lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000000000000ea09dd0589e3af1a@google.com>
Date:   Mon, 27 May 2019 12:38:05 -0700
From:   syzbot <syzbot+c6167ec3de7def23d1e8@...kaller.appspotmail.com>
To:     arvid.brodin@...en.se, davem@...emloft.net,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: memory leak in hsr_create_self_node

Hello,

syzbot found the following crash on:

HEAD commit:    cd6c84d8 Linux 5.2-rc2
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=169e2952a00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=64479170dcaf0e11
dashboard link: https://syzkaller.appspot.com/bug?extid=c6167ec3de7def23d1e8
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=138b0aa2a00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c6167ec3de7def23d1e8@...kaller.appspotmail.com

ave B (hsr_slave_1) is not up; please bring it up to get a fully working  
HSR network
BUG: memory leak
unreferenced object 0xffff88811ffca300 (size 128):
   comm "syz-executor.0", pid 7073, jiffies 4295038954 (age 112.640s)
   hex dump (first 32 bytes):
     f0 18 ec 12 81 88 ff ff f0 18 ec 12 81 88 ff ff  ................
     76 54 a9 82 3f 36 6e 79 03 07 32 da 00 00 00 00  vT..?6ny..2.....
   backtrace:
     [<0000000043ebf44e>] kmemleak_alloc_recursive  
include/linux/kmemleak.h:55 [inline]
     [<0000000043ebf44e>] slab_post_alloc_hook mm/slab.h:439 [inline]
     [<0000000043ebf44e>] slab_alloc mm/slab.c:3326 [inline]
     [<0000000043ebf44e>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
     [<0000000090fd7552>] kmalloc include/linux/slab.h:547 [inline]
     [<0000000090fd7552>] hsr_create_self_node+0x42/0x150  
net/hsr/hsr_framereg.c:84
     [<00000000b676ec58>] hsr_dev_finalize+0xa4/0x233  
net/hsr/hsr_device.c:441
     [<000000006f2c807a>] hsr_newlink+0xf3/0x140 net/hsr/hsr_netlink.c:69
     [<0000000089911cdb>] __rtnl_newlink+0x892/0xb30  
net/core/rtnetlink.c:3191
     [<000000001adebee5>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3249
     [<000000002aa25337>] rtnetlink_rcv_msg+0x178/0x4b0  
net/core/rtnetlink.c:5218
     [<000000005a15ce29>] netlink_rcv_skb+0x61/0x170  
net/netlink/af_netlink.c:2486
     [<000000009d5f6d12>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5236
     [<00000000d359aece>] netlink_unicast_kernel  
net/netlink/af_netlink.c:1311 [inline]
     [<00000000d359aece>] netlink_unicast+0x1ec/0x2d0  
net/netlink/af_netlink.c:1337
     [<00000000520aeaa0>] netlink_sendmsg+0x26a/0x480  
net/netlink/af_netlink.c:1926
     [<00000000b4fd9df3>] sock_sendmsg_nosec net/socket.c:652 [inline]
     [<00000000b4fd9df3>] sock_sendmsg+0x54/0x70 net/socket.c:671
     [<000000005d72c299>] __sys_sendto+0x148/0x1f0 net/socket.c:1964
     [<0000000019b507bd>] __do_sys_sendto net/socket.c:1976 [inline]
     [<0000000019b507bd>] __se_sys_sendto net/socket.c:1972 [inline]
     [<0000000019b507bd>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1972
     [<00000000ae8ddd19>] do_syscall_64+0x76/0x1a0  
arch/x86/entry/common.c:301
     [<000000003c7f1886>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811bd6e500 (size 64):
   comm "syz-executor.0", pid 7073, jiffies 4295038954 (age 112.640s)
   hex dump (first 32 bytes):
     40 ef d6 1b 81 88 ff ff 00 02 00 00 00 00 ad de  @...............
     00 10 ec 12 81 88 ff ff c0 18 ec 12 81 88 ff ff  ................
   backtrace:
     [<0000000043ebf44e>] kmemleak_alloc_recursive  
include/linux/kmemleak.h:55 [inline]
     [<0000000043ebf44e>] slab_post_alloc_hook mm/slab.h:439 [inline]
     [<0000000043ebf44e>] slab_alloc mm/slab.c:3326 [inline]
     [<0000000043ebf44e>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
     [<000000009232eb2b>] kmalloc include/linux/slab.h:547 [inline]
     [<000000009232eb2b>] kzalloc include/linux/slab.h:742 [inline]
