Dmitry Vyukov
unread,Dec 1, 2015, 7:27:42 AM12/1/15Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to David S. Miller, Alexey Kuznetsov, James Morris, Hideaki YOSHIFUJI, Patrick McHardy, netdev, LKML, Vlad Yasevich, Neil Horman, linux...@vger.kernel.org, syzkaller, Kostya Serebryany, Alexander Potapenko, Sasha Levin, Eric Dumazet
Hello,
The following program causes a memory leak :
// autogenerated by syzkaller (
http://github.com/google/syzkaller)
#include <syscall.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <string.h>
#include <stdint.h>
#include <linux/in.h>
#include <linux/socket.h>
int main()
{
long r1 = syscall(SYS_socket, PF_INET6,
SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_SCTP);
const char *opt = "\x15\x53\x5e\x2d\x97\xab\xe1";
long r3 = syscall(SYS_setsockopt, r1, 0x29ul, 0x6ul, opt, 0x7ul);
return 0;
}
unreferenced object 0xffff880039a55260 (size 64):
comm "executor", pid 11746, jiffies 4298984475 (age 16.078s)
hex dump (first 32 bytes):
2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 /...............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[< inline >] kmalloc include/linux/slab.h:463
[<ffffffff848a2f5f>] sock_kmalloc+0x7f/0xc0 net/core/sock.c:1774
[<ffffffff84e5bea0>] do_ipv6_setsockopt.isra.7+0x15d0/0x2830
net/ipv6/ipv6_sockglue.c:483
[<ffffffff84e5d19b>] ipv6_setsockopt+0x9b/0x140 net/ipv6/ipv6_sockglue.c:885
[<ffffffff8544616c>] sctp_setsockopt+0x15c/0x36c0 net/sctp/socket.c:3702
[<ffffffff848a2035>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2645
[< inline >] SYSC_setsockopt net/socket.c:1757
[<ffffffff8489f1d8>] SyS_setsockopt+0x158/0x240 net/socket.c:1736
I confirmed that running this program in a loop steadily increases
number of objects in kmalloc-64 slab. The leak does not happen with
IPPROTO_TCP, so probably it is sctp-related.
On commit 31ade3b83e1821da5fbb2f11b5b3d4ab2ec39db8 (Nov 29).