On Wed, Oct 16, 2019 at 11:39 AM David Miller <davem@xxxxxxxxxxxxx> wrote: > > From: Xin Long <lucien.xin@xxxxxxxxx> > Date: Tue, 15 Oct 2019 15:24:38 +0800 > > > syzbot reported a memory leak: > > > > BUG: memory leak, unreferenced object 0xffff888120b3d380 (size 64): > > backtrace: > ... > > It was caused by when sending msgs without binding a port, in the path: > > inet_sendmsg() -> inet_send_prepare() -> inet_autobind() -> > > .get_port/sctp_get_port(), sp->bind_hash will be set while bp->port is > > not. Later when binding another port by sctp_setsockopt_bindx(), a new > > bucket will be created as bp->port is not set. > > > > sctp's autobind is supposed to call sctp_autobind() where it does all > > things including setting bp->port. Since sctp_autobind() is called in > > sctp_sendmsg() if the sk is not yet bound, it should have skipped the > > auto bind. > > > > THis patch is to avoid calling inet_autobind() in inet_send_prepare() > > by changing sctp_prot .no_autobind with true, also remove the unused > > .get_port. > > > > Reported-by: syzbot+d44f7bbebdea49dbc84a@xxxxxxxxxxxxxxxxxxxxxxxxx > > Signed-off-by: Xin Long <lucien.xin@xxxxxxxxx> > > Applied and queued up for -stable. > > Xin, in the future please always provide a Fixes: even if it is the > initial kernel repository commit. Copy, thanks.
