lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 24 Jul 2019 10:25:21 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Steffen Klassert <steffen.klassert@...unet.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        David Miller <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        netdev <netdev@...r.kernel.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        syzbot <syzbot+ad8ca40ecd77896d51e2@...kaller.appspotmail.com>
Subject: Re: memory leak in kobject_set_name_vargs (2)

On Wed, Jul 24, 2019 at 1:08 AM syzbot
<syzbot+ad8ca40ecd77896d51e2@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:    3bfe1fc4 Merge tag 'for-5.3/dm-changes-2' of git://git.ker..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=130322afa00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=dcfc65ee492509c6
> dashboard link: https://syzkaller.appspot.com/bug?extid=ad8ca40ecd77896d51e2
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=135cbed0600000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=14dd4e34600000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+ad8ca40ecd77896d51e2@...kaller.appspotmail.com

+net/ipv6/ip6_vti.c maintainers

> BUG: memory leak
> unreferenced object 0xffff88810cc5d860 (size 32):
>    comm "syz-executor938", pid 7153, jiffies 4294945400 (age 8.020s)
>    hex dump (first 32 bytes):
>      69 70 36 5f 76 74 69 31 00 2f 37 31 35 33 00 00  ip6_vti1./7153..
>      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>    backtrace:
>      [<000000000800471f>] kmemleak_alloc_recursive
> /./include/linux/kmemleak.h:43 [inline]
>      [<000000000800471f>] slab_post_alloc_hook /mm/slab.h:522 [inline]
>      [<000000000800471f>] slab_alloc /mm/slab.c:3319 [inline]
>      [<000000000800471f>] __do_kmalloc /mm/slab.c:3653 [inline]
>      [<000000000800471f>] __kmalloc_track_caller+0x165/0x300 /mm/slab.c:3670
>      [<000000007a2eef8e>] kstrdup+0x3a/0x70 /mm/util.c:53
>      [<00000000a309e483>] kstrdup_const+0x48/0x60 /mm/util.c:75
>      [<00000000cf8dc39b>] kvasprintf_const+0x7e/0xe0 /lib/kasprintf.c:48
>      [<000000005a964730>] kobject_set_name_vargs+0x40/0xe0 /lib/kobject.c:289
>      [<00000000e2a9ccdf>] dev_set_name+0x63/0x90 /drivers/base/core.c:1915
>      [<000000007bc7b1da>] netdev_register_kobject+0x5a/0x1b0
> /net/core/net-sysfs.c:1727
>      [<00000000637b4645>] register_netdevice+0x397/0x600 /net/core/dev.c:8723
>      [<0000000038b21fdc>] vti6_tnl_create2+0x47/0xb0 /net/ipv6/ip6_vti.c:189
>      [<0000000023231475>] vti6_tnl_create /net/ipv6/ip6_vti.c:229 [inline]
>      [<0000000023231475>] vti6_locate /net/ipv6/ip6_vti.c:277 [inline]
>      [<0000000023231475>] vti6_locate+0x244/0x2c0 /net/ipv6/ip6_vti.c:255
>      [<000000006ebf0a44>] vti6_ioctl+0x17f/0x390 /net/ipv6/ip6_vti.c:802
>      [<00000000077406fa>] dev_ifsioc+0x324/0x460 /net/core/dev_ioctl.c:322
>      [<00000000465d817c>] dev_ioctl+0x157/0x45e /net/core/dev_ioctl.c:514
>      [<00000000e2472af6>] sock_ioctl+0x394/0x480 /net/socket.c:1099
>      [<0000000024234c3b>] vfs_ioctl /fs/ioctl.c:46 [inline]
>      [<0000000024234c3b>] file_ioctl /fs/ioctl.c:509 [inline]
>      [<0000000024234c3b>] do_vfs_ioctl+0x62a/0x810 /fs/ioctl.c:696
>      [<0000000015b52ca4>] ksys_ioctl+0x86/0xb0 /fs/ioctl.c:713
>
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000edcb3c058e6143d5%40google.com.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