LeakSanitizer: detected memory leaks #378

weinrank · 2019-09-22T21:25:05Z

➜  fuzzer git:(fuzzer-connected) ✗ ./fuzzer_connect_multi leak-00bd871f5ce0596083fe8642c803c97f424b0c70
INFO: Seed: 2118511547
INFO: Loaded 1 modules   (121052 inline 8-bit counters): 121052 [0x1827970, 0x184524c),
INFO: Loaded 1 PC tables (121052 PCs): 121052 [0x136db88,0x1546948),
./fuzzer_connect_multi: Running 1 inputs 1 time(s) each.
Running: leak-00bd871f5ce0596083fe8642c803c97f424b0c70
[0.000] >>>>>>>>>>>>>>>>>>> LLVMFuzzerTestOneInput() - Stage 3
[0.002] [0.002] vrf_id 0x0: adding address: AF_CONN address: 0x1
[0.002] usrsctp initialized
[0.003] SCTP: add HMAC id 1 to list
[0.003] SCTP: added chunk 193 (0xc1) to Auth list
[0.003] SCTP: added chunk 128 (0x80) to Auth list
[0.003] Bind called port: 5000
[0.003] [0.003] Addr: IPv4 address: 0.0.0.0:5000
[0.003] Main hash to bind at head:0x625000002998, bound port:5000 - in tcp_pool=0
[0.003] [0.003] Allocate an association for peer:AF_CONN address: 0x1
[0.003] Port:5001
[0.004] [0.004] Adding an address (from:1) to the peer: AF_CONN address: 0x1
[0.004] Association 0x61d000001480 now allocated
[0.004] Sending INIT
[0.004] Sending INIT - calls lowlevel_output
[0.004] length 104 / sizeof 12
[0.004] Found INIT, extracting VTAG : 690419520

O 23:23:33.498188 0000 13 88 13 89 00 00 00 00 00 00 00 00 01 00 00 5a 40 f7 26 29 00 02 00 00 00 0a 08 00 ba a1 78 55 80 00 00 04 c0 00 00 04 80 08 00 0b c0 c2 0f c1 80 82 40 00 80 02 00 24 34 02 8c 2c 84 e1 be 5a 2e ec 84 5f 22 18 10 23 fb 26 21 7d 7f 95 f1 02 4f 49 35 4f d4 ed 7b 12 80 04 00 06 00 01 00 00 80 03 00 06 80 c1 00 00 # SCTP_PACKET

I 23:23:33.498391 0000 13 89 13 88 40 f7 26 29 00 00 00 00 02 00 01 f8 c7 a1 b0 4d 00 1c 71 c7 00 0a ff ff 03 91 94 1b 80 00 00 04 c0 00 00 04 80 08 00 09 c0 0f c1 80 82 00 00 00 80 02 00 24 61 6c 7e 52 2a db e0 a2 aa 78 25 1e 12 c5 01 9e 4c 60 16 df 01 6d a1 d5 cd be a7 5d a2 73 f4 1b 80 04 00 08 00 03 00 01 80 03 00 07 00 80 c1 00 00 06 00 14 2a 02 c6 a0 40 15 00 11 00 00 00 00 00 00 00 83 00 05 00 08 d4 c9 79 53 00 07 01 80 4b 41 4d 45 2d 42 53 44 20 31 2e 31 00 00 00 00 64 11 49 00 00 00 00 00 ac de 0c 00 00 00 00 00 60 ea 00 00 00 00 00 00 00 00 00 00 b2 d4 38 45 c7 a1 b0 4d d4 c9 79 52 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 d4 c9 79 53 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 d9 05 13 89 01 01 00 00 00 00 00 00 00 00 00 00 01 00 00 80 45 38 d4 b2 00 1c 71 c7 00 01 ff ff ac 40 9b 94 80 00 00 04 c0 00 00 04 80 08 00 09 c0 0f c1 80 82 00 00 00 80 02 00 24 c8 24 46 8c 7e 88 2e b7 88 8b dd a1 55 8b b4 c0 26 e3 21 bb b0 66 fd b2 d4 de f9 77 4f e4 7c bf 80 04 00 08 00 03 00 01 80 03 00 07 00 80 c1 00 00 0c 00 08 00 05 00 06 00 06 00 14 2a 02 c6 a0 40 15 00 11 00 00 00 00 00 00 00 82 00 05 00 08 d4 c9 79 52 02 00 01 f8 c7 a1 b0 4d 00 1c 71 c7 00 01 ff ff 03 91 94 1b 80 00 00 04 c0 00 00 04 80 08 00 09 c0 0f c1 80 82 00 00 00 80 02 00 24 61 6c 7e 52 2a db e0 a2 aa 78 25 1e 12 c5 01 9e 4c 60 16 df 01 6d a1 d5 cd be a7 5d a2 73 f4 1b 80 04 00 08 00 03 00 01 80 03 00 07 00 80 c1 00 00 06 00 14 2a 02 c6 a0 40 15 00 11 00 00 00 00 00 00 00 83 00 05 00 08 d4 c9 79 53 64 30 8a b9 7c e5 93 69 52 a9 c8 d5 a1 1b 7d ef ea fa 23 32 # SCTP_PACKET
[0.004] Ok, Common input processing called, m:0x611000000680 iphlen:0 offset:12 length:516 stcb:0x61d000001480
[0.005] stcb:0x61d000001480 state:2
[0.005] sctp_process_control: iphlen=0, offset=12, length=516 stcb:0x61d000001480
[0.005] sctp_process_control: processing a chunk type=2, len=504
[0.005] SCTP_INIT_ACK
[0.005] sctp_handle_init_ack: handling INIT-ACK
[0.005] Check for unrecognized param's
[0.005] Hit default param 8004
[0.005] move on
[0.005] SCTP: add HMAC id 1 to list
[0.005] SCTP: added chunk 0 (0x00) to Auth list
[0.005] SCTP: added chunk 128 (0x80) to Auth list
[0.005] SCTP: added chunk 193 (0xc1) to Auth list
[0.005] SCTP: negotiated peer HMAC id 1
[0.005] moving to COOKIE-ECHOED state
[0.005] Leaving handle-init-ack end

