From: Dmitry Vyukov <dvyukov@google.com>
To: Xin Long <lucien.xin@gmail.com>
Cc: David Ahern <dsahern@gmail.com>,
Tommi Rantala <tommi.t.rantala@nokia.com>,
network dev <netdev@vger.kernel.org>,
linux-sctp@vger.kernel.org, Neil Horman <nhorman@tuxdriver.com>,
Alexey Kodanev <alexey.kodanev@oracle.com>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Subject: Re: [PATCH net v3] sctp: fix dst refcnt leak in sctp_v4_get_dst
Date: Tue, 6 Feb 2018 09:27:00 +0100 [thread overview]
Message-ID: <CACT4Y+Z8Kw4GSUBcxh60h5SFc7ony0GP2y2s9noF1=bgpEsTzg@mail.gmail.com> (raw)
In-Reply-To: <CADvbK_ctBP8vsy2vSCjOcTMSaSrZp9kv__pHkfct51g_nW3AEQ@mail.gmail.com>
On Tue, Feb 6, 2018 at 6:06 AM, Xin Long <lucien.xin@gmail.com> wrote:
> On Tue, Feb 6, 2018 at 7:20 AM, David Ahern <dsahern@gmail.com> wrote:
>> On 2/5/18 12:48 PM, Tommi Rantala wrote:
>>> Fix dst reference count leak in sctp_v4_get_dst() introduced in commit
>>> 410f03831 ("sctp: add routing output fallback"):
>>>
>>> When walking the address_list, successive ip_route_output_key() calls
>>> may return the same rt->dst with the reference incremented on each call.
>>>
>>> The code would not decrement the dst refcount when the dst pointer was
>>> identical from the previous iteration, causing the dst refcnt leak.
>>>
>> ...
>>> ...
>>>
>>> Fixes: 410f03831 ("sctp: add routing output fallback")
>>> Fixes: 0ca50d12f ("sctp: fix src address selection if using secondary addresses")
>>
>> any syzbot references for this bug?
> In Dmitry Vyukov mail, there was no syzbot reference provided.
> Not sure if there's another way to tell syzbot.
If we are talking about "net: hang in unregister_netdevice: waiting
for lo to become free":
https://groups.google.com/d/msg/syzkaller/-06_laheMF0/xqezy58kAwAJ
Then there is no syzbot tag. It was found with syzkaller, but not
reported by syzbot because the manifestation is too tricky, it could
have been reported as "no output from test machine" with no additional
details, which is not too actionable.
WARNING: multiple messages have this Message-ID (diff)
From: Dmitry Vyukov <dvyukov@google.com>
To: Xin Long <lucien.xin@gmail.com>
Cc: David Ahern <dsahern@gmail.com>,
Tommi Rantala <tommi.t.rantala@nokia.com>,
network dev <netdev@vger.kernel.org>,
linux-sctp@vger.kernel.org, Neil Horman <nhorman@tuxdriver.com>,
Alexey Kodanev <alexey.kodanev@oracle.com>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Subject: Re: [PATCH net v3] sctp: fix dst refcnt leak in sctp_v4_get_dst
Date: Tue, 06 Feb 2018 08:27:00 +0000 [thread overview]
Message-ID: <CACT4Y+Z8Kw4GSUBcxh60h5SFc7ony0GP2y2s9noF1=bgpEsTzg@mail.gmail.com> (raw)
In-Reply-To: <CADvbK_ctBP8vsy2vSCjOcTMSaSrZp9kv__pHkfct51g_nW3AEQ@mail.gmail.com>
On Tue, Feb 6, 2018 at 6:06 AM, Xin Long <lucien.xin@gmail.com> wrote:
> On Tue, Feb 6, 2018 at 7:20 AM, David Ahern <dsahern@gmail.com> wrote:
>> On 2/5/18 12:48 PM, Tommi Rantala wrote:
>>> Fix dst reference count leak in sctp_v4_get_dst() introduced in commit
>>> 410f03831 ("sctp: add routing output fallback"):
>>>
>>> When walking the address_list, successive ip_route_output_key() calls
>>> may return the same rt->dst with the reference incremented on each call.
>>>
>>> The code would not decrement the dst refcount when the dst pointer was
>>> identical from the previous iteration, causing the dst refcnt leak.
>>>
>> ...
>>> ...
>>>
>>> Fixes: 410f03831 ("sctp: add routing output fallback")
>>> Fixes: 0ca50d12f ("sctp: fix src address selection if using secondary addresses")
>>
>> any syzbot references for this bug?
> In Dmitry Vyukov mail, there was no syzbot reference provided.
> Not sure if there's another way to tell syzbot.
If we are talking about "net: hang in unregister_netdevice: waiting
for lo to become free":
https://groups.google.com/d/msg/syzkaller/-06_laheMF0/xqezy58kAwAJ
Then there is no syzbot tag. It was found with syzkaller, but not
reported by syzbot because the manifestation is too tricky, it could
have been reported as "no output from test machine" with no additional
details, which is not too actionable.
next prev parent reply other threads:[~2018-02-06 8:27 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-05 19:48 [PATCH net v3] sctp: fix dst refcnt leak in sctp_v4_get_dst Tommi Rantala
2018-02-05 19:48 ` Tommi Rantala
2018-02-05 22:07 ` Marcelo Ricardo Leitner
2018-02-05 22:07 ` Marcelo Ricardo Leitner
2018-02-05 23:20 ` David Ahern
2018-02-05 23:20 ` David Ahern
2018-02-06 5:06 ` Xin Long
2018-02-06 5:06 ` Xin Long
2018-02-06 8:27 ` Dmitry Vyukov [this message]
2018-02-06 8:27 ` Dmitry Vyukov
2018-02-06 1:17 ` Neil Horman
2018-02-06 1:17 ` Neil Horman
2018-02-06 2:22 ` David Miller
2018-02-06 2:22 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACT4Y+Z8Kw4GSUBcxh60h5SFc7ony0GP2y2s9noF1=bgpEsTzg@mail.gmail.com' \
--to=dvyukov@google.com \
--cc=alexey.kodanev@oracle.com \
--cc=dsahern@gmail.com \
--cc=linux-sctp@vger.kernel.org \
--cc=lucien.xin@gmail.com \
--cc=marcelo.leitner@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=tommi.t.rantala@nokia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.