:23 PM syzbot
<[email protected]> wrote:
>
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
> kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
> dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: [email protected]
>
> BUG: memory leak
> unreferenced object 0xffff88810b8ea400 (size 512):
> comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
> hex dump (first 32 bytes):
> 00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
> c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
> [<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
> [<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
> [<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
> [<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
> [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
> [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
> [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
> [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>
> BUG: memory leak
> unreferenced object 0xffff888109a7fa00 (size 512):
> comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> 00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
> [<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
> [<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
> [<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
> [<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
> [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
> [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
> [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
> [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>
> BUG: memory leak
> unreferenced object 0xffff88810a9fb400 (size 512):
> comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
> [<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
> [<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
> [<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
> [<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
> [<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
> [<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
> [<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
> [<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
> [<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
> [<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
> [<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> [<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
> [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
>
> BUG: memory leak
> unreferenced object 0xffff88810a9fba00 (size 512):
> comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> 80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
> [<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
> [<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
> [<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
> [<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
> [<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
> [<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
> [<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
> [<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
> [<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
> [<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
> [<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> [<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
> [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
>
>
>
> ---
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
Not sure what happened with syzbot today ....
#syz fix: net: stop syzbot
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot has found a reproducer for the following issue on:
HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
BUG: memory leak
unreferenced object 0xffff88810b8ea400 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff888109a7fa00 (size 512):
comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
[<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
[<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
[<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
[<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
[<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
[<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
[<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
[<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
[<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
BUG: memory leak
unreferenced object 0xffff88810a9fb400 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810a9fba00 (size 512):
comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
backtrace:
[<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
[<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
[<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
[<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
[<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
[<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
[<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
[<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
[<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
[<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
[<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
[<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
[<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
[<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
[<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
[<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
[<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
[<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
[<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
[<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
[<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
I'm very sorry for the inconvenience due to the syzbot breakage!
The reporting was stopped.
We're figuring out what went wrong and will add more fine-grained
controls to prevent such situations in the future.
On Fri, Jan 5, 2024 at 7:41 PM syzbot
<[email protected]> wrote:
>
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 2258c2dc850b Merge tag 'for-linus' of git://git.kernel.org..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=16f67b44480000
> kernel config: https://syzkaller.appspot.com/x/.config?x=a4fb7ad9185f1501
> dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e23d44480000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/0e65a45877eb/disk-2258c2dc.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/7617adf885a8/vmlinux-2258c2dc.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/43fb89ea894a/bzImage-2258c2dc.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: [email protected]
>
> BUG: memory leak
> unreferenced object 0xffff88810b8ea400 (size 512):
> comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
> hex dump (first 32 bytes):
> 00 9c f8 0a 81 88 ff ff 80 29 23 86 ff ff ff ff .........)#.....
> c0 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
> [<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
> [<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
> [<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
> [<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
> [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
> [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
> [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
> [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>
> BUG: memory leak
> unreferenced object 0xffff888109a7fa00 (size 512):
> comm "kworker/0:3", pid 4440, jiffies 4294938594 (age 1132.680s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> 00 79 79 44 81 88 ff ff 72 78 ff ff 00 00 00 00 .yyD....rx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff83ff16d9>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff83ff16d9>] NF_HOOK include/linux/netfilter.h:302 [inline]
> [<ffffffff83ff16d9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:296
> [<ffffffff83ff19c4>] mld_sendpack+0x224/0x350 net/ipv6/mcast.c:1820
> [<ffffffff83ff5403>] mld_send_cr net/ipv6/mcast.c:2121 [inline]
> [<ffffffff83ff5403>] mld_ifc_work+0x2a3/0x750 net/ipv6/mcast.c:2653
> [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
> [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
> [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
> [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
>
> BUG: memory leak
> unreferenced object 0xffff88810a9fb400 (size 512):
> comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> c0 76 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .vyD....sx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
> [<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
> [<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
> [<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
> [<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
> [<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
> [<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
> [<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
> [<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
> [<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
> [<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
> [<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> [<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
> [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
>
> BUG: memory leak
> unreferenced object 0xffff88810a9fba00 (size 512):
> comm "dhcpcd", pid 4638, jiffies 4294938595 (age 1132.670s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 80 29 23 86 ff ff ff ff .........)#.....
