memory leak in xdp_umem_create
11 views
Skip to first unread message
syzbot
Oct 23, 2020, 10:26:24 AM10/23/20
to and...@kernel.org, a...@kernel.org, bjorn...@intel.com, b...@vger.kernel.org, dan...@iogearbox.net, da...@davemloft.net, ha...@kernel.org, john.fa...@gmail.com, jonatha...@gmail.com, ka...@fb.com, kps...@chromium.org, ku...@kernel.org, linux-...@vger.kernel.org, magnus....@intel.com, net...@vger.kernel.org, songliu...@fb.com, syzkall...@googlegroups.com, y...@fb.com
Hello,
syzbot found the following issue on:
HEAD commit: f804b315 Merge tag 'linux-watchdog-5.10-rc1' of git://www...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1797677f900000
kernel config: https://syzkaller.appspot.com/x/.config?x=504c0405f28172a
dashboard link: https://syzkaller.appspot.com/bug?extid=eb71df123dc2be2c1456
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10f27544500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12fc4de8500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+eb71df...@syzkaller.appspotmail.com
Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts.
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888110c1e400 (size 96):
comm "syz-executor230", pid 8462, jiffies 4294942469 (age 13.280s)
hex dump (first 32 bytes):
00 50 e0 00 00 c9 ff ff 00 00 02 00 00 00 00 00 .P..............
00 00 00 00 00 10 00 00 20 00 00 00 20 00 00 00 ........ ... ...
backtrace:
[<00000000c4608c2b>] kmalloc include/linux/slab.h:554 [inline]
[<00000000c4608c2b>] kzalloc include/linux/slab.h:666 [inline]
[<00000000c4608c2b>] xdp_umem_create+0x33/0x630 net/xdp/xdp_umem.c:229
[<00000000551a05ed>] xsk_setsockopt+0x4ad/0x590 net/xdp/xsk.c:852
[<00000000f143ff32>] __sys_setsockopt+0x1b0/0x360 net/socket.c:2132
[<0000000076c65982>] __do_sys_setsockopt net/socket.c:2143 [inline]
[<0000000076c65982>] __se_sys_setsockopt net/socket.c:2140 [inline]
[<0000000076c65982>] __x64_sys_setsockopt+0x22/0x30 net/socket.c:2140
[<00000000d47a7174>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000fb8e5852>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88810e018f00 (size 256):
comm "syz-executor230", pid 8462, jiffies 4294942469 (age 13.280s)
hex dump (first 32 bytes):
00 00 4f 04 00 ea ff ff 40 00 4f 04 00 ea ff ff ..O.....@.O.....
80 00 4f 04 00 ea ff ff c0 00 4f 04 00 ea ff ff ..O.......O.....
backtrace:
[<00000000257d0c74>] kmalloc_array include/linux/slab.h:594 [inline]
[<00000000257d0c74>] kcalloc include/linux/slab.h:605 [inline]
[<00000000257d0c74>] xdp_umem_pin_pages net/xdp/xdp_umem.c:89 [inline]
[<00000000257d0c74>] xdp_umem_reg net/xdp/xdp_umem.c:207 [inline]
[<00000000257d0c74>] xdp_umem_create+0x3cc/0x630 net/xdp/xdp_umem.c:240
[<00000000551a05ed>] xsk_setsockopt+0x4ad/0x590 net/xdp/xsk.c:852
[<00000000f143ff32>] __sys_setsockopt+0x1b0/0x360 net/socket.c:2132
[<0000000076c65982>] __do_sys_setsockopt net/socket.c:2143 [inline]
[<0000000076c65982>] __se_sys_setsockopt net/socket.c:2140 [inline]
[<0000000076c65982>] __x64_sys_setsockopt+0x22/0x30 net/socket.c:2140
[<00000000d47a7174>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000fb8e5852>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: f804b315 Merge tag 'linux-watchdog-5.10-rc1' of git://www...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1797677f900000
kernel config: https://syzkaller.appspot.com/x/.config?x=504c0405f28172a
dashboard link: https://syzkaller.appspot.com/bug?extid=eb71df123dc2be2c1456
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10f27544500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12fc4de8500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+eb71df...@syzkaller.appspotmail.com
Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts.