O 23:23:33.499111 0000 13 88 13 89 c7 a1 b0 4d 00 00 00 00 0a 00 01 80 4b 41 4d 45 2d 42 53 44 20 31 2e 31 00 00 00 00 64 11 49 00 00 00 00 00 ac de 0c 00 00 00 00 00 60 ea 00 00 00 00 00 00 00 00 00 00 b2 d4 38 45 c7 a1 b0 4d d4 c9 79 52 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 d4 c9 79 53 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 d9 05 13 89 01 01 00 00 00 00 00 00 00 00 00 00 01 00 00 80 45 38 d4 b2 00 1c 71 c7 00 01 ff ff ac 40 9b 94 80 00 00 04 c0 00 00 04 80 08 00 09 c0 0f c1 80 82 00 00 00 80 02 00 24 c8 24 46 8c 7e 88 2e b7 88 8b dd a1 55 8b b4 c0 26 e3 21 bb b0 66 fd b2 d4 de f9 77 4f e4 7c bf 80 04 00 08 00 03 00 01 80 03 00 07 00 80 c1 00 00 0c 00 08 00 05 00 06 00 06 00 14 2a 02 c6 a0 40 15 00 11 00 00 00 00 00 00 00 82 00 05 00 08 d4 c9 79 52 02 00 01 f8 c7 a1 b0 4d 00 1c 71 c7 00 01 ff ff 03 91 94 1b 80 00 00 04 c0 00 00 04 80 08 00 09 c0 0f c1 80 82 00 00 00 80 02 00 24 61 6c 7e 52 2a db e0 a2 aa 78 25 1e 12 c5 01 9e 4c 60 16 df 01 6d a1 d5 cd be a7 5d a2 73 f4 1b 80 04 00 08 00 03 00 01 80 03 00 07 00 80 c1 00 00 06 00 14 2a 02 c6 a0 40 15 00 11 00 00 00 00 00 00 00 83 00 05 00 08 d4 c9 79 53 64 30 8a b9 7c e5 93 69 52 a9 c8 d5 a1 1b 7d ef ea fa 23 32 # SCTP_PACKET
[0.005] m-c-o put out 0
[0.005] Ok, we have put out 0 chunks
[0.005] Check for chunk output prw:1864135 tqe:0 tf=0
[0.005] Calling chunk OUTPUT
[0.005] m-c-o put out 0
[0.005] Ok, we have put out 0 chunks
[0.005] chunk OUTPUT returns
[0.005]  >>> Injecting INIT_ACK

I 23:23:33.499350 0000 13 89 13 88 40 f7 26 29 00 00 00 00 0b 00 00 04 # SCTP_PACKET
[0.005] Ok, Common input processing called, m:0x611000001440 iphlen:0 offset:12 length:16 stcb:0x61d000001480
[0.005] stcb:0x61d000001480 state:4
[0.005] sctp_process_control: iphlen=0, offset=12, length=16 stcb:0x61d000001480
[0.005] sctp_process_control: processing a chunk type=11, len=4
[0.005] SCTP_COOKIE_ACK, stcb 0x61d000001480
[0.005] sctp_handle_cookie_ack: handling COOKIE-ACK
[0.005] moving to OPEN state
[0.006] Check for chunk output prw:1864135 tqe:1 tf=0
[0.006] handle_upcall() called - implement logic!
[0.006]  >>> Injecting COOKIE_ACK

