[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0000000000006cd5e905a9aeb60e@google.com>
Date: Sun, 05 Jul 2020 02:52:13 -0700
From: syzbot <syzbot+d411cff6ab29cc2c311b@...kaller.appspotmail.com>
To: davem@...emloft.net, jhs@...atatu.com, jiri@...nulli.us,
kuba@...nel.org, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com,
xiyou.wangcong@...il.com
Subject: memory leak in qdisc_create_dflt
Hello,
syzbot found the following crash on:
HEAD commit: 9ebcfadb Linux 5.8-rc3
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1577525b100000
kernel config: https://syzkaller.appspot.com/x/.config?x=5ee23b9caef4e07a
dashboard link: https://syzkaller.appspot.com/bug?extid=d411cff6ab29cc2c311b
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10e579e3100000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1007c45b100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d411cff6ab29cc2c311b@...kaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888115aa8c00 (size 512):
comm "syz-executor530", pid 6646, jiffies 4294943517 (age 13.870s)
hex dump (first 32 bytes):
a0 0c be 82 ff ff ff ff f0 0b be 82 ff ff ff ff ................
04 00 00 00 e8 03 00 00 40 c6 72 84 ff ff ff ff ........@.......
backtrace:
[<00000000ead56edd>] kmalloc_node include/linux/slab.h:578 [inline]
[<00000000ead56edd>] kzalloc_node include/linux/slab.h:680 [inline]
[<00000000ead56edd>] qdisc_alloc+0x45/0x260 net/sched/sch_generic.c:818
[<000000002852d256>] qdisc_create_dflt+0x3d/0x170 net/sched/sch_generic.c:893
[<000000002108f663>] atm_tc_init+0x96/0x150 net/sched/sch_atm.c:551
[<000000000988e5f0>] qdisc_create+0x1ae/0x670 net/sched/sch_api.c:1246
[<00000000c8befd49>] tc_modify_qdisc+0x198/0xb10 net/sched/sch_api.c:1662
[<00000000b014fe08>] rtnetlink_rcv_msg+0x17e/0x460 net/core/rtnetlink.c:5460
[<00000000da7a0de1>] netlink_rcv_skb+0x5b/0x180 net/netlink/af_netlink.c:2469
[<0000000069fa5fbe>] netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
[<0000000069fa5fbe>] netlink_unicast+0x2b6/0x3c0 net/netlink/af_netlink.c:1329
[<0000000049c303c5>] netlink_sendmsg+0x2ba/0x570 net/netlink/af_netlink.c:1918
[<0000000017755dda>] sock_sendmsg_nosec net/socket.c:652 [inline]
[<0000000017755dda>] sock_sendmsg+0x4c/0x60 net/socket.c:672
[<00000000294b696a>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
[<00000000eb7a1f59>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
[<00000000ba1066c9>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
[<0000000082fdecc3>] __do_sys_sendmmsg net/socket.c:2525 [inline]
[<0000000082fdecc3>] __se_sys_sendmmsg net/socket.c:2522 [inline]
[<0000000082fdecc3>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
[<000000009da3552a>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
[<00000000b46d0fac>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888115aa8a00 (size 512):
comm "syz-executor530", pid 6647, jiffies 4294944100 (age 8.040s)
hex dump (first 32 bytes):
a0 0c be 82 ff ff ff ff f0 0b be 82 ff ff ff ff ................
04 00 00 00 e8 03 00 00 40 c6 72 84 ff ff ff ff ........@.......
backtrace:
[<00000000ead56edd>] kmalloc_node include/linux/slab.h:578 [inline]
[<00000000ead56edd>] kzalloc_node include/linux/slab.h:680 [inline]
[<00000000ead56edd>] qdisc_alloc+0x45/0x260 net/sched/sch_generic.c:818
[<000000002852d256>] qdisc_create_dflt+0x3d/0x170 net/sched/sch_generic.c:893
[<000000002108f663>] atm_tc_init+0x96/0x150 net/sched/sch_atm.c:551
[<000000000988e5f0>] qdisc_create+0x1ae/0x670 net/sched/sch_api.c:1246
[<00000000c8befd49>] tc_modify_qdisc+0x198/0xb10 net/sched/sch_api.c:1662
[<00000000b014fe08>] rtnetlink_rcv_msg+0x17e/0x460 net/core/rtnetlink.c:5460
[<00000000da7a0de1>] netlink_rcv_skb+0x5b/0x180 net/netlink/af_netlink.c:2469
[<0000000069fa5fbe>] netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
[<0000000069fa5fbe>] netlink_unicast+0x2b6/0x3c0 net/netlink/af_netlink.c:1329
[<0000000049c303c5>] netlink_sendmsg+0x2ba/0x570 net/netlink/af_netlink.c:1918
[<0000000017755dda>] sock_sendmsg_nosec net/socket.c:652 [inline]
[<0000000017755dda>] sock_sendmsg+0x4c/0x60 net/socket.c:672
[<00000000294b696a>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
[<00000000eb7a1f59>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
[<00000000ba1066c9>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
[<0000000082fdecc3>] __do_sys_sendmmsg net/socket.c:2525 [inline]
[<0000000082fdecc3>] __se_sys_sendmmsg net/socket.c:2522 [inline]
[<0000000082fdecc3>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
[<000000009da3552a>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
[<00000000b46d0fac>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Powered by blists - more mailing lists