[syzbot] [fs?] memory leak in fasync_helper (2)
13 views
Skip to first unread message
syzbot
Sep 21, 2023, 2:52:49āÆAM9/21/23
to bra...@kernel.org, chuck...@oracle.com, jla...@kernel.org, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
Hello,
syzbot found the following issue on:
HEAD commit: f0b0d403eabb Merge tag 'kbuild-fixes-v6.6' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=144e498c680000
kernel config: https://syzkaller.appspot.com/x/.config?x=943a94479fa8e863
dashboard link: https://syzkaller.appspot.com/bug?extid=5f1acda7e06a2298fae6
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=161ac702680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16515418680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/47695e593bcd/disk-f0b0d403.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/306f9aca0df9/vmlinux-f0b0d403.xz
kernel image: https://storage.googleapis.com/syzbot-assets/25549b4deb42/bzImage-f0b0d403.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5f1acd...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888114ac69c0 (size 48):
comm "syz-executor199", pid 5124, jiffies 4294947402 (age 21.830s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 81 0f 09 81 88 ff ff ................
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114a7ecf0 (size 48):
comm "syz-executor199", pid 5133, jiffies 4294947484 (age 21.010s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 21 ac 14 81 88 ff ff .........!......
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114eec180 (size 48):
comm "syz-executor199", pid 5138, jiffies 4294947529 (age 20.560s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 7a 51 09 81 88 ff ff .........zQ.....
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114ac69c0 (size 48):
comm "syz-executor199", pid 5124, jiffies 4294947402 (age 25.300s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 81 0f 09 81 88 ff ff ................
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114a7ecf0 (size 48):
comm "syz-executor199", pid 5133, jiffies 4294947484 (age 24.480s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 21 ac 14 81 88 ff ff .........!......
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114eec180 (size 48):
comm "syz-executor199", pid 5138, jiffies 4294947529 (age 24.030s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 7a 51 09 81 88 ff ff .........zQ.....
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114ac69c0 (size 48):
comm "syz-executor199", pid 5124, jiffies 4294947402 (age 26.490s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 81 0f 09 81 88 ff ff ................
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114a7ecf0 (size 48):
comm "syz-executor199", pid 5133, jiffies 4294947484 (age 25.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 21 ac 14 81 88 ff ff .........!......
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114eec180 (size 48):
comm "syz-executor199", pid 5138, jiffies 4294947529 (age 25.220s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 7a 51 09 81 88 ff ff .........zQ.....
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff8881145bba00 (size 512):
comm "kworker/0:4", pid 5093, jiffies 4294947640 (age 24.110s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 0b 25 86 ff ff ff ff ..........%.....
80 f7 54 12 81 88 ff ff c8 9b ff ff 00 00 00 00 ..T.............
backtrace:
[<ffffffff815744cb>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff815744cb>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
[<ffffffff83ef17b2>] kmalloc include/linux/slab.h:603 [inline]
[<ffffffff83ef17b2>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83ef17b2>] neigh_alloc net/core/neighbour.c:486 [inline]
[<ffffffff83ef17b2>] ___neigh_create+0xf2/0xe10 net/core/neighbour.c:640
[<ffffffff8434480b>] ip6_finish_output2+0x73b/0x980 net/ipv6/ip6_output.c:126
[<ffffffff84349c21>] __ip6_finish_output net/ipv6/ip6_output.c:196 [inline]
[<ffffffff84349c21>] ip6_finish_output+0x291/0x510 net/ipv6/ip6_output.c:207
[<ffffffff84349f41>] NF_HOOK_COND include/linux/netfilter.h:293 [inline]
[<ffffffff84349f41>] ip6_output+0xa1/0x1c0 net/ipv6/ip6_output.c:228
[<ffffffff84399fd9>] dst_output include/net/dst.h:458 [inline]
[<ffffffff84399fd9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:304
[<ffffffff8439a2c3>] mld_sendpack+0x223/0x350 net/ipv6/mcast.c:1818
[<ffffffff8439add5>] mld_send_initial_cr.part.0.isra.0+0x75/0x80 net/ipv6/mcast.c:2237
[<ffffffff8439dae9>] mld_send_initial_cr net/ipv6/mcast.c:2225 [inline]
[<ffffffff8439dae9>] mld_dad_work+0x59/0x220 net/ipv6/mcast.c:2260
[<ffffffff812c8edd>] process_one_work+0x23d/0x530 kernel/workqueue.c:2630
[<ffffffff812c9a87>] process_scheduled_works kernel/workqueue.c:2703 [inline]
[<ffffffff812c9a87>] worker_thread+0x327/0x590 kernel/workqueue.c:2784
[<ffffffff812d6f5b>] kthread+0x12b/0x170 kernel/kthread.c:388
[<ffffffff81149e95>] ret_from_fork+0x45/0x50 arch/x86/kernel/process.c:147
[<ffffffff81002be1>] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
BUG: memory leak
unreferenced object 0xffff888114169600 (size 512):
comm "kworker/1:7", pid 5101, jiffies 4294947640 (age 24.110s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 0b 25 86 ff ff ff ff ..........%.....
c0 99 e3 12 81 88 ff ff c8 9b ff ff 00 00 00 00 ................
backtrace:
[<ffffffff815744cb>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff815744cb>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
[<ffffffff83ef17b2>] kmalloc include/linux/slab.h:603 [inline]
[<ffffffff83ef17b2>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83ef17b2>] neigh_alloc net/core/neighbour.c:486 [inline]
[<ffffffff83ef17b2>] ___neigh_create+0xf2/0xe10 net/core/neighbour.c:640
[<ffffffff8434480b>] ip6_finish_output2+0x73b/0x980 net/ipv6/ip6_output.c:126
[<ffffffff84349c21>] __ip6_finish_output net/ipv6/ip6_output.c:196 [inline]
[<ffffffff84349c21>] ip6_finish_output+0x291/0x510 net/ipv6/ip6_output.c:207
[<ffffffff84349f41>] NF_HOOK_COND include/linux/netfilter.h:293 [inline]
[<ffffffff84349f41>] ip6_output+0xa1/0x1c0 net/ipv6/ip6_output.c:228
[<ffffffff843836f9>] dst_output include/net/dst.h:458 [inline]
[<ffffffff843836f9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:304
[<ffffffff84383a09>] ndisc_send_skb+0x249/0x3c0 net/ipv6/ndisc.c:509
[<ffffffff843886e5>] ndisc_send_ns+0x85/0xf0 net/ipv6/ndisc.c:667
[<ffffffff8435cd0e>] addrconf_dad_work+0x67e/0x980 net/ipv6/addrconf.c:4213
[<ffffffff812c8edd>] process_one_work+0x23d/0x530 kernel/workqueue.c:2630
[<ffffffff812c9a87>] process_scheduled_works kernel/workqueue.c:2703 [inline]
[<ffffffff812c9a87>] worker_thread+0x327/0x590 kernel/workqueue.c:2784
[<ffffffff812d6f5b>] kthread+0x12b/0x170 kernel/kthread.c:388
[<ffffffff81149e95>] ret_from_fork+0x45/0x50 arch/x86/kernel/process.c:147
[<ffffffff81002be1>] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
BUG: memory leak
unreferenced object 0xffff888114ac69c0 (size 48):
comm "syz-executor199", pid 5124, jiffies 4294947402 (age 27.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 81 0f 09 81 88 ff ff ................
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114a7ecf0 (size 48):
comm "syz-executor199", pid 5133, jiffies 4294947484 (age 26.860s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 21 ac 14 81 88 ff ff .........!......
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114eec180 (size 48):
comm "syz-executor199", pid 5138, jiffies 4294947529 (age 26.410s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 7a 51 09 81 88 ff ff .........zQ.....
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff8881141b9600 (size 512):
comm "kworker/1:7", pid 5101, jiffies 4294947640 (age 25.300s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 0b 25 86 ff ff ff ff ..........%.....
00 00 95 12 81 88 ff ff c8 9b ff ff 00 00 00 00 ................
backtrace:
[<ffffffff815744cb>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff815744cb>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
[<ffffffff83ef17b2>] kmalloc include/linux/slab.h:603 [inline]
[<ffffffff83ef17b2>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83ef17b2>] neigh_alloc net/core/neighbour.c:486 [inline]
[<ffffffff83ef17b2>] ___neigh_create+0xf2/0xe10 net/core/neighbour.c:640
[<ffffffff8434480b>] ip6_finish_output2+0x73b/0x980 net/ipv6/ip6_output.c:126
[<ffffffff84349c21>] __ip6_finish_output net/ipv6/ip6_output.c:196 [inline]
[<ffffffff84349c21>] ip6_finish_output+0x291/0x510 net/ipv6/ip6_output.c:207
[<ffffffff84349f41>] NF_HOOK_COND include/linux/netfilter.h:293 [inline]
[<ffffffff84349f41>] ip6_output+0xa1/0x1c0 net/ipv6/ip6_output.c:228
[<ffffffff84399fd9>] dst_output include/net/dst.h:458 [inline]
[<ffffffff84399fd9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:304
[<ffffffff8439a2c3>] mld_sendpack+0x223/0x350 net/ipv6/mcast.c:1818
[<ffffffff8439add5>] mld_send_initial_cr.part.0.isra.0+0x75/0x80 net/ipv6/mcast.c:2237
[<ffffffff843a16b9>] mld_send_initial_cr net/ipv6/mcast.c:2225 [inline]
[<ffffffff843a16b9>] ipv6_mc_dad_complete+0x79/0x190 net/ipv6/mcast.c:2245
[<ffffffff8435c4b1>] addrconf_dad_completed+0x4d1/0x6b0 net/ipv6/addrconf.c:4271
[<ffffffff8435cac0>] addrconf_dad_work+0x430/0x980 net/ipv6/addrconf.c:4199
[<ffffffff812c8edd>] process_one_work+0x23d/0x530 kernel/workqueue.c:2630
[<ffffffff812c9a87>] process_scheduled_works kernel/workqueue.c:2703 [inline]
[<ffffffff812c9a87>] worker_thread+0x327/0x590 kernel/workqueue.c:2784
[<ffffffff812d6f5b>] kthread+0x12b/0x170 kernel/kthread.c:388
[<ffffffff81149e95>] ret_from_fork+0x45/0x50 arch/x86/kernel/process.c:147
[<ffffffff81002be1>] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
BUG: memory leak
unreferenced object 0xffff88811418a000 (size 512):
comm "kworker/1:7", pid 5101, jiffies 4294947640 (age 25.300s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 0b 25 86 ff ff ff ff ..........%.....
00 00 95 12 81 88 ff ff c8 9b ff ff 00 00 00 00 ................