I 23:23:33.499742 0000 13 89 13 88 40 f7 26 29 00 00 00 00 de 07 00 31 b8 b8 00 09 c0 0f b9 80 82 00 00 00 80 02 00 24 40 ea 86 6a 77 f5 36 7b d0 95 d4 45 ba 13 2a 97 b2 f4 3c 4a 17 8f 57 b5 c9 0d e4 2d 64 33 85 75 82 00 01 00 00 0d 00 33 03 91 94 1b 01 00 2a f5 03 91 94 1b 01 00 2a f5 80 5d 00 21 f5 03 20 00 08 9e d0 21 f5 07 00 00 08 9e d0 21 f5 07 00 ab ab ab ab ab ab ab ab 13 88 13 89 c7 a1 b0 4d 00 00 00 00 ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab c0 07 00 80 03 24 94 1b 00 00 00 00 00 00 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 98 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 00 00 00 00 2a 00 00 01 00 00 00 07 00 80 03 91 94 73 00 00 00 00 00 00 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 00 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 10 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 00 00 00 00 2a 00 00 01 00 00 00 07 00 80 03 91 94 32 00 00 00 00 00 00 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a0 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 00 02 00 01 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 68 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 00 00 00 00 00 00 00 01 00 00 00 07 00 80 03 91 94 31 00 00 00 00 00 00 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 00 00 00 00 00 00 00 00 05 00 00 00 00 03 00 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 21 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 00 00 00 00 00 00 00 01 00 00 00 07 00 80 03 91 94 1b 00 00 00 00 00 00 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 98 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 00 00 00 00 2a 00 00 01 00 00 00 07 00 80 03 91 94 73 00 00 00 00 00 00 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 00 00 00 00 00 38 00 00 00 00 00 00 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 ab ab ab ab ab ab ab ab 00 08 9e d0 21 f5 07 00 00 08 9e d0 21 f5 07 00 00 08 a1 ad 00 e0 de 07 00 32 b8 b8 00 09 c0 0f b9 80 82 00 00 00 80 02 00 24 40 ea 86 6a 77 f5 37 7b d0 d4 ba f4 45 13 2a 3c b2 97 a4 a4 a4 a4 a4 a4 a4 a4 b4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 3c 80 5d 00 34 03 5d 00 00 00 00 34 03 91 94 1a 01 00 2a f5 80 5d 00 00 00 00 94 36 00 ff ff 00 00 00 02 00 00 00 10 ac 40 ce 30 00 9f 6f 04 87 00 ff ff 01 9e b4 b4 # SCTP_PACKET
[0.006] Ok, Common input processing called, m:0x6110000020c0 iphlen:0 offset:12 length:1080 stcb:0x61d000001480
[0.006] stcb:0x61d000001480 state:8
[0.006] sctp_process_control: iphlen=0, offset=12, length=1080 stcb:0x61d000001480
[0.006] sctp_process_control: processing a chunk type=222, len=49
[0.006] sctp_process_control: processing a chunk type=130, len=256
[0.006] SCTP_STREAM_RESET
[0.006] chunk_flags:0x7 look for control on queues (nil)
[0.006] chunk_flags: 0x7 ordered: 0 MID: 0 control: 0x60e0000003c0
[0.006] chunk_flags:0x7 look for control on queues (nil)
[0.006] chunk_flags: 0x7 ordered: 0 MID: 0 control: 0x60e0000004a0
[0.006] chunk_flags:0x7 look for control on queues (nil)
[0.006] chunk_flags: 0x7 ordered: 0 MID: 0 control: 0x60e000000580
[0.006] chunk_flags:0x7 look for control on queues (nil)
[0.006] chunk_flags: 0x7 ordered: 0 MID: 0 control: 0x60e000000660
[0.006] Unordered data to be read control: 0x60e000000660 MID: 0

O 23:23:33.500458 0000 13 88 13 89 c7 a1 b0 4d 00 00 00 00 06 00 00 25 00 0d 00 21 51 75 65 75 65 20 74 6f 20 73 74 72 20 4d 49 44 3a 20 30 20 64 75 70 6c 69 63 61 74 65 00 00 00 # SCTP_PACKET
[0.007] handle_upcall() called - implement logic!
[0.007] >>>>>>>>>>>>>>>>>>> LLVMFuzzerTestOneInput() - Stage 3
[0.007] SCTP: add HMAC id 1 to list
[0.007] SCTP: added chunk 193 (0xc1) to Auth list
[0.007] SCTP: added chunk 128 (0x80) to Auth list
[0.008] Bind called port: 5000
[0.008] [0.008] Addr: IPv4 address: 0.0.0.0:5000
[0.008] Main hash to bind at head:0x625000002998, bound port:5000 - in tcp_pool=0
[0.008] [0.008] Allocate an association for peer:AF_CONN address: 0x1
[0.008] Port:5001
[0.008] [0.008] Adding an address (from:1) to the peer: AF_CONN address: 0x1
[0.008] Association 0x61d000005a80 now allocated
[0.008] Sending INIT
[0.008] Sending INIT - calls lowlevel_output
[0.008] length 104 / sizeof 12
[0.008] Found INIT, extracting VTAG : 3040372571

O 23:23:33.502196 0000 13 88 13 89 00 00 00 00 00 00 00 00 01 00 00 5a 5b 67 38 b5 00 02 00 00 00 0a 08 00 46 e4 73 64 80 00 00 04 c0 00 00 04 80 08 00 0b c0 c2 0f c1 80 82 40 00 80 02 00 24 dd df 2c 77 c1 47 7b 24 de 36 df 49 73 f2 6b 06 ce 0d b5 39 05 17 1b 3a 78 12 ba 45 db 4d 91 3e 80 04 00 06 00 01 00 00 80 03 00 06 80 c1 00 00 # SCTP_PACKET

I 23:23:33.502265 0000 13 89 13 88 5b 67 38 b5 00 00 00 00 02 00 01 f8 c7 a1 b0 4d 00 1c 71 c7 00 0a ff ff 03 91 94 1b 80 00 00 04 c0 00 00 04 80 08 00 09 c0 0f c1 80 82 00 00 00 80 02 00 24 61 6c 7e 52 2a db e0 a2 aa 78 25 1e 12 c5 01 9e 4c 60 16 df 01 6d a1 d5 cd be a7 5d a2 73 f4 1b 80 04 00 08 00 03 00 01 80 03 00 07 00 80 c1 00 00 06 00 14 2a 02 c6 a0 40 15 00 11 00 00 00 00 00 00 00 83 00 05 00 08 d4 c9 79 53 00 07 01 80 4b 41 4d 45 2d 42 53 44 20 31 2e 31 00 00 00 00 64 11 49 00 00 00 00 00 ac de 0c 00 00 00 00 00 60 ea 00 00 00 00 00 00 00 00 00 00 b2 d4 38 45 c7 a1 b0 4d d4 c9 79 52 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 d4 c9 79 53 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 d9 05 13 89 01 01 00 00 00 00 00 00 00 00 00 00 01 00 00 80 45 38 d4 b2 00 1c 71 c7 00 01 ff ff ac 40 9b 94 80 00 00 04 c0 00 00 04 80 08 00 09 c0 0f c1 80 82 00 00 00 80 02 00 24 c8 24 46 8c 7e 88 2e b7 88 8b dd a1 55 8b b4 c0 26 e3 21 bb b0 66 fd b2 d4 de f9 77 4f e4 7c bf 80 04 00 08 00 03 00 01 80 03 00 07 00 80 c1 00 00 0c 00 08 00 05 00 06 00 06 00 14 2a 02 c6 a0 40 15 00 11 00 00 00 00 00 00 00 82 00 05 00 08 d4 c9 79 52 02 00 01 f8 c7 a1 b0 4d 00 1c 71 c7 00 01 ff ff 03 91 94 1b 80 00 00 04 c0 00 00 04 80 08 00 09 c0 0f c1 80 82 00 00 00 80 02 00 24 61 6c 7e 52 2a db e0 a2 aa 78 25 1e 12 c5 01 9e 4c 60 16 df 01 6d a1 d5 cd be a7 5d a2 73 f4 1b 80 04 00 08 00 03 00 01 80 03 00 07 00 80 c1 00 00 06 00 14 2a 02 c6 a0 40 15 00 11 00 00 00 00 00 00 00 83 00 05 00 08 d4 c9 79 53 64 30 8a b9 7c e5 93 69 52 a9 c8 d5 a1 1b 7d ef ea fa 23 32 # SCTP_PACKET
[0.008] Ok, Common input processing called, m:0x611000004140 iphlen:0 offset:12 length:516 stcb:0x61d000005a80
[0.008] stcb:0x61d000005a80 state:2
[0.008] sctp_process_control: iphlen=0, offset=12, length=516 stcb:0x61d000005a80
[0.008] sctp_process_control: processing a chunk type=2, len=504
[0.008] SCTP_INIT_ACK
[0.008] sctp_handle_init_ack: handling INIT-ACK
[0.008] Check for unrecognized param's
[0.008] Hit default param 8004
[0.008] move on
[0.008] SCTP: add HMAC id 1 to list
[0.008] SCTP: added chunk 0 (0x00) to Auth list
[0.008] SCTP: added chunk 128 (0x80) to Auth list
[0.008] SCTP: added chunk 193 (0xc1) to Auth list
[0.009] SCTP: negotiated peer HMAC id 1
[0.009] moving to COOKIE-ECHOED state
[0.009] Leaving handle-init-ack end

O 23:23:33.502671 0000 13 88 13 89 c7 a1 b0 4d 00 00 00 00 0a 00 01 80 4b 41 4d 45 2d 42 53 44 20 31 2e 31 00 00 00 00 64 11 49 00 00 00 00 00 ac de 0c 00 00 00 00 00 60 ea 00 00 00 00 00 00 00 00 00 00 b2 d4 38 45 c7 a1 b0 4d d4 c9 79 52 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 d4 c9 79 53 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 d9 05 13 89 01 01 00 00 00 00 00 00 00 00 00 00 01 00 00 80 45 38 d4 b2 00 1c 71 c7 00 01 ff ff ac 40 9b 94 80 00 00 04 c0 00 00 04 80 08 00 09 c0 0f c1 80 82 00 00 00 80 02 00 24 c8 24 46 8c 7e 88 2e b7 88 8b dd a1 55 8b b4 c0 26 e3 21 bb b0 66 fd b2 d4 de f9 77 4f e4 7c bf 80 04 00 08 00 03 00 01 80 03 00 07 00 80 c1 00 00 0c 00 08 00 05 00 06 00 06 00 14 2a 02 c6 a0 40 15 00 11 00 00 00 00 00 00 00 82 00 05 00 08 d4 c9 79 52 02 00 01 f8 c7 a1 b0 4d 00 1c 71 c7 00 01 ff ff 03 91 94 1b 80 00 00 04 c0 00 00 04 80 08 00 09 c0 0f c1 80 82 00 00 00 80 02 00 24 61 6c 7e 52 2a db e0 a2 aa 78 25 1e 12 c5 01 9e 4c 60 16 df 01 6d a1 d5 cd be a7 5d a2 73 f4 1b 80 04 00 08 00 03 00 01 80 03 00 07 00 80 c1 00 00 06 00 14 2a 02 c6 a0 40 15 00 11 00 00 00 00 00 00 00 83 00 05 00 08 d4 c9 79 53 64 30 8a b9 7c e5 93 69 52 a9 c8 d5 a1 1b 7d ef ea fa 23 32 # SCTP_PACKET
[0.009] m-c-o put out 0
[0.009] Ok, we have put out 0 chunks
[0.009] Check for chunk output prw:1864135 tqe:0 tf=0
[0.009] Calling chunk OUTPUT
[0.009] m-c-o put out 0
[0.009] Ok, we have put out 0 chunks
[0.009] chunk OUTPUT returns
[0.009]  >>> Injecting INIT_ACK

I 23:23:33.502849 0000 13 89 13 88 5b 67 38 b5 00 00 00 00 0b 00 00 04 # SCTP_PACKET
[0.009] Ok, Common input processing called, m:0x611000004f00 iphlen:0 offset:12 length:16 stcb:0x61d000005a80
[0.009] stcb:0x61d000005a80 state:4
[0.009] sctp_process_control: iphlen=0, offset=12, length=16 stcb:0x61d000005a80
[0.009] sctp_process_control: processing a chunk type=11, len=4
[0.009] SCTP_COOKIE_ACK, stcb 0x61d000005a80
[0.009] sctp_handle_cookie_ack: handling COOKIE-ACK
[0.009] moving to OPEN state
[0.009] Check for chunk output prw:1864135 tqe:1 tf=0
[0.009] handle_upcall() called - implement logic!
[0.009]  >>> Injecting COOKIE_ACK

