memory leak in qdisc_create_dflt

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: syzbot <syzbot+d411cff6ab29cc2c311b@syzkaller.appspotmail.com>
To: davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us,
	kuba@kernel.org, linux-kernel@vger.kernel.org,
	netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	xiyou.wangcong@gmail.com
Subject: memory leak in qdisc_create_dflt
Date: Sun, 05 Jul 2020 02:52:13 -0700	[thread overview]
Message-ID: <0000000000006cd5e905a9aeb60e@google.com> (raw)

Hello,

syzbot found the following crash on:

HEAD commit:    9ebcfadb Linux 5.8-rc3
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1577525b100000
kernel config:  https://syzkaller.appspot.com/x/.config?x=5ee23b9caef4e07a
dashboard link: https://syzkaller.appspot.com/bug?extid=d411cff6ab29cc2c311b
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10e579e3100000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1007c45b100000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d411cff6ab29cc2c311b@syzkaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff888115aa8c00 (size 512):
  comm "syz-executor530", pid 6646, jiffies 4294943517 (age 13.870s)
  hex dump (first 32 bytes):
    a0 0c be 82 ff ff ff ff f0 0b be 82 ff ff ff ff  ................
    04 00 00 00 e8 03 00 00 40 c6 72 84 ff ff ff ff  ........@.r.....
  backtrace:
    [<00000000ead56edd>] kmalloc_node include/linux/slab.h:578 [inline]
    [<00000000ead56edd>] kzalloc_node include/linux/slab.h:680 [inline]
    [<00000000ead56edd>] qdisc_alloc+0x45/0x260 net/sched/sch_generic.c:818
    [<000000002852d256>] qdisc_create_dflt+0x3d/0x170 net/sched/sch_generic.c:893
    [<000000002108f663>] atm_tc_init+0x96/0x150 net/sched/sch_atm.c:551
    [<000000000988e5f0>] qdisc_create+0x1ae/0x670 net/sched/sch_api.c:1246
    [<00000000c8befd49>] tc_modify_qdisc+0x198/0xb10 net/sched/sch_api.c:1662
    [<00000000b014fe08>] rtnetlink_rcv_msg+0x17e/0x460 net/core/rtnetlink.c:5460
    [<00000000da7a0de1>] netlink_rcv_skb+0x5b/0x180 net/netlink/af_netlink.c:2469
    [<0000000069fa5fbe>] netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
    [<0000000069fa5fbe>] netlink_unicast+0x2b6/0x3c0 net/netlink/af_netlink.c:1329
    [<0000000049c303c5>] netlink_sendmsg+0x2ba/0x570 net/netlink/af_netlink.c:1918
    [<0000000017755dda>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<0000000017755dda>] sock_sendmsg+0x4c/0x60 net/socket.c:672
    [<00000000294b696a>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
    [<00000000eb7a1f59>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
    [<00000000ba1066c9>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
    [<0000000082fdecc3>] __do_sys_sendmmsg net/socket.c:2525 [inline]
    [<0000000082fdecc3>] __se_sys_sendmmsg net/socket.c:2522 [inline]
    [<0000000082fdecc3>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
    [<000000009da3552a>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
    [<00000000b46d0fac>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888115aa8a00 (size 512):
  comm "syz-executor530", pid 6647, jiffies 4294944100 (age 8.040s)
  hex dump (first 32 bytes):
    a0 0c be 82 ff ff ff ff f0 0b be 82 ff ff ff ff  ................
    04 00 00 00 e8 03 00 00 40 c6 72 84 ff ff ff ff  ........@.r.....
  backtrace:
    [<00000000ead56edd>] kmalloc_node include/linux/slab.h:578 [inline]
    [<00000000ead56edd>] kzalloc_node include/linux/slab.h:680 [inline]
    [<00000000ead56edd>] qdisc_alloc+0x45/0x260 net/sched/sch_generic.c:818
    [<000000002852d256>] qdisc_create_dflt+0x3d/0x170 net/sched/sch_generic.c:893
    [<000000002108f663>] atm_tc_init+0x96/0x150 net/sched/sch_atm.c:551
    [<000000000988e5f0>] qdisc_create+0x1ae/0x670 net/sched/sch_api.c:1246
    [<00000000c8befd49>] tc_modify_qdisc+0x198/0xb10 net/sched/sch_api.c:1662
    [<00000000b014fe08>] rtnetlink_rcv_msg+0x17e/0x460 net/core/rtnetlink.c:5460
    [<00000000da7a0de1>] netlink_rcv_skb+0x5b/0x180 net/netlink/af_netlink.c:2469
    [<0000000069fa5fbe>] netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
    [<0000000069fa5fbe>] netlink_unicast+0x2b6/0x3c0 net/netlink/af_netlink.c:1329
    [<0000000049c303c5>] netlink_sendmsg+0x2ba/0x570 net/netlink/af_netlink.c:1918
    [<0000000017755dda>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<0000000017755dda>] sock_sendmsg+0x4c/0x60 net/socket.c:672
    [<00000000294b696a>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
    [<00000000eb7a1f59>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
    [<00000000ba1066c9>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
    [<0000000082fdecc3>] __do_sys_sendmmsg net/socket.c:2525 [inline]
    [<0000000082fdecc3>] __se_sys_sendmmsg net/socket.c:2522 [inline]
    [<0000000082fdecc3>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
    [<000000009da3552a>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
    [<00000000b46d0fac>] entry_SYSCALL_64_after_hwframe+0x44/0xa9



---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

                 reply	other threads:[~2020-07-05  9:52 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000006cd5e905a9aeb60e@google.com \
    --to=syzbot+d411cff6ab29cc2c311b@syzkaller.appspotmail.com \
    --cc=davem@davemloft.net \
    --cc=jhs@mojatatu.com \
    --cc=jiri@resnulli.us \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=xiyou.wangcong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).