memory leak in tcindex_set

memory leak in tcindex_set_parms
Status: upstream: reported C repro on 2020/02/04 17:58
Reported-by: syzbot+f0bbb2287b8993d4fa74@syzkaller.appspotmail.com
First crash: 17d, last: 2h57m

Sample crash report:

executing program
BUG: memory leak
unreferenced object 0xffff888112068b00 (size 256):
  comm "syz-executor161", pid 7163, jiffies 4294941488 (age 14.110s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000db50ac05>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000db50ac05>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000db50ac05>] slab_alloc mm/slab.c:3320 [inline]
    [<00000000db50ac05>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3549
    [<000000000f746fc2>] kmalloc include/linux/slab.h:555 [inline]
    [<000000000f746fc2>] kmalloc_array include/linux/slab.h:596 [inline]
    [<000000000f746fc2>] kcalloc include/linux/slab.h:608 [inline]
    [<000000000f746fc2>] tcf_exts_init include/net/pkt_cls.h:210 [inline]
    [<000000000f746fc2>] tcindex_set_parms+0xac/0x9e0 net/sched/cls_tcindex.c:313
    [<00000000a9e9c9f9>] tcindex_change+0xd8/0x110 net/sched/cls_tcindex.c:518
    [<00000000054c6b2b>] tc_new_tfilter+0x566/0xf50 net/sched/cls_api.c:2103
    [<00000000b87c12c8>] rtnetlink_rcv_msg+0x3b2/0x4b0 net/core/rtnetlink.c:5429
    [<00000000bbda2caf>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
    [<00000000bf631a7a>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5456
    [<00000000de8b2ded>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
    [<00000000de8b2ded>] netlink_unicast+0x223/0x310 net/netlink/af_netlink.c:1328
    [<0000000037d915ce>] netlink_sendmsg+0x2c0/0x570 net/netlink/af_netlink.c:1917
    [<00000000e7d3091f>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<00000000e7d3091f>] sock_sendmsg+0x54/0x70 net/socket.c:672
    [<00000000159e7fcb>] ____sys_sendmsg+0x2d0/0x300 net/socket.c:2343
    [<00000000de7a4210>] ___sys_sendmsg+0x8a/0xd0 net/socket.c:2397
    [<00000000b5ddfc45>] __sys_sendmsg+0x80/0xf0 net/socket.c:2430
    [<0000000079c008e7>] __do_sys_sendmsg net/socket.c:2439 [inline]
    [<0000000079c008e7>] __se_sys_sendmsg net/socket.c:2437 [inline]
    [<0000000079c008e7>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2437
    [<000000002c5653d2>] do_syscall_64+0x73/0x220 arch/x86/entry/common.c:294
    [<000000002e0a8699>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888112068800 (size 256):
  comm "syz-executor161", pid 7163, jiffies 4294941488 (age 14.110s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000db50ac05>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000db50ac05>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000db50ac05>] slab_alloc mm/slab.c:3320 [inline]
    [<00000000db50ac05>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3549
    [<000000006bc840e0>] kmalloc include/linux/slab.h:555 [inline]
    [<000000006bc840e0>] kmalloc_array include/linux/slab.h:596 [inline]
    [<000000006bc840e0>] kcalloc include/linux/slab.h:608 [inline]
    [<000000006bc840e0>] tcf_exts_init include/net/pkt_cls.h:210 [inline]
    [<000000006bc840e0>] tcindex_alloc_perfect_hash net/sched/cls_tcindex.c:287 [inline]
    [<000000006bc840e0>] tcindex_alloc_perfect_hash+0x8f/0xf0 net/sched/cls_tcindex.c:277
    [<00000000887dedbd>] tcindex_set_parms+0x8b4/0x9e0 net/sched/cls_tcindex.c:405
    [<00000000a9e9c9f9>] tcindex_change+0xd8/0x110 net/sched/cls_tcindex.c:518
    [<00000000054c6b2b>] tc_new_tfilter+0x566/0xf50 net/sched/cls_api.c:2103
    [<00000000b87c12c8>] rtnetlink_rcv_msg+0x3b2/0x4b0 net/core/rtnetlink.c:5429
    [<00000000bbda2caf>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
    [<00000000bf631a7a>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5456
    [<00000000de8b2ded>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
    [<00000000de8b2ded>] netlink_unicast+0x223/0x310 net/netlink/af_netlink.c:1328
    [<0000000037d915ce>] netlink_sendmsg+0x2c0/0x570 net/netlink/af_netlink.c:1917
    [<00000000e7d3091f>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<00000000e7d3091f>] sock_sendmsg+0x54/0x70 net/socket.c:672
    [<00000000159e7fcb>] ____sys_sendmsg+0x2d0/0x300 net/socket.c:2343
    [<00000000de7a4210>] ___sys_sendmsg+0x8a/0xd0 net/socket.c:2397
    [<00000000b5ddfc45>] __sys_sendmsg+0x80/0xf0 net/socket.c:2430
    [<0000000079c008e7>] __do_sys_sendmsg net/socket.c:2439 [inline]
    [<0000000079c008e7>] __se_sys_sendmsg net/socket.c:2437 [inline]
    [<0000000079c008e7>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2437
    [<000000002c5653d2>] do_syscall_64+0x73/0x220 arch/x86/entry/common.c:294

BUG: memory leak
unreferenced object 0xffff888112068700 (size 256):
  comm "syz-executor161", pid 7163, jiffies 4294941488 (age 14.110s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000db50ac05>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000db50ac05>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000db50ac05>] slab_alloc mm/slab.c:3320 [inline]
    [<00000000db50ac05>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3549
    [<000000006bc840e0>] kmalloc include/linux/slab.h:555 [inline]
    [<000000006bc840e0>] kmalloc_array include/linux/slab.h:596 [inline]
    [<000000006bc840e0>] kcalloc include/linux/slab.h:608 [inline]
    [<000000006bc840e0>] tcf_exts_init include/net/pkt_cls.h:210 [inline]
    [<000000006bc840e0>] tcindex_alloc_perfect_hash net/sched/cls_tcindex.c:287 [inline]
    [<000000006bc840e0>] tcindex_alloc_perfect_hash+0x8f/0xf0 net/sched/cls_tcindex.c:277
    [<00000000887dedbd>] tcindex_set_parms+0x8b4/0x9e0 net/sched/cls_tcindex.c:405
    [<00000000a9e9c9f9>] tcindex_change+0xd8/0x110 net/sched/cls_tcindex.c:518
    [<00000000054c6b2b>] tc_new_tfilter+0x566/0xf50 net/sched/cls_api.c:2103
    [<00000000b87c12c8>] rtnetlink_rcv_msg+0x3b2/0x4b0 net/core/rtnetlink.c:5429
    [<00000000bbda2caf>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
    [<00000000bf631a7a>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5456
    [<00000000de8b2ded>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
    [<00000000de8b2ded>] netlink_unicast+0x223/0x310 net/netlink/af_netlink.c:1328
    [<0000000037d915ce>] netlink_sendmsg+0x2c0/0x570 net/netlink/af_netlink.c:1917
    [<00000000e7d3091f>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<00000000e7d3091f>] sock_sendmsg+0x54/0x70 net/socket.c:672
    [<00000000159e7fcb>] ____sys_sendmsg+0x2d0/0x300 net/socket.c:2343
    [<00000000de7a4210>] ___sys_sendmsg+0x8a/0xd0 net/socket.c:2397
    [<00000000b5ddfc45>] __sys_sendmsg+0x80/0xf0 net/socket.c:2430
    [<0000000079c008e7>] __do_sys_sendmsg net/socket.c:2439 [inline]
    [<0000000079c008e7>] __se_sys_sendmsg net/socket.c:2437 [inline]
    [<0000000079c008e7>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2437
    [<000000002c5653d2>] do_syscall_64+0x73/0x220 arch/x86/entry/common.c:294

Crashes (5):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-gce-leak	2020/02/21 22:48	upstream	ca7e1fd1	2ffa6679	.config	log	report	syz	C	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-gce-leak	2020/02/20 13:08	upstream	ca7e1fd1	81230308	.config	log	report	syz	C	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-gce-leak	2020/02/16 16:35	upstream	db70e26e	cf914200	.config	log	report	syz	C	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-gce-leak	2020/02/14 18:13	upstream	b19e8c68	5d7b90f1	.config	log	report	syz	C	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-gce-leak	2020/02/04 10:12	upstream	322bf2d3	93e5e335	.config	log	report	syz	C	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com