Re: [syzbot] [arm-msm?] [net?] memory leak in radix_tree_insert

From: syzbot
Date: Sun Dec 10 2023 - 00:00:19 EST

Next message: Eric W. Biederman: "Re: [PATCH v2 1/2] KVM: Use syscore_ops instead of reboot_notifier to hook restart/shutdown"
Previous message: syzbot: "Re: [syzbot] [arm-msm?] [net?] memory leak in radix_tree_insert (2)"
In reply to: syzbot: "Re: [syzbot] [arm-msm?] [net?] memory leak in radix_tree_insert"
Next in thread: syzbot: "Re: [syzbot] [arm-msm?] [net?] memory leak in radix_tree_insert"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.

***

Subject: [arm-msm?] [net?] memory leak in radix_tree_insert
Author: eadavis@xxxxxx

please test memory leak in radix_tree_insert

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 33cc938e65a9

diff --git a/net/qrtr/af_qrtr.c b/net/qrtr/af_qrtr.c
index 41ece61eb57a..41a210e1d8b3 100644
--- a/net/qrtr/af_qrtr.c
+++ b/net/qrtr/af_qrtr.c
@@ -274,7 +274,8 @@ static int qrtr_tx_wait(struct qrtr_node *node, int dest_node, int dest_port,
flow = kzalloc(sizeof(*flow), GFP_KERNEL);
if (flow) {
init_waitqueue_head(&flow->resume_tx);
- if (radix_tree_insert(&node->qrtr_tx_flow, key, flow)) {
+ if (ret = radix_tree_insert(&node->qrtr_tx_flow, key, flow)) {
+ printk("r: %d\n", ret);
kfree(flow);
flow = NULL;
}
diff --git a/lib/radix-tree.c b/lib/radix-tree.c
index b98e9f2c24ac..522277bff6e3 100644
--- a/lib/radix-tree.c
+++ b/lib/radix-tree.c
@@ -413,6 +413,7 @@ static int radix_tree_extend(struct radix_tree_root *root, gfp_t gfp,
void *entry;
unsigned int maxshift;
int tag;
+ int i = 0;

/* Figure out what the shift should be. */
maxshift = shift;
@@ -428,6 +429,8 @@ static int radix_tree_extend(struct radix_tree_root *root, gfp_t gfp,
root, shift, 0, 1, 0);
if (!node)
return -ENOMEM;
+ i++;
+ printk("i: %d, n: %p, idx: %d, s: %d, %s\n", i, node, index, shift, __func__);

if (is_idr(root)) {
all_tag_set(node, IDR_FREE);
@@ -611,6 +614,7 @@ static int __radix_tree_create(struct radix_tree_root *root,
shift = radix_tree_load_root(root, &child, &maxindex);

/* Make sure the tree is high enough. */
+ printk("im: %d, s: %d, m: %d, %s\n", index, shift, maxindex, __func__);
if (max > maxindex) {
int error = radix_tree_extend(root, gfp, max, shift);
if (error < 0)
@@ -625,6 +629,7 @@ static int __radix_tree_create(struct radix_tree_root *root,
/* Have to add a child node. */
child = radix_tree_node_alloc(gfp, node, root, shift,
offset, 0, 0);
+ printk("c: %p, %s\n", child, __func__);
if (!child)
return -ENOMEM;
rcu_assign_pointer(*slot, node_to_entry(child));

Next message: Eric W. Biederman: "Re: [PATCH v2 1/2] KVM: Use syscore_ops instead of reboot_notifier to hook restart/shutdown"
Previous message: syzbot: "Re: [syzbot] [arm-msm?] [net?] memory leak in radix_tree_insert (2)"
In reply to: syzbot: "Re: [syzbot] [arm-msm?] [net?] memory leak in radix_tree_insert"
Next in thread: syzbot: "Re: [syzbot] [arm-msm?] [net?] memory leak in radix_tree_insert"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]