memory leak in qdisc_create_dflt

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+d411cff6ab29cc2c311b@syzkaller.appspotmail.com>
To: davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us,
	kuba@kernel.org, linux-kernel@vger.kernel.org,
	netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	xiyou.wangcong@gmail.com
Subject: memory leak in qdisc_create_dflt
Date: Sun, 05 Jul 2020 02:52:13 -0700	[thread overview]
Message-ID: <0000000000006cd5e905a9aeb60e@google.com> (raw)

Hello,

syzbot found the following crash on:

HEAD commit:    9ebcfadb Linux 5.8-rc3
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1577525b100000
kernel config:  https://syzkaller.appspot.com/x/.config?x=5ee23b9caef4e07a
dashboard link: https://syzkaller.appspot.com/bug?extid=d411cff6ab29cc2c311b
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10e579e3100000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1007c45b100000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d411cff6ab29cc2c311b@syzkaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff888115aa8c00 (size 512):
  comm "syz-executor530", pid 6646, jiffies 4294943517 (age 13.870s)
  hex dump (first 32 bytes):
    a0 0c be 82 ff ff ff ff f0 0b be 82 ff ff ff ff  ................
    04 00 00 00 e8 03 00 00 40 c6 72 84 ff ff ff ff  ........@.r.....
  backtrace:
    [<00000000ead56edd>] kmalloc_node include/linux/slab.h:578 [inline]
    [<00000000ead56edd>] kzalloc_node include/linux/slab.h:680 [inline]
    [<00000000ead56edd>] qdisc_alloc+0x45/0x260 net/sched/sch_generic.c:818
    [<000000002852d256>] qdisc_create_dflt+0x3d/0x170 net/sched/sch_generic.c:893
    [<000000002108f663>] atm_tc_init+0x96/0x150 net/sched/sch_atm.c:551
    [<000000000988e5f0>] qdisc_create+0x1ae/0x670 net/sched/sch_api.c:1246
    [<00000000c8befd49>] tc_modify_qdisc+0x198/0xb10 net/sched/sch_api.c:1662
    [<00000000b014fe08>] rtnetlink_rcv_msg+0x17e/0x460 net/core/rtnetlink.c:5460
    [<00000000da7a0de1>] netlink_rcv_skb+0x5b/0x180 net/netlink/af_netlink.c:2469
    [<0000000069fa5fbe>] netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
    [<0000000069fa5fbe>] netlink_unicast+0x2b6/0x3c0 net/netlink/af_netlink.c:1329
    [<0000000049c303c5>] netlink_sendmsg+0x2ba/0x570 net/netlink/af_netlink.c:1918
    [<0000000017755dda>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<0000000017755dda>] sock_sendmsg+0x4c/0x60 net/socket.c:672
    [<00000000294b696a>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
    [<00000000eb7a1f59>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
    [<00000000ba1066c9>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
    [<0000000082fdecc3>] __do_sys_sendmmsg net/socket.c:2525 [inline]
    [<0000000082fdecc3>] __se_sys_sendmmsg net/socket.c:2522 [inline]
    [<0000000082fdecc3>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
    [<000000009da3552a>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
    [<00000000b46d0fac>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888115aa8a00 (size 512):
  comm "syz-executor530", pid 6647, jiffies 4294944100 (age 8.040s)
  hex dump (first 32 bytes):
    a0 0c be 82 ff ff ff ff f0 0b be 82 ff ff ff ff  ................
    04 00 00 00 e8 03 00 00 40 c6 72 84 ff ff ff ff  ........@.r.....
  backtrace:
    [<00000000ead56edd>] kmalloc_node include/linux/slab.h:578 [inline]
    [<00000000ead56edd>] kzalloc_node include/linux/slab.h:680 [inline]
    [<00000000ead56edd>] qdisc_alloc+0x45/0x260 net/sched/sch_generic.c:818
    [<000000002852d256>] qdisc_create_dflt+0x3d/0x170 net/sched/sch_generic.c:893
    [<000000002108f663>] atm_tc_init+0x96/0x150 net/sched/sch_atm.c:551
    [<000000000988e5f0>] qdisc_create+0x1ae/0x670 net/sched/sch_api.c:1246
    [<00000000c8befd49>] tc_modify_qdisc+0x198/0xb10 net/sched/sch_api.c:1662
    [<00000000b014fe08>] rtnetlink_rcv_msg+0x17e/0x460 net/core/rtnetlink.c:5460
    [<00000000da7a0de1>] netlink_rcv_skb+0x5b/0x180 net/netlink/af_netlink.c:2469
    [<0000000069fa5fbe>] netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
    [<0000000069fa5fbe>] netlink_unicast+0x2b6/0x3c0 net/netlink/af_netlink.c:1329
    [<0000000049c303c5>] netlink_sendmsg+0x2ba/0x570 net/netlink/af_netlink.c:1918
    [<0000000017755dda>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<0000000017755dda>] sock_sendmsg+0x4c/0x60 net/socket.c:672
    [<00000000294b696a>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
    [<00000000eb7a1f59>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
    [<00000000ba1066c9>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
    [<0000000082fdecc3>] __do_sys_sendmmsg net/socket.c:2525 [inline]
    [<0000000082fdecc3>] __se_sys_sendmmsg net/socket.c:2522 [inline]
    [<0000000082fdecc3>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
    [<000000009da3552a>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
    [<00000000b46d0fac>] entry_SYSCALL_64_after_hwframe+0x44/0xa9



---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

                 reply	other threads:[~2020-07-05  9:52 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000006cd5e905a9aeb60e@google.com \
    --to=syzbot+d411cff6ab29cc2c311b@syzkaller.appspotmail.com \
    --cc=davem@davemloft.net \
    --cc=jhs@mojatatu.com \
    --cc=jiri@resnulli.us \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=xiyou.wangcong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.