tipc: memory leak in tipc_nl_node_get_link
27 views
Skip to first unread message
Dmitry Vyukov
Jan 9, 2018, 1:02:01 PM1/9/18
to Jon Maloy, Ying Xue, David Miller, netdev, tipc-di...@lists.sourceforge.net, LKML, syzkaller
Hello,
syzkaller has hit the following memory leak on 4.15-rc7.
It seems that tipc_nl_node_get_link() fails to free the skb when
tipc_node_find_by_name() fails.
5:58:28 KMEMLEAK READ1 1071
[ 386.810943] kmemleak: 2 new suspected memory leaks, 0 unleaked (see
/sys/kernel/debug/kmemleak)
2018/01/09 15:58:31 KMEMLEAK READ2 2225
2018/01/09 15:58:31 BUG: memory leak
eferenced object 0xffff88002a782280 (size 232):
comm "syz-executor2", pid 6844, jiffies 4295044059 (age 10.220s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000c914c2d7>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000c914c2d7>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000c914c2d7>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000c914c2d7>] kmem_cache_alloc_node+0x12d/0x2a0 mm/slub.c:2761
[<000000007ed8c8b5>] __alloc_skb+0x103/0x7c0 net/core/skbuff.c:193
[<0000000023449dd8>] nlmsg_new include/linux/skbuff.h:983 [inline]
[<0000000023449dd8>] tipc_nl_node_get_link+0x1d4/0x6b0 net/tipc/node.c:1877
[<0000000019b652e1>] genl_family_rcv_msg+0x881/0x1110
net/netlink/genetlink.c:599
[<000000009c0a85f1>] genl_rcv_msg+0xc6/0x170 net/netlink/genetlink.c:624
[<00000000052c4d51>] netlink_rcv_skb+0x275/0x550
net/netlink/af_netlink.c:2408
[<00000000d5ae339c>] genl_rcv+0x28/0x40 net/netlink/genetlink.c:635
[<000000004cb4e55b>] netlink_unicast_kernel
net/netlink/af_netlink.c:1275 [inline]
[<000000004cb4e55b>] netlink_unicast+0x567/0x710
net/netlink/af_netlink.c:1301
[<00000000bc52e4f5>] netlink_sendmsg+0x9c4/0xf60
net/netlink/af_netlink.c:1864
[<00000000cc6816f5>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<00000000cc6816f5>] sock_sendmsg+0xd2/0x120 net/socket.c:646
[<00000000db8490cd>] ___sys_sendmsg+0x7f6/0x930 net/socket.c:2026
[<0000000097919974>] __sys_sendmsg+0xe6/0x220 net/socket.c:2060
[<000000000334a861>] SYSC_sendmsg net/socket.c:2071 [inline]
[<000000000334a861>] SyS_sendmsg+0x36/0x60 net/socket.c:2067
[<0000000008a3e08e>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<0000000094cce38d>] 0xffffffffffffffff
2018/01/09 15:58:31 BUG: memory leak
unreferenced object 0xffff880017894200 (size 8192):
comm "syz-executor2", pid 6844, jiffies 4295044059 (age 10.233s)
hex dump (first 32 bytes):
00 21 89 17 00 88 ff ff 00 00 00 00 00 00 00 00 .!..............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000b0c26949>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000b0c26949>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000b0c26949>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000b0c26949>] __kmalloc_node_track_caller+0x19f/0x360 mm/slub.c:4320
[<0000000061c65883>] __kmalloc_reserve.isra.39+0x3a/0xe0
net/core/skbuff.c:137
[<00000000dba6a120>] __alloc_skb+0x144/0x7c0 net/core/skbuff.c:205
[<0000000023449dd8>] nlmsg_new include/linux/skbuff.h:983 [inline]
[<0000000023449dd8>] tipc_nl_node_get_link+0x1d4/0x6b0 net/tipc/node.c:1877
[<0000000019b652e1>] genl_family_rcv_msg+0x881/0x1110
net/netlink/genetlink.c:599
[<000000009c0a85f1>] genl_rcv_msg+0xc6/0x170 net/netlink/genetlink.c:624
[<00000000052c4d51>] netlink_rcv_skb+0x275/0x550
net/netlink/af_netlink.c:2408
[<00000000d5ae339c>] genl_rcv+0x28/0x40 net/netlink/genetlink.c:635
[<000000004cb4e55b>] netlink_unicast_kernel
net/netlink/af_netlink.c:1275 [inline]
[<000000004cb4e55b>] netlink_unicast+0x567/0x710
net/netlink/af_netlink.c:1301
[<00000000bc52e4f5>] netlink_sendmsg+0x9c4/0xf60
net/netlink/af_netlink.c:1864
[<00000000cc6816f5>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<00000000cc6816f5>] sock_sendmsg+0xd2/0x120 net/socket.c:646
[<00000000db8490cd>] ___sys_sendmsg+0x7f6/0x930 net/socket.c:2026
[<0000000097919974>] __sys_sendmsg+0xe6/0x220 net/socket.c:2060
[<000000000334a861>] SYSC_sendmsg net/socket.c:2071 [inline]
[<000000000334a861>] SyS_sendmsg+0x36/0x60 net/socket.c:2067
[<0000000008a3e08e>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<0000000094cce38d>] 0xffffffffffffffff
syzkaller has hit the following memory leak on 4.15-rc7.
