lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <78a8a03b-6070-3e6b-5042-f848dab16fb8@alu.unizg.hr>
Date:   Sun, 9 Apr 2023 13:49:30 +0200
From:   Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
To:     netdev@...r.kernel.org
Cc:     "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Jesper Dangaard Brouer <hawk@...nel.org>,
        John Fastabend <john.fastabend@...il.com>,
        Nikolay Aleksandrov <razor@...ckwall.org>,
        Florent Fourcot <florent.fourcot@...irst.fr>,
        Hangbin Liu <liuhangbin@...il.com>,
        Petr Machata <petrm@...dia.com>, Jiri Pirko <jiri@...nulli.us>,
        Xin Long <lucien.xin@...il.com>, linux-kernel@...r.kernel.org,
        bpf@...r.kernel.org
Subject: [BUG] kmemleak in rtnetlink_rcv() triggered by
 selftests/drivers/net/team in build cdc9718d5e59

Hi all,

There appears to be a memleak triggered by the selftest drivers/net/team.

# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff8c18def8ee00 (size 256):
  comm "ip", pid 5727, jiffies 4294961159 (age 954.244s)
  hex dump (first 32 bytes):
    00 20 09 de 18 8c ff ff 00 00 00 00 00 00 00 00  . ..............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffffb60fb25c>] slab_post_alloc_hook+0x8c/0x3e0
    [<ffffffffb6102b39>] __kmem_cache_alloc_node+0x1d9/0x2a0
    [<ffffffffb607684e>] kmalloc_trace+0x2e/0xc0
    [<ffffffffb6dbc00b>] vlan_vid_add+0x11b/0x290
    [<ffffffffb6dbcffc>] vlan_device_event+0x19c/0x880
    [<ffffffffb5dde4d7>] raw_notifier_call_chain+0x47/0x70
    [<ffffffffb6ab6940>] call_netdevice_notifiers_info+0x50/0xa0
    [<ffffffffb6ac7574>] dev_open+0x94/0xa0
    [<ffffffffc176515e>] 0xffffffffc176515e
    [<ffffffffb6ada6b0>] do_set_master+0x90/0xb0
    [<ffffffffb6adc5f4>] do_setlink+0x514/0x11f0
    [<ffffffffb6ae4507>] __rtnl_newlink+0x4e7/0xa10
    [<ffffffffb6ae4a8c>] rtnl_newlink+0x4c/0x70
    [<ffffffffb6adf334>] rtnetlink_rcv_msg+0x184/0x5d0
    [<ffffffffb6b6ad1e>] netlink_rcv_skb+0x5e/0x110
    [<ffffffffb6ada0e9>] rtnetlink_rcv+0x19/0x20
unreferenced object 0xffff8c18250d3700 (size 32):
  comm "ip", pid 5727, jiffies 4294961159 (age 954.244s)
  hex dump (first 32 bytes):
    a0 ee f8 de 18 8c ff ff a0 ee f8 de 18 8c ff ff  ................
    81 00 00 00 01 00 00 00 cc cc cc cc cc cc cc cc  ................
  backtrace:
    [<ffffffffb60fb25c>] slab_post_alloc_hook+0x8c/0x3e0
    [<ffffffffb6102b39>] __kmem_cache_alloc_node+0x1d9/0x2a0
    [<ffffffffb607684e>] kmalloc_trace+0x2e/0xc0
    [<ffffffffb6dbc064>] vlan_vid_add+0x174/0x290
    [<ffffffffb6dbcffc>] vlan_device_event+0x19c/0x880
    [<ffffffffb5dde4d7>] raw_notifier_call_chain+0x47/0x70
    [<ffffffffb6ab6940>] call_netdevice_notifiers_info+0x50/0xa0
    [<ffffffffb6ac7574>] dev_open+0x94/0xa0
    [<ffffffffc176515e>] 0xffffffffc176515e
    [<ffffffffb6ada6b0>] do_set_master+0x90/0xb0
    [<ffffffffb6adc5f4>] do_setlink+0x514/0x11f0
    [<ffffffffb6ae4507>] __rtnl_newlink+0x4e7/0xa10
    [<ffffffffb6ae4a8c>] rtnl_newlink+0x4c/0x70
    [<ffffffffb6adf334>] rtnetlink_rcv_msg+0x184/0x5d0
    [<ffffffffb6b6ad1e>] netlink_rcv_skb+0x5e/0x110
    [<ffffffffb6ada0e9>] rtnetlink_rcv+0x19/0x20
