lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000000000000e5ea9e05ac9d16c1@google.com>
Date:   Tue, 11 Aug 2020 10:06:17 -0700
From:   syzbot <syzbot+3ad9614a12f80994c32e@...kaller.appspotmail.com>
To:     andriin@...com, ast@...nel.org, bpf@...r.kernel.org,
        daniel@...earbox.net, john.fastabend@...il.com, kafai@...com,
        keescook@...omium.org, kpsingh@...omium.org,
        linux-kernel@...r.kernel.org, luto@...capital.net,
        netdev@...r.kernel.org, songliubraving@...com,
        syzkaller-bugs@...glegroups.com, wad@...omium.org, yhs@...com
Subject: memory leak in do_seccomp

Hello,

syzbot found the following issue on:

HEAD commit:    449dc8c9 Merge tag 'for-v5.9' of git://git.kernel.org/pub/..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15d816c2900000
kernel config:  https://syzkaller.appspot.com/x/.config?x=4810fa4a53b3aa2c
dashboard link: https://syzkaller.appspot.com/bug?extid=3ad9614a12f80994c32e
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=153d30e2900000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3ad9614a12f80994c32e@...kaller.appspotmail.com

2020/08/09 00:29:47 executed programs: 3
BUG: memory leak
unreferenced object 0xffff88811310ea80 (size 96):
  comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
  hex dump (first 32 bytes):
    01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 30 e0 00 00 c9 ff ff  .........0......
  backtrace:
    [<0000000073bb6e7d>] kmalloc include/linux/slab.h:554 [inline]
    [<0000000073bb6e7d>] kzalloc include/linux/slab.h:666 [inline]
    [<0000000073bb6e7d>] seccomp_prepare_filter kernel/seccomp.c:562 [inline]
    [<0000000073bb6e7d>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
    [<0000000073bb6e7d>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
    [<0000000073bb6e7d>] do_seccomp+0x2ec/0xd40 kernel/seccomp.c:1649
    [<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffffc90000e03000 (size 4096):
  comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
  hex dump (first 32 bytes):
    01 00 03 00 00 00 00 00 00 00 00 00 05 00 00 00  ................
    2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  -...............
  backtrace:
    [<000000003b6a39af>] __vmalloc_node_range+0x2e1/0x3c0 mm/vmalloc.c:2520
    [<00000000eee59e12>] __vmalloc_node mm/vmalloc.c:2552 [inline]
    [<00000000eee59e12>] __vmalloc+0x49/0x50 mm/vmalloc.c:2566
    [<000000006e13ac2a>] bpf_prog_alloc_no_stats+0x32/0x100 kernel/bpf/core.c:85
    [<00000000cff3572c>] bpf_prog_alloc+0x1c/0xb0 kernel/bpf/core.c:111
    [<000000003222ffa9>] bpf_prog_create_from_user+0x5f/0x2a0 net/core/filter.c:1409
    [<00000000baa576ae>] seccomp_prepare_filter kernel/seccomp.c:567 [inline]
    [<00000000baa576ae>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
    [<00000000baa576ae>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
    [<00000000baa576ae>] do_seccomp+0x32e/0xd40 kernel/seccomp.c:1649
    [<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888113bc1c00 (size 1024):
  comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000000466b245>] kmalloc include/linux/slab.h:554 [inline]
    [<000000000466b245>] kzalloc include/linux/slab.h:666 [inline]
    [<000000000466b245>] bpf_prog_alloc_no_stats+0x73/0x100 kernel/bpf/core.c:89
    [<00000000cff3572c>] bpf_prog_alloc+0x1c/0xb0 kernel/bpf/core.c:111
    [<000000003222ffa9>] bpf_prog_create_from_user+0x5f/0x2a0 net/core/filter.c:1409
    [<00000000baa576ae>] seccomp_prepare_filter kernel/seccomp.c:567 [inline]
    [<00000000baa576ae>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
    [<00000000baa576ae>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
    [<00000000baa576ae>] do_seccomp+0x32e/0xd40 kernel/seccomp.c:1649
    [<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881154cb860 (size 32):
  comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
  hex dump (first 32 bytes):
    01 00 73 74 65 6d 64 2d 00 5c d6 19 81 88 ff ff  ..stemd-.\......
    65 72 76 69 63 65 00 00 00 00 00 00 00 00 00 00  ervice..........
  backtrace:
    [<00000000561d65d4>] kmalloc include/linux/slab.h:554 [inline]
    [<00000000561d65d4>] bpf_prog_store_orig_filter+0x33/0xa0 net/core/filter.c:1131
    [<000000005d9b7cd2>] bpf_prog_create_from_user+0xda/0x2a0 net/core/filter.c:1422
    [<00000000baa576ae>] seccomp_prepare_filter kernel/seccomp.c:567 [inline]
    [<00000000baa576ae>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
    [<00000000baa576ae>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
    [<00000000baa576ae>] do_seccomp+0x32e/0xd40 kernel/seccomp.c:1649
    [<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888119d65c00 (size 32):
  comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
  hex dump (first 32 bytes):
    06 00 00 00 fb ff ff 7f 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000ad603142>] kmemdup+0x23/0x50 mm/util.c:127
    [<0000000001d3eabf>] kmemdup include/linux/string.h:479 [inline]
    [<0000000001d3eabf>] bpf_prog_store_orig_filter+0x5e/0xa0 net/core/filter.c:1138
    [<000000005d9b7cd2>] bpf_prog_create_from_user+0xda/0x2a0 net/core/filter.c:1422
    [<00000000baa576ae>] seccomp_prepare_filter kernel/seccomp.c:567 [inline]
    [<00000000baa576ae>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
    [<00000000baa576ae>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
    [<00000000baa576ae>] do_seccomp+0x32e/0xd40 kernel/seccomp.c:1649
    [<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881131ecb00 (size 96):
  comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
  hex dump (first 32 bytes):
    01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
    80 ea 10 13 81 88 ff ff 00 b0 d8 00 00 c9 ff ff  ................
  backtrace:
    [<0000000073bb6e7d>] kmalloc include/linux/slab.h:554 [inline]
    [<0000000073bb6e7d>] kzalloc include/linux/slab.h:666 [inline]
    [<0000000073bb6e7d>] seccomp_prepare_filter kernel/seccomp.c:562 [inline]
    [<0000000073bb6e7d>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
    [<0000000073bb6e7d>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
    [<0000000073bb6e7d>] do_seccomp+0x2ec/0xd40 kernel/seccomp.c:1649
    [<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811310e400 (size 96):
  comm "syz-executor.0", pid 6702, jiffies 4294955242 (age 7.460s)
  hex dump (first 32 bytes):
    01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 50 e1 00 00 c9 ff ff  .........P......
  backtrace:
    [<0000000073bb6e7d>] kmalloc include/linux/slab.h:554 [inline]
    [<0000000073bb6e7d>] kzalloc include/linux/slab.h:666 [inline]
    [<0000000073bb6e7d>] seccomp_prepare_filter kernel/seccomp.c:562 [inline]
    [<0000000073bb6e7d>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
    [<0000000073bb6e7d>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
    [<0000000073bb6e7d>] do_seccomp+0x2ec/0xd40 kernel/seccomp.c:1649
    [<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