| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Aug 2020 10:19:25 -0700
From: syzbot <syzbot+f7f6e564f4202d8601c6@...kaller.appspotmail.com>
To: davem@...emloft.net, johan.hedberg@...il.com, kuba@...nel.org,
linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
marcel@...tmann.org, netdev@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: memory leak in read_adv_mon_features
Hello,
syzbot found the following issue on:
HEAD commit: 7fca4dee Merge tag 'powerpc-5.9-2' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15ea92a1900000
kernel config: https://syzkaller.appspot.com/x/.config?x=e320bbff976a5cdc
dashboard link: https://syzkaller.appspot.com/bug?extid=f7f6e564f4202d8601c6
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1286db9a900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1143ddf6900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f7f6e564f4202d8601c6@...kaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88812b18e6e0 (size 32):
comm "syz-executor286", pid 6490, jiffies 4294993450 (age 13.120s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 20 00 10 00 00 00 00 00 ........ .......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000f286b99c>] kmalloc include/linux/slab.h:559 [inline]
[<00000000f286b99c>] read_adv_mon_features+0xa1/0x150 net/bluetooth/mgmt.c:4180
[<00000000f0f16504>] hci_mgmt_cmd net/bluetooth/hci_sock.c:1603 [inline]
[<00000000f0f16504>] hci_sock_sendmsg+0xb01/0xc60 net/bluetooth/hci_sock.c:1738
[<000000001560da71>] sock_sendmsg_nosec net/socket.c:651 [inline]
[<000000001560da71>] sock_sendmsg+0x4c/0x60 net/socket.c:671
[<000000007d7be9f6>] sock_write_iter+0xc5/0x140 net/socket.c:998
[<00000000e3633d41>] call_write_iter include/linux/fs.h:1882 [inline]
[<00000000e3633d41>] new_sync_write+0x173/0x210 fs/read_write.c:503
[<0000000021a87df2>] vfs_write+0x21d/0x280 fs/read_write.c:578
[<0000000003f07ff6>] ksys_write+0xd8/0x120 fs/read_write.c:631
[<0000000003a7df09>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<000000005ecd28f6>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88812b18e660 (size 32):
comm "syz-executor286", pid 6495, jiffies 4294993998 (age 7.640s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 20 00 10 00 00 00 00 00 ........ .......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000f286b99c>] kmalloc include/linux/slab.h:559 [inline]
[<00000000f286b99c>] read_adv_mon_features+0xa1/0x150 net/bluetooth/mgmt.c:4180
[<00000000f0f16504>] hci_mgmt_cmd net/bluetooth/hci_sock.c:1603 [inline]
[<00000000f0f16504>] hci_sock_sendmsg+0xb01/0xc60 net/bluetooth/hci_sock.c:1738
[<000000001560da71>] sock_sendmsg_nosec net/socket.c:651 [inline]
[<000000001560da71>] sock_sendmsg+0x4c/0x60 net/socket.c:671
[<000000007d7be9f6>] sock_write_iter+0xc5/0x140 net/socket.c:998
[<00000000e3633d41>] call_write_iter include/linux/fs.h:1882 [inline]
[<00000000e3633d41>] new_sync_write+0x173/0x210 fs/read_write.c:503
[<0000000021a87df2>] vfs_write+0x21d/0x280 fs/read_write.c:578
[<0000000003f07ff6>] ksys_write+0xd8/0x120 fs/read_write.c:631
[<0000000003a7df09>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<000000005ecd28f6>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Powered by blists - more mailing lists