lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <0000000000003fcafc05e60e466e@google.com>
Date:   Fri, 12 Aug 2022 10:04:26 -0700
From:   syzbot <syzbot+dc54d9ba8153b216cae0@...kaller.appspotmail.com>
To:     davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        pabeni@...hat.com, syzkaller-bugs@...glegroups.com
Subject: [syzbot] memory leak in netlink_policy_dump_add_policy

Hello,

syzbot found the following issue on:

HEAD commit:    4e23eeebb2e5 Merge tag 'bitmap-6.0-rc1' of https://github...
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=165f4f6a080000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3a433c7a2539f51c
dashboard link: https://syzkaller.appspot.com/bug?extid=dc54d9ba8153b216cae0
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1443be71080000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=11e5918e080000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dc54d9ba8153b216cae0@...kaller.appspotmail.com

executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888113093f00 (size 192):
  comm "syz-executor228", pid 3636, jiffies 4294947950 (age 12.750s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00  ................
    40 53 fd 84 ff ff ff ff 40 01 00 00 00 00 00 00  @S......@.......
  backtrace:
    [<ffffffff83a0e378>] kmalloc include/linux/slab.h:600 [inline]
    [<ffffffff83a0e378>] kzalloc include/linux/slab.h:733 [inline]
    [<ffffffff83a0e378>] alloc_state net/netlink/policy.c:104 [inline]
    [<ffffffff83a0e378>] netlink_policy_dump_add_policy+0x198/0x1f0 net/netlink/policy.c:135
    [<ffffffff83a0d78d>] ctrl_dumppolicy_start+0x15d/0x290 net/netlink/genetlink.c:1173
    [<ffffffff83a0abf8>] genl_start+0x148/0x210 net/netlink/genetlink.c:596
    [<ffffffff83a0756a>] __netlink_dump_start+0x20a/0x440 net/netlink/af_netlink.c:2370
    [<ffffffff83a0a38e>] genl_family_rcv_msg_dumpit+0x15e/0x190 net/netlink/genetlink.c:678
    [<ffffffff83a0b1d5>] genl_family_rcv_msg net/netlink/genetlink.c:772 [inline]
    [<ffffffff83a0b1d5>] genl_rcv_msg+0x225/0x2c0 net/netlink/genetlink.c:792
    [<ffffffff83a09807>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2501
    [<ffffffff83a0a214>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
    [<ffffffff83a08977>] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
    [<ffffffff83a08977>] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345
    [<ffffffff83a08e36>] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921
    [<ffffffff8385aea6>] sock_sendmsg_nosec net/socket.c:714 [inline]
    [<ffffffff8385aea6>] sock_sendmsg+0x56/0x80 net/socket.c:734
    [<ffffffff8385b40c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2482
    [<ffffffff8385fd08>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2536
    [<ffffffff8385fe98>] __sys_sendmsg+0x88/0x100 net/socket.c:2565
    [<ffffffff845d8535>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff845d8535>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