     [<000000009232eb2b>] hsr_add_port+0xe7/0x220 net/hsr/hsr_slave.c:142
     [<0000000062ddb58d>] hsr_dev_finalize+0x14f/0x233  
net/hsr/hsr_device.c:472
     [<000000006f2c807a>] hsr_newlink+0xf3/0x140 net/hsr/hsr_netlink.c:69
     [<0000000089911cdb>] __rtnl_newlink+0x892/0xb30  
net/core/rtnetlink.c:3191
     [<000000001adebee5>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3249
     [<000000002aa25337>] rtnetlink_rcv_msg+0x178/0x4b0  
net/core/rtnetlink.c:5218
     [<000000005a15ce29>] netlink_rcv_skb+0x61/0x170  
net/netlink/af_netlink.c:2486
     [<000000009d5f6d12>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5236
     [<00000000d359aece>] netlink_unicast_kernel  
net/netlink/af_netlink.c:1311 [inline]
     [<00000000d359aece>] netlink_unicast+0x1ec/0x2d0  
net/netlink/af_netlink.c:1337
     [<00000000520aeaa0>] netlink_sendmsg+0x26a/0x480  
net/netlink/af_netlink.c:1926
     [<00000000b4fd9df3>] sock_sendmsg_nosec net/socket.c:652 [inline]
     [<00000000b4fd9df3>] sock_sendmsg+0x54/0x70 net/socket.c:671
     [<000000005d72c299>] __sys_sendto+0x148/0x1f0 net/socket.c:1964
     [<0000000019b507bd>] __do_sys_sendto net/socket.c:1976 [inline]
     [<0000000019b507bd>] __se_sys_sendto net/socket.c:1972 [inline]
     [<0000000019b507bd>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1972
     [<00000000ae8ddd19>] do_syscall_64+0x76/0x1a0  
arch/x86/entry/common.c:301
     [<000000003c7f1886>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811bd6ef40 (size 64):
   comm "syz-executor.0", pid 7073, jiffies 4295038960 (age 112.580s)
   hex dump (first 32 bytes):
     d0 18 ec 12 81 88 ff ff 00 02 00 00 00 00 ad de  ................
     00 a0 27 21 81 88 ff ff c0 18 ec 12 81 88 ff ff  ..'!............
   backtrace:
     [<0000000043ebf44e>] kmemleak_alloc_recursive  
include/linux/kmemleak.h:55 [inline]
     [<0000000043ebf44e>] slab_post_alloc_hook mm/slab.h:439 [inline]
     [<0000000043ebf44e>] slab_alloc mm/slab.c:3326 [inline]
     [<0000000043ebf44e>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
     [<000000009232eb2b>] kmalloc include/linux/slab.h:547 [inline]
     [<000000009232eb2b>] kzalloc include/linux/slab.h:742 [inline]
     [<000000009232eb2b>] hsr_add_port+0xe7/0x220 net/hsr/hsr_slave.c:142
     [<0000000013dde593>] hsr_dev_finalize+0x1d1/0x233  
net/hsr/hsr_device.c:480
     [<000000006f2c807a>] hsr_newlink+0xf3/0x140 net/hsr/hsr_netlink.c:69
     [<0000000089911cdb>] __rtnl_newlink+0x892/0xb30  
net/core/rtnetlink.c:3191
     [<000000001adebee5>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3249
     [<000000002aa25337>] rtnetlink_rcv_msg+0x178/0x4b0  
net/core/rtnetlink.c:5218
     [<000000005a15ce29>] netlink_rcv_skb+0x61/0x170  
net/netlink/af_netlink.c:2486
     [<000000009d5f6d12>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5236
     [<00000000d359aece>] netlink_unicast_kernel  
net/netlink/af_netlink.c:1311 [inline]
     [<00000000d359aece>] netlink_unicast+0x1ec/0x2d0  
net/netlink/af_netlink.c:1337
     [<00000000520aeaa0>] netlink_sendmsg+0x26a/0x480  
net/netlink/af_netlink.c:1926
     [<00000000b4fd9df3>] sock_sendmsg_nosec net/socket.c:652 [inline]
     [<00000000b4fd9df3>] sock_sendmsg+0x54/0x70 net/socket.c:671
     [<000000005d72c299>] __sys_sendto+0x148/0x1f0 net/socket.c:1964
     [<0000000019b507bd>] __do_sys_sendto net/socket.c:1976 [inline]
     [<0000000019b507bd>] __se_sys_sendto net/socket.c:1972 [inline]
     [<0000000019b507bd>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1972
     [<00000000ae8ddd19>] do_syscall_64+0x76/0x1a0  
arch/x86/entry/common.c:301
     [<000000003c7f1886>] entry_SYSCALL_64_after_hwframe+0x44/0xa9



---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