lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 26 Jul 2019 14:00:14 +0100
From:   Catalin Marinas <catalin.marinas@....com>
To:     syzbot <syzbot+a871c1e6ea00685e73d7@...kaller.appspotmail.com>
Cc:     alexandre.belloni@...e-electrons.com, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, nicolas.ferre@...el.com, robh@...nel.org,
        sre@...nel.org, syzkaller-bugs@...glegroups.com
Subject: Re: memory leak in vq_meta_prefetch

On Wed, Jul 24, 2019 at 12:18:07PM -0700, syzbot wrote:
> syzbot found the following crash on:
> 
> HEAD commit:    c6dd78fc Merge branch 'x86-urgent-for-linus' of git://git...
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=15fffef4600000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=8de7d700ea5ac607
> dashboard link: https://syzkaller.appspot.com/bug?extid=a871c1e6ea00685e73d7
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=127b0334600000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12609e94600000
> 
> The bug was bisected to:
> 
> commit 0e5f7d0b39e1f184dc25e3adb580c79e85332167
> Author: Nicolas Ferre <nicolas.ferre@...el.com>
> Date:   Wed Mar 16 13:19:49 2016 +0000
> 
>     ARM: dts: at91: shdwc binding: add new shutdown controller documentation

That's another wrong commit identification (a documentation patch should
not cause a memory leak).

I don't really think kmemleak, with its relatively high rate of false
positives, is suitable for automated testing like syzbot. You could
reduce the false positives if you add support for scanning in
stop_machine(). Otherwise, in order to avoid locking the kernel for long
periods, kmemleak runs concurrently with other threads (even on the
current CPU) and under high load, pointers are missed (e.g. they are in
CPU registers rather than stack).

-- 
Catalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