memory leak in prepare_creds

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+71c4697e27c99fddcf17@syzkaller.appspotmail.com>
To: akpm@linux-foundation.org, bernd.edlinger@hotmail.de,
	dhowells@redhat.com, ebiederm@xmission.com,
	keescook@chromium.org, linux-kernel@vger.kernel.org,
	mhocko@suse.com, shakeelb@google.com,
	syzkaller-bugs@googlegroups.com
Subject: memory leak in prepare_creds
Date: Thu, 27 Aug 2020 15:28:15 -0700	[thread overview]
Message-ID: <000000000000ca5cfb05ade37394@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    c3d8f220 Merge tag 'kbuild-fixes-v5.9' of git://git.kernel..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14bf4f5e900000
kernel config:  https://syzkaller.appspot.com/x/.config?x=948134d9ff96e950
dashboard link: https://syzkaller.appspot.com/bug?extid=71c4697e27c99fddcf17
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=115a5519900000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+71c4697e27c99fddcf17@syzkaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff88812a413f00 (size 168):
  comm "syz-executor.0", pid 6554, jiffies 4294953946 (age 13.120s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000008b882031>] prepare_creds+0x25/0x2f0 kernel/cred.c:258
    [<000000001d1756e8>] copy_creds+0x2e/0x1d1 kernel/cred.c:358
    [<00000000a3a640ca>] copy_process+0x50c/0x1f20 kernel/fork.c:1949
    [<00000000a1ad8dee>] _do_fork+0xad/0x530 kernel/fork.c:2428
    [<0000000070af4cd7>] __do_sys_clone+0x76/0xa0 kernel/fork.c:2545
    [<000000001470b5cf>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b4c4b313>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811b54e440 (size 32):
  comm "syz-executor.0", pid 6554, jiffies 4294953946 (age 13.120s)
  hex dump (first 32 bytes):
    01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000138403e6>] kmalloc include/linux/slab.h:559 [inline]
    [<00000000138403e6>] kzalloc include/linux/slab.h:666 [inline]
    [<00000000138403e6>] lsm_cred_alloc security/security.c:532 [inline]
    [<00000000138403e6>] security_prepare_creds+0x97/0xc0 security/security.c:1631
    [<0000000051662e48>] prepare_creds+0x1e1/0x2f0 kernel/cred.c:285
    [<000000001d1756e8>] copy_creds+0x2e/0x1d1 kernel/cred.c:358
    [<00000000a3a640ca>] copy_process+0x50c/0x1f20 kernel/fork.c:1949
    [<00000000a1ad8dee>] _do_fork+0xad/0x530 kernel/fork.c:2428
    [<0000000070af4cd7>] __do_sys_clone+0x76/0xa0 kernel/fork.c:2545
    [<000000001470b5cf>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b4c4b313>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88812a657a00 (size 256):
  comm "syz-executor.0", pid 6790, jiffies 4294953946 (age 13.120s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    a0 e1 14 2b 81 88 ff ff 80 74 8f 16 81 88 ff ff  ...+.....t......
  backtrace:
    [<0000000053e1d866>] kmem_cache_zalloc include/linux/slab.h:656 [inline]
    [<0000000053e1d866>] __alloc_file+0x23/0x120 fs/file_table.c:101
    [<000000000d5d3703>] alloc_empty_file+0x4f/0xe0 fs/file_table.c:151
    [<0000000091abea17>] alloc_file+0x31/0x160 fs/file_table.c:193
    [<000000004bfab74c>] alloc_file_pseudo+0xae/0x120 fs/file_table.c:233
    [<00000000fc9b3b90>] anon_inode_getfile fs/anon_inodes.c:91 [inline]
    [<00000000fc9b3b90>] anon_inode_getfile+0x8e/0x100 fs/anon_inodes.c:74
    [<00000000cbd9d057>] anon_inode_getfd+0x42/0x90 fs/anon_inodes.c:136
    [<00000000589d6af2>] bpf_map_new_fd kernel/bpf/syscall.c:686 [inline]
    [<00000000589d6af2>] bpf_map_new_fd kernel/bpf/syscall.c:678 [inline]
    [<00000000589d6af2>] map_create kernel/bpf/syscall.c:872 [inline]
    [<00000000589d6af2>] __do_sys_bpf+0x67c/0x2450 kernel/bpf/syscall.c:4160
    [<000000001470b5cf>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b4c4b313>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88812a73db50 (size 16):
  comm "syz-executor.0", pid 6790, jiffies 4294953946 (age 13.120s)
  hex dump (first 16 bytes):
    01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000008ddd472b>] kmem_cache_zalloc include/linux/slab.h:656 [inline]
    [<000000008ddd472b>] lsm_file_alloc security/security.c:567 [inline]
    [<000000008ddd472b>] security_file_alloc+0x2e/0xc0 security/security.c:1455
    [<0000000079d891d7>] __alloc_file+0x61/0x120 fs/file_table.c:106
    [<000000000d5d3703>] alloc_empty_file+0x4f/0xe0 fs/file_table.c:151
    [<0000000091abea17>] alloc_file+0x31/0x160 fs/file_table.c:193
    [<000000004bfab74c>] alloc_file_pseudo+0xae/0x120 fs/file_table.c:233
    [<00000000fc9b3b90>] anon_inode_getfile fs/anon_inodes.c:91 [inline]
    [<00000000fc9b3b90>] anon_inode_getfile+0x8e/0x100 fs/anon_inodes.c:74
    [<00000000cbd9d057>] anon_inode_getfd+0x42/0x90 fs/anon_inodes.c:136
    [<00000000589d6af2>] bpf_map_new_fd kernel/bpf/syscall.c:686 [inline]
    [<00000000589d6af2>] bpf_map_new_fd kernel/bpf/syscall.c:678 [inline]
    [<00000000589d6af2>] map_create kernel/bpf/syscall.c:872 [inline]
    [<00000000589d6af2>] __do_sys_bpf+0x67c/0x2450 kernel/bpf/syscall.c:4160
    [<000000001470b5cf>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b4c4b313>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88812a419240 (size 168):
  comm "syz-executor.0", pid 6554, jiffies 4294954493 (age 7.650s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000008b882031>] prepare_creds+0x25/0x2f0 kernel/cred.c:258
    [<000000001d1756e8>] copy_creds+0x2e/0x1d1 kernel/cred.c:358
    [<00000000a3a640ca>] copy_process+0x50c/0x1f20 kernel/fork.c:1949
    [<00000000a1ad8dee>] _do_fork+0xad/0x530 kernel/fork.c:2428
    [<0000000070af4cd7>] __do_sys_clone+0x76/0xa0 kernel/fork.c:2545
    [<000000001470b5cf>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<00000000b4c4b313>] entry_SYSCALL_64_after_hwframe+0x44/0xa9



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

next             reply	other threads:[~2020-08-27 22:28 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-27 22:28 syzbot [this message]
2020-11-28  3:47 ` memory leak in prepare_creds syzbot
2020-11-30 18:52   ` Eric W. Biederman
     [not found] ` <20201128080016.9132-1-hdanton@sina.com>
2020-12-06 13:31   ` Pavel Begunkov
  -- strict thread matches above, loose matches on Subject: below --
2022-01-27 13:31 INT MAX

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000ca5cfb05ade37394@google.com \
    --to=syzbot+71c4697e27c99fddcf17@syzkaller.appspotmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=bernd.edlinger@hotmail.de \
    --cc=dhowells@redhat.com \
    --cc=ebiederm@xmission.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mhocko@suse.com \
    --cc=shakeelb@google.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.