From: syzbot <syzbot+3ad9614a12f80994c32e@syzkaller.appspotmail.com>
To: andriin@fb.com, ast@kernel.org, bpf@vger.kernel.org,
daniel@iogearbox.net, john.fastabend@gmail.com, kafai@fb.com,
keescook@chromium.org, kpsingh@chromium.org,
linux-kernel@vger.kernel.org, luto@amacapital.net,
netdev@vger.kernel.org, songliubraving@fb.com,
syzkaller-bugs@googlegroups.com, wad@chromium.org, yhs@fb.com
Subject: memory leak in do_seccomp
Date: Tue, 11 Aug 2020 10:06:17 -0700 [thread overview]
Message-ID: <000000000000e5ea9e05ac9d16c1@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 449dc8c9 Merge tag 'for-v5.9' of git://git.kernel.org/pub/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15d816c2900000
kernel config: https://syzkaller.appspot.com/x/.config?x=4810fa4a53b3aa2c
dashboard link: https://syzkaller.appspot.com/bug?extid=3ad9614a12f80994c32e
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=153d30e2900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3ad9614a12f80994c32e@syzkaller.appspotmail.com
2020/08/09 00:29:47 executed programs: 3
BUG: memory leak
unreferenced object 0xffff88811310ea80 (size 96):
comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
hex dump (first 32 bytes):
01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 30 e0 00 00 c9 ff ff .........0......
backtrace:
[<0000000073bb6e7d>] kmalloc include/linux/slab.h:554 [inline]
[<0000000073bb6e7d>] kzalloc include/linux/slab.h:666 [inline]
[<0000000073bb6e7d>] seccomp_prepare_filter kernel/seccomp.c:562 [inline]
[<0000000073bb6e7d>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
[<0000000073bb6e7d>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
[<0000000073bb6e7d>] do_seccomp+0x2ec/0xd40 kernel/seccomp.c:1649
[<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffffc90000e03000 (size 4096):
comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
hex dump (first 32 bytes):
01 00 03 00 00 00 00 00 00 00 00 00 05 00 00 00 ................
2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -...............
backtrace:
[<000000003b6a39af>] __vmalloc_node_range+0x2e1/0x3c0 mm/vmalloc.c:2520
[<00000000eee59e12>] __vmalloc_node mm/vmalloc.c:2552 [inline]
[<00000000eee59e12>] __vmalloc+0x49/0x50 mm/vmalloc.c:2566
[<000000006e13ac2a>] bpf_prog_alloc_no_stats+0x32/0x100 kernel/bpf/core.c:85
[<00000000cff3572c>] bpf_prog_alloc+0x1c/0xb0 kernel/bpf/core.c:111
[<000000003222ffa9>] bpf_prog_create_from_user+0x5f/0x2a0 net/core/filter.c:1409
[<00000000baa576ae>] seccomp_prepare_filter kernel/seccomp.c:567 [inline]
[<00000000baa576ae>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
[<00000000baa576ae>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
[<00000000baa576ae>] do_seccomp+0x32e/0xd40 kernel/seccomp.c:1649
[<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888113bc1c00 (size 1024):
comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000000466b245>] kmalloc include/linux/slab.h:554 [inline]
[<000000000466b245>] kzalloc include/linux/slab.h:666 [inline]
[<000000000466b245>] bpf_prog_alloc_no_stats+0x73/0x100 kernel/bpf/core.c:89
[<00000000cff3572c>] bpf_prog_alloc+0x1c/0xb0 kernel/bpf/core.c:111
[<000000003222ffa9>] bpf_prog_create_from_user+0x5f/0x2a0 net/core/filter.c:1409
[<00000000baa576ae>] seccomp_prepare_filter kernel/seccomp.c:567 [inline]
[<00000000baa576ae>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
[<00000000baa576ae>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
[<00000000baa576ae>] do_seccomp+0x32e/0xd40 kernel/seccomp.c:1649
[<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff8881154cb860 (size 32):
comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
hex dump (first 32 bytes):
01 00 73 74 65 6d 64 2d 00 5c d6 19 81 88 ff ff ..stemd-.\......
