syzbot


memory leak in tcindex_set_parms

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+f0bbb2287b8993d4fa74@syzkaller.appspotmail.com
Fix commit: f5051bcece50 net: sched: fix memory leak in tcindex_partial_destroy_work
First crash: 966d, last: 480d
Patch testing requests:
Created Duration User Patch Repo Result
2021/06/03 21:58 17m paskripkin@gmail.com patch upstream OK

Sample crash report:
executing program
executing program
BUG: memory leak
unreferenced object 0xffff8881129d1600 (size 256):
  comm "syz-executor282", pid 8423, jiffies 4294943590 (age 13.100s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff837aa253>] kmalloc include/linux/slab.h:554 [inline]
    [<ffffffff837aa253>] kmalloc_array include/linux/slab.h:593 [inline]
    [<ffffffff837aa253>] kcalloc include/linux/slab.h:623 [inline]
    [<ffffffff837aa253>] tcf_exts_init include/net/pkt_cls.h:229 [inline]
    [<ffffffff837aa253>] tcindex_set_parms+0xa3/0xc30 net/sched/cls_tcindex.c:339
    [<ffffffff837aaec8>] tcindex_change+0xe8/0x120 net/sched/cls_tcindex.c:550
    [<ffffffff8372f391>] tc_new_tfilter+0x561/0x1120 net/sched/cls_api.c:2128
    [<ffffffff83695da2>] rtnetlink_rcv_msg+0x422/0x520 net/core/rtnetlink.c:5544
    [<ffffffff837cb247>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2502
    [<ffffffff837ca432>] netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
    [<ffffffff837ca432>] netlink_unicast+0x392/0x4c0 net/netlink/af_netlink.c:1338
    [<ffffffff837ca8c8>] netlink_sendmsg+0x368/0x6a0 net/netlink/af_netlink.c:1927
    [<ffffffff8363c346>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363c346>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8363c8ac>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2350
    [<ffffffff836408fb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2404
    [<ffffffff836409f8>] __sys_sendmsg+0x88/0x100 net/socket.c:2433
    [<ffffffff842e0f6d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff8881129d1100 (size 256):
  comm "syz-executor282", pid 8423, jiffies 4294943590 (age 13.100s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff837a9f9f>] kmalloc include/linux/slab.h:554 [inline]
    [<ffffffff837a9f9f>] kmalloc_array include/linux/slab.h:593 [inline]
    [<ffffffff837a9f9f>] kcalloc include/linux/slab.h:623 [inline]
    [<ffffffff837a9f9f>] tcf_exts_init include/net/pkt_cls.h:229 [inline]
    [<ffffffff837a9f9f>] tcindex_alloc_perfect_hash net/sched/cls_tcindex.c:312 [inline]
    [<ffffffff837a9f9f>] tcindex_alloc_perfect_hash+0x8f/0x140 net/sched/cls_tcindex.c:302
    [<ffffffff837aac2a>] tcindex_set_parms+0xa7a/0xc30 net/sched/cls_tcindex.c:437
    [<ffffffff837aaec8>] tcindex_change+0xe8/0x120 net/sched/cls_tcindex.c:550
    [<ffffffff8372f391>] tc_new_tfilter+0x561/0x1120 net/sched/cls_api.c:2128
    [<ffffffff83695da2>] rtnetlink_rcv_msg+0x422/0x520 net/core/rtnetlink.c:5544
    [<ffffffff837cb247>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2502
    [<ffffffff837ca432>] netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
    [<ffffffff837ca432>] netlink_unicast+0x392/0x4c0 net/netlink/af_netlink.c:1338
    [<ffffffff837ca8c8>] netlink_sendmsg+0x368/0x6a0 net/netlink/af_netlink.c:1927
    [<ffffffff8363c346>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363c346>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8363c8ac>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2350
    [<ffffffff836408fb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2404
    [<ffffffff836409f8>] __sys_sendmsg+0x88/0x100 net/socket.c:2433
    [<ffffffff842e0f6d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff8881129d1200 (size 256):
  comm "syz-executor282", pid 8423, jiffies 4294943590 (age 13.100s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff837a9f9f>] kmalloc include/linux/slab.h:554 [inline]
    [<ffffffff837a9f9f>] kmalloc_array include/linux/slab.h:593 [inline]
    [<ffffffff837a9f9f>] kcalloc include/linux/slab.h:623 [inline]
    [<ffffffff837a9f9f>] tcf_exts_init include/net/pkt_cls.h:229 [inline]
    [<ffffffff837a9f9f>] tcindex_alloc_perfect_hash net/sched/cls_tcindex.c:312 [inline]
    [<ffffffff837a9f9f>] tcindex_alloc_perfect_hash+0x8f/0x140 net/sched/cls_tcindex.c:302
    [<ffffffff837aac2a>] tcindex_set_parms+0xa7a/0xc30 net/sched/cls_tcindex.c:437
    [<ffffffff837aaec8>] tcindex_change+0xe8/0x120 net/sched/cls_tcindex.c:550
    [<ffffffff8372f391>] tc_new_tfilter+0x561/0x1120 net/sched/cls_api.c:2128
    [<ffffffff83695da2>] rtnetlink_rcv_msg+0x422/0x520 net/core/rtnetlink.c:5544
    [<ffffffff837cb247>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2502
    [<ffffffff837ca432>] netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
    [<ffffffff837ca432>] netlink_unicast+0x392/0x4c0 net/netlink/af_netlink.c:1338
    [<ffffffff837ca8c8>] netlink_sendmsg+0x368/0x6a0 net/netlink/af_netlink.c:1927
    [<ffffffff8363c346>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363c346>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8363c8ac>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2350
    [<ffffffff836408fb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2404
    [<ffffffff836409f8>] __sys_sendmsg+0x88/0x100 net/socket.c:2433
    [<ffffffff842e0f6d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae


Crashes (94):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2021/04/14 05:02 upstream eebe426d32e1 a184b83e .config log report syz C memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/02/19 23:39 upstream f40ddce88593 f689d40a .config log report syz C memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/02/18 14:01 upstream f40ddce88593 14052202 .config log report syz C memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/02/17 18:20 upstream f40ddce88593 052f8d9f .config log report syz C memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/02/17 03:32 upstream f40ddce88593 98682e5e .config log report syz C memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/02/14 16:55 upstream 358feceebbf6 98682e5e .config log report syz C memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/02/14 08:49 upstream ac30d8ce28d6 98682e5e .config log report syz C memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/02/09 00:46 upstream e0756cfc7d7c 2bd9619f .config log report syz C memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/02/02 07:33 upstream 88bb507a74ea e6b95f32 .config log report syz C memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/01/24 06:41 upstream e1ae4b0be158 52e37319 .config log report syz C memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/01/13 08:15 upstream e609571b5ffa 0cdd6185 .config log report syz C
ci-upstream-gce-leak 2021/01/07 02:55 upstream 9f1abbe97c08 c104d4a3 .config log report syz C
ci-upstream-gce-leak 2021/01/04 13:12 upstream e71ba9452f0b 79264ae3 .config log report syz C
ci-upstream-gce-leak 2020/12/16 15:59 upstream d635a69dd498 f213e07e .config log report syz C
ci-upstream-gce-leak 2020/12/14 02:44 upstream 6bff9bb8a292 b22a7ec3 .config log report syz C
ci-upstream-gce-leak 2020/12/03 14:21 upstream 34816d20f173 e6b0d314 .config log report syz C
ci-upstream-gce-leak 2020/11/27 02:04 upstream 4df910620beb 1d2b823e .config log report syz C
ci-upstream-gce-leak 2020/09/03 00:55 upstream 9c7d619be5a0 abf9ba4f .config log report syz C
ci-upstream-gce-leak 2020/09/03 00:06 upstream 9c7d619be5a0 abf9ba4f .config log report syz C
ci-upstream-gce-leak 2020/09/02 06:06 upstream b765a32a2e91 abf9ba4f .config log report syz C
ci-upstream-gce-leak 2020/09/01 12:38 upstream b51594df17d0 d5a3ae1f .config log report syz C
ci-upstream-gce-leak 2020/08/31 04:45 upstream dcc5c6f013d8 d5a3ae1f .config log report syz C
ci-upstream-gce-leak 2020/08/30 22:52 upstream 1127b219ce94 d5a3ae1f .config log report syz C
ci-upstream-gce-leak 2020/08/30 14:40 upstream 1127b219ce94 d5a3ae1f .config log report syz C
ci-upstream-gce-leak 2020/08/30 00:58 upstream 4d41ead6ead9 d5a3ae1f .config log report syz C
ci-upstream-gce-leak 2020/08/22 04:02 upstream cd02217a5d81 6436ce4b .config log report syz C
ci-upstream-gce-leak 2020/08/19 23:17 upstream 18445bf405cb 94b45706 .config log report syz C
ci-upstream-gce-leak 2020/08/17 19:53 upstream 9123e3a74ec7 424dd8e7 .config log report syz C
ci-upstream-gce-leak 2020/08/13 08:28 upstream fb893de323e2 bc15f7db .config log report syz C
ci-upstream-gce-leak 2020/08/09 09:21 upstream 06a81c1c7db9 f721e4a0 .config log report syz C
ci-upstream-gce-leak 2020/08/07 17:42 upstream d6efb3ac3e6c cb436c69 .config log report syz C
ci-upstream-gce-leak 2020/08/03 08:23 upstream 5a30a78924ec 196277c4 .config log report syz C
ci-upstream-gce-leak 2020/08/01 00:00 upstream d8b9faec54ae d895b3be .config log report syz C
ci-upstream-gce-leak 2020/07/31 00:57 upstream 83bdc7275e62 8df85ed9 .config log report syz C
ci-upstream-gce-leak 2020/07/29 03:23 upstream 6ba1b005ffc3 cb93dc6a .config log report syz C
ci-upstream-gce-leak 2020/07/24 08:01 upstream d15be546031c 70c104a1 .config log report syz C
ci-upstream-gce-leak 2020/07/24 07:15 upstream d15be546031c 70c104a1 .config log report syz C
ci-upstream-gce-leak 2020/07/19 10:28 upstream f932d58abc38 9c812472 .config log report syz C
ci-upstream-gce-leak 2020/07/18 14:21 upstream 6a70f89cc58f 9c812472 .config log report syz C
ci-upstream-gce-leak 2020/03/07 04:36 upstream fb279f4e2386 fd2a5f28 .config log report syz C
ci-upstream-gce-leak 2020/03/02 07:11 upstream 63623fd44972 c88c7b75 .config log report syz C
ci-upstream-gce-leak 2020/02/22 22:36 upstream 54dedb5b571d 2c36e7a7 .config log report syz C
ci-upstream-gce-leak 2020/02/21 22:48 upstream ca7e1fd1026c 2ffa6679 .config log report syz C
ci-upstream-gce-leak 2020/02/20 13:08 upstream ca7e1fd1026c 81230308 .config log report syz C
ci-upstream-gce-leak 2020/02/16 16:35 upstream db70e26e33ee cf914200 .config log report syz C
ci-upstream-gce-leak 2020/02/14 18:13 upstream b19e8c684703 5d7b90f1 .config log report syz C
ci-upstream-gce-leak 2020/02/04 10:12 upstream 322bf2d3446a 93e5e335 .config log report syz C
ci-upstream-gce-leak 2021/06/03 22:07 upstream 324c92e5e0ee 0740de69 .config log report syz memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/05/19 01:10 upstream 8ac91e6c6033 a343ba6b .config log report syz memory leak in tcindex_set_parms
ci-upstream-gce-leak 2021/03/02 16:55 upstream 7a7fd0de4a98 92ead296 .config log report syz memory leak in tcindex_set_parms
ci-upstream-gce-leak 2020/09/22 03:22 upstream ba4f184e126b 9e1fa68e .config log report syz
ci-upstream-gce-leak 2020/09/09 17:47 upstream 34d4ddd359db 0ea7a887 .config log report syz
ci-upstream-gce-leak 2020/07/30 13:32 upstream d3590ebf6f91 233283a1 .config log report syz
ci-upstream-gce-leak 2020/07/28 09:35 upstream 92ed30191993 cb93dc6a .config log report syz
* Struck through repros no longer work on HEAD.