Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp455460pxj; Thu, 3 Jun 2021 10:40:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxdYRAZ+Vqlc4FH78AIaUzrZkqRYGk2uCh6yqQA4OPQTmmGz0oE0VffmxqPo2th59WhJL3/ X-Received: by 2002:a17:906:3109:: with SMTP id 9mr449700ejx.339.1622742048261; Thu, 03 Jun 2021 10:40:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622742048; cv=none; d=google.com; s=arc-20160816; b=JHGbzalgnjiyF+9dW9V1Uzk9v3Hh63wu4N0TwwlS7RTZkoe4LbKt58peeGkqf/yVbS Fr68GZsAwtjvFhr/jIw+PCYmOZHIWOi7+u84sOjEN7OyJoEhwx5vcqySoCNG4rQ0w3WI 5NzCVcXZNlOde6yK8cbt3eRJdr6hm9eAKcfgaIQ6da0+vailPK9vJBVSCwjo2wFW/MPV xI/nKYcMvtTnPRuYI1TgFfKSFj9wv7KMTRTrlqBYuWSjzmzHyKTMuWgH+gmLF+7c8GcP qO7sG1BkrXddYgeMXvLr8AZtRKNf7QXIh0493Y8jGVng8lleS7cvwbrhGoW/T0/cuasN drxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=9ZEWHSSOb74rLWBdPbbD8Bw6Cd9qJ07nhLoANozAowA=; b=mRlJ1CAd4q0Co7/a011FVkfyryjem7HJ3u0Mq3mf1iYQgm4rmuXXiLn0l8Y1I3JA9r Ci9jcfmQ4O3N0bKvGISL6uUdZ4Z80AB0MyFy+fplaGyuhz2rb9vTZqrxFMC03VRseV6d VEKvWspFouVsF9cW+2b2/GLtuwpfMh/hfw6np2LH8mkBGWc2z8xYgTABvrh8XpfsqMsw xx/Imh67i4M2gIsXClqWKly4QRnBjR27CAbeyfG6K20upRWMUr4ugZCZ/9iofxRQFbY7 VzLdFWu8GiUvyfhEmDrF2wV6ML3PR6tUHHUsBJLOQJdlDtdxfkA8t34TwVQLm+BZydaF fj2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=s1rHc9mC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e25si2662285eds.353.2021.06.03.10.40.25; Thu, 03 Jun 2021 10:40:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=s1rHc9mC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231172AbhFCRis (ORCPT + 99 others); Thu, 3 Jun 2021 13:38:48 -0400 Received: from mail-wm1-f47.google.com ([209.85.128.47]:51849 "EHLO mail-wm1-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229845AbhFCRir (ORCPT ); Thu, 3 Jun 2021 13:38:47 -0400 Received: by mail-wm1-f47.google.com with SMTP id r13so3908848wmq.1; Thu, 03 Jun 2021 10:36:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9ZEWHSSOb74rLWBdPbbD8Bw6Cd9qJ07nhLoANozAowA=; b=s1rHc9mCAalfAD9jNYasuCBfe7xeQ6PErUmHUjpRlAfZctPlDyJzoyZDFz0S644oTL tuIcnViK0JYmqG7TOGcuVnIJfHLnVBhGEcYJEwyipCvInodMovVIiqZD9clCGUA3A7JG UH8rHj9LeQa8Xia46PTscM8jQTd+tHoNgoXaq0JyCKCiTBzD4uUYU3bt8LiyZotOB5Tf OPqA1rYk6mrXkIR/VU1MIO5EaEXW/QEBfxaCiw00pHPAccx0FNvw/Ix9lf3T//EmHchm wckQ4m0buQR+jKtPUXW2psRKoSODGxOFdKrewizUUtNQAF2pOKO04u2voygJ3Qp9wrBw xPrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9ZEWHSSOb74rLWBdPbbD8Bw6Cd9qJ07nhLoANozAowA=; b=t1pyXNZL9MOYj5XqD4dahA/ZCVhs8sLnEf2lCocXZGKzjAzI4neelHdehvKoc9ZyVc +QCokHwbZZ76NJnsJ4wNf0ylQuOzTtkJsOtj+KVtap0P0loGc0hl0MKVP+70MBw//jD7 uROKhhPFevc+vaWyeKqQ3bWT7hETFi9tYAQhon/8ntx5viLgTp5YUmOCbgoy1bLqDvYZ dVyK32e2smHSaNcjKd9CBCc7PVajkea/6L8p0Gac8IVfZni0Vqdsxg4tqXgnpy8bvVO9 9a28EiOEhMZJGDugpoLGEPTtmcgkxUxoU7o+aiKfMiwsY/3jV7Whn4bJJvn/vtS+6GYF aLbQ== X-Gm-Message-State: AOAM531kSCyTJG3yfmFcAdPk+FrggZNACDSsGxVoQI+pktuzxniDbNSp AmZYe6Ue+b9qRzon92zK4NGLq01nSSOfDUuwHWg= X-Received: by 2002:a05:600c:c9:: with SMTP id u9mr205699wmm.156.1622741746374; Thu, 03 Jun 2021 10:35:46 -0700 (PDT) MIME-Version: 1.0 References: <000000000000c91e6f05c3144acc@google.com> In-Reply-To: From: Xin Long Date: Thu, 3 Jun 2021 13:35:35 -0400 Message-ID: Subject: Re: [syzbot] memory leak in ip_vs_add_service To: Julian Anastasov Cc: syzbot , coreteam@netfilter.org, Simon Horman , LKML , lvs-devel@vger.kernel.org, network dev , netfilter-devel@vger.kernel.org, syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 3, 2021 at 1:32 PM Julian Anastasov wrote: > > > Hello, > > On Wed, 2 Jun 2021, Xin Long wrote: > > > On Mon, May 24, 2021 at 10:33 AM syzbot > > wrote: > > > > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: c3d0e3fd Merge tag 'fs.idmapped.mount_setattr.v5.13-rc3' o.. > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=148d0bd7d00000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=ae7b129a135ab06b > > > dashboard link: https://syzkaller.appspot.com/bug?extid=e562383183e4b1766930 > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15585a4bd00000 > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13900753d00000 > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > > Reported-by: syzbot+e562383183e4b1766930@syzkaller.appspotmail.com > > > > > > BUG: memory leak > > > unreferenced object 0xffff888115227800 (size 512): > > > comm "syz-executor263", pid 8658, jiffies 4294951882 (age 12.560s) > > > hex dump (first 32 bytes): > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > > backtrace: > > > [] kmalloc include/linux/slab.h:556 [inline] > > > [] kzalloc include/linux/slab.h:686 [inline] > > > [] ip_vs_add_service+0x598/0x7c0 net/netfilter/ipvs/ip_vs_ctl.c:1343 > > > [] do_ip_vs_set_ctl+0x810/0xa40 net/netfilter/ipvs/ip_vs_ctl.c:2570 > > > [] nf_setsockopt+0x68/0xa0 net/netfilter/nf_sockopt.c:101 > > > [] ip_setsockopt+0x259/0x1ff0 net/ipv4/ip_sockglue.c:1435 > > > [] raw_setsockopt+0x18c/0x1b0 net/ipv4/raw.c:857 > > > [] __sys_setsockopt+0x1b0/0x360 net/socket.c:2117 > > > [] __do_sys_setsockopt net/socket.c:2128 [inline] > > > [] __se_sys_setsockopt net/socket.c:2125 [inline] > > > [] __x64_sys_setsockopt+0x22/0x30 net/socket.c:2125 > > > [] do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47 > > > [] entry_SYSCALL_64_after_hwframe+0x44/0xae > > do_ip_vs_set_ctl() allows users to add svc with the flags field set. > > when IP_VS_SVC_F_HASHED is used, and in ip_vs_svc_hash() > > called ip_vs_add_service() will trigger the err msg: > > > > IPVS: ip_vs_svc_hash(): request for already hashed, called from > > do_ip_vs_set_ctl+0x810/0xa40 > > > > and the svc allocated will leak. > > > > so fix it by mask the flags with ~IP_VS_SVC_F_HASHED in > > ip_vs_copy_usvc_compat(), while at it also remove the unnecessary > > flag IP_VS_SVC_F_HASHED set in ip_vs_edit_service(). > > The net tree already contains fix for this problem. > > Regards > > -- > Julian Anastasov > good, thanks for the info, :-)