lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACT4Y+Y5mcBrnLOsXchJVrO_8FD-u=EFU67WsH3bU51aAU-idA@mail.gmail.com>
Date:	Mon, 2 Nov 2015 12:05:09 +0100
From:	Dmitry Vyukov <dvyukov@...gle.com>
To:	David Miller <davem@...emloft.net>, nicolas.dichtel@...nd.com,
	Al Viro <viro@...iv.linux.org.uk>, Thomas Graf <tgraf@...g.ch>,
	ebiederm@...ssion.com, xiyou.wangcong@...il.com,
	netdev@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
	Alexey Kuznetsov <kuznet@....inr.ac.ru>, jmorris@...ei.org,
	yoshfuji@...ux-ipv6.org, Patrick McHardy <kaber@...sh.net>
Cc:	syzkaller <syzkaller@...glegroups.com>,
	Kostya Serebryany <kcc@...gle.com>,
	Alexander Potapenko <glider@...gle.com>,
	Eric Dumazet <edumazet@...gle.com>,
	Kees Cook <keescook@...gle.com>,
	Julien Tinnes <jln@...gle.com>,
	Sasha Levin <sasha.levin@...cle.com>
Subject: Resource leak in unshare

Hello,

I am hitting the following warnings on
bcee19f424a0d8c26ecf2607b73c690802658b29 (4.3):

------------[ cut here ]------------
WARNING: CPU: 3 PID: 16049 at fs/proc/generic.c:575
remove_proc_entry+0x284/0x2f0()
remove_proc_entry: removing non-empty directory 'net/dev_snmp6',
leaking at least 'sit0'
Modules linked in:
CPU: 3 PID: 16049 Comm: syzkaller_execu Not tainted 4.3.0-rc2+ #21
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
 00000000ffffffff ffff88000c91fad8 ffffffff81a44e70 ffff88000c91fb48
 ffff88006e39e800 ffffffff83098e40 ffff88000c91fb18 ffffffff810fa399
 ffffffff815c4d14 ffffed0001923f65 ffffffff83098e40 000000000000023f
Call Trace:
 [<     inline     >] __dump_stack lib/dump_stack.c:15
 [<ffffffff81a44e70>] dump_stack+0x68/0x88 lib/dump_stack.c:50
 [<ffffffff810fa399>] warn_slowpath_common+0xd9/0x140 kernel/panic.c:447
 [<ffffffff810fa4a9>] warn_slowpath_fmt+0xa9/0xd0 kernel/panic.c:459
 [<ffffffff815c4d14>] remove_proc_entry+0x284/0x2f0 fs/proc/generic.c:573
 [<ffffffff82aefc6a>] ipv6_proc_exit_net+0x6a/0xc0 net/ipv6/proc.c:328
 [<ffffffff8272b87e>] ops_exit_list.isra.6+0xae/0x150
net/core/net_namespace.c:134
 [<ffffffff8272d390>] setup_net+0x2a0/0x4a0 net/core/net_namespace.c:301
 [<ffffffff8272eb5e>] copy_net_ns+0xbe/0x1d0 net/core/net_namespace.c:367
 [<ffffffff811577bf>] create_new_namespaces+0x2ff/0x620 kernel/nsproxy.c:95
 [<ffffffff81157f0e>] unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:190
 [<     inline     >] SYSC_unshare kernel/fork.c:2023
 [<ffffffff810f943c>] SyS_unshare+0x37c/0x790 kernel/fork.c:1973
 [<ffffffff82e3acd1>] entry_SYSCALL_64_fastpath+0x31/0x95
arch/x86/entry/entry_64.S:187
---[ end trace fd4be0a0d59bcf96 ]---

------------[ cut here ]------------
WARNING: CPU: 2 PID: 11469 at fs/proc/generic.c:575
remove_proc_entry+0x284/0x2f0()
remove_proc_entry: removing non-empty directory 'net/dev_snmp6',
leaking at least 'lo'
Modules linked in:
CPU: 2 PID: 11469 Comm: syzkaller_execu Not tainted 4.3.0-rc2+ #21
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
 00000000ffffffff ffff88003ec3fad8 ffffffff81a44e70 ffff88003ec3fb48
 ffff88003cdfa700 ffffffff83098e40 ffff88003ec3fb18 ffffffff810fa399
 ffffffff815c4d14 ffffed0007d87f65 ffffffff83098e40 000000000000023f
Call Trace:
 [<     inline     >] __dump_stack lib/dump_stack.c:15
 [<ffffffff81a44e70>] dump_stack+0x68/0x88 lib/dump_stack.c:50
 [<ffffffff810fa399>] warn_slowpath_common+0xd9/0x140 kernel/panic.c:447
 [<ffffffff810fa4a9>] warn_slowpath_fmt+0xa9/0xd0 kernel/panic.c:459
 [<ffffffff815c4d14>] remove_proc_entry+0x284/0x2f0 fs/proc/generic.c:573
 [<ffffffff82aefc6a>] ipv6_proc_exit_net+0x6a/0xc0 net/ipv6/proc.c:328
 [<ffffffff8272b87e>] ops_exit_list.isra.6+0xae/0x150
net/core/net_namespace.c:134
 [<ffffffff8272d390>] setup_net+0x2a0/0x4a0 net/core/net_namespace.c:301
 [<ffffffff8272eb5e>] copy_net_ns+0xbe/0x1d0 net/core/net_namespace.c:367
 [<ffffffff811577bf>] create_new_namespaces+0x2ff/0x620 kernel/nsproxy.c:95
 [<ffffffff81157f0e>] unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:190
 [<     inline     >] SYSC_unshare kernel/fork.c:2023
 [<ffffffff810f943c>] SyS_unshare+0x37c/0x790 kernel/fork.c:1973
 [<ffffffff82e3acd1>] entry_SYSCALL_64_fastpath+0x31/0x95
arch/x86/entry/entry_64.S:187
---[ end trace 95bc097df8fd8f83 ]---


The trigger seems to be unshare syscall happening in low memory
conditions, so that error cleanup paths are triggered.

Found with syzkaller syscall fuzzer.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