Hello, On Mon, 3 Jun 2019, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: 3ab4436f Merge tag 'nfsd-5.2-1' of git://linux-nfs.org/~bf.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=15feaf82a00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=50393f7bfe444ff6 > dashboard link: https://syzkaller.appspot.com/bug?extid=722da59ccb264bc19910 > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12f02772a00000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1657b80ea00000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+722da59ccb264bc19910@xxxxxxxxxxxxxxxxxxxxxxxxx > > 035][ T7273] IPVS: ftp: loaded support on port[0] = 21 > BUG: memory leak > unreferenced object 0xffff88810acd8a80 (size 96): > comm "syz-executor073", pid 7254, jiffies 4294950560 (age 22.250s) > hex dump (first 32 bytes): > 02 00 00 00 00 00 00 00 50 8b bb 82 ff ff ff ff ........P....... > 00 00 00 00 00 00 00 00 00 77 bb 82 ff ff ff ff .........w...... > backtrace: > [<0000000013db61f1>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 > [inline] > [<0000000013db61f1>] slab_post_alloc_hook mm/slab.h:439 [inline] > [<0000000013db61f1>] slab_alloc_node mm/slab.c:3269 [inline] > [<0000000013db61f1>] kmem_cache_alloc_node_trace+0x15b/0x2a0 mm/slab.c:3597 > [<000000001a27307d>] __do_kmalloc_node mm/slab.c:3619 [inline] > [<000000001a27307d>] __kmalloc_node+0x38/0x50 mm/slab.c:3627 > [<0000000025054add>] kmalloc_node include/linux/slab.h:590 [inline] > [<0000000025054add>] kvmalloc_node+0x4a/0xd0 mm/util.c:431 > [<0000000050d1bc00>] kvmalloc include/linux/mm.h:637 [inline] > [<0000000050d1bc00>] kvzalloc include/linux/mm.h:645 [inline] > [<0000000050d1bc00>] allocate_hook_entries_size+0x3b/0x60 > net/netfilter/core.c:61 > [<00000000e8abe142>] nf_hook_entries_grow+0xae/0x270 > net/netfilter/core.c:128 > [<000000004b94797c>] __nf_register_net_hook+0x9a/0x170 > net/netfilter/core.c:337 > [<00000000d1545cbc>] nf_register_net_hook+0x34/0xc0 > net/netfilter/core.c:464 > [<00000000876c9b55>] nf_register_net_hooks+0x53/0xc0 > net/netfilter/core.c:480 > [<000000002ea868e0>] __ip_vs_init+0xe8/0x170 > net/netfilter/ipvs/ip_vs_core.c:2280 After commit "ipvs: Fix use-after-free in ip_vs_in" we planned to call nf_register_net_hooks() only when rule is created but this is net-next material and we should not leave leak in the error path. I'll post a patch that adds .init handler for ipvs_core_dev_ops, so that nf_register_net_hooks() is called there. > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > syzbot can test patches for this bug, for details see: > https://goo.gl/tpsmEJ#testing-patches Regards -- Julian Anastasov <ja@xxxxxx>
