lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Sat, 15 Aug 2020 10:19:25 -0700
From:   syzbot <syzbot+f7f6e564f4202d8601c6@...kaller.appspotmail.com>
To:     davem@...emloft.net, johan.hedberg@...il.com, kuba@...nel.org,
        linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
        marcel@...tmann.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: memory leak in read_adv_mon_features

Hello,

syzbot found the following issue on:

HEAD commit:    7fca4dee Merge tag 'powerpc-5.9-2' of git://git.kernel.org..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15ea92a1900000
kernel config:  https://syzkaller.appspot.com/x/.config?x=e320bbff976a5cdc
dashboard link: https://syzkaller.appspot.com/bug?extid=f7f6e564f4202d8601c6
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1286db9a900000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1143ddf6900000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f7f6e564f4202d8601c6@...kaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff88812b18e6e0 (size 32):
  comm "syz-executor286", pid 6490, jiffies 4294993450 (age 13.120s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 20 00 10 00 00 00 00 00  ........ .......
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f286b99c>] kmalloc include/linux/slab.h:559 [inline]
    [<00000000f286b99c>] read_adv_mon_features+0xa1/0x150 net/bluetooth/mgmt.c:4180
    [<00000000f0f16504>] hci_mgmt_cmd net/bluetooth/hci_sock.c:1603 [inline]
    [<00000000f0f16504>] hci_sock_sendmsg+0xb01/0xc60 net/bluetooth/hci_sock.c:1738
    [<000000001560da71>] sock_sendmsg_nosec net/socket.c:651 [inline]
    [<000000001560da71>] sock_sendmsg+0x4c/0x60 net/socket.c:671
    [<000000007d7be9f6>] sock_write_iter+0xc5/0x140 net/socket.c:998
    [<00000000e3633d41>] call_write_iter include/linux/fs.h:1882 [inline]
    [<00000000e3633d41>] new_sync_write+0x173/0x210 fs/read_write.c:503
    [<0000000021a87df2>] vfs_write+0x21d/0x280 fs/read_write.c:578
    [<0000000003f07ff6>] ksys_write+0xd8/0x120 fs/read_write.c:631
    [<0000000003a7df09>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000005ecd28f6>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88812b18e660 (size 32):
  comm "syz-executor286", pid 6495, jiffies 4294993998 (age 7.640s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 20 00 10 00 00 00 00 00  ........ .......
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f286b99c>] kmalloc include/linux/slab.h:559 [inline]
    [<00000000f286b99c>] read_adv_mon_features+0xa1/0x150 net/bluetooth/mgmt.c:4180
    [<00000000f0f16504>] hci_mgmt_cmd net/bluetooth/hci_sock.c:1603 [inline]
    [<00000000f0f16504>] hci_sock_sendmsg+0xb01/0xc60 net/bluetooth/hci_sock.c:1738
    [<000000001560da71>] sock_sendmsg_nosec net/socket.c:651 [inline]
    [<000000001560da71>] sock_sendmsg+0x4c/0x60 net/socket.c:671
    [<000000007d7be9f6>] sock_write_iter+0xc5/0x140 net/socket.c:998
    [<00000000e3633d41>] call_write_iter include/linux/fs.h:1882 [inline]
    [<00000000e3633d41>] new_sync_write+0x173/0x210 fs/read_write.c:503
    [<0000000021a87df2>] vfs_write+0x21d/0x280 fs/read_write.c:578
    [<0000000003f07ff6>] ksys_write+0xd8/0x120 fs/read_write.c:631
    [<0000000003a7df09>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<000000005ecd28f6>] entry_SYSCALL_64_after_hwframe+0x44/0xa9



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists