| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Jan 2018 19:39:50 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: David Miller <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Alexey Kuznetsov <kuznet@....inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
Eric Dumazet <edumazet@...gle.com>,
Willem de Bruijn <willemb@...gle.com>,
syzkaller <syzkaller@...glegroups.com>
Subject: net: memory leak in socket
Hello,
syzkaller has hit the following memory leak on 4.15-rc7:
unreferenced object 0xffff88002713fb20 (size 16):
comm "syz-executor3", pid 6576, jiffies 4295029354 (age 10.166s)
hex dump (first 16 bytes):
69 6e 73 6d 6f 64 5f 74 00 00 d9 1c 00 88 ff ff insmod_t........
backtrace:
[<00000000da8d6b27>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000da8d6b27>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000da8d6b27>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000da8d6b27>] slab_alloc mm/slub.c:2733 [inline]
[<00000000da8d6b27>] __kmalloc_track_caller+0x183/0x310 mm/slub.c:4290
[<000000001aa62b7a>] kstrdup+0x39/0x70 mm/util.c:56
[<00000000fa6a957e>] security_netlbl_sid_to_secattr+0xbc/0x1a0
security/selinux/ss/services.c:3522
[<0000000054674134>] selinux_netlbl_sock_genattr+0xef/0x410
security/selinux/netlabel.c:94
[<000000002338a05c>] selinux_netlbl_socket_post_create+0x79/0x160
security/selinux/netlabel.c:341
[<0000000059825908>] selinux_socket_post_create+0x37f/0xa60
security/selinux/hooks.c:4399
[<00000000fff6c966>] security_socket_post_create+0x8b/0xd0
security/security.c:1344
[<000000005786c830>] __sock_create+0x758/0x920 net/socket.c:1281
[<00000000e7afba0a>] sock_create net/socket.c:1305 [inline]
[<00000000e7afba0a>] SYSC_socket net/socket.c:1335 [inline]
[<00000000e7afba0a>] SyS_socket+0x102/0x1f0 net/socket.c:1315
[<000000007df77eb7>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<00000000921bbbd9>] 0xffffffffffffffff
unreferenced object 0xffff88007c3bba80 (size 992):
comm "syz-executor3", pid 6576, jiffies 4295029368 (age 10.153s)
hex dump (first 32 bytes):
01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
40 2e 5a 2c 00 88 ff ff 00 00 00 00 00 00 00 00 @.Z,............
backtrace:
[<00000000ff3d837a>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000ff3d837a>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000ff3d837a>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000ff3d837a>] slab_alloc mm/slub.c:2733 [inline]
[<00000000ff3d837a>] kmem_cache_alloc+0x110/0x280 mm/slub.c:2738
[<00000000d243ce94>] sock_alloc_inode+0x70/0x300 net/socket.c:250
[<000000005a0b3852>] alloc_inode+0x65/0x190 fs/inode.c:208
[<000000004af29540>] new_inode_pseudo+0x69/0x1a0 fs/inode.c:890
[<0000000074cb6753>] sock_alloc+0x41/0x280 net/socket.c:569
[<00000000cc5c2e64>] __sock_create+0x161/0x920 net/socket.c:1229
[<00000000e7afba0a>] sock_create net/socket.c:1305 [inline]
[<00000000e7afba0a>] SYSC_socket net/socket.c:1335 [inline]
[<00000000e7afba0a>] SyS_socket+0x102/0x1f0 net/socket.c:1315
[<000000007df77eb7>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<00000000921bbbd9>] 0xffffffffffffffff
unreferenced object 0xffff88002c5a2e40 (size 128):
comm "syz-executor3", pid 6576, jiffies 4295029368 (age 10.153s)
hex dump (first 32 bytes):
00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
ff ff ff ff ff ff ff ff c0 da db 88 ff ff ff ff ................
backtrace:
[<00000000696a590c>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000696a590c>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000696a590c>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000696a590c>] slab_alloc mm/slub.c:2733 [inline]
[<00000000696a590c>] kmem_cache_alloc_trace+0x126/0x290 mm/slub.c:2750
[<00000000551c8f10>] kmalloc include/linux/slab.h:499 [inline]
[<00000000551c8f10>] sock_alloc_inode+0xb4/0x300 net/socket.c:253
[<000000005a0b3852>] alloc_inode+0x65/0x190 fs/inode.c:208
[<000000004af29540>] new_inode_pseudo+0x69/0x1a0 fs/inode.c:890
[<0000000074cb6753>] sock_alloc+0x41/0x280 net/socket.c:569
[<00000000cc5c2e64>] __sock_create+0x161/0x920 net/socket.c:1229
[<00000000e7afba0a>] sock_create net/socket.c:1305 [inline]
[<00000000e7afba0a>] SYSC_socket net/socket.c:1335 [inline]
[<00000000e7afba0a>] SyS_socket+0x102/0x1f0 net/socket.c:1315
[<000000007df77eb7>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<00000000921bbbd9>] 0xffffffffffffffff
unreferenced object 0xffff88007310f680 (size 96):
comm "syz-executor3", pid 6576, jiffies 4295029368 (age 10.153s)
hex dump (first 32 bytes):
b0 ba 3b 7c 00 88 ff ff 88 f6 10 73 00 88 ff ff ..;|.......s....
88 f6 10 73 00 88 ff ff dd 00 00 00 dd 00 00 00 ...s............
backtrace:
[<00000000ff3d837a>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000ff3d837a>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000ff3d837a>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000ff3d837a>] slab_alloc mm/slub.c:2733 [inline]
[<00000000ff3d837a>] kmem_cache_alloc+0x110/0x280 mm/slub.c:2738
[<00000000094ffa79>] kmem_cache_zalloc include/linux/slab.h:678 [inline]
[<00000000094ffa79>] inode_alloc_security
security/selinux/hooks.c:234 [inline]
[<00000000094ffa79>] selinux_inode_alloc_security+0xf9/0x390
security/selinux/hooks.c:2885
[<0000000082b97b6d>] security_inode_alloc+0x92/0xe0 security/security.c:437
[<000000009683bb60>] inode_init_always+0x64f/0xca0 fs/inode.c:167
[<00000000a71f5b21>] alloc_inode+0x82/0x190 fs/inode.c:215
[<000000004af29540>] new_inode_pseudo+0x69/0x1a0 fs/inode.c:890
[<0000000074cb6753>] sock_alloc+0x41/0x280 net/socket.c:569
[<00000000cc5c2e64>] __sock_create+0x161/0x920 net/socket.c:1229
[<00000000e7afba0a>] sock_create net/socket.c:1305 [inline]
[<00000000e7afba0a>] SYSC_socket net/socket.c:1335 [inline]
[<00000000e7afba0a>] SyS_socket+0x102/0x1f0 net/socket.c:1315
[<000000007df77eb7>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<00000000921bbbd9>] 0xffffffffffffffff
unreferenced object 0xffff88007127bf00 (size 2528):
comm "syz-executor3", pid 6576, jiffies 4295029368 (age 10.153s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
02 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............
backtrace:
[<00000000ff3d837a>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000ff3d837a>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000ff3d837a>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000ff3d837a>] slab_alloc mm/slub.c:2733 [inline]
[<00000000ff3d837a>] kmem_cache_alloc+0x110/0x280 mm/slub.c:2738
[<0000000021d2cae7>] sk_prot_alloc+0x69/0x2f0 net/core/sock.c:1463
[<0000000088be91b8>] sk_alloc+0x109/0x1740 net/core/sock.c:1523
[<00000000bbd7f0e5>] inet_create+0x4f8/0x10a0 net/ipv4/af_inet.c:319
[<00000000c0aa842f>] __sock_create+0x521/0x920 net/socket.c:1265
[<00000000e7afba0a>] sock_create net/socket.c:1305 [inline]
[<00000000e7afba0a>] SYSC_socket net/socket.c:1335 [inline]
[<00000000e7afba0a>] SyS_socket+0x102/0x1f0 net/socket.c:1315
[<000000007df77eb7>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<00000000921bbbd9>] 0xffffffffffffffff
Reproducer:
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main()
{
struct rlimit rlim;
rlim.rlim_cur = 0;
rlim.rlim_max = 0;
setrlimit(RLIMIT_NOFILE, &rlim);
socket(AF_INET, SOCK_STREAM, IPPROTO_IP);
return 0;
}
Powered by blists - more mailing lists