| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Nov 2020 09:31:16 -0800
From: syzbot <syzbot+bb7ba8dd62c3cb6e3c78@...kaller.appspotmail.com>
To: andrii@...nel.org, andriin@...com, ast@...nel.org,
bpf@...r.kernel.org, daniel@...earbox.net, davem@...emloft.net,
john.fastabend@...il.com, kafai@...com, kpsingh@...omium.org,
kuba@...nel.org, kuznet@....inr.ac.ru,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
songliubraving@...com, syzkaller-bugs@...glegroups.com, yhs@...com,
yoshfuji@...ux-ipv6.org
Subject: Re: memory leak in inet_create (2)
syzbot has found a reproducer for the following issue on:
HEAD commit: 418baf2c Linux 5.10-rc5
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=161c84ed500000
kernel config: https://syzkaller.appspot.com/x/.config?x=5524c10373633a9c
dashboard link: https://syzkaller.appspot.com/bug?extid=bb7ba8dd62c3cb6e3c78
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1514cfa3500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11a52fc1500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bb7ba8dd62c3cb6e3c78@...kaller.appspotmail.com
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff88810e85adc0 (size 1728):
comm "syz-executor376", pid 8506, jiffies 4294946899 (age 13.430s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
02 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............
backtrace:
[<00000000cb2829d9>] sk_prot_alloc+0x3e/0x1c0 net/core/sock.c:1660
[<0000000023bd8ef8>] sk_alloc+0x30/0x3f0 net/core/sock.c:1720
[<00000000a4a7ed0a>] inet_create net/ipv4/af_inet.c:322 [inline]
[<00000000a4a7ed0a>] inet_create+0x16a/0x560 net/ipv4/af_inet.c:248
[<000000003b729101>] __sock_create+0x1ab/0x2b0 net/socket.c:1427
[<00000000ebee6fd5>] sock_create net/socket.c:1478 [inline]
[<00000000ebee6fd5>] __sys_socket+0x6f/0x140 net/socket.c:1520
[<00000000bcf20e68>] __do_sys_socket net/socket.c:1529 [inline]
[<00000000bcf20e68>] __se_sys_socket net/socket.c:1527 [inline]
[<00000000bcf20e68>] __x64_sys_socket+0x1a/0x20 net/socket.c:1527
[<00000000732fe45a>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<0000000091e76b15>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88810fec3c80 (size 768):
comm "syz-executor376", pid 8506, jiffies 4294946899 (age 13.430s)
hex dump (first 32 bytes):
01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 c0 72 a0 0e 81 88 ff ff .........r......
backtrace:
[<00000000681cd6ae>] sock_alloc_inode+0x18/0x90 net/socket.c:253
[<00000000fa9d2004>] alloc_inode+0x27/0x100 fs/inode.c:234
[<00000000f3a018c7>] new_inode_pseudo+0x13/0x70 fs/inode.c:930
[<00000000549f715a>] sock_alloc+0x18/0x90 net/socket.c:573
[<00000000a044e0d4>] __sock_create+0xb8/0x2b0 net/socket.c:1391
[<00000000973ca39c>] mptcp_subflow_create_socket+0x57/0x280 net/mptcp/subflow.c:1152
[<00000000a3724864>] __mptcp_socket_create net/mptcp/protocol.c:97 [inline]
[<00000000a3724864>] mptcp_init_sock net/mptcp/protocol.c:1859 [inline]
[<00000000a3724864>] mptcp_init_sock+0x12f/0x270 net/mptcp/protocol.c:1844
[<00000000c97baf32>] inet_create net/ipv4/af_inet.c:380 [inline]
[<00000000c97baf32>] inet_create+0x2ed/0x560 net/ipv4/af_inet.c:248
[<000000003b729101>] __sock_create+0x1ab/0x2b0 net/socket.c:1427
[<00000000ebee6fd5>] sock_create net/socket.c:1478 [inline]
[<00000000ebee6fd5>] __sys_socket+0x6f/0x140 net/socket.c:1520
[<00000000bcf20e68>] __do_sys_socket net/socket.c:1529 [inline]
[<00000000bcf20e68>] __se_sys_socket net/socket.c:1527 [inline]
[<00000000bcf20e68>] __x64_sys_socket+0x1a/0x20 net/socket.c:1527
[<00000000732fe45a>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<0000000091e76b15>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88810de87bb8 (size 24):
comm "syz-executor376", pid 8506, jiffies 4294946899 (age 13.430s)
hex dump (first 24 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 ........
