memory leak in tcindex_set

memory leak in tcindex_set_parms
Status: upstream: reported C repro on 2020/02/04 17:58
Reported-by: syzbot+f0bbb2287b8993d4fa74@syzkaller.appspotmail.com
Fix commit: f5051bcece50 net: sched: fix memory leak in tcindex_partial_destroy_work
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce], missing on: [ci-qemu2-arm32 ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci2-upstream-usb]
First crash: 536d, last: 50d

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/06/03 21:58	17m	paskripkin@gmail.com	patch	upstream	OK

Sample crash report:

executing program
executing program
BUG: memory leak
unreferenced object 0xffff8881129d1600 (size 256):
  comm "syz-executor282", pid 8423, jiffies 4294943590 (age 13.100s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff837aa253>] kmalloc include/linux/slab.h:554 [inline]
    [<ffffffff837aa253>] kmalloc_array include/linux/slab.h:593 [inline]
    [<ffffffff837aa253>] kcalloc include/linux/slab.h:623 [inline]
    [<ffffffff837aa253>] tcf_exts_init include/net/pkt_cls.h:229 [inline]
    [<ffffffff837aa253>] tcindex_set_parms+0xa3/0xc30 net/sched/cls_tcindex.c:339
    [<ffffffff837aaec8>] tcindex_change+0xe8/0x120 net/sched/cls_tcindex.c:550
    [<ffffffff8372f391>] tc_new_tfilter+0x561/0x1120 net/sched/cls_api.c:2128
    [<ffffffff83695da2>] rtnetlink_rcv_msg+0x422/0x520 net/core/rtnetlink.c:5544
    [<ffffffff837cb247>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2502
    [<ffffffff837ca432>] netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
    [<ffffffff837ca432>] netlink_unicast+0x392/0x4c0 net/netlink/af_netlink.c:1338
    [<ffffffff837ca8c8>] netlink_sendmsg+0x368/0x6a0 net/netlink/af_netlink.c:1927
    [<ffffffff8363c346>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363c346>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8363c8ac>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2350
    [<ffffffff836408fb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2404
    [<ffffffff836409f8>] __sys_sendmsg+0x88/0x100 net/socket.c:2433
    [<ffffffff842e0f6d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff8881129d1100 (size 256):
  comm "syz-executor282", pid 8423, jiffies 4294943590 (age 13.100s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff837a9f9f>] kmalloc include/linux/slab.h:554 [inline]
    [<ffffffff837a9f9f>] kmalloc_array include/linux/slab.h:593 [inline]
    [<ffffffff837a9f9f>] kcalloc include/linux/slab.h:623 [inline]
    [<ffffffff837a9f9f>] tcf_exts_init include/net/pkt_cls.h:229 [inline]
    [<ffffffff837a9f9f>] tcindex_alloc_perfect_hash net/sched/cls_tcindex.c:312 [inline]
    [<ffffffff837a9f9f>] tcindex_alloc_perfect_hash+0x8f/0x140 net/sched/cls_tcindex.c:302
    [<ffffffff837aac2a>] tcindex_set_parms+0xa7a/0xc30 net/sched/cls_tcindex.c:437
    [<ffffffff837aaec8>] tcindex_change+0xe8/0x120 net/sched/cls_tcindex.c:550
    [<ffffffff8372f391>] tc_new_tfilter+0x561/0x1120 net/sched/cls_api.c:2128
    [<ffffffff83695da2>] rtnetlink_rcv_msg+0x422/0x520 net/core/rtnetlink.c:5544
    [<ffffffff837cb247>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2502
    [<ffffffff837ca432>] netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
    [<ffffffff837ca432>] netlink_unicast+0x392/0x4c0 net/netlink/af_netlink.c:1338
    [<ffffffff837ca8c8>] netlink_sendmsg+0x368/0x6a0 net/netlink/af_netlink.c:1927
    [<ffffffff8363c346>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363c346>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8363c8ac>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2350
    [<ffffffff836408fb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2404
    [<ffffffff836409f8>] __sys_sendmsg+0x88/0x100 net/socket.c:2433
    [<ffffffff842e0f6d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff8881129d1200 (size 256):
  comm "syz-executor282", pid 8423, jiffies 4294943590 (age 13.100s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff837a9f9f>] kmalloc include/linux/slab.h:554 [inline]
    [<ffffffff837a9f9f>] kmalloc_array include/linux/slab.h:593 [inline]
    [<ffffffff837a9f9f>] kcalloc include/linux/slab.h:623 [inline]
    [<ffffffff837a9f9f>] tcf_exts_init include/net/pkt_cls.h:229 [inline]
    [<ffffffff837a9f9f>] tcindex_alloc_perfect_hash net/sched/cls_tcindex.c:312 [inline]
    [<ffffffff837a9f9f>] tcindex_alloc_perfect_hash+0x8f/0x140 net/sched/cls_tcindex.c:302
    [<ffffffff837aac2a>] tcindex_set_parms+0xa7a/0xc30 net/sched/cls_tcindex.c:437
    [<ffffffff837aaec8>] tcindex_change+0xe8/0x120 net/sched/cls_tcindex.c:550
    [<ffffffff8372f391>] tc_new_tfilter+0x561/0x1120 net/sched/cls_api.c:2128
    [<ffffffff83695da2>] rtnetlink_rcv_msg+0x422/0x520 net/core/rtnetlink.c:5544
    [<ffffffff837cb247>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2502
    [<ffffffff837ca432>] netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
    [<ffffffff837ca432>] netlink_unicast+0x392/0x4c0 net/netlink/af_netlink.c:1338
    [<ffffffff837ca8c8>] netlink_sendmsg+0x368/0x6a0 net/netlink/af_netlink.c:1927
    [<ffffffff8363c346>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363c346>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8363c8ac>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2350
    [<ffffffff836408fb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2404
    [<ffffffff836409f8>] __sys_sendmsg+0x88/0x100 net/socket.c:2433
    [<ffffffff842e0f6d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

