Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp2443665rdb; Thu, 21 Sep 2023 20:57:20 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHKAFIwJ0CoAB6fiE5+J27ZoUMx/NRgAZu8AWphRnRttxNXJbiWK3P2nTaQuUj3VsbFvp/W X-Received: by 2002:a05:6870:e2c9:b0:1d6:3f77:c214 with SMTP id w9-20020a056870e2c900b001d63f77c214mr7205290oad.55.1695355040434; Thu, 21 Sep 2023 20:57:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695355040; cv=none; d=google.com; s=arc-20160816; b=lOfzbalNBaVhiSBviABT3PzlUlHCixvTdRvhjfox3HUI8QLSx/7zLekbfxybFlCn2n 0vrcSvPgHGyj6vntZmpMEUlrM/UkIpB7pCDjFMY7Hs0a81opeDi/fv0szfbcz/vokIuM KB1qntoRfs2XNCt1viHitR0Qgw9cLbiF2/0eh8TKj9PXzcjHakHaHT7kkZXSVZnIML/+ NcihJPUvTykG9SfvVWaLWNeX7jawF0O7oVdeoALVM2KuHhkbNNBwPazzWhx7MI/CZYSk Jympna7xjb6ZMVaZPaOjtZrqq3WzHDgDMquXg14J8wtIHO+k7DR9EnCvKnO04Bt5tRcJ tCCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=XBT0O/Xci7r3f2IqHjI7FX0fJC0mLhgfI/yPTEIS3vE=; fh=ypaRHMVxQAEI4hqm0CMQoPEe8kx6km0nTvoWWIiDaPw=; b=t6jA2A/LcAnoqrZA9MG/AXSiRyUuJzOmCtZCiWsaMaeS9cjQYy3g8A18JjiLT1ga9L /7G6oqNJePY4/0hS8fO7QR1YaM51x8jAymMoQnMspxqoF5Qyf7oZAi9DHZMDBMmowZW7 MoqPMkcTy55QD3XneyVi/osm0B9GIc8wIZ5T4pgrW8VBd9LVNVg5JitaM0zxTcXKRyoR g3OvIa9UnOfdRpP3yw80LFW2DRk0MCpH7FfoOoKvhuGAXCjRMNqmk+5x+IUPIzgaY1tq /3n2FuOlVVwueq7fszuhzgdqGbZ1wt22vI8eCTXsC+JthObaXyvo5mWjQySac1p3MAPi 3mLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b="KsF2HMB/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id y187-20020a638ac4000000b00578d0d070f4si2863879pgd.844.2023.09.21.20.57.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Sep 2023 20:57:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b="KsF2HMB/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id AF6E9823FAEB; Thu, 21 Sep 2023 10:27:34 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230146AbjIUR1P (ORCPT + 99 others); Thu, 21 Sep 2023 13:27:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55104 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230036AbjIUR0t (ORCPT ); Thu, 21 Sep 2023 13:26:49 -0400 Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95DB41997 for ; Thu, 21 Sep 2023 10:02:51 -0700 (PDT) Received: by mail-wm1-x344.google.com with SMTP id 5b1f17b1804b1-40475103519so12700055e9.0 for ; Thu, 21 Sep 2023 10:02:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1695315694; x=1695920494; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=XBT0O/Xci7r3f2IqHjI7FX0fJC0mLhgfI/yPTEIS3vE=; b=KsF2HMB/AX5p0ZsP26KrsKe+E7ja9Ajg21IU8nwXYSRTdGljT2zl6UMdAUmbtEASZV RnYSKzFcENgBd6KATjtVg/g1VGOHD+ieNowLBHH122Y6lkoy8UpOsKH6gbyig8MLIrdO sNqzC1zMxzyiToJF0iArL2xhcYnI3sKkiQr/f+wIV8xCqz4fXMpCAP5H32B0WmhEk+CC tW/at2ygDmCy+ubtmE0npAq6U3gKkU240+I9JTexSZn/nV38fZkzyHnO8RC3b9HQM9pw RdBibPiqqBOyHkylnydtndn6gqdbYPUn+B2ImWTXK0ZAOivtqtICrrBPkiKANIlhZ733 3ahQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695315694; x=1695920494; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XBT0O/Xci7r3f2IqHjI7FX0fJC0mLhgfI/yPTEIS3vE=; b=JNi4NBYS25Wu5F44GVWQzBZDhGsPZMxl1R0HIqyNlYk1cAifctuJTtmMS25wmr1/a0 PsYA2CYZS8Z++QnjnelpjoLWS4KK0bXvuNNuLe27mzFVuBbdjG5nKMUp2EompX3HUEjQ aJdpDrOGQrLeJRM8NymVUx76QMQh4Q1T0MXNETvgr9OGIdfKGB+nOVLM+B0zIaGHEqks mw1aI56q6r5TJIVYC8yE2/tkVmL7cFrNszGlpmXUfTFcBuCbZhy5EU5A87nIG1HVaeyG j33qm2SkrAU1NQ4M5/BJa3lqZmw59zDrBDV2TzTw/uy53qCf/r/br9sBh3EkASXGtTDz o8ZQ== X-Gm-Message-State: AOJu0Yx7xqYGjDcVcYoFdfGvJXH3DKwbDzvPWSFZd5hJACuBnbH7ExEW M0hHmKq0KFh58rpDUd4SXRvduA== X-Received: by 2002:a05:600c:1e05:b0:405:3a3d:6f41 with SMTP id ay5-20020a05600c1e0500b004053a3d6f41mr723959wmb.22.1695315693942; Thu, 21 Sep 2023 10:01:33 -0700 (PDT) Received: from [10.83.37.178] ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id a3-20020a5d4d43000000b003177074f830sm2260297wru.59.2023.09.21.10.01.32 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 21 Sep 2023 10:01:33 -0700 (PDT) Message-ID: <18267b34-1dcf-08d5-5ba1-4f5162e6c43a@arista.com> Date: Thu, 21 Sep 2023 18:01:27 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [syzbot] [net?] memory leak in tcp_md5_do_add Content-Language: en-US To: Eric Dumazet Cc: bpf@vger.kernel.org, davem@davemloft.net, dsahern@kernel.org, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, pabeni@redhat.com, syzkaller-bugs@googlegroups.com, syzbot References: <0000000000004d83170605e16003@google.com> From: Dmitry Safonov In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 21 Sep 2023 10:27:35 -0700 (PDT) On 9/21/23 17:59, Eric Dumazet wrote: > On Thu, Sep 21, 2023 at 6:56 PM syzbot > wrote: >> >> Hello, >> >> syzbot found the following issue on: >> >> HEAD commit: ee3f96b16468 Merge tag 'nfsd-6.3-1' of git://git.kernel.or.. >> git tree: upstream >> console output: https://syzkaller.appspot.com/x/log.txt?x=1312bba8c80000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=f5733ca1757172ad >> dashboard link: https://syzkaller.appspot.com/bug?extid=68662811b3d5f6695bcb >> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=105393a8c80000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1113917f480000 >> >> Downloadable assets: >> disk image: https://storage.googleapis.com/syzbot-assets/29e7966ab711/disk-ee3f96b1.raw.xz >> vmlinux: https://storage.googleapis.com/syzbot-assets/ae21b8e855de/vmlinux-ee3f96b1.xz >> kernel image: https://storage.googleapis.com/syzbot-assets/803ee0425ad6/bzImage-ee3f96b1.xz >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit: >> Reported-by: syzbot+68662811b3d5f6695bcb@syzkaller.appspotmail.com >> >> executing program >> BUG: memory leak >> unreferenced object 0xffff88810a86f7a0 (size 32): >> comm "syz-executor325", pid 5099, jiffies 4294978342 (age 119.240s) >> hex dump (first 32 bytes): >> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ >> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ >> backtrace: >> [] kmalloc_trace+0x24/0x90 mm/slab_common.c:1061 >> [] kmalloc include/linux/slab.h:580 [inline] >> [] tcp_md5sig_info_add net/ipv4/tcp_ipv4.c:1169 [inline] >> [] tcp_md5_do_add+0xa0/0x150 net/ipv4/tcp_ipv4.c:1240 >> [] tcp_v6_parse_md5_keys+0x253/0x4a0 net/ipv6/tcp_ipv6.c:671 >> [] do_tcp_setsockopt+0x40e/0x1360 net/ipv4/tcp.c:3720 >> [] tcp_setsockopt+0x9b/0xa0 net/ipv4/tcp.c:3806 >> [] __sys_setsockopt+0x1ab/0x330 net/socket.c:2274 >> [] __do_sys_setsockopt net/socket.c:2285 [inline] >> [] __se_sys_setsockopt net/socket.c:2282 [inline] >> [] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2282 >> [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] >> [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 >> [] entry_SYSCALL_64_after_hwframe+0x63/0xcd >> >> BUG: memory leak >> unreferenced object 0xffff88811225ccc0 (size 192): >> comm "syz-executor325", pid 5099, jiffies 4294978342 (age 119.240s) >> hex dump (first 32 bytes): >> 00 00 00 00 00 00 00 00 22 01 00 00 00 00 ad de ........"....... >> 22 0a 80 00 fe 80 00 00 00 00 00 00 00 00 00 00 "............... >> backtrace: >> [] __do_kmalloc_node mm/slab_common.c:966 [inline] >> [] __kmalloc+0x4a/0x120 mm/slab_common.c:980 >> [] kmalloc include/linux/slab.h:584 [inline] >> [] sock_kmalloc net/core/sock.c:2635 [inline] >> [] sock_kmalloc+0x65/0xa0 net/core/sock.c:2624 >> [] __tcp_md5_do_add+0xcb/0x300 net/ipv4/tcp_ipv4.c:1212 >> [] tcp_md5_do_add+0x67/0x150 net/ipv4/tcp_ipv4.c:1253 >> [] tcp_v6_parse_md5_keys+0x253/0x4a0 net/ipv6/tcp_ipv6.c:671 >> [] do_tcp_setsockopt+0x40e/0x1360 net/ipv4/tcp.c:3720 >> [] tcp_setsockopt+0x9b/0xa0 net/ipv4/tcp.c:3806 >> [] __sys_setsockopt+0x1ab/0x330 net/socket.c:2274 >> [] __do_sys_setsockopt net/socket.c:2285 [inline] >> [] __se_sys_setsockopt net/socket.c:2282 [inline] >> [] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2282 >> [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] >> [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 >> [] entry_SYSCALL_64_after_hwframe+0x63/0xcd >> >> >> >> --- >> This report is generated by a bot. It may contain errors. >> See https://goo.gl/tpsmEJ for more information about syzbot. >> syzbot engineers can be reached at syzkaller@googlegroups.com. >> >> syzbot will keep track of this issue. See: >> https://goo.gl/tpsmEJ#status for how to communicate with syzbot. >> >> If the bug is already fixed, let syzbot know by replying with: >> #syz fix: exact-commit-title >> >> If you want syzbot to run the reproducer, reply with: >> #syz test: git://repo/address.git branch-or-commit-hash >> If you attach or paste a git patch, syzbot will apply it before testing. >> >> If you want to overwrite bug's subsystems, reply with: >> #syz set subsystems: new-subsystem >> (See the list of subsystem names on the web dashboard) >> >> If the bug is a duplicate of another bug, reply with: >> #syz dup: exact-subject-of-another-report >> >> If you want to undo deduplication, reply with: >> #syz undup > > Dmitry, please take a look at this bug, we need to fix it before your > patch series. Sure, seems reasonable to me to fix before merging something on top. > Thank you. Thanks, Dmitry