lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 28 Mar 2023 13:13:33 +0200
From:   Mirsad Todorovac <mirsad.todorovac@....unizg.hr>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        linux-kernel@...r.kernel.org
Subject: [BUG] systemd-devd triggers kernel memleak apparently in
 drivers/core/dd.c: driver_register()

Hi all,

Here is another kernel memory leak report, just as I thought we have done with
them by the xhci patch by Mathias.

The memory leaks were caught on an AlmaLinux 8.7 (CentOS) fork system, running
on a Lenovo desktop box (see lshw.txt) and the newest Linux kernel 6.3-rc4 commit
g3a93e40326c8 with Mathias' patch for a xhci systemd-devd triggered leak.

         See: <20230327095019.1017159-1-mathias.nyman@...ux.intel.com> on LKML.

This leak is also systemd-devd triggered, except for the memstick_check() leaks
which I was unable to bisect due to the box not booting older kernels (work in
progress).

unreferenced object 0xffff88ad12392710 (size 96):
   comm "systemd-udevd", pid 735, jiffies 4294896759 (age 2257.568s)
   hex dump (first 32 bytes):
     53 65 72 69 61 6c 50 6f 72 74 31 41 64 64 72 65  SerialPort1Addre
     73 73 2c 33 46 38 2f 49 52 51 34 3b 5b 4f 70 74  ss,3F8/IRQ4;[Opt
   backtrace:
     [<ffffffffae8fb26c>] slab_post_alloc_hook+0x8c/0x3e0
     [<ffffffffae902b49>] __kmem_cache_alloc_node+0x1d9/0x2a0
     [<ffffffffae8773c9>] __kmalloc_node_track_caller+0x59/0x180
     [<ffffffffae866a1a>] kstrdup+0x3a/0x70
     [<ffffffffc0d839aa>] tlmi_extract_output_string.isra.0+0x2a/0x60 [think_lmi]
     [<ffffffffc0d83b64>] tlmi_setting.constprop.4+0x54/0x90 [think_lmi]
     [<ffffffffc0d842b1>] tlmi_probe+0x591/0xba0 [think_lmi]
     [<ffffffffc051dc53>] wmi_dev_probe+0x163/0x230 [wmi]
     [<ffffffffaef987eb>] really_probe+0x17b/0x3d0
     [<ffffffffaef98ad4>] __driver_probe_device+0x84/0x190
     [<ffffffffaef98c14>] driver_probe_device+0x24/0xc0
     [<ffffffffaef98ed2>] __driver_attach+0xc2/0x190
     [<ffffffffaef95ab1>] bus_for_each_dev+0x81/0xd0
     [<ffffffffaef97c62>] driver_attach+0x22/0x30
     [<ffffffffaef97354>] bus_add_driver+0x1b4/0x240
     [<ffffffffaef9a0a2>] driver_register+0x62/0x120
unreferenced object 0xffff88ad0845a840 (size 64):
   comm "systemd-udevd", pid 735, jiffies 4294896783 (age 2257.488s)
   hex dump (first 32 bytes):
     55 53 42 50 6f 72 74 41 63 63 65 73 73 2c 45 6e  USBPortAccess,En
     61 62 6c 65 64 3b 5b 4f 70 74 69 6f 6e 61 6c 3a  abled;[Optional:
   backtrace:
     [<ffffffffae8fb26c>] slab_post_alloc_hook+0x8c/0x3e0
     [<ffffffffae902b49>] __kmem_cache_alloc_node+0x1d9/0x2a0
     [<ffffffffae8773c9>] __kmalloc_node_track_caller+0x59/0x180
     [<ffffffffae866a1a>] kstrdup+0x3a/0x70
     [<ffffffffc0d839aa>] tlmi_extract_output_string.isra.0+0x2a/0x60 [think_lmi]
     [<ffffffffc0d83b64>] tlmi_setting.constprop.4+0x54/0x90 [think_lmi]
     [<ffffffffc0d842b1>] tlmi_probe+0x591/0xba0 [think_lmi]
     [<ffffffffc051dc53>] wmi_dev_probe+0x163/0x230 [wmi]
     [<ffffffffaef987eb>] really_probe+0x17b/0x3d0
     [<ffffffffaef98ad4>] __driver_probe_device+0x84/0x190
     [<ffffffffaef98c14>] driver_probe_device+0x24/0xc0
     [<ffffffffaef98ed2>] __driver_attach+0xc2/0x190
     [<ffffffffaef95ab1>] bus_for_each_dev+0x81/0xd0
     [<ffffffffaef97c62>] driver_attach+0x22/0x30
     [<ffffffffaef97354>] bus_add_driver+0x1b4/0x240
     [<ffffffffaef9a0a2>] driver_register+0x62/0x120
unreferenced object 0xffff88ad069f5e40 (size 64):
   comm "systemd-udevd", pid 735, jiffies 4294896822 (age 2257.332s)
   hex dump (first 32 bytes):
     55 53 42 42 49 4f 53 53 75 70 70 6f 72 74 2c 45  USBBIOSSupport,E
     6e 61 62 6c 65 64 3b 5b 4f 70 74 69 6f 6e 61 6c  nabled;[Optional
   backtrace:
     [<ffffffffae8fb26c>] slab_post_alloc_hook+0x8c/0x3e0
     [<ffffffffae902b49>] __kmem_cache_alloc_node+0x1d9/0x2a0
     [<ffffffffae8773c9>] __kmalloc_node_track_caller+0x59/0x180
     [<ffffffffae866a1a>] kstrdup+0x3a/0x70
     [<ffffffffc0d839aa>] tlmi_extract_output_string.isra.0+0x2a/0x60 [think_lmi]
     [<ffffffffc0d83b64>] tlmi_setting.constprop.4+0x54/0x90 [think_lmi]
     [<ffffffffc0d842b1>] tlmi_probe+0x591/0xba0 [think_lmi]
     [<ffffffffc051dc53>] wmi_dev_probe+0x163/0x230 [wmi]
     [<ffffffffaef987eb>] really_probe+0x17b/0x3d0
     [<ffffffffaef98ad4>] __driver_probe_device+0x84/0x190
     [<ffffffffaef98c14>] driver_probe_device+0x24/0xc0
     [<ffffffffaef98ed2>] __driver_attach+0xc2/0x190
     [<ffffffffaef95ab1>] bus_for_each_dev+0x81/0xd0
     [<ffffffffaef97c62>] driver_attach+0x22/0x30
     [<ffffffffaef97354>] bus_add_driver+0x1b4/0x240
     [<ffffffffaef9a0a2>] driver_register+0x62/0x120
[snip]

Please see build config and the more verbose debug output at the URL:

https://domac.alu.hr/~mtodorov/linux/bugreports/driver_register/

I hope this helps someone.

This one is way too complex to even attempt guessing what went wrong,
with my current knowledge of the Linux kernel internals.

Please contact me for any additional required information.

As usual, I have Cc:-ed all maintainers as per get_maintainers.pl script.

Thank you very much for your patience.

Best regards,
Mirsad

-- 
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu

System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