lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Sat, 25 May 2019 10:38:05 -0700
From:   syzbot <syzbot+4f0529365f7f2208d9f0@...kaller.appspotmail.com>
To:     davem@...emloft.net, herbert@...dor.apana.org.au,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        steffen.klassert@...unet.com, syzkaller-bugs@...glegroups.com
Subject: memory leak in pfkey_xfrm_policy2msg_prep

Hello,

syzbot found the following crash on:

HEAD commit:    4dde821e Merge tag 'xfs-5.2-fixes-1' of git://git.kernel.o..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=176fcb8aa00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=61dd9e15a761691d
dashboard link: https://syzkaller.appspot.com/bug?extid=4f0529365f7f2208d9f0
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=179bd84ca00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=124004a2a00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4f0529365f7f2208d9f0@...kaller.appspotmail.com

ed '10.128.1.31' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888126306200 (size 224):
   comm "softirq", pid 0, jiffies 4294944009 (age 13.770s)
   hex dump (first 32 bytes):
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
   backtrace:
     [<00000000dbfa6a53>] kmemleak_alloc_recursive  
include/linux/kmemleak.h:55 [inline]
     [<00000000dbfa6a53>] slab_post_alloc_hook mm/slab.h:439 [inline]
     [<00000000dbfa6a53>] slab_alloc_node mm/slab.c:3269 [inline]
     [<00000000dbfa6a53>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
     [<00000000963741ad>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:198
     [<000000006fea5c94>] alloc_skb include/linux/skbuff.h:1058 [inline]
     [<000000006fea5c94>] pfkey_xfrm_policy2msg_prep+0x2a/0x50  
net/key/af_key.c:2054
     [<0000000069777b1f>] dump_sp net/key/af_key.c:2692 [inline]
     [<0000000069777b1f>] dump_sp+0x64/0x110 net/key/af_key.c:2682
     [<000000006ac00402>] xfrm_policy_walk+0xd4/0x230  
net/xfrm/xfrm_policy.c:1841
     [<00000000f7271518>] pfkey_dump_sp+0x2a/0x30 net/key/af_key.c:2719
     [<00000000652376b8>] pfkey_do_dump+0x3b/0xe0 net/key/af_key.c:289
     [<000000006ac94254>] pfkey_spddump+0x81/0xb0 net/key/af_key.c:2746
     [<000000006bacb6ca>] pfkey_process+0x28a/0x2d0 net/key/af_key.c:2836
     [<0000000037320f8e>] pfkey_sendmsg+0x188/0x2e0 net/key/af_key.c:3675
     [<0000000026dba653>] sock_sendmsg_nosec net/socket.c:652 [inline]
     [<0000000026dba653>] sock_sendmsg+0x54/0x70 net/socket.c:671
     [<000000004931d76f>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2292
     [<00000000ca71443f>] __sys_sendmsg+0x80/0xf0 net/socket.c:2330
     [<000000005d43081c>] __do_sys_sendmsg net/socket.c:2339 [inline]
     [<000000005d43081c>] __se_sys_sendmsg net/socket.c:2337 [inline]
     [<000000005d43081c>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2337
     [<000000005fdf8054>] do_syscall_64+0x76/0x1a0  
arch/x86/entry/common.c:301
     [<000000000c8dd476>] entry_SYSCALL_64_after_hwframe+0x44/0xa9



---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists