lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sat, 02 Jan 2021 00:09:12 -0800
From:   syzbot <syzbot+19bcfc64a8df1318d1c3@...kaller.appspotmail.com>
To:     alex.shi@...ux.alibaba.com, davem@...emloft.net, kuba@...nel.org,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: memory leak in nfcmrvl_nci_register_dev

Hello,

syzbot found the following issue on:

HEAD commit:    dea8dcf2 Merge tag 'for-5.11/dm-fix' of git://git.kernel.o..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15e26077500000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f182e38c52a35dc6
dashboard link: https://syzkaller.appspot.com/bug?extid=19bcfc64a8df1318d1c3
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=119df6a3500000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1147e40b500000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+19bcfc64a8df1318d1c3@...kaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff88811332dc00 (size 1024):
  comm "kworker/1:3", pid 4910, jiffies 4294942229 (age 33.170s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 e8 f1 11 81 88 ff ff  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000ef906e9b>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000ef906e9b>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000ef906e9b>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784
    [<000000002450a09c>] nci_allocate_device net/nfc/nci/core.c:1170 [inline]
    [<000000002450a09c>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132
    [<000000001de82881>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153
    [<0000000079b32ad1>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345
    [<000000009f085cef>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
    [<00000000a872208e>] really_probe+0x159/0x480 drivers/base/dd.c:561
    [<000000005f458884>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745
    [<00000000c18df89f>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:851
    [<0000000071a719ab>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
    [<00000000a2659ebf>] __device_attach+0x122/0x250 drivers/base/dd.c:919
    [<00000000b52c481d>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
    [<0000000085c0e1c8>] device_add+0x5be/0xc30 drivers/base/core.c:3091
    [<000000002a5183f1>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
    [<000000009ca139a5>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
    [<000000002de27e2d>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
    [<00000000a872208e>] really_probe+0x159/0x480 drivers/base/dd.c:561

BUG: memory leak
unreferenced object 0xffff888111b0a400 (size 1024):
  comm "kworker/1:3", pid 4910, jiffies 4294942861 (age 26.850s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 f0 6c 0d 81 88 ff ff  ..........l.....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000ef906e9b>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000ef906e9b>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000ef906e9b>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784
    [<000000002450a09c>] nci_allocate_device net/nfc/nci/core.c:1170 [inline]
    [<000000002450a09c>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132
    [<000000001de82881>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153
    [<0000000079b32ad1>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345
    [<000000009f085cef>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
    [<00000000a872208e>] really_probe+0x159/0x480 drivers/base/dd.c:561
    [<000000005f458884>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745
    [<00000000c18df89f>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:851
    [<0000000071a719ab>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
    [<00000000a2659ebf>] __device_attach+0x122/0x250 drivers/base/dd.c:919
    [<00000000b52c481d>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
    [<0000000085c0e1c8>] device_add+0x5be/0xc30 drivers/base/core.c:3091
    [<000000002a5183f1>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
    [<000000009ca139a5>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
    [<000000002de27e2d>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
    [<00000000a872208e>] really_probe+0x159/0x480 drivers/base/dd.c:561



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