unreferenced object 0xffff8c1846e16800 (size 256):
  comm "ip", pid 7837, jiffies 4295135225 (age 258.160s)
  hex dump (first 32 bytes):
    00 20 f7 de 18 8c ff ff 00 00 00 00 00 00 00 00  . ..............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffffb60fb25c>] slab_post_alloc_hook+0x8c/0x3e0
    [<ffffffffb6102b39>] __kmem_cache_alloc_node+0x1d9/0x2a0
    [<ffffffffb607684e>] kmalloc_trace+0x2e/0xc0
    [<ffffffffb6dbc00b>] vlan_vid_add+0x11b/0x290
    [<ffffffffb6dbcffc>] vlan_device_event+0x19c/0x880
    [<ffffffffb5dde4d7>] raw_notifier_call_chain+0x47/0x70
    [<ffffffffb6ab6940>] call_netdevice_notifiers_info+0x50/0xa0
    [<ffffffffb6ac7574>] dev_open+0x94/0xa0
    [<ffffffffc177115e>] bond_enslave+0x34e/0x1840 [bonding]
    [<ffffffffb6ada6b0>] do_set_master+0x90/0xb0
    [<ffffffffb6adc5f4>] do_setlink+0x514/0x11f0
    [<ffffffffb6ae4507>] __rtnl_newlink+0x4e7/0xa10
    [<ffffffffb6ae4a8c>] rtnl_newlink+0x4c/0x70
    [<ffffffffb6adf334>] rtnetlink_rcv_msg+0x184/0x5d0
    [<ffffffffb6b6ad1e>] netlink_rcv_skb+0x5e/0x110
    [<ffffffffb6ada0e9>] rtnetlink_rcv+0x19/0x20
unreferenced object 0xffff8c184c5ff2a0 (size 32):
  comm "ip", pid 7837, jiffies 4295135225 (age 258.160s)
  hex dump (first 32 bytes):
    a0 68 e1 46 18 8c ff ff a0 68 e1 46 18 8c ff ff  .h.F.....h.F....
    81 00 00 00 01 00 00 00 cc cc cc cc cc cc cc cc  ................
  backtrace:
    [<ffffffffb60fb25c>] slab_post_alloc_hook+0x8c/0x3e0
    [<ffffffffb6102b39>] __kmem_cache_alloc_node+0x1d9/0x2a0
    [<ffffffffb607684e>] kmalloc_trace+0x2e/0xc0
    [<ffffffffb6dbc064>] vlan_vid_add+0x174/0x290
    [<ffffffffb6dbcffc>] vlan_device_event+0x19c/0x880
    [<ffffffffb5dde4d7>] raw_notifier_call_chain+0x47/0x70
    [<ffffffffb6ab6940>] call_netdevice_notifiers_info+0x50/0xa0
    [<ffffffffb6ac7574>] dev_open+0x94/0xa0
    [<ffffffffc177115e>] bond_enslave+0x34e/0x1840 [bonding]
    [<ffffffffb6ada6b0>] do_set_master+0x90/0xb0
    [<ffffffffb6adc5f4>] do_setlink+0x514/0x11f0
    [<ffffffffb6ae4507>] __rtnl_newlink+0x4e7/0xa10
    [<ffffffffb6ae4a8c>] rtnl_newlink+0x4c/0x70
    [<ffffffffb6adf334>] rtnetlink_rcv_msg+0x184/0x5d0
    [<ffffffffb6b6ad1e>] netlink_rcv_skb+0x5e/0x110
    [<ffffffffb6ada0e9>] rtnetlink_rcv+0x19/0x20

The platform is Ubuntu 22.10 with the latest Torvalds tree 6.3-rc5+ build commit cdc9718d5e59
on a Lenovo Ideapad 3 15ITL6.

The minimum reproducing tools/testing/selftest/Makefile is provided here:

→ https://domac.alu.unizg.hr/~mtodorov/linux/bugreports/drivers_net/

leaving only two test suites:

# TARGETS += drivers/s390x/uvdevice
TARGETS += drivers/net/bonding
TARGETS += drivers/net/team
# TARGETS += efivarfs

(Smaller one won't run, missing prerequisites.)

Please find the config, complete kmemleak and lshw output.

I am available for further data required.

(The Cc: list is from scripts/get_maintainers on net/core/rtnetlink.c).

Best regards,
Mirsad

-- 
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
 
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
The European Union

"I see something approaching fast ... Will it be friends with me?"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