I 23:23:33.503101 0000 13 89 13 88 5b 67 38 b5 00 00 00 00 de 07 00 31 b8 b8 00 09 c0 0f b9 80 82 00 00 00 80 02 00 24 40 ea 86 6a 77 f5 36 7b d0 95 d4 45 ba 13 2a 97 b2 f4 3c 4a 17 8f 57 b5 c9 0d e4 2d 64 33 85 75 82 00 01 00 00 0d 00 33 03 91 94 1b 01 00 2a f5 03 91 94 1b 01 00 2a f5 80 5d 00 21 f5 03 20 00 08 9e d0 21 f5 07 00 00 08 9e d0 21 f5 07 00 ab ab ab ab ab ab ab ab 13 88 13 89 c7 a1 b0 4d 00 00 00 00 ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab ab c0 07 00 80 03 24 94 1b 00 00 00 00 00 00 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 98 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 00 00 00 00 2a 00 00 01 00 00 00 07 00 80 03 91 94 73 00 00 00 00 00 00 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 00 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 10 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 00 00 00 00 2a 00 00 01 00 00 00 07 00 80 03 91 94 32 00 00 00 00 00 00 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a0 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 00 02 00 01 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 68 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 00 00 00 00 00 00 00 01 00 00 00 07 00 80 03 91 94 31 00 00 00 00 00 00 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 00 00 00 00 00 00 00 00 05 00 00 00 00 03 00 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 21 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 00 00 00 00 00 00 00 01 00 00 00 07 00 80 03 91 94 1b 00 00 00 00 00 00 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 98 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 00 00 00 00 00 2a 00 00 01 00 00 00 07 00 80 03 91 94 73 00 00 00 00 00 00 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 00 00 00 00 00 38 00 00 00 00 00 00 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 ab ab ab ab ab ab ab ab 00 08 9e d0 21 f5 07 00 00 08 9e d0 21 f5 07 00 00 08 a1 ad 00 e0 de 07 00 32 b8 b8 00 09 c0 0f b9 80 82 00 00 00 80 02 00 24 40 ea 86 6a 77 f5 37 7b d0 d4 ba f4 45 13 2a 3c b2 97 a4 a4 a4 a4 a4 a4 a4 a4 b4 a4 a4 a4 a4 a4 a4 a4 a4 a4 a4 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 3c 80 5d 00 34 03 5d 00 00 00 00 34 03 91 94 1a 01 00 2a f5 80 5d 00 00 00 00 94 36 00 ff ff 00 00 00 02 00 00 00 10 ac 40 ce 30 00 9f 6f 04 87 00 ff ff 01 9e b4 b4 # SCTP_PACKET
[0.009] Ok, Common input processing called, m:0x611000005b80 iphlen:0 offset:12 length:1080 stcb:0x61d000005a80
[0.009] stcb:0x61d000005a80 state:8
[0.009] sctp_process_control: iphlen=0, offset=12, length=1080 stcb:0x61d000005a80
[0.009] sctp_process_control: processing a chunk type=222, len=49
[0.009] sctp_process_control: processing a chunk type=130, len=256
[0.009] SCTP_STREAM_RESET
[0.009] chunk_flags:0x7 look for control on queues (nil)
[0.009] chunk_flags: 0x7 ordered: 0 MID: 0 control: 0x60e000000ba0
[0.009] chunk_flags:0x7 look for control on queues (nil)
[0.009] chunk_flags: 0x7 ordered: 0 MID: 0 control: 0x60e000000c80
[0.009] chunk_flags:0x7 look for control on queues (nil)
[0.009] chunk_flags: 0x7 ordered: 0 MID: 0 control: 0x60e000000d60
[0.009] chunk_flags:0x7 look for control on queues (nil)
[0.009] chunk_flags: 0x7 ordered: 0 MID: 0 control: 0x60e000000e40
[0.009] Unordered data to be read control: 0x60e000000e40 MID: 0

O 23:23:33.503658 0000 13 88 13 89 c7 a1 b0 4d 00 00 00 00 06 00 00 25 00 0d 00 21 51 75 65 75 65 20 74 6f 20 73 74 72 20 4d 49 44 3a 20 30 20 64 75 70 6c 69 63 61 74 65 00 00 00 # SCTP_PACKET
[0.010] handle_upcall() called - implement logic!

=================================================================
==30895==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 632 byte(s) in 1 object(s) allocated from:
    #0 0x4d4b0d in malloc (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x4d4b0d)
    #1 0xabcd45 in sctp_add_remote_addr /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_pcb.c:4517:8
    #2 0xade22f in sctp_aloc_assoc /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_pcb.c:5143:13
    #3 0xde2157 in sctpconn_connect /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_usrreq.c:8174:9
    #4 0x559db9 in soconnect /home/weinrank/Github/usrsctp/usrsctplib/user_socket.c:2075:12
    #5 0x559ff0 in user_connect /home/weinrank/Github/usrsctp/usrsctplib/user_socket.c:2101:10
    #6 0x55be35 in usrsctp_connect /home/weinrank/Github/usrsctp/usrsctplib/user_socket.c:2158:10
    #7 0x506ce1 in LLVMFuzzerTestOneInput /home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect.c:390:6
    #8 0x444491 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x444491)
    #9 0x42e62c in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x42e62c)
    #10 0x433ea1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x433ea1)
    #11 0x45ccc2 in main (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x45ccc2)
    #12 0x7fe4f6e0db6a in __libc_start_main /build/glibc-KRRWSm/glibc-2.29/csu/../csu/libc-start.c:308:16

Direct leak of 256 byte(s) in 1 object(s) allocated from:
    #0 0x4d4b0d in malloc (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x4d4b0d)
    #1 0xf966f4 in m_get /home/weinrank/Github/usrsctp/usrsctplib/user_mbuf.c:125:9
    #2 0xfc3e00 in m_copym /home/weinrank/Github/usrsctp/usrsctplib/user_mbuf.c:1176:4
    #3 0x114a275 in sctp_process_a_data_chunk /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_indata.c:2040:12
    #4 0x1134c1d in sctp_process_data /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_indata.c:2795:8
    #5 0x5bac06 in sctp_common_input_processing /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_input.c:6064:12
    #6 0x578a13 in usrsctp_conninput /home/weinrank/Github/usrsctp/usrsctplib/user_socket.c:3518:2
    #7 0x507867 in LLVMFuzzerTestOneInput /home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect.c:438:2
    #8 0x444491 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x444491)
    #9 0x42e62c in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x42e62c)
    #10 0x433ea1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x433ea1)
    #11 0x45ccc2 in main (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x45ccc2)
    #12 0x7fe4f6e0db6a in __libc_start_main /build/glibc-KRRWSm/glibc-2.29/csu/../csu/libc-start.c:308:16

