kcm: memory leak in kcm_sendmsg
61 views
Skip to first unread message
Dmitry Vyukov
Jan 9, 2018, 12:14:58 PM1/9/18
to David Miller, Tom Herbert, Cong Wang, Al Viro, Eric Dumazet, xiaol...@gmail.com, Tobias Klauser, Eric Biggers, netdev, LKML, syzkaller
Hello,
syzkaller has discovered the following memory leak:
unreferenced object 0xffff8800655d5e20 (size 512):
comm "a.out", pid 10342, jiffies 4295928494 (age 24.051s)
hex dump (first 32 bytes):
80 6b 5d 65 00 88 ff ff 69 63 65 73 2f 76 69 72 .k]e....ices/vir
74 75 61 6c 2f 6e 65 74 2f 74 75 6e 6c 30 2f 71 tual/net/tunl0/q
backtrace:
[<0000000017222de2>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<0000000017222de2>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<0000000017222de2>] slab_alloc_node mm/slub.c:2725 [inline]
[<0000000017222de2>] __kmalloc_node_track_caller+0x19f/0x360 mm/slub.c:4320
[<00000000468595b2>] __kmalloc_reserve.isra.39+0x3a/0xe0
net/core/skbuff.c:137
[<000000005d645735>] __alloc_skb+0x144/0x7c0 net/core/skbuff.c:205
[<0000000076b4c539>] alloc_skb include/linux/skbuff.h:983 [inline]
[<0000000076b4c539>] kcm_sendmsg+0x66a/0x2480 net/kcm/kcmsock.c:968
[<0000000035be3c2b>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<0000000035be3c2b>] sock_sendmsg+0xd2/0x120 net/socket.c:646
[<00000000abbae6ad>] SYSC_sendto+0x3de/0x640 net/socket.c:1727
[<00000000b55ba03b>] SyS_sendto+0x40/0x50 net/socket.c:1695
[<000000005d14bb62>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<0000000000cf1810>] 0xffffffffffffffff
unreferenced object 0xffff880053801e40 (size 232):
comm "a.out", pid 10342, jiffies 4295928494 (age 24.051s)
hex dump (first 32 bytes):
c0 20 80 53 00 88 ff ff 00 00 00 00 00 00 00 00 . .S............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000519e860b>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000519e860b>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000519e860b>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000519e860b>] kmem_cache_alloc_node+0x12d/0x2a0 mm/slub.c:2761
[<000000001a066279>] __alloc_skb+0x103/0x7c0 net/core/skbuff.c:193
[<0000000076b4c539>] alloc_skb include/linux/skbuff.h:983 [inline]
[<0000000076b4c539>] kcm_sendmsg+0x66a/0x2480 net/kcm/kcmsock.c:968
[<0000000035be3c2b>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<0000000035be3c2b>] sock_sendmsg+0xd2/0x120 net/socket.c:646
[<00000000abbae6ad>] SYSC_sendto+0x3de/0x640 net/socket.c:1727
[<00000000b55ba03b>] SyS_sendto+0x40/0x50 net/socket.c:1695
[<000000005d14bb62>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<0000000000cf1810>] 0xffffffffffffffff
Reproducer is attached. On 4.15-rc7.
syzkaller has discovered the following memory leak:
unreferenced object 0xffff8800655d5e20 (size 512):
comm "a.out", pid 10342, jiffies 4295928494 (age 24.051s)
hex dump (first 32 bytes):
80 6b 5d 65 00 88 ff ff 69 63 65 73 2f 76 69 72 .k]e....ices/vir
74 75 61 6c 2f 6e 65 74 2f 74 75 6e 6c 30 2f 71 tual/net/tunl0/q
backtrace:
[<0000000017222de2>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<0000000017222de2>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<0000000017222de2>] slab_alloc_node mm/slub.c:2725 [inline]
[<0000000017222de2>] __kmalloc_node_track_caller+0x19f/0x360 mm/slub.c:4320
[<00000000468595b2>] __kmalloc_reserve.isra.39+0x3a/0xe0
net/core/skbuff.c:137
[<000000005d645735>] __alloc_skb+0x144/0x7c0 net/core/skbuff.c:205
[<0000000076b4c539>] alloc_skb include/linux/skbuff.h:983 [inline]
[<0000000076b4c539>] kcm_sendmsg+0x66a/0x2480 net/kcm/kcmsock.c:968
[<0000000035be3c2b>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<0000000035be3c2b>] sock_sendmsg+0xd2/0x120 net/socket.c:646
[<00000000abbae6ad>] SYSC_sendto+0x3de/0x640 net/socket.c:1727
[<00000000b55ba03b>] SyS_sendto+0x40/0x50 net/socket.c:1695
[<000000005d14bb62>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<0000000000cf1810>] 0xffffffffffffffff
unreferenced object 0xffff880053801e40 (size 232):
comm "a.out", pid 10342, jiffies 4295928494 (age 24.051s)
hex dump (first 32 bytes):
c0 20 80 53 00 88 ff ff 00 00 00 00 00 00 00 00 . .S............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000519e860b>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000519e860b>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000519e860b>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000519e860b>] kmem_cache_alloc_node+0x12d/0x2a0 mm/slub.c:2761
[<000000001a066279>] __alloc_skb+0x103/0x7c0 net/core/skbuff.c:193
[<0000000076b4c539>] alloc_skb include/linux/skbuff.h:983 [inline]
[<0000000076b4c539>] kcm_sendmsg+0x66a/0x2480 net/kcm/kcmsock.c:968
[<0000000035be3c2b>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<0000000035be3c2b>] sock_sendmsg+0xd2/0x120 net/socket.c:646
[<00000000abbae6ad>] SYSC_sendto+0x3de/0x640 net/socket.c:1727
[<00000000b55ba03b>] SyS_sendto+0x40/0x50 net/socket.c:1695
[<000000005d14bb62>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<0000000000cf1810>] 0xffffffffffffffff
Reproducer is attached. On 4.15-rc7.
Reply all
Reply to author
Forward
0 new messages