lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CACT4Y+Z+ph1d4gVhhDSYuRH67g7t211503JyeMbd+13bCKs7rw@mail.gmail.com>
Date:   Mon, 15 Mar 2021 08:28:13 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     syzbot <syzbot+44908bb56d2bfe56b28e@...kaller.appspotmail.com>
Cc:     Christian Brauner <christian@...uner.io>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Kees Cook <keescook@...omium.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Minchan Kim <minchan@...nel.org>,
        Oleg Nesterov <oleg@...hat.com>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>, andrii@...nel.org,
        bpf <bpf@...r.kernel.org>, netdev <netdev@...r.kernel.org>
Subject: Re: [syzbot] memory leak in copy_process (2)

On Mon, Mar 15, 2021 at 1:48 AM syzbot
<syzbot+44908bb56d2bfe56b28e@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    88fe4924 Merge tag 'char-misc-5.12-rc3' of git://git.kerne..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=10252462d00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=815a716b5d0a8bdf
> dashboard link: https://syzkaller.appspot.com/bug?extid=44908bb56d2bfe56b28e
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14180dc6d00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=167cf68ad00000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+44908bb56d2bfe56b28e@...kaller.appspotmail.com

+bpf maintainers
Looking at the reproducer I think it's an issue in bpf_preload.


> Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts.
> executing program
> executing program
> BUG: memory leak
> unreferenced object 0xffff888101b41d00 (size 120):
>   comm "kworker/u4:0", pid 8, jiffies 4294944270 (age 12.780s)
>   hex dump (first 32 bytes):
>     01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>   backtrace:
>     [<ffffffff8125dc56>] alloc_pid+0x66/0x560 kernel/pid.c:180
>     [<ffffffff81226405>] copy_process+0x1465/0x25e0 kernel/fork.c:2115
>     [<ffffffff81227943>] kernel_clone+0xf3/0x670 kernel/fork.c:2493
>     [<ffffffff812281a1>] kernel_thread+0x61/0x80 kernel/fork.c:2545
>     [<ffffffff81253464>] call_usermodehelper_exec_work kernel/umh.c:172 [inline]
>     [<ffffffff81253464>] call_usermodehelper_exec_work+0xc4/0x120 kernel/umh.c:158
>     [<ffffffff812591c9>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
>     [<ffffffff81259ab9>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
>     [<ffffffff812611c8>] kthread+0x178/0x1b0 kernel/kthread.c:292
>     [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
>
> BUG: memory leak
> unreferenced object 0xffff888110ef5c00 (size 232):
>   comm "kworker/u4:0", pid 8414, jiffies 4294944270 (age 12.780s)
>   hex dump (first 32 bytes):
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>     e0 b7 04 01 81 88 ff ff c0 56 ba 0f 81 88 ff ff  .........V......
>   backtrace:
>     [<ffffffff8154a0cf>] kmem_cache_zalloc include/linux/slab.h:674 [inline]
>     [<ffffffff8154a0cf>] __alloc_file+0x1f/0xf0 fs/file_table.c:101
>     [<ffffffff8154a809>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
>     [<ffffffff8154a8f3>] alloc_file+0x33/0x1b0 fs/file_table.c:192
>     [<ffffffff8154ab22>] alloc_file_pseudo+0xb2/0x140 fs/file_table.c:232
>     [<ffffffff81559218>] create_pipe_files+0x138/0x2e0 fs/pipe.c:911
>     [<ffffffff8126c793>] umd_setup+0x33/0x220 kernel/usermode_driver.c:104
>     [<ffffffff81253574>] call_usermodehelper_exec_async+0xb4/0x1b0 kernel/umh.c:101
>     [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
>
> BUG: memory leak
> unreferenced object 0xffff888110cafc90 (size 24):
>   comm "kworker/u4:0", pid 8414, jiffies 4294944270 (age 12.780s)
>   hex dump (first 24 bytes):
>     00 00 00 00 00 00 00 00 b0 0e 94 00 81 88 ff ff  ................
>     00 00 00 00 00 00 00 00                          ........
>   backtrace:
>     [<ffffffff820e15ca>] kmem_cache_zalloc include/linux/slab.h:674 [inline]
>     [<ffffffff820e15ca>] lsm_file_alloc security/security.c:569 [inline]
>     [<ffffffff820e15ca>] security_file_alloc+0x2a/0xb0 security/security.c:1470
>     [<ffffffff8154a10d>] __alloc_file+0x5d/0xf0 fs/file_table.c:106
>     [<ffffffff8154a809>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
>     [<ffffffff8154a8f3>] alloc_file+0x33/0x1b0 fs/file_table.c:192
>     [<ffffffff8154ab22>] alloc_file_pseudo+0xb2/0x140 fs/file_table.c:232
>     [<ffffffff81559218>] create_pipe_files+0x138/0x2e0 fs/pipe.c:911
>     [<ffffffff8126c793>] umd_setup+0x33/0x220 kernel/usermode_driver.c:104
>     [<ffffffff81253574>] call_usermodehelper_exec_async+0xb4/0x1b0 kernel/umh.c:101
>     [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
>
> BUG: memory leak
> unreferenced object 0xffff888110ef5e00 (size 232):
>   comm "kworker/u4:0", pid 8414, jiffies 4294944270 (age 12.780s)
>   hex dump (first 32 bytes):
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>     e0 b7 04 01 81 88 ff ff 00 59 ba 0f 81 88 ff ff  .........Y......
>   backtrace:
>     [<ffffffff8154a0cf>] kmem_cache_zalloc include/linux/slab.h:674 [inline]
>     [<ffffffff8154a0cf>] __alloc_file+0x1f/0xf0 fs/file_table.c:101
>     [<ffffffff8154a809>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
>     [<ffffffff8154a8f3>] alloc_file+0x33/0x1b0 fs/file_table.c:192
>     [<ffffffff8154ac22>] alloc_file_clone+0x22/0x70 fs/file_table.c:244
>     [<ffffffff81559262>] create_pipe_files+0x182/0x2e0 fs/pipe.c:922
>     [<ffffffff8126c80d>] umd_setup+0xad/0x220 kernel/usermode_driver.c:115
>     [<ffffffff81253574>] call_usermodehelper_exec_async+0xb4/0x1b0 kernel/umh.c:101
>     [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
>
> BUG: memory leak
> unreferenced object 0xffff888110cafc18 (size 24):
>   comm "kworker/u4:0", pid 8414, jiffies 4294944270 (age 12.780s)
>   hex dump (first 24 bytes):
>     00 00 00 00 00 00 00 00 b0 0e 94 00 81 88 ff ff  ................
>     00 00 00 00 00 00 00 00                          ........
>   backtrace:
>     [<ffffffff820e15ca>] kmem_cache_zalloc include/linux/slab.h:674 [inline]
>     [<ffffffff820e15ca>] lsm_file_alloc security/security.c:569 [inline]
>     [<ffffffff820e15ca>] security_file_alloc+0x2a/0xb0 security/security.c:1470
>     [<ffffffff8154a10d>] __alloc_file+0x5d/0xf0 fs/file_table.c:106
>     [<ffffffff8154a809>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
>     [<ffffffff8154a8f3>] alloc_file+0x33/0x1b0 fs/file_table.c:192
>     [<ffffffff8154ac22>] alloc_file_clone+0x22/0x70 fs/file_table.c:244
>     [<ffffffff81559262>] create_pipe_files+0x182/0x2e0 fs/pipe.c:922
>     [<ffffffff8126c80d>] umd_setup+0xad/0x220 kernel/usermode_driver.c:115
>     [<ffffffff81253574>] call_usermodehelper_exec_async+0xb4/0x1b0 kernel/umh.c:101
>     [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
>
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this issue, for details see:
> https://goo.gl/tpsmEJ#testing-patches
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c7910505bd889abc%40google.com.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