Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp456442pxj; Thu, 3 Jun 2021 10:42:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwY/BCc+2FMxCFIAmcroSlOOJGcopwqgUwkSHSn2xNNe5zb5gWcQYVOPdT6qm0kflFumUrT X-Received: by 2002:a17:906:d781:: with SMTP id pj1mr524519ejb.136.1622742143314; Thu, 03 Jun 2021 10:42:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622742143; cv=none; d=google.com; s=arc-20160816; b=hXc8ozb/Li9qnM0X9h70M+s1XXyjyfsBGWeVZnyygCdOu/pqq8FfI1dDbuC2ZH55s7 fDt/Zyno7BlEBYYaAghQ2s1B8pT1e8NZBL4fpUc8kaAoU8Fc6cGfPgSsuGzaayBPjw1L j6fJUfn4c5RihMoxHIYOeKPB9KaUNefiAEqaOk+QSKOuLwUP5hjWfhFQObvHjucZ10Sy VID4oF4ErvuX4mvYdaYOPaupZ2blZoBNiEEVqXItoSwHKHKD6dAOl0tKUFv/B8uHWNZS JakXTwM2bmAoeditB//nqyoNG9sjqV70SFlYpSp/CqsC+LiDjiyxQmfbVOJRdPB1pn83 xr9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date; bh=gquxswFtWlhrWiUT+tHSjECC5bQDMPruAYRMZJswhkU=; b=Wlv+1EKxg51YKyf0T9x1Em7ZnIntosW3eByqHh15nUuo8B2gBXoviVE7ycui9OTEbx C17njVMXh5wqJjdjAOsxoTmVtRi2RoKgfI5O14MBD6Ivh+WsBNfWoUr6j5RZMUed9Ele lS6gdYJQh7429ZfBoS+ST5UO2a/htMnsYB+ggkT9GP5AMX3+HHLiCfTCBSWu7HUVZJtE oUMsIXzQRm8p1sOGOIzXHxhgSCtkJ0O6xAKS/x7Hv9Ar0Q6EU8rf5CynAVjW9fdj79cK W8J+SGDrsBu75U0k33l7tv8EMdPCpPhV+34nLKnPRbVcG7vEBZ6/AFF1Q9htiYF2QWY6 X6hw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w17si3044936ejb.702.2021.06.03.10.41.59; Thu, 03 Jun 2021 10:42:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231265AbhFCRlM (ORCPT + 99 others); Thu, 3 Jun 2021 13:41:12 -0400 Received: from mg.ssi.bg ([178.16.128.9]:52868 "EHLO mg.ssi.bg" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231246AbhFCRlM (ORCPT ); Thu, 3 Jun 2021 13:41:12 -0400 X-Greylist: delayed 427 seconds by postgrey-1.27 at vger.kernel.org; Thu, 03 Jun 2021 13:41:10 EDT Received: from mg.ssi.bg (localhost [127.0.0.1]) by mg.ssi.bg (Proxmox) with ESMTP id 4909531AD7; Thu, 3 Jun 2021 20:32:17 +0300 (EEST) Received: from ink.ssi.bg (ink.ssi.bg [178.16.128.7]) by mg.ssi.bg (Proxmox) with ESMTP id 30E0031ACD; Thu, 3 Jun 2021 20:32:16 +0300 (EEST) Received: from ja.ssi.bg (unknown [178.16.129.10]) by ink.ssi.bg (Postfix) with ESMTPS id 2B7ED3C0332; Thu, 3 Jun 2021 20:32:13 +0300 (EEST) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by ja.ssi.bg (8.16.1/8.16.1) with ESMTP id 153HW882019762; Thu, 3 Jun 2021 20:32:09 +0300 Date: Thu, 3 Jun 2021 20:32:08 +0300 (EEST) From: Julian Anastasov To: Xin Long cc: syzbot , coreteam@netfilter.org, Simon Horman , LKML , lvs-devel@vger.kernel.org, network dev , netfilter-devel@vger.kernel.org, syzkaller-bugs Subject: Re: [syzbot] memory leak in ip_vs_add_service In-Reply-To: Message-ID: References: <000000000000c91e6f05c3144acc@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On Wed, 2 Jun 2021, Xin Long wrote: > On Mon, May 24, 2021 at 10:33 AM syzbot > wrote: > > > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: c3d0e3fd Merge tag 'fs.idmapped.mount_setattr.v5.13-rc3' o.. > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=148d0bd7d00000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=ae7b129a135ab06b > > dashboard link: https://syzkaller.appspot.com/bug?extid=e562383183e4b1766930 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15585a4bd00000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13900753d00000 > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+e562383183e4b1766930@syzkaller.appspotmail.com > > > > BUG: memory leak > > unreferenced object 0xffff888115227800 (size 512): > > comm "syz-executor263", pid 8658, jiffies 4294951882 (age 12.560s) > > hex dump (first 32 bytes): > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > > backtrace: > > [] kmalloc include/linux/slab.h:556 [inline] > > [] kzalloc include/linux/slab.h:686 [inline] > > [] ip_vs_add_service+0x598/0x7c0 net/netfilter/ipvs/ip_vs_ctl.c:1343 > > [] do_ip_vs_set_ctl+0x810/0xa40 net/netfilter/ipvs/ip_vs_ctl.c:2570 > > [] nf_setsockopt+0x68/0xa0 net/netfilter/nf_sockopt.c:101 > > [] ip_setsockopt+0x259/0x1ff0 net/ipv4/ip_sockglue.c:1435 > > [] raw_setsockopt+0x18c/0x1b0 net/ipv4/raw.c:857 > > [] __sys_setsockopt+0x1b0/0x360 net/socket.c:2117 > > [] __do_sys_setsockopt net/socket.c:2128 [inline] > > [] __se_sys_setsockopt net/socket.c:2125 [inline] > > [] __x64_sys_setsockopt+0x22/0x30 net/socket.c:2125 > > [] do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47 > > [] entry_SYSCALL_64_after_hwframe+0x44/0xae > do_ip_vs_set_ctl() allows users to add svc with the flags field set. > when IP_VS_SVC_F_HASHED is used, and in ip_vs_svc_hash() > called ip_vs_add_service() will trigger the err msg: > > IPVS: ip_vs_svc_hash(): request for already hashed, called from > do_ip_vs_set_ctl+0x810/0xa40 > > and the svc allocated will leak. > > so fix it by mask the flags with ~IP_VS_SVC_F_HASHED in > ip_vs_copy_usvc_compat(), while at it also remove the unnecessary > flag IP_VS_SVC_F_HASHED set in ip_vs_edit_service(). The net tree already contains fix for this problem. Regards -- Julian Anastasov