backtrace:
[<ffffffff815744cb>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff815744cb>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
[<ffffffff83ef17b2>] kmalloc include/linux/slab.h:603 [inline]
[<ffffffff83ef17b2>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83ef17b2>] neigh_alloc net/core/neighbour.c:486 [inline]
[<ffffffff83ef17b2>] ___neigh_create+0xf2/0xe10 net/core/neighbour.c:640
[<ffffffff8434480b>] ip6_finish_output2+0x73b/0x980 net/ipv6/ip6_output.c:126
[<ffffffff84349c21>] __ip6_finish_output net/ipv6/ip6_output.c:196 [inline]
[<ffffffff84349c21>] ip6_finish_output+0x291/0x510 net/ipv6/ip6_output.c:207
[<ffffffff84349f41>] NF_HOOK_COND include/linux/netfilter.h:293 [inline]
[<ffffffff84349f41>] ip6_output+0xa1/0x1c0 net/ipv6/ip6_output.c:228
[<ffffffff843836f9>] dst_output include/net/dst.h:458 [inline]
[<ffffffff843836f9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:304
[<ffffffff84383a09>] ndisc_send_skb+0x249/0x3c0 net/ipv6/ndisc.c:509
[<ffffffff8438897a>] ndisc_send_rs+0x7a/0x290 net/ipv6/ndisc.c:719
[<ffffffff8435c198>] addrconf_dad_completed+0x1b8/0x6b0 net/ipv6/addrconf.c:4291
[<ffffffff8435cac0>] addrconf_dad_work+0x430/0x980 net/ipv6/addrconf.c:4199
[<ffffffff812c8edd>] process_one_work+0x23d/0x530 kernel/workqueue.c:2630
[<ffffffff812c9a87>] process_scheduled_works kernel/workqueue.c:2703 [inline]
[<ffffffff812c9a87>] worker_thread+0x327/0x590 kernel/workqueue.c:2784
[<ffffffff812d6f5b>] kthread+0x12b/0x170 kernel/kthread.c:388
[<ffffffff81149e95>] ret_from_fork+0x45/0x50 arch/x86/kernel/process.c:147
[<ffffffff81002be1>] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
executing program
executing program
executing program
executing program
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: f0b0d403eabb Merge tag 'kbuild-fixes-v6.6' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=144e498c680000
kernel config: https://syzkaller.appspot.com/x/.config?x=943a94479fa8e863
dashboard link: https://syzkaller.appspot.com/bug?extid=5f1acda7e06a2298fae6
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=161ac702680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16515418680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/47695e593bcd/disk-f0b0d403.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/306f9aca0df9/vmlinux-f0b0d403.xz
kernel image: https://storage.googleapis.com/syzbot-assets/25549b4deb42/bzImage-f0b0d403.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5f1acd...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888114ac69c0 (size 48):
comm "syz-executor199", pid 5124, jiffies 4294947402 (age 21.830s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 81 0f 09 81 88 ff ff ................
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114a7ecf0 (size 48):
comm "syz-executor199", pid 5133, jiffies 4294947484 (age 21.010s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 21 ac 14 81 88 ff ff .........!......
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114eec180 (size 48):
comm "syz-executor199", pid 5138, jiffies 4294947529 (age 20.560s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 7a 51 09 81 88 ff ff .........zQ.....
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114ac69c0 (size 48):
comm "syz-executor199", pid 5124, jiffies 4294947402 (age 25.300s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 81 0f 09 81 88 ff ff ................
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114a7ecf0 (size 48):
comm "syz-executor199", pid 5133, jiffies 4294947484 (age 24.480s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 21 ac 14 81 88 ff ff .........!......
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114eec180 (size 48):
comm "syz-executor199", pid 5138, jiffies 4294947529 (age 24.030s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 7a 51 09 81 88 ff ff .........zQ.....
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114ac69c0 (size 48):
comm "syz-executor199", pid 5124, jiffies 4294947402 (age 26.490s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 81 0f 09 81 88 ff ff ................
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114a7ecf0 (size 48):
comm "syz-executor199", pid 5133, jiffies 4294947484 (age 25.670s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 21 ac 14 81 88 ff ff .........!......
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114eec180 (size 48):
comm "syz-executor199", pid 5138, jiffies 4294947529 (age 25.220s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 7a 51 09 81 88 ff ff .........zQ.....
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff8881145bba00 (size 512):
comm "kworker/0:4", pid 5093, jiffies 4294947640 (age 24.110s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 0b 25 86 ff ff ff ff ..........%.....
