From: syzbot <syzbot+2a478080bd86d36bb5ea@syzkaller.appspotmail.com>
To: johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org,
linux-kernel@vger.kernel.org, luiz.dentz@gmail.com,
marcel@holtmann.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [bluetooth?] memory leak in prepare_creds (4)
Date: Tue, 07 Nov 2023 23:31:24 -0800 [thread overview]
Message-ID: <00000000000017b74d06099f1375@google.com> (raw)
In-Reply-To: <00000000000057faf606067f1f32@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: 13d88ac54ddd Merge tag 'vfs-6.7.fsid' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10740c7b680000
kernel config: https://syzkaller.appspot.com/x/.config?x=ecfdf78a410c834
dashboard link: https://syzkaller.appspot.com/bug?extid=2a478080bd86d36bb5ea
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12d8fd7f680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=107b137f680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9bb27a01f17c/disk-13d88ac5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fb496feed171/vmlinux-13d88ac5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f4da22719ffa/bzImage-13d88ac5.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2a478080bd86d36bb5ea@syzkaller.appspotmail.com
Warning: Permanently added '10.128.0.113' (ED25519) to the list of known hosts.
executing program
executing program
BUG: memory leak
unreferenced object 0xffff888107c20600 (size 192):
comm "syz-executor418", pid 5027, jiffies 4294942544 (age 13.100s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff81630798>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
[<ffffffff81630798>] slab_post_alloc_hook mm/slab.h:766 [inline]
[<ffffffff81630798>] slab_alloc_node mm/slub.c:3478 [inline]
[<ffffffff81630798>] slab_alloc mm/slub.c:3486 [inline]
[<ffffffff81630798>] __kmem_cache_alloc_lru mm/slub.c:3493 [inline]
[<ffffffff81630798>] kmem_cache_alloc+0x298/0x430 mm/slub.c:3502
[<ffffffff812e0d5b>] prepare_creds+0x2b/0x4e0 kernel/cred.c:269
[<ffffffff812e17c4>] copy_creds+0x44/0x280 kernel/cred.c:373
[<ffffffff812927ba>] copy_process+0x6aa/0x25c0 kernel/fork.c:2366
[<ffffffff8129487b>] kernel_clone+0x11b/0x690 kernel/fork.c:2907
[<ffffffff81294e6c>] __do_sys_clone+0x7c/0xb0 kernel/fork.c:3050
[<ffffffff84b67d8f>] do_syscall_x64 arch/x86/entry/common.c:51 [inline]
[<ffffffff84b67d8f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:82
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b
BUG: memory leak
unreferenced object 0xffff888107470a80 (size 16):
comm "syz-executor418", pid 5027, jiffies 4294942544 (age 13.100s)
hex dump (first 16 bytes):
00 00 00 00 00 00 00 00 00 c3 87 00 81 88 ff ff ................
backtrace:
[<ffffffff8163331d>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
[<ffffffff8163331d>] slab_post_alloc_hook mm/slab.h:766 [inline]
[<ffffffff8163331d>] slab_alloc_node mm/slub.c:3478 [inline]
[<ffffffff8163331d>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517
[<ffffffff8157e81b>] __do_kmalloc_node mm/slab_common.c:1006 [inline]
[<ffffffff8157e81b>] __kmalloc+0x4b/0x150 mm/slab_common.c:1020
[<ffffffff82364631>] kmalloc include/linux/slab.h:604 [inline]
[<ffffffff82364631>] kzalloc include/linux/slab.h:721 [inline]
[<ffffffff82364631>] lsm_cred_alloc security/security.c:577 [inline]
[<ffffffff82364631>] security_prepare_creds+0x121/0x140 security/security.c:2950
[<ffffffff812e1059>] prepare_creds+0x329/0x4e0 kernel/cred.c:300
[<ffffffff812e17c4>] copy_creds+0x44/0x280 kernel/cred.c:373
[<ffffffff812927ba>] copy_process+0x6aa/0x25c0 kernel/fork.c:2366
[<ffffffff8129487b>] kernel_clone+0x11b/0x690 kernel/fork.c:2907
[<ffffffff81294e6c>] __do_sys_clone+0x7c/0xb0 kernel/fork.c:3050
[<ffffffff84b67d8f>] do_syscall_x64 arch/x86/entry/common.c:51 [inline]
[<ffffffff84b67d8f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:82
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
prev parent reply other threads:[~2023-11-08 7:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-29 13:08 [syzbot] [bluetooth?] memory leak in prepare_creds (4) syzbot
2023-11-08 7:31 ` syzbot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000017b74d06099f1375@google.com \
--to=syzbot+2a478080bd86d36bb5ea@syzkaller.appspotmail.com \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--cc=marcel@holtmann.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox