Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp3296608rdb; Sat, 9 Dec 2023 22:58:57 -0800 (PST) X-Google-Smtp-Source: AGHT+IFwoa3xvf31zItEh03fK/3tEzrz0CglFspMYIQYTcnKNiRQG1ogsx2ak6tMFOGEO0MNDmgl X-Received: by 2002:a05:6a20:7287:b0:18f:e389:f65c with SMTP id o7-20020a056a20728700b0018fe389f65cmr3522228pzk.75.1702191537166; Sat, 09 Dec 2023 22:58:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702191537; cv=none; d=google.com; s=arc-20160816; b=OOcWeUfngjl/a1P0ee4pai72q9zcCdHzxDqrQG8LomLSb5vETOoA1tzYXbGa0g2F/V 9gm1xcPQD1zCtJErfGw40pV5KNNtk+opYn9H+03AJQxQvzFhH/30XOW/gUgCTuJ2fjvG 5dewm9nGUSYJuvHRgefO/5sPNgH+GaBpvsMzMTMa/vguK8xVmcuA9F9b4mwH57QHX6rs /MI7Hz44nCLEuEOsVI6S8ErkIBDuR5uxVgz7Rp0MwJCh5PYjBZNQp9MQrh9Dvgf2wpGY zR/vp1pblZoawlo/olDBfIUjIflPS1g+WG0BmIMrQnneN2MkNrSapeealRLZV3obh0IQ hLbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:from:subject:message-id:in-reply-to:date :mime-version; bh=7jOZ461ZHCxYfq9wyhbxNbUvsgNFqJb2JWGx4ihcInU=; fh=V9AeBafJgTW96HdC48wsxGAfd7Fe9P2uAL8tLCjpUN4=; b=oQ4gaxbP6sPFzD80dwLX3REtRVLQQxaeZzW1Kp22jO+sYzOq5rAizSg65ZKJdpEjBa VX1TLDRfDqdFwG/j8+dc6eYeugCqQH2CdSCXmn9QVMoEApypHhmynlZkKav05x6djCKz gRqYTwAb0yIFIQogQXqIi5frRiUzkIt+w7qwt7fZOGrNg5MOR9BtcQsNgpxgzEzAqmLM xBMmC6HdvhOT9ZGv4O/+VAPM8macksPhIsSz4jQFnghrLLEHDZj29DKbQQ6e/cwRA9e3 SoStORTsu3cKI0qgqC/sX4fT7BdNHdf86QRe5RwwXtcKpn11ato7ZFjuNLAERHnddYXb o5qA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Return-Path: Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id u24-20020a631418000000b005c677224c92si4105186pgl.522.2023.12.09.22.58.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 09 Dec 2023 22:58:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 632D6808BD93; Sat, 9 Dec 2023 22:58:54 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231626AbjLJG6k (ORCPT + 99 others); Sun, 10 Dec 2023 01:58:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34304 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231694AbjLJG6P (ORCPT ); Sun, 10 Dec 2023 01:58:15 -0500 Received: from mail-oi1-f199.google.com (mail-oi1-f199.google.com [209.85.167.199]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 324C5F3 for ; Sat, 9 Dec 2023 22:58:22 -0800 (PST) Received: by mail-oi1-f199.google.com with SMTP id 5614622812f47-3b9e4a5d9dfso4422576b6e.3 for ; Sat, 09 Dec 2023 22:58:22 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702191501; x=1702796301; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=7jOZ461ZHCxYfq9wyhbxNbUvsgNFqJb2JWGx4ihcInU=; b=kvBlPlE+3YionDse+NBOSVs7u7ChinpnbhGvbeDhaIxPUO8AtXmzp1UFHhQQ9gb2VL vHBfMjyhQbYFKToOxxxKZYt59wvM0YTm9n6SAQnmREqsIL/sBvvlHyZoImnOurvsw7lY KQa9xoYDqzMIoVlU/zht/ZUPN2nhZbqNpfAIHKWzCOvgs2tLwepxy4OPpj+wXPydLBKy dtU93rou7H7jlrgkYx1Pey0n3IPm18xHEHnGCZ3d6Tx6L+zyWo0Jd3hVjhklMoY5ckvS k4f+Pni1dTnc083W5AIPRJ9b0f8wfwkelhkvLKs1I7OCwyu341+Y4Wt7pFquCYy/rMt3 KPFw== X-Gm-Message-State: AOJu0Yw/w74DVZsbTgR6KwTrZG91O0/Hi91DkiMRd091rCW5dD9xE+nL E4Z2UjfW7WDl+PEGb/uLWNb8ZbIZOBioFmz3UVa7NdsbxIVTsAU= MIME-Version: 1.0 X-Received: by 2002:a05:6808:2021:b0:3ac:b428:844d with SMTP id