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888110c1e400 (size 96):
comm "syz-executor230", pid 8462, jiffies 4294942469 (age 13.280s)
hex dump (first 32 bytes):
00 50 e0 00 00 c9 ff ff 00 00 02 00 00 00 00 00 .P..............
00 00 00 00 00 10 00 00 20 00 00 00 20 00 00 00 ........ ... ...
backtrace:
[<00000000c4608c2b>] kmalloc include/linux/slab.h:554 [inline]
[<00000000c4608c2b>] kzalloc include/linux/slab.h:666 [inline]
[<00000000c4608c2b>] xdp_umem_create+0x33/0x630 net/xdp/xdp_umem.c:229
[<00000000551a05ed>] xsk_setsockopt+0x4ad/0x590 net/xdp/xsk.c:852
[<00000000f143ff32>] __sys_setsockopt+0x1b0/0x360 net/socket.c:2132
[<0000000076c65982>] __do_sys_setsockopt net/socket.c:2143 [inline]
[<0000000076c65982>] __se_sys_setsockopt net/socket.c:2140 [inline]
[<0000000076c65982>] __x64_sys_setsockopt+0x22/0x30 net/socket.c:2140
[<00000000d47a7174>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000fb8e5852>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88810e018f00 (size 256):
comm "syz-executor230", pid 8462, jiffies 4294942469 (age 13.280s)
hex dump (first 32 bytes):
00 00 4f 04 00 ea ff ff 40 00 4f 04 00 ea ff ff ..O.....@.O.....
80 00 4f 04 00 ea ff ff c0 00 4f 04 00 ea ff ff ..O.......O.....
backtrace:
[<00000000257d0c74>] kmalloc_array include/linux/slab.h:594 [inline]
[<00000000257d0c74>] kcalloc include/linux/slab.h:605 [inline]
[<00000000257d0c74>] xdp_umem_pin_pages net/xdp/xdp_umem.c:89 [inline]
[<00000000257d0c74>] xdp_umem_reg net/xdp/xdp_umem.c:207 [inline]
[<00000000257d0c74>] xdp_umem_create+0x3cc/0x630 net/xdp/xdp_umem.c:240
[<00000000551a05ed>] xsk_setsockopt+0x4ad/0x590 net/xdp/xsk.c:852
[<00000000f143ff32>] __sys_setsockopt+0x1b0/0x360 net/socket.c:2132
[<0000000076c65982>] __do_sys_setsockopt net/socket.c:2143 [inline]
[<0000000076c65982>] __se_sys_setsockopt net/socket.c:2140 [inline]
[<0000000076c65982>] __x64_sys_setsockopt+0x22/0x30 net/socket.c:2140
[<00000000d47a7174>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000fb8e5852>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Magnus Karlsson
Oct 24, 2020, 12:23:07 PM10/24/20
to syzbot, and...@kernel.org, Alexei Starovoitov, Björn Töpel, bpf, Daniel Borkmann, David S. Miller, ha...@kernel.org, John Fastabend, Jonathan Lemon, Martin KaFai Lau, kps...@chromium.org, Jakub Kicinski, linux-...@vger.kernel.org, Karlsson, Magnus, Network Development, Song Liu, syzkall...@googlegroups.com, Yonghong Song
Hillf Danton
Oct 24, 2020, 10:50:24 PM10/24/20
to syzbot, linux-...@vger.kernel.org, magnus....@intel.com, net...@vger.kernel.org, Hillf Danton, syzkall...@googlegroups.com
Fri, 23 Oct 2020 07:26:22 -0700
Fix 1c1efc2af158 ("xsk: Create and free buffer pool independently from umem")
by restoring the old behavior to match things like
WRITE_ONCE(xs->umem, umem_xs->umem);
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -1148,6 +1148,7 @@ static void xsk_destruct(struct sock *sk
xp_put_pool(xs->pool);
+ xdp_put_umem(xs->umem);
sk_refcnt_debug_dec(sk);
}
by restoring the old behavior to match things like
WRITE_ONCE(xs->umem, umem_xs->umem);
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -1148,6 +1148,7 @@ static void xsk_destruct(struct sock *sk
xp_put_pool(xs->pool);
+ xdp_put_umem(xs->umem);
sk_refcnt_debug_dec(sk);
}
Reply all
Reply to author
Forward
0 new messages