lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 30 Mar 2021 06:16:21 -0700
From:   syzbot <syzbot+739016799a89c530b32a@...kaller.appspotmail.com>
To:     bjorn.andersson@...aro.org, davem@...emloft.net,
        edumazet@...gle.com, kuba@...nel.org, linux-kernel@...r.kernel.org,
        loic.poulain@...aro.org, necip@...gle.com, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: [syzbot] memory leak in radix_tree_insert

Hello,

syzbot found the following issue on:

HEAD commit:    1e43c377 Merge tag 'xtensa-20210329' of git://github.com/j..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12837016d00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=efa6933adb0d4748
dashboard link: https://syzkaller.appspot.com/bug?extid=739016799a89c530b32a
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1792a211d00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17c5b21ad00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+739016799a89c530b32a@...kaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff88810ffa0900 (size 576):
  comm "syz-executor055", pid 8413, jiffies 4294943689 (age 19.180s)
  hex dump (first 32 bytes):
    3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  <...............
    b0 91 09 10 81 88 ff ff 18 09 fa 0f 81 88 ff ff  ................
  backtrace:
    [<ffffffff822f6f68>] radix_tree_node_alloc.constprop.0+0x78/0x180 lib/radix-tree.c:274
    [<ffffffff822f887c>] __radix_tree_create lib/radix-tree.c:622 [inline]
    [<ffffffff822f887c>] radix_tree_insert+0x13c/0x310 lib/radix-tree.c:710
    [<ffffffff840cc337>] qrtr_tx_wait net/qrtr/qrtr.c:274 [inline]
    [<ffffffff840cc337>] qrtr_node_enqueue+0x547/0x610 net/qrtr/qrtr.c:342
    [<ffffffff840ce1a2>] qrtr_bcast_enqueue+0x62/0xc0 net/qrtr/qrtr.c:885
    [<ffffffff840ccf1e>] qrtr_sendmsg+0x20e/0x500 net/qrtr/qrtr.c:986
    [<ffffffff8363a836>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363a836>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8363a957>] sock_write_iter+0xf7/0x180 net/socket.c:1001
    [<ffffffff81545057>] call_write_iter include/linux/fs.h:1977 [inline]
    [<ffffffff81545057>] new_sync_write+0x1d7/0x2b0 fs/read_write.c:518
    [<ffffffff815486d1>] vfs_write+0x351/0x400 fs/read_write.c:605
    [<ffffffff81548a4b>] ksys_write+0x12b/0x160 fs/read_write.c:658
    [<ffffffff842df20d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888112449860 (size 32):
  comm "syz-executor055", pid 8414, jiffies 4294944254 (age 13.530s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 68 98 44 12 81 88 ff ff  ........h.D.....
    68 98 44 12 81 88 ff ff 01 00 00 00 00 00 00 00  h.D.............
  backtrace:
    [<ffffffff840cc2ff>] kmalloc include/linux/slab.h:554 [inline]
    [<ffffffff840cc2ff>] kzalloc include/linux/slab.h:684 [inline]
    [<ffffffff840cc2ff>] qrtr_tx_wait net/qrtr/qrtr.c:271 [inline]
    [<ffffffff840cc2ff>] qrtr_node_enqueue+0x50f/0x610 net/qrtr/qrtr.c:342
    [<ffffffff840ce1a2>] qrtr_bcast_enqueue+0x62/0xc0 net/qrtr/qrtr.c:885
    [<ffffffff840ccf1e>] qrtr_sendmsg+0x20e/0x500 net/qrtr/qrtr.c:986
    [<ffffffff8363a836>] sock_sendmsg_nosec net/socket.c:654 [inline]
    [<ffffffff8363a836>] sock_sendmsg+0x56/0x80 net/socket.c:674
    [<ffffffff8363a957>] sock_write_iter+0xf7/0x180 net/socket.c:1001
    [<ffffffff81545057>] call_write_iter include/linux/fs.h:1977 [inline]
    [<ffffffff81545057>] new_sync_write+0x1d7/0x2b0 fs/read_write.c:518
    [<ffffffff815486d1>] vfs_write+0x351/0x400 fs/read_write.c:605
    [<ffffffff81548a4b>] ksys_write+0x12b/0x160 fs/read_write.c:658
    [<ffffffff842df20d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