lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000000000000c7910505bd889abc@google.com>
Date:   Sun, 14 Mar 2021 17:48:13 -0700
From:   syzbot <syzbot+44908bb56d2bfe56b28e@...kaller.appspotmail.com>
To:     christian@...uner.io, ebiederm@...ssion.com, keescook@...omium.org,
        linux-kernel@...r.kernel.org, minchan@...nel.org, oleg@...hat.com,
        syzkaller-bugs@...glegroups.com
Subject: [syzbot] memory leak in copy_process (2)

Hello,

syzbot found the following issue on:

HEAD commit:    88fe4924 Merge tag 'char-misc-5.12-rc3' of git://git.kerne..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10252462d00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=815a716b5d0a8bdf
dashboard link: https://syzkaller.appspot.com/bug?extid=44908bb56d2bfe56b28e
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14180dc6d00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=167cf68ad00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+44908bb56d2bfe56b28e@...kaller.appspotmail.com

Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts.
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888101b41d00 (size 120):
  comm "kworker/u4:0", pid 8, jiffies 4294944270 (age 12.780s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8125dc56>] alloc_pid+0x66/0x560 kernel/pid.c:180
    [<ffffffff81226405>] copy_process+0x1465/0x25e0 kernel/fork.c:2115
    [<ffffffff81227943>] kernel_clone+0xf3/0x670 kernel/fork.c:2493
    [<ffffffff812281a1>] kernel_thread+0x61/0x80 kernel/fork.c:2545
    [<ffffffff81253464>] call_usermodehelper_exec_work kernel/umh.c:172 [inline]
    [<ffffffff81253464>] call_usermodehelper_exec_work+0xc4/0x120 kernel/umh.c:158
    [<ffffffff812591c9>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<ffffffff81259ab9>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<ffffffff812611c8>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff888110ef5c00 (size 232):
  comm "kworker/u4:0", pid 8414, jiffies 4294944270 (age 12.780s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 b7 04 01 81 88 ff ff c0 56 ba 0f 81 88 ff ff  .........V......
  backtrace:
    [<ffffffff8154a0cf>] kmem_cache_zalloc include/linux/slab.h:674 [inline]
    [<ffffffff8154a0cf>] __alloc_file+0x1f/0xf0 fs/file_table.c:101
    [<ffffffff8154a809>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
    [<ffffffff8154a8f3>] alloc_file+0x33/0x1b0 fs/file_table.c:192
    [<ffffffff8154ab22>] alloc_file_pseudo+0xb2/0x140 fs/file_table.c:232
    [<ffffffff81559218>] create_pipe_files+0x138/0x2e0 fs/pipe.c:911
    [<ffffffff8126c793>] umd_setup+0x33/0x220 kernel/usermode_driver.c:104
    [<ffffffff81253574>] call_usermodehelper_exec_async+0xb4/0x1b0 kernel/umh.c:101
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff888110cafc90 (size 24):
  comm "kworker/u4:0", pid 8414, jiffies 4294944270 (age 12.780s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 b0 0e 94 00 81 88 ff ff  ................
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff820e15ca>] kmem_cache_zalloc include/linux/slab.h:674 [inline]
    [<ffffffff820e15ca>] lsm_file_alloc security/security.c:569 [inline]
    [<ffffffff820e15ca>] security_file_alloc+0x2a/0xb0 security/security.c:1470
    [<ffffffff8154a10d>] __alloc_file+0x5d/0xf0 fs/file_table.c:106
    [<ffffffff8154a809>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
    [<ffffffff8154a8f3>] alloc_file+0x33/0x1b0 fs/file_table.c:192
    [<ffffffff8154ab22>] alloc_file_pseudo+0xb2/0x140 fs/file_table.c:232
    [<ffffffff81559218>] create_pipe_files+0x138/0x2e0 fs/pipe.c:911
    [<ffffffff8126c793>] umd_setup+0x33/0x220 kernel/usermode_driver.c:104
    [<ffffffff81253574>] call_usermodehelper_exec_async+0xb4/0x1b0 kernel/umh.c:101
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff888110ef5e00 (size 232):
  comm "kworker/u4:0", pid 8414, jiffies 4294944270 (age 12.780s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 b7 04 01 81 88 ff ff 00 59 ba 0f 81 88 ff ff  .........Y......
  backtrace:
    [<ffffffff8154a0cf>] kmem_cache_zalloc include/linux/slab.h:674 [inline]
    [<ffffffff8154a0cf>] __alloc_file+0x1f/0xf0 fs/file_table.c:101
    [<ffffffff8154a809>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
    [<ffffffff8154a8f3>] alloc_file+0x33/0x1b0 fs/file_table.c:192
    [<ffffffff8154ac22>] alloc_file_clone+0x22/0x70 fs/file_table.c:244
    [<ffffffff81559262>] create_pipe_files+0x182/0x2e0 fs/pipe.c:922
    [<ffffffff8126c80d>] umd_setup+0xad/0x220 kernel/usermode_driver.c:115
    [<ffffffff81253574>] call_usermodehelper_exec_async+0xb4/0x1b0 kernel/umh.c:101
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff888110cafc18 (size 24):
  comm "kworker/u4:0", pid 8414, jiffies 4294944270 (age 12.780s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 b0 0e 94 00 81 88 ff ff  ................
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff820e15ca>] kmem_cache_zalloc include/linux/slab.h:674 [inline]
    [<ffffffff820e15ca>] lsm_file_alloc security/security.c:569 [inline]
    [<ffffffff820e15ca>] security_file_alloc+0x2a/0xb0 security/security.c:1470
    [<ffffffff8154a10d>] __alloc_file+0x5d/0xf0 fs/file_table.c:106
    [<ffffffff8154a809>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
    [<ffffffff8154a8f3>] alloc_file+0x33/0x1b0 fs/file_table.c:192
    [<ffffffff8154ac22>] alloc_file_clone+0x22/0x70 fs/file_table.c:244
    [<ffffffff81559262>] create_pipe_files+0x182/0x2e0 fs/pipe.c:922
    [<ffffffff8126c80d>] umd_setup+0xad/0x220 kernel/usermode_driver.c:115
    [<ffffffff81253574>] call_usermodehelper_exec_async+0xb4/0x1b0 kernel/umh.c:101
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