lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000000000000058a0f058bd50068@google.com>
Date:   Fri, 21 Jun 2019 05:57:08 -0700
From:   syzbot <syzbot+6bf095f9becf5efef645@...kaller.appspotmail.com>
To:     davem@...emloft.net, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com,
        xiyou.wangcong@...il.com
Subject: memory leak in llc_ui_create (2)

Hello,

syzbot found the following crash on:

HEAD commit:    abf02e29 Merge tag 'pm-5.2-rc6' of git://git.kernel.org/pu..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14cc10b1a00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=56f1da14935c3cce
dashboard link: https://syzkaller.appspot.com/bug?extid=6bf095f9becf5efef645
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1698d45ea00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6bf095f9becf5efef645@...kaller.appspotmail.com

85.529503][ T7031] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/06/20 19:36:46 executed programs: 1
2019/06/20 19:36:51 executed programs: 3
BUG: memory leak
unreferenced object 0xffff888118b8d800 (size 2048):
   comm "syz-executor.0", pid 7054, jiffies 4295036362 (age 12.560s)
   hex dump (first 32 bytes):
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
     1a 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............
   backtrace:
     [<000000004a3a66c0>] kmemleak_alloc_recursive  
include/linux/kmemleak.h:43 [inline]
     [<000000004a3a66c0>] slab_post_alloc_hook mm/slab.h:439 [inline]
     [<000000004a3a66c0>] slab_alloc mm/slab.c:3326 [inline]
     [<000000004a3a66c0>] __do_kmalloc mm/slab.c:3658 [inline]
     [<000000004a3a66c0>] __kmalloc+0x161/0x2c0 mm/slab.c:3669
     [<00000000cc5a7d28>] kmalloc include/linux/slab.h:552 [inline]
     [<00000000cc5a7d28>] sk_prot_alloc+0xd6/0x170 net/core/sock.c:1602
     [<000000000c449f88>] sk_alloc+0x35/0x2f0 net/core/sock.c:1656
     [<0000000008b99378>] llc_sk_alloc+0x35/0x170 net/llc/llc_conn.c:950
     [<00000000d4e72aed>] llc_ui_create+0x7b/0x140 net/llc/af_llc.c:173
     [<00000000d0bfef06>] __sock_create+0x164/0x250 net/socket.c:1424
     [<0000000058cf7a3c>] sock_create net/socket.c:1475 [inline]
     [<0000000058cf7a3c>] __sys_socket+0x69/0x110 net/socket.c:1517
     [<000000003ce548ba>] __do_sys_socket net/socket.c:1526 [inline]
     [<000000003ce548ba>] __se_sys_socket net/socket.c:1524 [inline]
     [<000000003ce548ba>] __x64_sys_socket+0x1e/0x30 net/socket.c:1524
     [<0000000029c8eba9>] do_syscall_64+0x76/0x1a0  
arch/x86/entry/common.c:301
     [<00000000dba589d4>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888120dd7a00 (size 224):
   comm "syz-executor.0", pid 7054, jiffies 4295036362 (age 12.560s)
   hex dump (first 32 bytes):
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
     00 10 0c 24 81 88 ff ff 00 d8 b8 18 81 88 ff ff  ...$............
   backtrace:
     [<00000000b6c096c6>] kmemleak_alloc_recursive  
include/linux/kmemleak.h:43 [inline]
     [<00000000b6c096c6>] slab_post_alloc_hook mm/slab.h:439 [inline]
     [<00000000b6c096c6>] slab_alloc_node mm/slab.c:3269 [inline]
     [<00000000b6c096c6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
     [<00000000556a01d4>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
     [<0000000085622924>] alloc_skb include/linux/skbuff.h:1054 [inline]
     [<0000000085622924>] alloc_skb_with_frags+0x5f/0x250  
net/core/skbuff.c:5328
     [<00000000ca5b438b>] sock_alloc_send_pskb+0x269/0x2a0  
net/core/sock.c:2222
     [<0000000044a5b8c6>] sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2239
     [<00000000b19d8ca2>] llc_ui_sendmsg+0x10a/0x540 net/llc/af_llc.c:933
     [<00000000aaeaeaf3>] sock_sendmsg_nosec net/socket.c:646 [inline]
     [<00000000aaeaeaf3>] sock_sendmsg+0x54/0x70 net/socket.c:665
     [<000000009ae2ec20>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2286
     [<000000003ac4094d>] __sys_sendmsg+0x80/0xf0 net/socket.c:2324
     [<00000000d3b808ba>] __do_sys_sendmsg net/socket.c:2333 [inline]
     [<00000000d3b808ba>] __se_sys_sendmsg net/socket.c:2331 [inline]
     [<00000000d3b808ba>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2331
     [<0000000029c8eba9>] do_syscall_64+0x76/0x1a0  
arch/x86/entry/common.c:301
     [<00000000dba589d4>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881178e3800 (size 512):
   comm "syz-executor.0", pid 7054, jiffies 4295036362 (age 12.560s)
   hex dump (first 32 bytes):
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
     00 00 00 00 ad ad f3 00 00 00 00 00 00 00 00 00  ................
   backtrace:
     [<00000000baa5fe0c>] kmemleak_alloc_recursive  
include/linux/kmemleak.h:43 [inline]
     [<00000000baa5fe0c>] slab_post_alloc_hook mm/slab.h:439 [inline]
     [<00000000baa5fe0c>] slab_alloc_node mm/slab.c:3269 [inline]
     [<00000000baa5fe0c>] kmem_cache_alloc_node_trace+0x15b/0x2a0  
mm/slab.c:3597
     [<00000000ef42ca2e>] __do_kmalloc_node mm/slab.c:3619 [inline]
     [<00000000ef42ca2e>] __kmalloc_node_track_caller+0x38/0x50  
mm/slab.c:3634
     [<00000000792340d3>] __kmalloc_reserve.isra.0+0x40/0xb0  
net/core/skbuff.c:138
     [<000000003b989a40>] __alloc_skb+0xa0/0x210 net/core/skbuff.c:206
     [<0000000085622924>] alloc_skb include/linux/skbuff.h:1054 [inline]
     [<0000000085622924>] alloc_skb_with_frags+0x5f/0x250  
net/core/skbuff.c:5328
     [<00000000ca5b438b>] sock_alloc_send_pskb+0x269/0x2a0  
net/core/sock.c:2222
     [<0000000044a5b8c6>] sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2239
     [<00000000b19d8ca2>] llc_ui_sendmsg+0x10a/0x540 net/llc/af_llc.c:933
     [<00000000aaeaeaf3>] sock_sendmsg_nosec net/socket.c:646 [inline]
     [<00000000aaeaeaf3>] sock_sendmsg+0x54/0x70 net/socket.c:665
     [<000000009ae2ec20>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2286
     [<000000003ac4094d>] __sys_sendmsg+0x80/0xf0 net/socket.c:2324
     [<00000000d3b808ba>] __do_sys_sendmsg net/socket.c:2333 [inline]
     [<00000000d3b808ba>] __se_sys_sendmsg net/socket.c:2331 [inline]
     [<00000000d3b808ba>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2331
     [<0000000029c8eba9>] do_syscall_64+0x76/0x1a0  
arch/x86/entry/common.c:301
     [<00000000dba589d4>] entry_SYSCALL_64_after_hwframe+0x44/0xa9



---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