lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 30 Aug 2017 21:20:17 -0700
From:   John Johansen <john.johansen@...onical.com>
To:     Jakub Kicinski <kubakici@...pl>, linux-kernel@...r.kernel.org
Subject: Re: Apparmor memory leak reports

On 08/30/2017 06:28 PM, Jakub Kicinski wrote:
> Hi!
> 
> I'm seeing a lot of kmemleak reports like this on 4.13.0-rc6:
> 
yep, thanks for the report. I have seen this one and am still trying
to chase it down.

> unreferenced object 0xffff88045e62ab08 (size 1024):
>   comm "apparmor_parser", pid 802, jiffies 4294913386 (age 4794.692s)
>   hex dump (first 32 bytes):
>     0c 1b 30 6b 04 88 ff ff 0c 1b 30 6b 04 88 ff ff  ..0k......0k....
>     18 ab 62 5e 04 88 ff ff 18 ab 62 5e 04 88 ff ff  ..b^......b^....
>   backtrace:
>     [<ffffffff866a8b68>] kmemleak_alloc+0x28/0x50
>     [<ffffffff849a5376>] kmem_cache_alloc_trace+0x1e6/0x550
>     [<ffffffff851bc40d>] aa_alloc_profile+0x5d/0x220
>     [<ffffffff851c6d39>] unpack_profile+0x449/0x2530
>     [<ffffffff851ca8b7>] aa_unpack+0x447/0x151c
>     [<ffffffff851bf994>] aa_replace_profiles+0x254/0x3f00
>     [<ffffffff8518f8e3>] policy_update+0x433/0x720
>     [<ffffffff8518fd0a>] profile_replace+0x13a/0x210
>     [<ffffffff84a5eb79>] __vfs_write+0xf9/0xdb0
>     [<ffffffff84a65c29>] vfs_write+0x189/0x640
>     [<ffffffff84a6b3a7>] SyS_write+0xf7/0x240
>     [<ffffffff866c8cee>] entry_SYSCALL_64_fastpath+0x1c/0xb1
>     [<ffffffffffffffff>] 0xffffffffffffffff
> 
> unreferenced object 0xffff88046b301b08 (size 32):
>   comm "apparmor_parser", pid 802, jiffies 4294913386 (age 4797.788s)
>   hex dump (first 32 bytes):
>     01 00 00 00 2f 73 62 69 6e 2f 64 68 63 6c 69 65  ..../sbin/dhclie
>     6e 74 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5  nt.kkkkkkkkkkkk.
>   backtrace:
>     [<ffffffff866a8b68>] kmemleak_alloc+0x28/0x50
>     [<ffffffff849a4d94>] __kmalloc+0x204/0x600
>     [<ffffffff8519e18e>] aa_str_alloc+0x5e/0x120
>     [<ffffffff851a10a2>] aa_policy_init+0x2a2/0x370
>     [<ffffffff851bc438>] aa_alloc_profile+0x88/0x220
>     [<ffffffff851c6d39>] unpack_profile+0x449/0x2530
>     [<ffffffff851ca8b7>] aa_unpack+0x447/0x151c
>     [<ffffffff851bf994>] aa_replace_profiles+0x254/0x3f00
>     [<ffffffff8518f8e3>] policy_update+0x433/0x720
>     [<ffffffff8518fd0a>] profile_replace+0x13a/0x210
>     [<ffffffff84a5eb79>] __vfs_write+0xf9/0xdb0
>     [<ffffffff84a65c29>] vfs_write+0x189/0x640
>     [<ffffffff84a6b3a7>] SyS_write+0xf7/0x240
>     [<ffffffff866c8cee>] entry_SYSCALL_64_fastpath+0x1c/0xb1
>     [<ffffffffffffffff>] 0xffffffffffffffff
> 
> unreferenced object 0xffff8803fdc50008 (size 8192):
>   comm "apparmor_parser", pid 802, jiffies 4294913386 (age 4827.224s)
>   hex dump (first 32 bytes):
>     06 00 04 00 00 00 00 00 b1 04 00 00 00 00 00 00  ................
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>   backtrace:
>     [<ffffffff866a8b68>] kmemleak_alloc+0x28/0x50
>     [<ffffffff849a9785>] __kmalloc_node+0x385/0x670
>     [<ffffffff8485620b>] kvmalloc_node+0x4b/0x80
>     [<ffffffff851a170d>] aa_dfa_unpack+0x41d/0x1de0
>     [<ffffffff851c5c4f>] unpack_dfa+0x14f/0x3d0
>     [<ffffffff851c7499>] unpack_profile+0xba9/0x2530
>     [<ffffffff851ca8b7>] aa_unpack+0x447/0x151c
>     [<ffffffff851bf994>] aa_replace_profiles+0x254/0x3f00
>     [<ffffffff8518f8e3>] policy_update+0x433/0x720
>     [<ffffffff8518fd0a>] profile_replace+0x13a/0x210
>     [<ffffffff84a5eb79>] __vfs_write+0xf9/0xdb0
>     [<ffffffff84a65c29>] vfs_write+0x189/0x640
>     [<ffffffff84a6b3a7>] SyS_write+0xf7/0x240
>     [<ffffffff866c8cee>] entry_SYSCALL_64_fastpath+0x1c/0xb1
>     [<ffffffffffffffff>] 0xffffffffffffffff
> 
> I'm running Ubuntu 14.04 user space on that machine.
> 

Powered by blists - more mailing lists