| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACT4Y+a6DV3CTamNYLdNqoH=5iqR=VH+e23gx5jjyM8qsfKR1A@mail.gmail.com>
Date: Tue, 9 Jan 2018 18:14:36 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: David Miller <davem@...emloft.net>,
Tom Herbert <tom@...ntonium.net>,
Cong Wang <xiyou.wangcong@...il.com>,
Al Viro <viro@...iv.linux.org.uk>,
Eric Dumazet <edumazet@...gle.com>, xiaolou4617@...il.com,
Tobias Klauser <tklauser@...tanz.ch>,
Eric Biggers <ebiggers@...gle.com>,
netdev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
syzkaller <syzkaller@...glegroups.com>
Subject: kcm: memory leak in kcm_sendmsg
Hello,
syzkaller has discovered the following memory leak:
unreferenced object 0xffff8800655d5e20 (size 512):
comm "a.out", pid 10342, jiffies 4295928494 (age 24.051s)
hex dump (first 32 bytes):
80 6b 5d 65 00 88 ff ff 69 63 65 73 2f 76 69 72 .k]e....ices/vir
74 75 61 6c 2f 6e 65 74 2f 74 75 6e 6c 30 2f 71 tual/net/tunl0/q
backtrace:
[<0000000017222de2>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<0000000017222de2>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<0000000017222de2>] slab_alloc_node mm/slub.c:2725 [inline]
[<0000000017222de2>] __kmalloc_node_track_caller+0x19f/0x360 mm/slub.c:4320
[<00000000468595b2>] __kmalloc_reserve.isra.39+0x3a/0xe0
net/core/skbuff.c:137
[<000000005d645735>] __alloc_skb+0x144/0x7c0 net/core/skbuff.c:205
[<0000000076b4c539>] alloc_skb include/linux/skbuff.h:983 [inline]
[<0000000076b4c539>] kcm_sendmsg+0x66a/0x2480 net/kcm/kcmsock.c:968
[<0000000035be3c2b>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<0000000035be3c2b>] sock_sendmsg+0xd2/0x120 net/socket.c:646
[<00000000abbae6ad>] SYSC_sendto+0x3de/0x640 net/socket.c:1727
[<00000000b55ba03b>] SyS_sendto+0x40/0x50 net/socket.c:1695
[<000000005d14bb62>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<0000000000cf1810>] 0xffffffffffffffff
unreferenced object 0xffff880053801e40 (size 232):
comm "a.out", pid 10342, jiffies 4295928494 (age 24.051s)
hex dump (first 32 bytes):
c0 20 80 53 00 88 ff ff 00 00 00 00 00 00 00 00 . .S............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000519e860b>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000519e860b>] slab_post_alloc_hook mm/slab.h:440 [inline]
[<00000000519e860b>] slab_alloc_node mm/slub.c:2725 [inline]
[<00000000519e860b>] kmem_cache_alloc_node+0x12d/0x2a0 mm/slub.c:2761
[<000000001a066279>] __alloc_skb+0x103/0x7c0 net/core/skbuff.c:193
[<0000000076b4c539>] alloc_skb include/linux/skbuff.h:983 [inline]
[<0000000076b4c539>] kcm_sendmsg+0x66a/0x2480 net/kcm/kcmsock.c:968
[<0000000035be3c2b>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<0000000035be3c2b>] sock_sendmsg+0xd2/0x120 net/socket.c:646
[<00000000abbae6ad>] SYSC_sendto+0x3de/0x640 net/socket.c:1727
[<00000000b55ba03b>] SyS_sendto+0x40/0x50 net/socket.c:1695
[<000000005d14bb62>] entry_SYSCALL_64_fastpath+0x23/0x9a
[<0000000000cf1810>] 0xffffffffffffffff
Reproducer is attached. On 4.15-rc7.
View attachment "kcm.c" of type "text/x-csrc" (12385 bytes)
Powered by blists - more mailing lists