Indirect leak of 256 byte(s) in 1 object(s) allocated from:
    #0 0x4d4b0d in malloc (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x4d4b0d)
    #1 0xf966f4 in m_get /home/weinrank/Github/usrsctp/usrsctplib/user_mbuf.c:125:9
    #2 0xfc3e00 in m_copym /home/weinrank/Github/usrsctp/usrsctplib/user_mbuf.c:1176:4
    #3 0x114a275 in sctp_process_a_data_chunk /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_indata.c:2040:12
    #4 0x1134c1d in sctp_process_data /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_indata.c:2795:8
    #5 0x5bac06 in sctp_common_input_processing /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_input.c:6064:12
    #6 0x578a13 in usrsctp_conninput /home/weinrank/Github/usrsctp/usrsctplib/user_socket.c:3518:2
    #7 0x507867 in LLVMFuzzerTestOneInput /home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect.c:438:2
    #8 0x444491 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x444491)
    #9 0x42e62c in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x42e62c)
    #10 0x433ea1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x433ea1)
    #11 0x45ccc2 in main (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x45ccc2)
    #12 0x7fe4f6e0db6a in __libc_start_main /build/glibc-KRRWSm/glibc-2.29/csu/../csu/libc-start.c:308:16

Indirect leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x4d4b0d in malloc (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x4d4b0d)
    #1 0xad1ced in sctp_userspace_rtalloc /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_os_userspace.h:857:33
    #2 0xac2872 in sctp_add_remote_addr /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_pcb.c:4631:2
    #3 0xade22f in sctp_aloc_assoc /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_pcb.c:5143:13
    #4 0xde2157 in sctpconn_connect /home/weinrank/Github/usrsctp/usrsctplib/netinet/sctp_usrreq.c:8174:9
    #5 0x559db9 in soconnect /home/weinrank/Github/usrsctp/usrsctplib/user_socket.c:2075:12
    #6 0x559ff0 in user_connect /home/weinrank/Github/usrsctp/usrsctplib/user_socket.c:2101:10
    #7 0x55be35 in usrsctp_connect /home/weinrank/Github/usrsctp/usrsctplib/user_socket.c:2158:10
    #8 0x506ce1 in LLVMFuzzerTestOneInput /home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect.c:390:6
    #9 0x444491 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x444491)
    #10 0x42e62c in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x42e62c)
    #11 0x433ea1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x433ea1)
    #12 0x45ccc2 in main (/home/weinrank/Github/usrsctp/fuzzer/fuzzer_connect_multi+0x45ccc2)
    #13 0x7fe4f6e0db6a in __libc_start_main /build/glibc-KRRWSm/glibc-2.29/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: 1184 byte(s) leaked in 4 allocation(s).

INFO: a leak has been found in the initial corpus.

INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.

PCAPNG: fuzzer.pcapng.zip

The text was updated successfully, but these errors were encountered:

tuexen · 2019-09-22T22:36:19Z

Could it be that the memory leak is related to the application not consuming the data and therefore it is not freed? Are you calling usrsctp_close()?

weinrank · 2019-09-23T07:11:38Z

This shouldn't be the case, we only have one usrsctp socket and the usrsctp_close() function should be called in any way, except errors.

See here

Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378

Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: #378

tuexen · 2019-09-24T13:22:16Z

Fixed in b07df88.

Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFC after: 3 days git-svn-id: svn+ssh://svn.freebsd.org/base/head@352652 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFC after: 3 days

Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFC after: 3 days git-svn-id: https://svn.freebsd.org/base/head@352652 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

Plumb a memory leak. Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378

Only allow a SCTP-AUTH shared key to be updated by the application if it is not deactivated and not used. This avoids a use-after-free problem. MFS r352674: Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. MFS r352675: Cleanup the RTO calculation and perform some consistency checks before computing the RTO. This should fix an overflow issue reported by Felix Weinrank in sctplab/usrsctp#375 for the userland stack and found by running a fuzz tester. MFS r352676: Don't hold the info lock when calling sctp_select_a_tag(). This avoids a double lock bug in the NAT colliding state processing of SCTP. Thanks to Felix Weinrank for finding and reporting this issue in sctplab/usrsctp#374 He found this bug using fuzz testing. MFS r353034: Plumb a memory leak. Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFS r353036: Don't use stack memory which is not initialized. Thanks to Mark Wodrich for reporting this issue for the userland stack in sctplab/usrsctp#380 This issue was also found for usrsctp by OSS-fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17778 Approved by: re (kib@)

