| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Jan 2018 18:44:40 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Vladislav Yasevich <vyasevich@...il.com>,
Neil Horman <nhorman@...driver.com>,
David Miller <davem@...emloft.net>, linux-sctp@...r.kernel.org,
netdev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
syzkaller <syzkaller@...glegroups.com>
Subject: sctp: memory leak in sctp_endpoint_init
Hello,
syzkaller has hit the following memory leak on 4.15-rc7.
Reproducer is attached.
unferenced object 0xffff88007bbaa720 (size 32):
comm "syz-executor4", pid 12479, jiffies 4295951917 (age 9.779s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000ce041e0c>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000ce041e0c>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000ce041e0c>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000ce041e0c>] slab_alloc mm/slub.c:2733 [inline]
[<00000000ce041e0c>] kmem_cache_alloc_trace+0x126/0x290 mm/slub.c:2750
[<0000000052b69e97>] kmalloc include/linux/slab.h:499 [inline]
[<0000000052b69e97>] kzalloc include/linux/slab.h:688 [inline]
[<0000000052b69e97>] sctp_endpoint_init net/sctp/endpointola.c:66 [inline]
[<0000000052b69e97>] sctp_endpoint_new+0x16d/0xef0
net/sctp/endpointola.c:195
[<00000000b78002d9>] sctp_init_sock+0xc18/0x13e0 net/sctp/socket.c:4490
[<00000000fe5de849>] inet6_create+0xba7/0x1290 net/ipv6/af_inet6.c:255
[<00000000bb006173>] __sock_create+0x521/0x920 net/socket.c:1265
[<00000000a8d6fbc0>] sock_create net/socket.c:1305 [inline]
[<00000000a8d6fbc0>] SYSC_socket net/socket.c:1335 [inline]
[<00000000a8d6fbc0>] SyS_socket+0x102/0x1f0 net/socket.c:1315
[<000000004dc391b5>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<00000000c66d20cc>] 0xffffffffffffffff
2018/01/09 15:50:01 BUG: memory leak
unreferenced object 0xffff88007bbaac30 (size 32):
comm "syz-executor4", pid 12479, jiffies 4295951917 (age 9.791s)
hex dump (first 32 bytes):
f0 45 4b 2a 00 88 ff ff f0 45 4b 2a 00 88 ff ff .EK*.....EK*....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000ce041e0c>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000ce041e0c>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000ce041e0c>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000ce041e0c>] slab_alloc mm/slub.c:2733 [inline]
[<00000000ce041e0c>] kmem_cache_alloc_trace+0x126/0x290 mm/slub.c:2750
[<0000000069bdc070>] kmalloc include/linux/slab.h:499 [inline]
[<0000000069bdc070>] kzalloc include/linux/slab.h:688 [inline]
[<0000000069bdc070>] sctp_auth_shkey_create+0xbb/0x1f0 net/sctp/auth.c:99
[<00000000604efa40>] sctp_endpoint_init net/sctp/endpointola.c:151 [inline]
[<00000000604efa40>] sctp_endpoint_new+0x65b/0xef0
net/sctp/endpointola.c:195
[<00000000b78002d9>] sctp_init_sock+0xc18/0x13e0 net/sctp/socket.c:4490
[<00000000fe5de849>] inet6_create+0xba7/0x1290 net/ipv6/af_inet6.c:255
[<00000000bb006173>] __sock_create+0x521/0x920 net/socket.c:1265
[<00000000a8d6fbc0>] sock_create net/socket.c:1305 [inline]
[<00000000a8d6fbc0>] SYSC_socket net/socket.c:1335 [inline]
[<00000000a8d6fbc0>] SyS_socket+0x102/0x1f0 net/socket.c:1315
[<000000004dc391b5>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<00000000c66d20cc>] 0xffffffffffffffff
View attachment "sctp.c" of type "text/x-csrc" (2526 bytes)
Powered by blists - more mailing lists