> 80 77 79 44 81 88 ff ff 73 78 ff ff 00 00 00 00 .wyD....sx......
> backtrace:
> [<ffffffff814f9fe6>] __do_kmalloc_node mm/slab_common.c:967 [inline]
> [<ffffffff814f9fe6>] __kmalloc+0x46/0x120 mm/slab_common.c:981
> [<ffffffff83b5234f>] kmalloc include/linux/slab.h:584 [inline]
> [<ffffffff83b5234f>] kzalloc include/linux/slab.h:720 [inline]
> [<ffffffff83b5234f>] neigh_alloc net/core/neighbour.c:476 [inline]
> [<ffffffff83b5234f>] ___neigh_create+0xdf/0xd60 net/core/neighbour.c:661
> [<ffffffff83f9f886>] ip6_finish_output2+0x776/0x9b0 net/ipv6/ip6_output.c:125
> [<ffffffff83fa5530>] __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
> [<ffffffff83fa5530>] ip6_finish_output+0x270/0x530 net/ipv6/ip6_output.c:206
> [<ffffffff83fa5893>] NF_HOOK_COND include/linux/netfilter.h:291 [inline]
> [<ffffffff83fa5893>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:227
> [<ffffffff84062411>] dst_output include/net/dst.h:444 [inline]
> [<ffffffff84062411>] ip6_local_out+0x51/0x70 net/ipv6/output_core.c:155
> [<ffffffff83fa6285>] ip6_send_skb+0x25/0xc0 net/ipv6/ip6_output.c:1971
> [<ffffffff83fa6394>] ip6_push_pending_frames+0x74/0x90 net/ipv6/ip6_output.c:1991
> [<ffffffff83fec08c>] rawv6_push_pending_frames net/ipv6/raw.c:579 [inline]
> [<ffffffff83fec08c>] rawv6_sendmsg+0x16ac/0x1ba0 net/ipv6/raw.c:922
> [<ffffffff83ebe965>] inet_sendmsg+0x45/0x70 net/ipv4/af_inet.c:827
> [<ffffffff83af7116>] sock_sendmsg_nosec net/socket.c:714 [inline]
> [<ffffffff83af7116>] sock_sendmsg+0x56/0x80 net/socket.c:734
> [<ffffffff83af769d>] ____sys_sendmsg+0x38d/0x410 net/socket.c:2476
> [<ffffffff83afbfe8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2530
> [<ffffffff83afc178>] __sys_sendmsg+0x88/0x100 net/socket.c:2559
> [<ffffffff848ed5b5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> [<ffffffff848ed5b5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
> [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
>
>
>
> ---
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000d4a93c060e373195%40google.com.
This bug is marked as fixed by commit:
net: stop syzbot
But I can't find it in the tested trees[1] for more than 90 days.
Is it a correct commit? Please update it by replying:
#syz fix: exact-commit-title
Until then the bug is still considered open and new crashes with
the same signature are ignored.
Kernel: Linux
Dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
---
[1] I expect the commit to be present in:
1. for-kernelci branch of
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
2. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
3. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
4. main branch of
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
The full list of 9 trees can be found at
https://syzkaller.appspot.com/upstream/repos
This bug is marked as fixed by commit:
net: stop syzbot
But I can't find it in the tested trees[1] for more than 90 days.
Is it a correct commit? Please update it by replying:
#syz fix: exact-commit-title
Until then the bug is still considered open and new crashes with
the same signature are ignored.
Kernel: Linux
Dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
---
[1] I expect the commit to be present in:
1. for-kernelci branch of
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
2. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
3. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
4. main branch of
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
The full list of 9 trees can be found at
https://syzkaller.appspot.com/upstream/repos
This bug is marked as fixed by commit:
net: stop syzbot
But I can't find it in the tested trees[1] for more than 90 days.
Is it a correct commit? Please update it by replying:
#syz fix: exact-commit-title
Until then the bug is still considered open and new crashes with
the same signature are ignored.
Kernel: Linux
Dashboard link: https://syzkaller.appspot.com/bug?extid=42cfec52b6508887bbe8
---
[1] I expect the commit to be present in:
1. for-kernelci branch of
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
2. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
3. master branch of
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
4. main branch of
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
The full list of 9 trees can be found at
https://syzkaller.appspot.com/upstream/repos