lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <0000000000001821bf0598bb955c@google.com>
Date:   Mon, 02 Dec 2019 09:05:11 -0800
From:   syzbot <syzbot+2add91c08eb181fea1bf@...kaller.appspotmail.com>
To:     bridge@...ts.linux-foundation.org, davem@...emloft.net,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        nikolay@...ulusnetworks.com, roopa@...ulusnetworks.com,
        syzkaller-bugs@...glegroups.com
Subject: memory leak in fdb_create (2)

Hello,

syzbot found the following crash on:

HEAD commit:    ceb30747 Merge tag 'y2038-cleanups-5.5' of git://git.kerne..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=142b3e7ee00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=26f873e40f2b4134
dashboard link: https://syzkaller.appspot.com/bug?extid=2add91c08eb181fea1bf
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=12976feee00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10604feee00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2add91c08eb181fea1bf@...kaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff888124fa7080 (size 128):
   comm "syz-executor163", pid 7170, jiffies 4294954254 (age 12.500s)
   hex dump (first 32 bytes):
     d1 16 b6 1f 81 88 ff ff 00 00 00 00 00 00 00 00  ................
     aa aa aa aa aa 0c 00 00 00 00 00 00 00 00 00 00  ................
   backtrace:
     [<000000001bbce457>] kmemleak_alloc_recursive  
include/linux/kmemleak.h:43 [inline]
     [<000000001bbce457>] slab_post_alloc_hook mm/slab.h:586 [inline]
     [<000000001bbce457>] slab_alloc mm/slab.c:3319 [inline]
     [<000000001bbce457>] kmem_cache_alloc+0x13f/0x2c0 mm/slab.c:3483
     [<000000005e78ed69>] fdb_create+0x37/0x530 net/bridge/br_fdb.c:498
     [<000000009cc867aa>] fdb_insert+0xb2/0xf0 net/bridge/br_fdb.c:537
     [<00000000a443c9ff>] br_fdb_change_mac_address+0x80/0x1f0  
net/bridge/br_fdb.c:316
     [<00000000370e41a8>] br_stp_change_bridge_id+0x4c/0x190  
net/bridge/br_stp_if.c:223
     [<00000000db15c550>] br_set_mac_address+0xa2/0xb0  
net/bridge/br_device.c:251
     [<00000000547a827c>] dev_set_mac_address+0xdd/0x150 net/core/dev.c:8350
     [<0000000068a207bd>] __bond_release_one.cold+0x319/0x4ac  
drivers/net/bonding/bond_main.c:2055
     [<00000000189411c7>] bond_slave_netdev_event  
drivers/net/bonding/bond_main.c:3169 [inline]
     [<00000000189411c7>] bond_netdev_event+0x2ac/0x2c0  
drivers/net/bonding/bond_main.c:3280
     [<000000002bd5677b>] notifier_call_chain+0x66/0xb0 kernel/notifier.c:95
     [<0000000044f0058c>] __raw_notifier_call_chain kernel/notifier.c:396  
[inline]
     [<0000000044f0058c>] raw_notifier_call_chain+0x2e/0x40  
kernel/notifier.c:403
     [<000000009782bbd6>] call_netdevice_notifiers_info net/core/dev.c:1893  
[inline]
     [<000000009782bbd6>] call_netdevice_notifiers_info+0x60/0xb0  
net/core/dev.c:1878
     [<000000005904fef6>] call_netdevice_notifiers_extack  
net/core/dev.c:1905 [inline]
     [<000000005904fef6>] call_netdevice_notifiers net/core/dev.c:1919  
[inline]
     [<000000005904fef6>] rollback_registered_many+0x373/0x640  
net/core/dev.c:8743
     [<00000000806944eb>] unregister_netdevice_many.part.0+0x17/0x90  
net/core/dev.c:9906
     [<00000000c0997ee2>] unregister_netdevice_many+0x24/0x30  
net/core/dev.c:9905
     [<0000000042445981>] rtnl_delete_link+0x63/0xa0  
net/core/rtnetlink.c:2926



---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