lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 2 Dec 2020 06:42:19 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Ertza Warraich <ertza.afzal@...il.com>
Cc:     balbi@...nel.org, sorganov@...il.com, mirq-linux@...e.qmqm.pl,
        fabrice.gasnier@...com, linux-usb@...r.kernel.org,
        linux-kernel@...r.kernel.org, kt0755@...il.com,
        dave.jing.tian@...il.com
Subject: Re: memory leak in gs_start_io

On Tue, Dec 01, 2020 at 11:45:20PM -0500, Ertza Warraich wrote:
> We report a memory leak bug (in linux-5.8.13) found by FuzzUSB (a modified
> version of syzkaller).
> 
> The bug report is as follows:
> ==================================================================
> BUG: memory leak
> unreferenced object 0xffff888069c12000 (size 128):
>  comm "c4_fuzz", pid 2628, jiffies 4294945547 (age 774.450s)
>  hex dump (first 32 bytes):
>   b8 80 48 65 80 88 ff ff 00 7c f9 5b 80 88 ff ff ..He.....|.[....
>   00 7c af 64 80 88 ff ff 00 02 00 00 00 00 00 00 .|.d............
>  backtrace:
>   [<000000008f105b01>] kmemleak_alloc_recursive include/linux/kmemleak.h:43
> [inline]
>   [<000000008f105b01>] slab_post_alloc_hook mm/slab.h:588 [inline]
>   [<000000008f105b01>] slab_alloc_node mm/slub.c:2824 [inline]
>   [<000000008f105b01>] slab_alloc mm/slub.c:2832 [inline]
>   [<000000008f105b01>] kmem_cache_alloc_trace+0xfe/0x330 mm/slub.c:2849
>   [<0000000081072efc>] kmalloc include/linux/slab.h:555 [inline]
>   [<0000000081072efc>] kzalloc include/linux/slab.h:669 [inline]
>   [<0000000081072efc>] dummy_alloc_request+0xa0/0x190
> drivers/usb/gadget/udc/dummy_hcd.c:663
>   [<00000000b14438ed>] usb_ep_alloc_request+0x65/0x2c0
> drivers/usb/gadget/udc/core.c:178
>   [<000000006b6ab221>] gs_alloc_req+0x28/0xd0
> drivers/usb/gadget/function/u_serial.c:166
>   [<00000000999f9b54>] gs_alloc_requests+0x207/0x2f0
> drivers/usb/gadget/function/u_serial.c:517
>   [<00000000eae934b0>] gs_start_io+0x134/0x2a0
> drivers/usb/gadget/function/u_serial.c:555
>   [<00000000eec10774>] gs_open+0x323/0x440
> drivers/usb/gadget/function/u_serial.c:640
>   [<00000000c27493c6>] tty_open+0x23c/0x870 drivers/tty/tty_io.c:2048
>   [<0000000001954030>] chrdev_open+0x1e9/0x5b0 fs/char_dev.c:414
>   [<000000002321ec1f>] do_dentry_open+0x434/0xf40 fs/open.c:828
>   [<000000000de9bc50>] vfs_open+0x9a/0xc0 fs/open.c:942
>   [<00000000b1e25f2d>] do_open fs/namei.c:3243 [inline]
>   [<00000000b1e25f2d>] path_openat+0x1658/0x2570 fs/namei.c:3360
>   [<00000000b7cea3b5>] do_filp_open+0x15e/0x210 fs/namei.c:3387
>   [<00000000793cea2f>] do_sys_openat2+0x2e0/0x570 fs/open.c:1179
>   [<0000000067f289f1>] do_sys_open+0x88/0xc0 fs/open.c:1195
>   [<00000000937c31df>] ksys_open include/linux/syscalls.h:1388 [inline]
>   [<00000000937c31df>] __do_sys_open fs/open.c:1201 [inline]
>   [<00000000937c31df>] __se_sys_open fs/open.c:1199 [inline]
>   [<00000000937c31df>] __x64_sys_open+0x79/0xb0 fs/open.c:1199
> ==================================================================

Nice, care to make up a fix for this now that you have a reproducer?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