| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0000000000001821bf0598bb955c@google.com>
Date: Mon, 02 Dec 2019 09:05:11 -0800
From: syzbot <syzbot+2add91c08eb181fea1bf@...kaller.appspotmail.com>
To: bridge@...ts.linux-foundation.org, davem@...emloft.net,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
nikolay@...ulusnetworks.com, roopa@...ulusnetworks.com,
syzkaller-bugs@...glegroups.com
Subject: memory leak in fdb_create (2)
Hello,
syzbot found the following crash on:
HEAD commit: ceb30747 Merge tag 'y2038-cleanups-5.5' of git://git.kerne..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=142b3e7ee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=26f873e40f2b4134
dashboard link: https://syzkaller.appspot.com/bug?extid=2add91c08eb181fea1bf
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12976feee00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10604feee00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2add91c08eb181fea1bf@...kaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888124fa7080 (size 128):
comm "syz-executor163", pid 7170, jiffies 4294954254 (age 12.500s)
hex dump (first 32 bytes):
d1 16 b6 1f 81 88 ff ff 00 00 00 00 00 00 00 00 ................
aa aa aa aa aa 0c 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000001bbce457>] kmemleak_alloc_recursive
include/linux/kmemleak.h:43 [inline]
[<000000001bbce457>] slab_post_alloc_hook mm/slab.h:586 [inline]
[<000000001bbce457>] slab_alloc mm/slab.c:3319 [inline]
[<000000001bbce457>] kmem_cache_alloc+0x13f/0x2c0 mm/slab.c:3483
[<000000005e78ed69>] fdb_create+0x37/0x530 net/bridge/br_fdb.c:498
[<000000009cc867aa>] fdb_insert+0xb2/0xf0 net/bridge/br_fdb.c:537
[<00000000a443c9ff>] br_fdb_change_mac_address+0x80/0x1f0
net/bridge/br_fdb.c:316
[<00000000370e41a8>] br_stp_change_bridge_id+0x4c/0x190
net/bridge/br_stp_if.c:223
[<00000000db15c550>] br_set_mac_address+0xa2/0xb0
net/bridge/br_device.c:251
[<00000000547a827c>] dev_set_mac_address+0xdd/0x150 net/core/dev.c:8350
[<0000000068a207bd>] __bond_release_one.cold+0x319/0x4ac
drivers/net/bonding/bond_main.c:2055
[<00000000189411c7>] bond_slave_netdev_event
drivers/net/bonding/bond_main.c:3169 [inline]
[<00000000189411c7>] bond_netdev_event+0x2ac/0x2c0
drivers/net/bonding/bond_main.c:3280
[<000000002bd5677b>] notifier_call_chain+0x66/0xb0 kernel/notifier.c:95
[<0000000044f0058c>] __raw_notifier_call_chain kernel/notifier.c:396
[inline]
[<0000000044f0058c>] raw_notifier_call_chain+0x2e/0x40
kernel/notifier.c:403
[<000000009782bbd6>] call_netdevice_notifiers_info net/core/dev.c:1893
[inline]
[<000000009782bbd6>] call_netdevice_notifiers_info+0x60/0xb0
net/core/dev.c:1878
[<000000005904fef6>] call_netdevice_notifiers_extack
net/core/dev.c:1905 [inline]
[<000000005904fef6>] call_netdevice_notifiers net/core/dev.c:1919
[inline]
[<000000005904fef6>] rollback_registered_many+0x373/0x640
net/core/dev.c:8743
[<00000000806944eb>] unregister_netdevice_many.part.0+0x17/0x90
net/core/dev.c:9906
[<00000000c0997ee2>] unregister_netdevice_many+0x24/0x30
net/core/dev.c:9905
[<0000000042445981>] rtnl_delete_link+0x63/0xa0
net/core/rtnetlink.c:2926
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Powered by blists - more mailing lists