80 f7 54 12 81 88 ff ff c8 9b ff ff 00 00 00 00 ..T.............
backtrace:
[<ffffffff815744cb>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff815744cb>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
[<ffffffff83ef17b2>] kmalloc include/linux/slab.h:603 [inline]
[<ffffffff83ef17b2>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83ef17b2>] neigh_alloc net/core/neighbour.c:486 [inline]
[<ffffffff83ef17b2>] ___neigh_create+0xf2/0xe10 net/core/neighbour.c:640
[<ffffffff8434480b>] ip6_finish_output2+0x73b/0x980 net/ipv6/ip6_output.c:126
[<ffffffff84349c21>] __ip6_finish_output net/ipv6/ip6_output.c:196 [inline]
[<ffffffff84349c21>] ip6_finish_output+0x291/0x510 net/ipv6/ip6_output.c:207
[<ffffffff84349f41>] NF_HOOK_COND include/linux/netfilter.h:293 [inline]
[<ffffffff84349f41>] ip6_output+0xa1/0x1c0 net/ipv6/ip6_output.c:228
[<ffffffff84399fd9>] dst_output include/net/dst.h:458 [inline]
[<ffffffff84399fd9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:304
[<ffffffff8439a2c3>] mld_sendpack+0x223/0x350 net/ipv6/mcast.c:1818
[<ffffffff8439add5>] mld_send_initial_cr.part.0.isra.0+0x75/0x80 net/ipv6/mcast.c:2237
[<ffffffff8439dae9>] mld_send_initial_cr net/ipv6/mcast.c:2225 [inline]
[<ffffffff8439dae9>] mld_dad_work+0x59/0x220 net/ipv6/mcast.c:2260
[<ffffffff812c8edd>] process_one_work+0x23d/0x530 kernel/workqueue.c:2630
[<ffffffff812c9a87>] process_scheduled_works kernel/workqueue.c:2703 [inline]
[<ffffffff812c9a87>] worker_thread+0x327/0x590 kernel/workqueue.c:2784
[<ffffffff812d6f5b>] kthread+0x12b/0x170 kernel/kthread.c:388
[<ffffffff81149e95>] ret_from_fork+0x45/0x50 arch/x86/kernel/process.c:147
[<ffffffff81002be1>] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
BUG: memory leak
unreferenced object 0xffff888114169600 (size 512):
comm "kworker/1:7", pid 5101, jiffies 4294947640 (age 24.110s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 0b 25 86 ff ff ff ff ..........%.....
c0 99 e3 12 81 88 ff ff c8 9b ff ff 00 00 00 00 ................
backtrace:
[<ffffffff815744cb>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff815744cb>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
[<ffffffff83ef17b2>] kmalloc include/linux/slab.h:603 [inline]
[<ffffffff83ef17b2>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83ef17b2>] neigh_alloc net/core/neighbour.c:486 [inline]
[<ffffffff83ef17b2>] ___neigh_create+0xf2/0xe10 net/core/neighbour.c:640
[<ffffffff8434480b>] ip6_finish_output2+0x73b/0x980 net/ipv6/ip6_output.c:126
[<ffffffff84349c21>] __ip6_finish_output net/ipv6/ip6_output.c:196 [inline]
[<ffffffff84349c21>] ip6_finish_output+0x291/0x510 net/ipv6/ip6_output.c:207
[<ffffffff84349f41>] NF_HOOK_COND include/linux/netfilter.h:293 [inline]
[<ffffffff84349f41>] ip6_output+0xa1/0x1c0 net/ipv6/ip6_output.c:228
[<ffffffff843836f9>] dst_output include/net/dst.h:458 [inline]
[<ffffffff843836f9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:304
[<ffffffff84383a09>] ndisc_send_skb+0x249/0x3c0 net/ipv6/ndisc.c:509
[<ffffffff843886e5>] ndisc_send_ns+0x85/0xf0 net/ipv6/ndisc.c:667
[<ffffffff8435cd0e>] addrconf_dad_work+0x67e/0x980 net/ipv6/addrconf.c:4213
[<ffffffff812c8edd>] process_one_work+0x23d/0x530 kernel/workqueue.c:2630
[<ffffffff812c9a87>] process_scheduled_works kernel/workqueue.c:2703 [inline]
[<ffffffff812c9a87>] worker_thread+0x327/0x590 kernel/workqueue.c:2784
[<ffffffff812d6f5b>] kthread+0x12b/0x170 kernel/kthread.c:388
[<ffffffff81149e95>] ret_from_fork+0x45/0x50 arch/x86/kernel/process.c:147
[<ffffffff81002be1>] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
BUG: memory leak
unreferenced object 0xffff888114ac69c0 (size 48):
comm "syz-executor199", pid 5124, jiffies 4294947402 (age 27.680s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 81 0f 09 81 88 ff ff ................
