From: Eric Dumazet <eric.dumazet@gmail.com>
To: Ying Xue <ying.xue@windriver.com>,
davem@davemloft.net, netdev@vger.kernel.org
Cc: jon.maloy@ericsson.com, hdanton@sina.com,
tipc-discussion@lists.sourceforge.net,
syzkaller-bugs@googlegroups.com, jakub.kicinski@netronome.com
Subject: Re: [PATCH v2 1/3] tipc: fix memory leak issue
Date: Mon, 12 Aug 2019 09:54:12 +0200 [thread overview]
Message-ID: <989d5353-bf8c-be31-e692-81efe2d1acac@gmail.com> (raw)
In-Reply-To: <1565595162-1383-2-git-send-email-ying.xue@windriver.com>
On 8/12/19 9:32 AM, Ying Xue wrote:
> syzbot found the following memory leak:
>
> [ 68.602482][ T7130] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
> BUG: memory leak
> unreferenced object 0xffff88810df83c00 (size 512):
> comm "softirq", pid 0, jiffies 4294942354 (age 19.830s)
> hex dump (first 32 bytes):
> 38 1a 0d 0f 81 88 ff ff 38 1a 0d 0f 81 88 ff ff 8.......8.......
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<000000009375ee42>] kmem_cache_alloc_node+0x153/0x2a0
> [<000000004c563922>] __alloc_skb+0x6e/0x210
> [<00000000ec87bfa1>] tipc_buf_acquire+0x2f/0x80
> [<00000000d151ef84>] tipc_msg_create+0x37/0xe0
> [<000000008bb437b0>] tipc_group_create_event+0xb3/0x1b0
> [<00000000947b1d0f>] tipc_group_proto_rcv+0x569/0x640
> [<00000000b75ab039>] tipc_sk_filter_rcv+0x9ac/0xf20
> [<000000000dab7a6c>] tipc_sk_rcv+0x494/0x8a0
> [<00000000023a7ddd>] tipc_node_xmit+0x196/0x1f0
> [<00000000337dd9eb>] tipc_node_distr_xmit+0x7d/0x120
> [<00000000b6375182>] tipc_group_delete+0xe6/0x130
> [<000000000361ba2b>] tipc_sk_leave+0x57/0xb0
> [<000000009df90505>] tipc_release+0x7b/0x5e0
> [<000000009f3189da>] __sock_release+0x4b/0xe0
> [<00000000d3568ee0>] sock_close+0x1b/0x30
> [<00000000266a6215>] __fput+0xed/0x300
>
> Reported-by: syzbot+78fbe679c8ca8d264a8d@syzkaller.appspotmail.com
> Signed-off-by: Hillf Danton <hdanton@sina.com>
> Signed-off-by: Ying Xue <ying.xue@windriver.com>
> ---
> net/tipc/node.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/net/tipc/node.c b/net/tipc/node.c
> index 7ca0190..d1852fc 100644
> --- a/net/tipc/node.c
> +++ b/net/tipc/node.c
> @@ -1469,10 +1469,13 @@ int tipc_node_xmit(struct net *net, struct sk_buff_head *list,
> spin_unlock_bh(&le->lock);
> tipc_node_read_unlock(n);
>
> - if (unlikely(rc == -ENOBUFS))
> + if (unlikely(rc == -ENOBUFS)) {
> tipc_node_link_down(n, bearer_id, false);
> - else
> + skb_queue_purge(list);
> + skb_queue_purge(&xmitq);
This will crash if you enable LOCKDEP
> + } else {
> tipc_bearer_xmit(net, bearer_id, &xmitq, &le->maddr);
> + }
>
> tipc_node_put(n);
>
>
next prev parent reply other threads:[~2019-08-12 7:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-12 7:32 [PATCH v2 0/3] Fix three issues found by syzbot Ying Xue
2019-08-12 7:32 ` [PATCH v2 1/3] tipc: fix memory leak issue Ying Xue
2019-08-12 7:54 ` Eric Dumazet [this message]
2019-08-12 7:32 ` [PATCH v2 2/3] " Ying Xue
2019-08-12 7:32 ` [PATCH v2 3/3] tipc: fix issue of calling smp_processor_id() in preemptible Ying Xue
2020-02-19 8:29 ` Dmitry Vyukov
2020-02-19 8:33 ` Dmitry Vyukov
2020-02-20 15:44 ` Xin Long
2019-08-12 15:25 ` [PATCH v2 0/3] Fix three issues found by syzbot David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=989d5353-bf8c-be31-e692-81efe2d1acac@gmail.com \
--to=eric.dumazet@gmail.com \
--cc=davem@davemloft.net \
--cc=hdanton@sina.com \
--cc=jakub.kicinski@netronome.com \
--cc=jon.maloy@ericsson.com \
--cc=netdev@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tipc-discussion@lists.sourceforge.net \
--cc=ying.xue@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).