sctp: memory leak in sctp_endpoint_init

60 views
Skip to first unread message

Dmitry Vyukov

unread,
Jan 9, 2018, 12:45:02 PM1/9/18
to Vladislav Yasevich, Neil Horman, David Miller, linux...@vger.kernel.org, netdev, LKML, syzkaller
Hello,

syzkaller has hit the following memory leak on 4.15-rc7.
Reproducer is attached.

unferenced object 0xffff88007bbaa720 (size 32):
comm "syz-executor4", pid 12479, jiffies 4295951917 (age 9.779s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000ce041e0c>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000ce041e0c>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000ce041e0c>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000ce041e0c>] slab_alloc mm/slub.c:2733 [inline]
[<00000000ce041e0c>] kmem_cache_alloc_trace+0x126/0x290 mm/slub.c:2750
[<0000000052b69e97>] kmalloc include/linux/slab.h:499 [inline]
[<0000000052b69e97>] kzalloc include/linux/slab.h:688 [inline]
[<0000000052b69e97>] sctp_endpoint_init net/sctp/endpointola.c:66 [inline]
[<0000000052b69e97>] sctp_endpoint_new+0x16d/0xef0
net/sctp/endpointola.c:195
[<00000000b78002d9>] sctp_init_sock+0xc18/0x13e0 net/sctp/socket.c:4490
[<00000000fe5de849>] inet6_create+0xba7/0x1290 net/ipv6/af_inet6.c:255
[<00000000bb006173>] __sock_create+0x521/0x920 net/socket.c:1265
[<00000000a8d6fbc0>] sock_create net/socket.c:1305 [inline]
[<00000000a8d6fbc0>] SYSC_socket net/socket.c:1335 [inline]
[<00000000a8d6fbc0>] SyS_socket+0x102/0x1f0 net/socket.c:1315
[<000000004dc391b5>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<00000000c66d20cc>] 0xffffffffffffffff

2018/01/09 15:50:01 BUG: memory leak
unreferenced object 0xffff88007bbaac30 (size 32):
comm "syz-executor4", pid 12479, jiffies 4295951917 (age 9.791s)
hex dump (first 32 bytes):
f0 45 4b 2a 00 88 ff ff f0 45 4b 2a 00 88 ff ff .EK*.....EK*....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000ce041e0c>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000ce041e0c>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000ce041e0c>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000ce041e0c>] slab_alloc mm/slub.c:2733 [inline]
[<00000000ce041e0c>] kmem_cache_alloc_trace+0x126/0x290 mm/slub.c:2750
[<0000000069bdc070>] kmalloc include/linux/slab.h:499 [inline]
[<0000000069bdc070>] kzalloc include/linux/slab.h:688 [inline]
[<0000000069bdc070>] sctp_auth_shkey_create+0xbb/0x1f0 net/sctp/auth.c:99
[<00000000604efa40>] sctp_endpoint_init net/sctp/endpointola.c:151 [inline]
[<00000000604efa40>] sctp_endpoint_new+0x65b/0xef0
net/sctp/endpointola.c:195
[<00000000b78002d9>] sctp_init_sock+0xc18/0x13e0 net/sctp/socket.c:4490
[<00000000fe5de849>] inet6_create+0xba7/0x1290 net/ipv6/af_inet6.c:255
[<00000000bb006173>] __sock_create+0x521/0x920 net/socket.c:1265
[<00000000a8d6fbc0>] sock_create net/socket.c:1305 [inline]
[<00000000a8d6fbc0>] SYSC_socket net/socket.c:1335 [inline]
[<00000000a8d6fbc0>] SyS_socket+0x102/0x1f0 net/socket.c:1315
[<000000004dc391b5>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<00000000c66d20cc>] 0xffffffffffffffff
sctp.c

Cong Wang

unread,
Jan 10, 2018, 7:12:14 PM1/10/18
to Dmitry Vyukov, Vladislav Yasevich, Neil Horman, David Miller, linux...@vger.kernel.org, netdev, LKML, syzkaller
This could be probably fixed by the patch
"Fix a leak in socket(2) when we fail to allocate a file descriptor." too.
Reply all
Reply to author
Forward
0 new messages