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114a7ecf0 (size 48):
comm "syz-executor199", pid 5133, jiffies 4294947484 (age 26.860s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 21 ac 14 81 88 ff ff .........!......
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888114eec180 (size 48):
comm "syz-executor199", pid 5138, jiffies 4294947529 (age 26.410s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 01 46 00 00 03 00 00 00 .........F......
00 00 00 00 00 00 00 00 00 7a 51 09 81 88 ff ff .........zQ.....
backtrace:
[<ffffffff816b06bd>] fasync_alloc fs/fcntl.c:892 [inline]
[<ffffffff816b06bd>] fasync_add_entry fs/fcntl.c:950 [inline]
[<ffffffff816b06bd>] fasync_helper+0x3d/0xc0 fs/fcntl.c:979
[<ffffffff83e8f2cb>] sock_fasync+0x4b/0xa0 net/socket.c:1427
[<ffffffff816b18d6>] ioctl_fioasync fs/ioctl.c:380 [inline]
[<ffffffff816b18d6>] do_vfs_ioctl+0x306/0xe80 fs/ioctl.c:792
[<ffffffff816b27d5>] __do_sys_ioctl fs/ioctl.c:869 [inline]
[<ffffffff816b27d5>] __se_sys_ioctl fs/ioctl.c:857 [inline]
[<ffffffff816b27d5>] __x64_sys_ioctl+0xb5/0x140 fs/ioctl.c:857
[<ffffffff84b30008>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b30008>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff8881141b9600 (size 512):
comm "kworker/1:7", pid 5101, jiffies 4294947640 (age 25.300s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 0b 25 86 ff ff ff ff ..........%.....
00 00 95 12 81 88 ff ff c8 9b ff ff 00 00 00 00 ................
backtrace:
[<ffffffff815744cb>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff815744cb>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
[<ffffffff83ef17b2>] kmalloc include/linux/slab.h:603 [inline]
[<ffffffff83ef17b2>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83ef17b2>] neigh_alloc net/core/neighbour.c:486 [inline]
[<ffffffff83ef17b2>] ___neigh_create+0xf2/0xe10 net/core/neighbour.c:640
[<ffffffff8434480b>] ip6_finish_output2+0x73b/0x980 net/ipv6/ip6_output.c:126
[<ffffffff84349c21>] __ip6_finish_output net/ipv6/ip6_output.c:196 [inline]
[<ffffffff84349c21>] ip6_finish_output+0x291/0x510 net/ipv6/ip6_output.c:207
[<ffffffff84349f41>] NF_HOOK_COND include/linux/netfilter.h:293 [inline]
[<ffffffff84349f41>] ip6_output+0xa1/0x1c0 net/ipv6/ip6_output.c:228
[<ffffffff84399fd9>] dst_output include/net/dst.h:458 [inline]
[<ffffffff84399fd9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:304
[<ffffffff8439a2c3>] mld_sendpack+0x223/0x350 net/ipv6/mcast.c:1818
[<ffffffff8439add5>] mld_send_initial_cr.part.0.isra.0+0x75/0x80 net/ipv6/mcast.c:2237
[<ffffffff843a16b9>] mld_send_initial_cr net/ipv6/mcast.c:2225 [inline]
[<ffffffff843a16b9>] ipv6_mc_dad_complete+0x79/0x190 net/ipv6/mcast.c:2245
[<ffffffff8435c4b1>] addrconf_dad_completed+0x4d1/0x6b0 net/ipv6/addrconf.c:4271
[<ffffffff8435cac0>] addrconf_dad_work+0x430/0x980 net/ipv6/addrconf.c:4199
[<ffffffff812c8edd>] process_one_work+0x23d/0x530 kernel/workqueue.c:2630
[<ffffffff812c9a87>] process_scheduled_works kernel/workqueue.c:2703 [inline]
[<ffffffff812c9a87>] worker_thread+0x327/0x590 kernel/workqueue.c:2784
[<ffffffff812d6f5b>] kthread+0x12b/0x170 kernel/kthread.c:388
[<ffffffff81149e95>] ret_from_fork+0x45/0x50 arch/x86/kernel/process.c:147
[<ffffffff81002be1>] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
BUG: memory leak
unreferenced object 0xffff88811418a000 (size 512):
comm "kworker/1:7", pid 5101, jiffies 4294947640 (age 25.300s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 0b 25 86 ff ff ff ff ..........%.....
00 00 95 12 81 88 ff ff c8 9b ff ff 00 00 00 00 ................
backtrace:
[<ffffffff815744cb>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff815744cb>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
[<ffffffff83ef17b2>] kmalloc include/linux/slab.h:603 [inline]
[<ffffffff83ef17b2>] kzalloc include/linux/slab.h:720 [inline]
[<ffffffff83ef17b2>] neigh_alloc net/core/neighbour.c:486 [inline]
[<ffffffff83ef17b2>] ___neigh_create+0xf2/0xe10 net/core/neighbour.c:640
[<ffffffff8434480b>] ip6_finish_output2+0x73b/0x980 net/ipv6/ip6_output.c:126
[<ffffffff84349c21>] __ip6_finish_output net/ipv6/ip6_output.c:196 [inline]
[<ffffffff84349c21>] ip6_finish_output+0x291/0x510 net/ipv6/ip6_output.c:207
[<ffffffff84349f41>] NF_HOOK_COND include/linux/netfilter.h:293 [inline]
[<ffffffff84349f41>] ip6_output+0xa1/0x1c0 net/ipv6/ip6_output.c:228
[<ffffffff843836f9>] dst_output include/net/dst.h:458 [inline]
[<ffffffff843836f9>] NF_HOOK.constprop.0+0x49/0x110 include/linux/netfilter.h:304
[<ffffffff84383a09>] ndisc_send_skb+0x249/0x3c0 net/ipv6/ndisc.c:509
[<ffffffff8438897a>] ndisc_send_rs+0x7a/0x290 net/ipv6/ndisc.c:719
[<ffffffff8435c198>] addrconf_dad_completed+0x1b8/0x6b0 net/ipv6/addrconf.c:4291
[<ffffffff8435cac0>] addrconf_dad_work+0x430/0x980 net/ipv6/addrconf.c:4199
[<ffffffff812c8edd>] process_one_work+0x23d/0x530 kernel/workqueue.c:2630
[<ffffffff812c9a87>] process_scheduled_works kernel/workqueue.c:2703 [inline]
[<ffffffff812c9a87>] worker_thread+0x327/0x590 kernel/workqueue.c:2784
[<ffffffff812d6f5b>] kthread+0x12b/0x170 kernel/kthread.c:388
[<ffffffff81149e95>] ret_from_fork+0x45/0x50 arch/x86/kernel/process.c:147
[<ffffffff81002be1>] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
executing program
executing program
executing program
executing program
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Christian Brauner
Sep 21, 2023, 4:47:06āÆAM9/21/23
to syzbot, chuck...@oracle.com, jla...@kernel.org, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
Reply all
Reply to author
Forward
0 new messages