Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1716011ybi; Sat, 8 Jun 2019 16:52:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqzQl+7+/VGsCezFvP6pX21gaJ3Zn4BhYz5vpNA5tqIMx7TTv2U/hlCWyC+jmYQaVv1BkUu1 X-Received: by 2002:a63:2a06:: with SMTP id q6mr9302599pgq.290.1560037977985; Sat, 08 Jun 2019 16:52:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560037977; cv=none; d=google.com; s=arc-20160816; b=gA5PC8p7Ki5+I7tYo+x8LRnhpekeHM77JeaDawBhuUanSHm+2QajCSE+TIes/d6OOP OGccYtE9psgIfwQupfLKP+YXWX52EJY9ETuuo4y9ITQdfgjrbxB+FG2ovtR9IhZfsJLH IVmiVFFXqeW1jmSK/Xx59cy3fUmBpBIBxUmq8FZ4alA79X6pAd920WYOOn+jvRXYXg6E fqx2hhLIpXZdx2WmLCNSSqRQF7kMcGRtnpg32QnmP4vrgG2BUkHIjG1a2/MX5D2Ut6AG eqKDKQbE8+eXRnnx+7rzPvFBqYX3D9iy+YicCDrRSwAjExOWP26KoI+K4TRrSqkGLl5V K+Hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=IkGCY4eEKnwl0itjV2RvEoTeNU6SXrF/5KeYoir+cQQ=; b=D5toRdrOua9G01NMMnHHKCmMpRZYf9btldDPhmdXgU+px7PrlZbw1t/1t7/2xbCgiB EHGjRX3RRNgWjuFAu5qjui7z61UJCCJyVxnEbI/pP8TrZZLkwMhl/dK3U4StvhmWESFm RmlS+36PaOBZSW1Lnu4yyts15Q0Tu7vRod40GxnJWI316SN4eIuSiuqk6egwmOQSlWBm QTjXiJ0mpj+m8UUBigH7vuuWMCSrBBJw2nILMRIaCNCwkr7XnHQxFrWG33dICNcNfuhF bUbm3Eu2PjrIyIJJ9TsWedIxJkoSV5fsl56jue7eLgRvBgqRVE6WEIkIsQSusvIwd13t RGZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b="q/T6Ts/p"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m1si5869973pld.236.2019.06.08.16.52.17; Sat, 08 Jun 2019 16:52:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b="q/T6Ts/p"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727625AbfFHXrN (ORCPT + 99 others); Sat, 8 Jun 2019 19:47:13 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:39441 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727528AbfFHXrN (ORCPT ); Sat, 8 Jun 2019 19:47:13 -0400 Received: by mail-pg1-f196.google.com with SMTP id 196so3056172pgc.6 for ; Sat, 08 Jun 2019 16:47:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :organization:mime-version:content-transfer-encoding; bh=IkGCY4eEKnwl0itjV2RvEoTeNU6SXrF/5KeYoir+cQQ=; b=q/T6Ts/pH1OGXxEFlb/v/YIpdU/MXp6sJR1jRSfJtxRskGnMVksbj9VGccAiSd2bFz 4oV/KVRQ2c2x0IP69nDgTRI2kuLNbkcU9iboPSOQFAncSNcivS3lIbKdAYMs9hD7zVRx 5oATLQGPAJvwjSU9tsVR7KGYHrskDbdZ5UrPNItI9jaupGSZMAPmdI4l8AZe6FbyilAn GDh6niPlgkK5OaeME/vacOraNT5+jU/rxOSaRJFAz0E5QxaG8wrm/V9KOTzV/ZXBmrQK Cj0Y5BP4nfZE2SgLmn17r6Cp5ELiLaN7eYzTHA1rDqDepmDQzUwDkF5fCYiMXbqrXXlA qetw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:organization:mime-version:content-transfer-encoding; bh=IkGCY4eEKnwl0itjV2RvEoTeNU6SXrF/5KeYoir+cQQ=; b=YhRlcb2Kmdg2od00EBoBXGsvEpCGjI/02NHG951txUEZ0KfSm6XU2KcpeTS+3PK+5O gc+8Z+FL4qy3Kaow2ZLhZWQsNv7A0oCe4FJEC/HcAbGiGh8k6UTSw4VxRLSpfMIf+Gju dpL+Av0vMYDSxafQ/fHMQ2UV1v1jevwgEcMoRRrf85SZOSsNcJCo5g9gIURQimGQfxd0 FeKyjh9kOm3ySABSW1kEkmBnCrDx+Euhu6kolvV37EJVRyEie3HHRXCKq76/4QbgcJRG a43UCUqFM0/TL9eCcTFndDHNUpqh8GpcY5gIVWoq7J59nDqfTjF4I1yscpxWzJpQcc1q UQZg== X-Gm-Message-State: APjAAAUpg1wFQ3fR3gYUkGfkz1WvWe1mzAOyDQr66ZoNMyZpzJSP/F2+ e9iEp8nu+nKlM+2UA9Vk5cmXQg== X-Received: by 2002:a62:87c5:: with SMTP id i188mr10038978pfe.118.1560037631781; Sat, 08 Jun 2019 16:47:11 -0700 (PDT) Received: from cakuba.netronome.com (cpe-76-172-122-34.san.res.rr.com. [76.172.122.34]) by smtp.gmail.com with ESMTPSA id p17sm2947795pjo.1.2019.06.08.16.47.09 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Sat, 08 Jun 2019 16:47:11 -0700 (PDT) Date: Sat, 8 Jun 2019 16:47:04 -0700 From: Jakub Kicinski To: syzbot Cc: aviadye@mellanox.com, borisp@mellanox.com, daniel@iogearbox.net, davejwatson@fb.com, davem@davemloft.net, john.fastabend@gmail.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: memory leak in create_ctx Message-ID: <20190608164704.742c18da@cakuba.netronome.com> In-Reply-To: <000000000000a420af058ad4bca2@google.com> References: <000000000000a420af058ad4bca2@google.com> Organization: Netronome Systems, Ltd. MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 08 Jun 2019 12:13:06 -0700, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: 79c3ba32 Merge tag 'drm-fixes-2019-06-07-1' of git://anong.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=170e0bfea00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=d5c73825cbdc7326 > dashboard link: https://syzkaller.appspot.com/bug?extid=06537213db7ba2745c4a > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10aa806aa00000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+06537213db7ba2745c4a@syzkaller.appspotmail.com This one creates a TCPv6 socket, puts it in repair mode, connects and then adds a tls ULP. Apparently that leaks the entire TLS context but I can't repro.. > IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready > 2019/06/08 14:55:51 executed programs: 15 > 2019/06/08 14:55:56 executed programs: 31 > 2019/06/08 14:56:02 executed programs: 51 > BUG: memory leak > unreferenced object 0xffff888117ceae00 (size 512): > comm "syz-executor.3", pid 7233, jiffies 4294949016 (age 13.640s) > hex dump (first 32 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [<00000000e6550967>] kmemleak_alloc_recursive > include/linux/kmemleak.h:55 [inline] > [<00000000e6550967>] slab_post_alloc_hook mm/slab.h:439 [inline] > [<00000000e6550967>] slab_alloc mm/slab.c:3326 [inline] > [<00000000e6550967>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553 > [<0000000014132182>] kmalloc include/linux/slab.h:547 [inline] > [<0000000014132182>] kzalloc include/linux/slab.h:742 [inline] > [<0000000014132182>] create_ctx+0x25/0x70 net/tls/tls_main.c:601 > [<00000000e08e1a44>] tls_init net/tls/tls_main.c:787 [inline] > [<00000000e08e1a44>] tls_init+0x97/0x1e0 net/tls/tls_main.c:769 > [<0000000037b0c43c>] __tcp_set_ulp net/ipv4/tcp_ulp.c:126 [inline] > [<0000000037b0c43c>] tcp_set_ulp+0xe2/0x190 net/ipv4/tcp_ulp.c:147 > [<000000007a284277>] do_tcp_setsockopt.isra.0+0x19a/0xd60 > net/ipv4/tcp.c:2784 > [<00000000f35f3415>] tcp_setsockopt+0x71/0x80 net/ipv4/tcp.c:3098 > [<00000000c840962c>] sock_common_setsockopt+0x38/0x50 > net/core/sock.c:3124 > [<0000000006b0801f>] __sys_setsockopt+0x98/0x120 net/socket.c:2072 > [<00000000a6309f52>] __do_sys_setsockopt net/socket.c:2083 [inline] > [<00000000a6309f52>] __se_sys_setsockopt net/socket.c:2080 [inline] > [<00000000a6309f52>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2080 > [<00000000fa555bbc>] do_syscall_64+0x76/0x1a0 > arch/x86/entry/common.c:301 > [<00000000a06d7d1a>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 > > BUG: memory leak > unreferenced object 0xffff88810965dc00 (size 512): > comm "syz-executor.2", pid 7235, jiffies 4294949016 (age 13.640s) > hex dump (first 32 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [<00000000e6550967>] kmemleak_alloc_recursive > include/linux/kmemleak.h:55 [inline] > [<00000000e6550967>] slab_post_alloc_hook mm/slab.h:439 [inline] > [<00000000e6550967>] slab_alloc mm/slab.c:3326 [inline] > [<00000000e6550967>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553 > [<0000000014132182>] kmalloc include/linux/slab.h:547 [inline] > [<0000000014132182>] kzalloc include/linux/slab.h:742 [inline] > [<0000000014132182>] create_ctx+0x25/0x70 net/tls/tls_main.c:601 > [<00000000e08e1a44>] tls_init net/tls/tls_main.c:787 [inline] > [<00000000e08e1a44>] tls_init+0x97/0x1e0 net/tls/tls_main.c:769 > [<0000000037b0c43c>] __tcp_set_ulp net/ipv4/tcp_ulp.c:126 [inline] > [<0000000037b0c43c>] tcp_set_ulp+0xe2/0x190 net/ipv4/tcp_ulp.c:147 > [<000000007a284277>] do_tcp_setsockopt.isra.0+0x19a/0xd60 > net/ipv4/tcp.c:2784 > [<00000000f35f3415>] tcp_setsockopt+0x71/0x80 net/ipv4/tcp.c:3098 > [<00000000c840962c>] sock_common_setsockopt+0x38/0x50 > net/core/sock.c:3124 > [<0000000006b0801f>] __sys_setsockopt+0x98/0x120 net/socket.c:2072 > [<00000000a6309f52>] __do_sys_setsockopt net/socket.c:2083 [inline] > [<00000000a6309f52>] __se_sys_setsockopt net/socket.c:2080 [inline] > [<00000000a6309f52>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2080 > [<00000000fa555bbc>] do_syscall_64+0x76/0x1a0 > arch/x86/entry/common.c:301 > [<00000000a06d7d1a>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 > > BUG: memory leak > unreferenced object 0xffff8881207d7600 (size 512): > comm "syz-executor.5", pid 7244, jiffies 4294949019 (age 13.610s) > hex dump (first 32 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [<00000000e6550967>] kmemleak_alloc_recursive > include/linux/kmemleak.h:55 [inline] > [<00000000e6550967>] slab_post_alloc_hook mm/slab.h:439 [inline] > [<00000000e6550967>] slab_alloc mm/slab.c:3326 [inline] > [<00000000e6550967>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553 > [<0000000014132182>] kmalloc include/linux/slab.h:547 [inline] > [<0000000014132182>] kzalloc include/linux/slab.h:742 [inline] > [<0000000014132182>] create_ctx+0x25/0x70 net/tls/tls_main.c:601 > [<00000000e08e1a44>] tls_init net/tls/tls_main.c:787 [inline] > [<00000000e08e1a44>] tls_init+0x97/0x1e0 net/tls/tls_main.c:769 > [<0000000037b0c43c>] __tcp_set_ulp net/ipv4/tcp_ulp.c:126 [inline] > [<0000000037b0c43c>] tcp_set_ulp+0xe2/0x190 net/ipv4/tcp_ulp.c:147 > [<000000007a284277>] do_tcp_setsockopt.isra.0+0x19a/0xd60 > net/ipv4/tcp.c:2784 > [<00000000f35f3415>] tcp_setsockopt+0x71/0x80 net/ipv4/tcp.c:3098 > [<00000000c840962c>] sock_common_setsockopt+0x38/0x50 > net/core/sock.c:3124 > [<0000000006b0801f>] __sys_setsockopt+0x98/0x120 net/socket.c:2072 > [<00000000a6309f52>] __do_sys_setsockopt net/socket.c:2083 [inline] > [<00000000a6309f52>] __se_sys_setsockopt net/socket.c:2080 [inline] > [<00000000a6309f52>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2080 > [<00000000fa555bbc>] do_syscall_64+0x76/0x1a0 > arch/x86/entry/common.c:301 > [<00000000a06d7d1a>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 > > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > syzbot can test patches for this bug, for details see: > https://goo.gl/tpsmEJ#testing-patches