Crashes (94):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Title
ci-upstream-gce-leak	2021/04/14 05:02	upstream	eebe426d32e1	a184b83e	.config	log	report	syz	C	memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/02/19 23:39	upstream	f40ddce88593	f689d40a	.config	log	report	syz	C	memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/02/18 14:01	upstream	f40ddce88593	14052202	.config	log	report	syz	C	memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/02/17 18:20	upstream	f40ddce88593	052f8d9f	.config	log	report	syz	C	memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/02/17 03:32	upstream	f40ddce88593	98682e5e	.config	log	report	syz	C	memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/02/14 16:55	upstream	358feceebbf6	98682e5e	.config	log	report	syz	C	memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/02/14 08:49	upstream	ac30d8ce28d6	98682e5e	.config	log	report	syz	C	memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/02/09 00:46	upstream	e0756cfc7d7c	2bd9619f	.config	log	report	syz	C	memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/02/02 07:33	upstream	88bb507a74ea	e6b95f32	.config	log	report	syz	C	memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/01/24 06:41	upstream	e1ae4b0be158	52e37319	.config	log	report	syz	C	memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/01/13 08:15	upstream	e609571b5ffa	0cdd6185	.config	log	report	syz	C
ci-upstream-gce-leak	2021/01/07 02:55	upstream	9f1abbe97c08	c104d4a3	.config	log	report	syz	C
ci-upstream-gce-leak	2021/01/04 13:12	upstream	e71ba9452f0b	79264ae3	.config	log	report	syz	C
ci-upstream-gce-leak	2020/12/16 15:59	upstream	d635a69dd498	f213e07e	.config	log	report	syz	C
ci-upstream-gce-leak	2020/12/14 02:44	upstream	6bff9bb8a292	b22a7ec3	.config	log	report	syz	C
ci-upstream-gce-leak	2020/12/03 14:21	upstream	34816d20f173	e6b0d314	.config	log	report	syz	C
ci-upstream-gce-leak	2020/11/27 02:04	upstream	4df910620beb	1d2b823e	.config	log	report	syz	C
ci-upstream-gce-leak	2020/09/03 00:55	upstream	9c7d619be5a0	abf9ba4f	.config	log	report	syz	C
ci-upstream-gce-leak	2020/09/03 00:06	upstream	9c7d619be5a0	abf9ba4f	.config	log	report	syz	C
ci-upstream-gce-leak	2020/09/02 06:06	upstream	b765a32a2e91	abf9ba4f	.config	log	report	syz	C
ci-upstream-gce-leak	2020/09/01 12:38	upstream	b51594df17d0	d5a3ae1f	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/31 04:45	upstream	dcc5c6f013d8	d5a3ae1f	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/30 22:52	upstream	1127b219ce94	d5a3ae1f	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/30 14:40	upstream	1127b219ce94	d5a3ae1f	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/30 00:58	upstream	4d41ead6ead9	d5a3ae1f	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/22 04:02	upstream	cd02217a5d81	6436ce4b	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/19 23:17	upstream	18445bf405cb	94b45706	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/17 19:53	upstream	9123e3a74ec7	424dd8e7	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/13 08:28	upstream	fb893de323e2	bc15f7db	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/09 09:21	upstream	06a81c1c7db9	f721e4a0	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/07 17:42	upstream	d6efb3ac3e6c	cb436c69	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/03 08:23	upstream	5a30a78924ec	196277c4	.config	log	report	syz	C
ci-upstream-gce-leak	2020/08/01 00:00	upstream	d8b9faec54ae	d895b3be	.config	log	report	syz	C
ci-upstream-gce-leak	2020/07/31 00:57	upstream	83bdc7275e62	8df85ed9	.config	log	report	syz	C
ci-upstream-gce-leak	2020/07/29 03:23	upstream	6ba1b005ffc3	cb93dc6a	.config	log	report	syz	C
ci-upstream-gce-leak	2020/07/24 08:01	upstream	d15be546031c	70c104a1	.config	log	report	syz	C
ci-upstream-gce-leak	2020/07/24 07:15	upstream	d15be546031c	70c104a1	.config	log	report	syz	C
ci-upstream-gce-leak	2020/07/19 10:28	upstream	f932d58abc38	9c812472	.config	log	report	syz	C
ci-upstream-gce-leak	2020/07/18 14:21	upstream	6a70f89cc58f	9c812472	.config	log	report	syz	C
ci-upstream-gce-leak	2020/03/07 04:36	upstream	fb279f4e2386	fd2a5f28	.config	log	report	syz	C
ci-upstream-gce-leak	2020/03/02 07:11	upstream	63623fd44972	c88c7b75	.config	log	report	syz	C
ci-upstream-gce-leak	2020/02/22 22:36	upstream	54dedb5b571d	2c36e7a7	.config	log	report	syz	C
ci-upstream-gce-leak	2020/02/21 22:48	upstream	ca7e1fd1026c	2ffa6679	.config	log	report	syz	C
ci-upstream-gce-leak	2020/02/20 13:08	upstream	ca7e1fd1026c	81230308	.config	log	report	syz	C
ci-upstream-gce-leak	2020/02/16 16:35	upstream	db70e26e33ee	cf914200	.config	log	report	syz	C
ci-upstream-gce-leak	2020/02/14 18:13	upstream	b19e8c684703	5d7b90f1	.config	log	report	syz	C
ci-upstream-gce-leak	2020/02/04 10:12	upstream	322bf2d3446a	93e5e335	.config	log	report	syz	C
ci-upstream-gce-leak	2021/06/03 22:07	upstream	324c92e5e0ee	0740de69	.config	log	report	syz		memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/05/19 01:10	upstream	8ac91e6c6033	a343ba6b	.config	log	report	syz		memory leak in tcindex_set_parms
ci-upstream-gce-leak	2021/03/02 16:55	upstream	7a7fd0de4a98	92ead296	.config	log	report	syz		memory leak in tcindex_set_parms
ci-upstream-gce-leak	2020/09/22 03:22	upstream	ba4f184e126b	9e1fa68e	.config	log	report	syz
ci-upstream-gce-leak	2020/09/09 17:47	upstream	34d4ddd359db	0ea7a887	.config	log	report	syz
ci-upstream-gce-leak	2020/07/30 13:32	upstream	d3590ebf6f91	233283a1	.config	log	report	syz
ci-upstream-gce-leak	2020/07/28 09:35	upstream	92ed30191993	cb93dc6a	.config	log	report	syz