backtrace:
[<00000000bea9ec8c>] kmem_cache_zalloc include/linux/slab.h:654 [inline]
[<00000000bea9ec8c>] lsm_inode_alloc security/security.c:589 [inline]
[<00000000bea9ec8c>] security_inode_alloc+0x2a/0xb0 security/security.c:972
[<00000000543365c5>] inode_init_always+0x10c/0x250 fs/inode.c:171
[<000000004da5c777>] alloc_inode+0x44/0x100 fs/inode.c:241
[<00000000f3a018c7>] new_inode_pseudo+0x13/0x70 fs/inode.c:930
[<00000000549f715a>] sock_alloc+0x18/0x90 net/socket.c:573
[<00000000a044e0d4>] __sock_create+0xb8/0x2b0 net/socket.c:1391
[<00000000973ca39c>] mptcp_subflow_create_socket+0x57/0x280 net/mptcp/subflow.c:1152
[<00000000a3724864>] __mptcp_socket_create net/mptcp/protocol.c:97 [inline]
[<00000000a3724864>] mptcp_init_sock net/mptcp/protocol.c:1859 [inline]
[<00000000a3724864>] mptcp_init_sock+0x12f/0x270 net/mptcp/protocol.c:1844
[<00000000c97baf32>] inet_create net/ipv4/af_inet.c:380 [inline]
[<00000000c97baf32>] inet_create+0x2ed/0x560 net/ipv4/af_inet.c:248
[<000000003b729101>] __sock_create+0x1ab/0x2b0 net/socket.c:1427
[<00000000ebee6fd5>] sock_create net/socket.c:1478 [inline]
[<00000000ebee6fd5>] __sys_socket+0x6f/0x140 net/socket.c:1520
[<00000000bcf20e68>] __do_sys_socket net/socket.c:1529 [inline]
[<00000000bcf20e68>] __se_sys_socket net/socket.c:1527 [inline]
[<00000000bcf20e68>] __x64_sys_socket+0x1a/0x20 net/socket.c:1527
[<00000000732fe45a>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<0000000091e76b15>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88810ea072c0 (size 2208):
comm "syz-executor376", pid 8506, jiffies 4294946899 (age 13.430s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
02 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............
backtrace:
[<00000000cb2829d9>] sk_prot_alloc+0x3e/0x1c0 net/core/sock.c:1660
[<0000000023bd8ef8>] sk_alloc+0x30/0x3f0 net/core/sock.c:1720
[<00000000a4a7ed0a>] inet_create net/ipv4/af_inet.c:322 [inline]
[<00000000a4a7ed0a>] inet_create+0x16a/0x560 net/ipv4/af_inet.c:248
[<000000003b729101>] __sock_create+0x1ab/0x2b0 net/socket.c:1427
[<00000000973ca39c>] mptcp_subflow_create_socket+0x57/0x280 net/mptcp/subflow.c:1152
[<00000000a3724864>] __mptcp_socket_create net/mptcp/protocol.c:97 [inline]
[<00000000a3724864>] mptcp_init_sock net/mptcp/protocol.c:1859 [inline]
[<00000000a3724864>] mptcp_init_sock+0x12f/0x270 net/mptcp/protocol.c:1844
[<00000000c97baf32>] inet_create net/ipv4/af_inet.c:380 [inline]
[<00000000c97baf32>] inet_create+0x2ed/0x560 net/ipv4/af_inet.c:248
[<000000003b729101>] __sock_create+0x1ab/0x2b0 net/socket.c:1427
[<00000000ebee6fd5>] sock_create net/socket.c:1478 [inline]
[<00000000ebee6fd5>] __sys_socket+0x6f/0x140 net/socket.c:1520
[<00000000bcf20e68>] __do_sys_socket net/socket.c:1529 [inline]
[<00000000bcf20e68>] __se_sys_socket net/socket.c:1527 [inline]
[<00000000bcf20e68>] __x64_sys_socket+0x1a/0x20 net/socket.c:1527
[<00000000732fe45a>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<0000000091e76b15>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Powered by blists - more mailing lists