lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Sun, 05 Jul 2020 02:52:13 -0700
From:   syzbot <syzbot+d411cff6ab29cc2c311b@...kaller.appspotmail.com>
To:     davem@...emloft.net, jhs@...atatu.com, jiri@...nulli.us,
        kuba@...nel.org, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com,
        xiyou.wangcong@...il.com
Subject: memory leak in qdisc_create_dflt

Hello,

syzbot found the following crash on:

HEAD commit:    9ebcfadb Linux 5.8-rc3
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1577525b100000
kernel config:  https://syzkaller.appspot.com/x/.config?x=5ee23b9caef4e07a
dashboard link: https://syzkaller.appspot.com/bug?extid=d411cff6ab29cc2c311b
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10e579e3100000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1007c45b100000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d411cff6ab29cc2c311b@...kaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff888115aa8c00 (size 512):
  comm "syz-executor530", pid 6646, jiffies 4294943517 (age 13.870s)
  hex dump (first 32 bytes):
    a0 0c be 82 ff ff ff ff f0 0b be 82 ff ff ff ff  ................
    04 00 00 00 e8 03 00 00 40 c6 72 84 ff ff ff ff  ........@.......
  backtrace:
    [<00000000ead56edd>] kmalloc_node include/linux/slab.h:578 [inline]
    [<00000000ead56edd>] kzalloc_node include/linux/slab.h:680 [inline]
    [<00000000ead56edd>] qdisc_alloc+0x45/0x260 net/sched/sch_generic.c:818
    [<000000002852d256>] qdisc_create_dflt+0x3d/0x170 net/sched/sch_generic.c:893
    [<000000002108f663>] atm_tc_init+0x96/0x150 net/sched/sch_atm.c:551
    [<000000000988e5f0>] qdisc_create+0x1ae/0x670 net/sched/sch_api.c:1246
    [<00000000c8befd49>] tc_modify_qdisc+0x198/0xb10 net/sched/sch_api.c:1662
    [<00000000b014fe08>] rtnetlink_rcv_msg+0x17e/0x460 net/core/rtnetlink.c:5460
    [<00000000da7a0de1>] netlink_rcv_skb+0x5b/0x180 net/netlink/af_netlink.c:2469
    [<0000000069fa5fbe>] netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
    [<0000000069fa5fbe>] netlink_unicast+0x2b6/0x3c0 net/netlink/af_netlink.c:1329
    [<0000000049c303c5>] netlink_sendmsg+0x2ba/0x570 net/netlink/af_netlink.c:1918
    [<0000000017755dda>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<0000000017755dda>] sock_sendmsg+0x4c/0x60 net/socket.c:672
    [<00000000294b696a>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
    [<00000000eb7a1f59>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
    [<00000000ba1066c9>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
    [<0000000082fdecc3>] __do_sys_sendmmsg net/socket.c:2525 [inline]
    [<0000000082fdecc3>] __se_sys_sendmmsg net/socket.c:2522 [inline]
    [<0000000082fdecc3>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
    [<000000009da3552a>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
    [<00000000b46d0fac>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888115aa8a00 (size 512):
  comm "syz-executor530", pid 6647, jiffies 4294944100 (age 8.040s)
  hex dump (first 32 bytes):
    a0 0c be 82 ff ff ff ff f0 0b be 82 ff ff ff ff  ................
    04 00 00 00 e8 03 00 00 40 c6 72 84 ff ff ff ff  ........@.......
  backtrace:
    [<00000000ead56edd>] kmalloc_node include/linux/slab.h:578 [inline]
    [<00000000ead56edd>] kzalloc_node include/linux/slab.h:680 [inline]
    [<00000000ead56edd>] qdisc_alloc+0x45/0x260 net/sched/sch_generic.c:818
    [<000000002852d256>] qdisc_create_dflt+0x3d/0x170 net/sched/sch_generic.c:893
    [<000000002108f663>] atm_tc_init+0x96/0x150 net/sched/sch_atm.c:551
    [<000000000988e5f0>] qdisc_create+0x1ae/0x670 net/sched/sch_api.c:1246
    [<00000000c8befd49>] tc_modify_qdisc+0x198/0xb10 net/sched/sch_api.c:1662
    [<00000000b014fe08>] rtnetlink_rcv_msg+0x17e/0x460 net/core/rtnetlink.c:5460
    [<00000000da7a0de1>] netlink_rcv_skb+0x5b/0x180 net/netlink/af_netlink.c:2469
    [<0000000069fa5fbe>] netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
    [<0000000069fa5fbe>] netlink_unicast+0x2b6/0x3c0 net/netlink/af_netlink.c:1329
    [<0000000049c303c5>] netlink_sendmsg+0x2ba/0x570 net/netlink/af_netlink.c:1918
    [<0000000017755dda>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<0000000017755dda>] sock_sendmsg+0x4c/0x60 net/socket.c:672
    [<00000000294b696a>] ____sys_sendmsg+0x118/0x2f0 net/socket.c:2352
    [<00000000eb7a1f59>] ___sys_sendmsg+0x81/0xc0 net/socket.c:2406
    [<00000000ba1066c9>] __sys_sendmmsg+0xda/0x230 net/socket.c:2496
    [<0000000082fdecc3>] __do_sys_sendmmsg net/socket.c:2525 [inline]
    [<0000000082fdecc3>] __se_sys_sendmmsg net/socket.c:2522 [inline]
    [<0000000082fdecc3>] __x64_sys_sendmmsg+0x24/0x30 net/socket.c:2522
    [<000000009da3552a>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:359
    [<00000000b46d0fac>] entry_SYSCALL_64_after_hwframe+0x44/0xa9



---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists