| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jan 2018 16:11:52 -0800
From: Cong Wang <xiyou.wangcong@...il.com>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Vladislav Yasevich <vyasevich@...il.com>,
Neil Horman <nhorman@...driver.com>,
David Miller <davem@...emloft.net>, linux-sctp@...r.kernel.org,
netdev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
syzkaller <syzkaller@...glegroups.com>
Subject: Re: sctp: memory leak in sctp_endpoint_init
On Tue, Jan 9, 2018 at 9:44 AM, 'Dmitry Vyukov' via syzkaller
<syzkaller@...glegroups.com> wrote:
> Hello,
>
> syzkaller has hit the following memory leak on 4.15-rc7.
> Reproducer is attached.
>
> unferenced object 0xffff88007bbaa720 (size 32):
> comm "syz-executor4", pid 12479, jiffies 4295951917 (age 9.779s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<00000000ce041e0c>] kmemleak_alloc_recursive
> include/linux/kmemleak.h:55 [inline]
> [<00000000ce041e0c>] slab_post_alloc_hook mm/slab.h:440 [inline]
> [<00000000ce041e0c>] slab_alloc_node mm/slub.c:2725 [inline]
> [<00000000ce041e0c>] slab_alloc mm/slub.c:2733 [inline]
> [<00000000ce041e0c>] kmem_cache_alloc_trace+0x126/0x290 mm/slub.c:2750
> [<0000000052b69e97>] kmalloc include/linux/slab.h:499 [inline]
> [<0000000052b69e97>] kzalloc include/linux/slab.h:688 [inline]
> [<0000000052b69e97>] sctp_endpoint_init net/sctp/endpointola.c:66 [inline]
> [<0000000052b69e97>] sctp_endpoint_new+0x16d/0xef0
> net/sctp/endpointola.c:195
> [<00000000b78002d9>] sctp_init_sock+0xc18/0x13e0 net/sctp/socket.c:4490
> [<00000000fe5de849>] inet6_create+0xba7/0x1290 net/ipv6/af_inet6.c:255
> [<00000000bb006173>] __sock_create+0x521/0x920 net/socket.c:1265
> [<00000000a8d6fbc0>] sock_create net/socket.c:1305 [inline]
> [<00000000a8d6fbc0>] SYSC_socket net/socket.c:1335 [inline]
> [<00000000a8d6fbc0>] SyS_socket+0x102/0x1f0 net/socket.c:1315
This could be probably fixed by the patch
"Fix a leak in socket(2) when we fail to allocate a file descriptor." too.
Powered by blists - more mailing lists