65 72 76 69 63 65 00 00 00 00 00 00 00 00 00 00 ervice..........
backtrace:
[<00000000561d65d4>] kmalloc include/linux/slab.h:554 [inline]
[<00000000561d65d4>] bpf_prog_store_orig_filter+0x33/0xa0 net/core/filter.c:1131
[<000000005d9b7cd2>] bpf_prog_create_from_user+0xda/0x2a0 net/core/filter.c:1422
[<00000000baa576ae>] seccomp_prepare_filter kernel/seccomp.c:567 [inline]
[<00000000baa576ae>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
[<00000000baa576ae>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
[<00000000baa576ae>] do_seccomp+0x32e/0xd40 kernel/seccomp.c:1649
[<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff888119d65c00 (size 32):
comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
hex dump (first 32 bytes):
06 00 00 00 fb ff ff 7f 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000ad603142>] kmemdup+0x23/0x50 mm/util.c:127
[<0000000001d3eabf>] kmemdup include/linux/string.h:479 [inline]
[<0000000001d3eabf>] bpf_prog_store_orig_filter+0x5e/0xa0 net/core/filter.c:1138
[<000000005d9b7cd2>] bpf_prog_create_from_user+0xda/0x2a0 net/core/filter.c:1422
[<00000000baa576ae>] seccomp_prepare_filter kernel/seccomp.c:567 [inline]
[<00000000baa576ae>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
[<00000000baa576ae>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
[<00000000baa576ae>] do_seccomp+0x32e/0xd40 kernel/seccomp.c:1649
[<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff8881131ecb00 (size 96):
comm "syz-executor.0", pid 6688, jiffies 4294954707 (age 12.810s)
hex dump (first 32 bytes):
01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
80 ea 10 13 81 88 ff ff 00 b0 d8 00 00 c9 ff ff ................
backtrace:
[<0000000073bb6e7d>] kmalloc include/linux/slab.h:554 [inline]
[<0000000073bb6e7d>] kzalloc include/linux/slab.h:666 [inline]
[<0000000073bb6e7d>] seccomp_prepare_filter kernel/seccomp.c:562 [inline]
[<0000000073bb6e7d>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
[<0000000073bb6e7d>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
[<0000000073bb6e7d>] do_seccomp+0x2ec/0xd40 kernel/seccomp.c:1649
[<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0xffff88811310e400 (size 96):
comm "syz-executor.0", pid 6702, jiffies 4294955242 (age 7.460s)
hex dump (first 32 bytes):
01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 50 e1 00 00 c9 ff ff .........P......
backtrace:
[<0000000073bb6e7d>] kmalloc include/linux/slab.h:554 [inline]
[<0000000073bb6e7d>] kzalloc include/linux/slab.h:666 [inline]
[<0000000073bb6e7d>] seccomp_prepare_filter kernel/seccomp.c:562 [inline]
[<0000000073bb6e7d>] seccomp_prepare_user_filter kernel/seccomp.c:604 [inline]
[<0000000073bb6e7d>] seccomp_set_mode_filter kernel/seccomp.c:1535 [inline]
[<0000000073bb6e7d>] do_seccomp+0x2ec/0xd40 kernel/seccomp.c:1649
[<00000000658618a4>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
[<00000000b8258e4d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
next reply other threads:[~2020-08-11 17:06 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-11 17:06 syzbot [this message]
2020-08-31 3:50 ` memory leak in do_seccomp syzbot
2020-08-31 23:25 ` Kees Cook
2020-09-01 0:09 ` Tycho Andersen
2020-09-01 1:14 ` Tycho Andersen
2020-09-01 10:07 ` Christian Brauner
2020-09-01 15:08 ` Kees Cook
2020-09-01 15:26 ` Tycho Andersen
-- strict thread matches above, loose matches on Subject: below --
2021-07-31 19:20 Sudip Mukherjee
2021-08-01 3:25 ` Kees Cook
2021-08-01 21:10 ` Sudip Mukherjee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000e5ea9e05ac9d16c1@google.com \
--to=syzbot+3ad9614a12f80994c32e@syzkaller.appspotmail.com \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=keescook@chromium.org \
--cc=kpsingh@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=wad@chromium.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.