q33-20020a056808202100b003acb428844dmr2644846oiw.8.1702191501525; Sat, 09 Dec 2023 22:58:21 -0800 (PST) Date: Sat, 09 Dec 2023 22:58:21 -0800 In-Reply-To: <000000000000bfba3a060bf4ffcf@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <000000000000c9c707060c2257fc@google.com> Subject: Re: [syzbot] [arm-msm?] [net?] memory leak in radix_tree_insert From: syzbot To: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=1.1 required=5.0 tests=FROM_LOCAL_HEX, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_SORBS_WEB, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Sat, 09 Dec 2023 22:58:54 -0800 (PST) X-Spam-Level: * For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org. *** Subject: [arm-msm?] [net?] memory leak in radix_tree_insert Author: eadavis@qq.com please test memory leak in radix_tree_insert #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 33cc938e65a9 diff --git a/include/linux/radix-tree.h b/include/linux/radix-tree.h index eae67015ce51..cc3e9fc7bae0 100644 --- a/include/linux/radix-tree.h +++ b/include/linux/radix-tree.h @@ -254,6 +254,7 @@ unsigned int radix_tree_gang_lookup_tag_slot(const struct radix_tree_root *, void __rcu ***results, unsigned long first_index, unsigned int max_items, unsigned int tag); int radix_tree_tagged(const struct radix_tree_root *, unsigned int tag); +unsigned long radix_tree_maxindex(const struct radix_tree_root *root); static inline void radix_tree_preload_end(void) { diff --git a/lib/radix-tree.c b/lib/radix-tree.c index b98e9f2c24ac..a89df8afa510 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c @@ -404,6 +404,18 @@ static unsigned radix_tree_load_root(const struct radix_tree_root *root, return 0; } +unsigned long radix_tree_maxindex(const struct radix_tree_root *root) +{ + struct radix_tree_node *node = rcu_dereference_raw(root->xa_head); + + if (likely(radix_tree_is_internal_node(node))) { + node = entry_to_node(node); + return node_maxindex(node); + } + + return 0; +} + /* * Extend a radix tree so it can store key @index. */ diff --git a/net/qrtr/af_qrtr.c b/net/qrtr/af_qrtr.c index 41ece61eb57a..abdae567a370 100644 --- a/net/qrtr/af_qrtr.c +++ b/net/qrtr/af_qrtr.c @@ -274,7 +274,8 @@ static int qrtr_tx_wait(struct qrtr_node *node, int dest_node, int dest_port, flow = kzalloc(sizeof(*flow), GFP_KERNEL); if (flow) { init_waitqueue_head(&flow->resume_tx); - if (radix_tree_insert(&node->qrtr_tx_flow, key, flow)) { + if (ret = radix_tree_insert(&node->qrtr_tx_flow, key, flow)) { + printk("r: %d, k: %llu, f: %p, %s\n", ret, key, flow, __func__); kfree(flow); flow = NULL; } @@ -344,6 +344,13 @@ static int qrtr_node_enqueue(struct qrtr_node *node, struct sk_buff *skb, struct qrtr_hdr_v1 *hdr; size_t len = skb->len; int rc, confirm_rx; + unsigned long maxidx; + + if (to->sq_node == QRTR_NODE_BCAST) { + maxidx = radix_tree_maxindex(&node->qrtr_tx_flow); + to->sq_node = maxidx + 1; + printk("mi: %llu, sn: %llu, %s\n", maxidx, to->sq_node, __func__); + } confirm_rx = qrtr_tx_wait(node, to->sq_node, to->sq_port, type); if (confirm_rx < 0) {