Plumb a memory leak. Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 git-svn-id: https://svn.freebsd.org/base/stable/12@353034 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

Only allow a SCTP-AUTH shared key to be updated by the application if it is not deactivated and not used. This avoids a use-after-free problem. MFS r352674: Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. MFS r352675: Cleanup the RTO calculation and perform some consistency checks before computing the RTO. This should fix an overflow issue reported by Felix Weinrank in sctplab/usrsctp#375 for the userland stack and found by running a fuzz tester. MFS r352676: Don't hold the info lock when calling sctp_select_a_tag(). This avoids a double lock bug in the NAT colliding state processing of SCTP. Thanks to Felix Weinrank for finding and reporting this issue in sctplab/usrsctp#374 He found this bug using fuzz testing. MFS r353034: Plumb a memory leak. Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFS r353036: Don't use stack memory which is not initialized. Thanks to Mark Wodrich for reporting this issue for the userland stack in sctplab/usrsctp#380 This issue was also found for usrsctp by OSS-fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17778 Approved by: re (kib@) git-svn-id: https://svn.freebsd.org/base/releng/12.1@353045 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFC after: 3 days

Only allow a SCTP-AUTH shared key to be updated by the application if it is not deactivated and not used. This avoids a use-after-free problem. MFS r352674: Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. MFS r352675: Cleanup the RTO calculation and perform some consistency checks before computing the RTO. This should fix an overflow issue reported by Felix Weinrank in sctplab/usrsctp#375 for the userland stack and found by running a fuzz tester. MFS r352676: Don't hold the info lock when calling sctp_select_a_tag(). This avoids a double lock bug in the NAT colliding state processing of SCTP. Thanks to Felix Weinrank for finding and reporting this issue in sctplab/usrsctp#374 He found this bug using fuzz testing. MFS r353034: Plumb a memory leak. Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFS r353036: Don't use stack memory which is not initialized. Thanks to Mark Wodrich for reporting this issue for the userland stack in sctplab/usrsctp#380 This issue was also found for usrsctp by OSS-fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17778 Approved by: re (kib@)

Plumb a memory leak. Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378

Plumb a memory leak. Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 git-svn-id: https://svn.freebsd.org/base/stable/11@360737 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

tuexen added a commit to sctplab/stream-reset-improved that referenced this issue Sep 24, 2019

Plumb a memory leak.

5283a8f

Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378

tuexen added a commit to sctplab/pr-sctp-improved that referenced this issue Sep 24, 2019

Plumb a memory leak.

dc6ad51

Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378

tuexen added a commit to sctplab/sctp-idata that referenced this issue Sep 24, 2019

Plumb a memory leak.

4d79620

Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378

tuexen added a commit to sctplab/SCTP_NKE_ElCapitan that referenced this issue Sep 24, 2019

Plumb a memory leak.

74bdf5b

Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378

tuexen added a commit to sctplab/SCTP_NKE_Yosemite that referenced this issue Sep 24, 2019

Plumb a memory leak.

de478a5

Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378

tuexen added a commit to sctplab/SCTP_NKE_HighSierra that referenced this issue Sep 24, 2019

Plumb a memory leak.

6737120

Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378

tuexen added a commit that referenced this issue Sep 24, 2019

Plumb a memory leak.

b07df88

Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: #378

tuexen closed this as completed Sep 24, 2019

uqs pushed a commit to freebsd/freebsd-src that referenced this issue Sep 24, 2019

Plumb a memory leak.

eceade6

Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFC after: 3 days

uqs pushed a commit to freebsd/freebsd-src that referenced this issue Oct 3, 2019

MFC r352652:

f89c87c

Plumb a memory leak. Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378

brooksdavis pushed a commit to CTSRD-CHERI/cheribsd that referenced this issue Oct 23, 2019

Plumb a memory leak.

300f766

Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFC after: 3 days

uqs pushed a commit to freebsd/freebsd-src that referenced this issue May 7, 2020

MFC r352652: Fix memory leak

4cdc8d2

Plumb a memory leak. Thnanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LeakSanitizer: detected memory leaks #378

LeakSanitizer: detected memory leaks #378

weinrank commented Sep 22, 2019

tuexen commented Sep 22, 2019

weinrank commented Sep 23, 2019

tuexen commented Sep 24, 2019

LeakSanitizer: detected memory leaks #378

LeakSanitizer: detected memory leaks #378

Comments

weinrank commented Sep 22, 2019

tuexen commented Sep 22, 2019

weinrank commented Sep 23, 2019

tuexen commented Sep 24, 2019