It seems that tipc_nl_node_get_link() fails to free the skb when
tipc_node_find_by_name() fails.
5:58:28 KMEMLEAK READ1 1071
[ 386.810943] kmemleak: 2 new suspected memory leaks, 0 unleaked (see
/sys/kernel/debug/kmemleak)
2018/01/09 15:58:31 KMEMLEAK READ2 2225
2018/01/09 15:58:31 BUG: memory leak
eferenced object 0xffff88002a782280 (size 232):
comm "syz-executor2", pid 6844, jiffies 4295044059 (age 10.220s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000c914c2d7>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000c914c2d7>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000c914c2d7>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000c914c2d7>] kmem_cache_alloc_node+0x12d/0x2a0 mm/slub.c:2761
[<000000007ed8c8b5>] __alloc_skb+0x103/0x7c0 net/core/skbuff.c:193
[<0000000023449dd8>] nlmsg_new include/linux/skbuff.h:983 [inline]
[<0000000023449dd8>] tipc_nl_node_get_link+0x1d4/0x6b0 net/tipc/node.c:1877
[<0000000019b652e1>] genl_family_rcv_msg+0x881/0x1110
net/netlink/genetlink.c:599
[<000000009c0a85f1>] genl_rcv_msg+0xc6/0x170 net/netlink/genetlink.c:624
[<00000000052c4d51>] netlink_rcv_skb+0x275/0x550
net/netlink/af_netlink.c:2408
[<00000000d5ae339c>] genl_rcv+0x28/0x40 net/netlink/genetlink.c:635
[<000000004cb4e55b>] netlink_unicast_kernel
net/netlink/af_netlink.c:1275 [inline]
[<000000004cb4e55b>] netlink_unicast+0x567/0x710
net/netlink/af_netlink.c:1301
[<00000000bc52e4f5>] netlink_sendmsg+0x9c4/0xf60
net/netlink/af_netlink.c:1864
[<00000000cc6816f5>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<00000000cc6816f5>] sock_sendmsg+0xd2/0x120 net/socket.c:646
[<00000000db8490cd>] ___sys_sendmsg+0x7f6/0x930 net/socket.c:2026
[<0000000097919974>] __sys_sendmsg+0xe6/0x220 net/socket.c:2060
[<000000000334a861>] SYSC_sendmsg net/socket.c:2071 [inline]
[<000000000334a861>] SyS_sendmsg+0x36/0x60 net/socket.c:2067
[<0000000008a3e08e>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<0000000094cce38d>] 0xffffffffffffffff
2018/01/09 15:58:31 BUG: memory leak
unreferenced object 0xffff880017894200 (size 8192):
comm "syz-executor2", pid 6844, jiffies 4295044059 (age 10.233s)
hex dump (first 32 bytes):
00 21 89 17 00 88 ff ff 00 00 00 00 00 00 00 00 .!..............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000b0c26949>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000b0c26949>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000b0c26949>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000b0c26949>] __kmalloc_node_track_caller+0x19f/0x360 mm/slub.c:4320
[<0000000061c65883>] __kmalloc_reserve.isra.39+0x3a/0xe0
net/core/skbuff.c:137
[<00000000dba6a120>] __alloc_skb+0x144/0x7c0 net/core/skbuff.c:205
[<0000000023449dd8>] nlmsg_new include/linux/skbuff.h:983 [inline]
[<0000000023449dd8>] tipc_nl_node_get_link+0x1d4/0x6b0 net/tipc/node.c:1877
[<0000000019b652e1>] genl_family_rcv_msg+0x881/0x1110
net/netlink/genetlink.c:599
[<000000009c0a85f1>] genl_rcv_msg+0xc6/0x170 net/netlink/genetlink.c:624
[<00000000052c4d51>] netlink_rcv_skb+0x275/0x550
net/netlink/af_netlink.c:2408
[<00000000d5ae339c>] genl_rcv+0x28/0x40 net/netlink/genetlink.c:635
[<000000004cb4e55b>] netlink_unicast_kernel
net/netlink/af_netlink.c:1275 [inline]
[<000000004cb4e55b>] netlink_unicast+0x567/0x710
net/netlink/af_netlink.c:1301
[<00000000bc52e4f5>] netlink_sendmsg+0x9c4/0xf60
net/netlink/af_netlink.c:1864
[<00000000cc6816f5>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<00000000cc6816f5>] sock_sendmsg+0xd2/0x120 net/socket.c:646
[<00000000db8490cd>] ___sys_sendmsg+0x7f6/0x930 net/socket.c:2026
[<0000000097919974>] __sys_sendmsg+0xe6/0x220 net/socket.c:2060
[<000000000334a861>] SYSC_sendmsg net/socket.c:2071 [inline]
[<000000000334a861>] SyS_sendmsg+0x36/0x60 net/socket.c:2067
[<0000000008a3e08e>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<0000000094cce38d>] 0xffffffffffffffff
Reply all
Reply to author
Forward
0 new messages