syzbot


memory leak in prepare_creds

Status: fixed on 2021/03/10 01:48
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+71c4697e27c99fddcf17@syzkaller.appspotmail.com
Fix commit: f26c08b444df io_uring: fix file leak on error path of io ctx creation
First crash: 1508d, last: 1329d
Discussions (5)
Title Replies (including bot) Last reply
Re: [PATCH] io_uring: fix file leak on creating io ctx 1 (1) 2020/12/08 15:50
Re: [PATCH] io_uring: fix file leak on creating io ctx 1 (1) 2020/12/07 16:42
Re: [PATCH] io_uring: fix file leak on creating io ctx 2 (2) 2020/12/07 15:42
Re: memory leak in prepare_creds 1 (1) 2020/12/06 13:31
memory leak in prepare_creds 1 (3) 2020/11/30 18:52
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in prepare_creds (3) kernel C 24 624d 902d 0/28 auto-obsoleted due to no activity on 2023/05/24 05:02
upstream memory leak in prepare_creds (2) kernel C 2 1203d 1298d 20/28 fixed on 2021/11/10 00:50
upstream memory leak in prepare_creds (4) kernel C 5 277d 376d 0/28 auto-obsoleted due to no activity on 2024/04/17 09:09

Sample crash report:
Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts.
executing program
BUG: memory leak
unreferenced object 0xffff88810153d300 (size 168):
  comm "kworker/u4:5", pid 3337, jiffies 4294942178 (age 8.380s)
  hex dump (first 32 bytes):
    02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000fadae063>] prepare_creds+0x27/0x410 kernel/cred.c:258
    [<00000000f4b712f2>] copy_creds+0x3a/0x230 kernel/cred.c:358
    [<000000009664f26a>] copy_process+0x6a3/0x25c0 kernel/fork.c:1973
    [<0000000095deb8f1>] kernel_clone+0xf3/0x670 kernel/fork.c:2462
    [<000000009cfaa552>] kernel_thread+0x61/0x80 kernel/fork.c:2514
    [<00000000224e087e>] call_usermodehelper_exec_work kernel/umh.c:172 [inline]
    [<00000000224e087e>] call_usermodehelper_exec_work+0xc4/0x120 kernel/umh.c:158
    [<00000000e65b03c7>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<000000004fe61903>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<00000000a8044f9f>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<000000009ba91e5f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff8881132fc8e0 (size 32):
  comm "kworker/u4:5", pid 3337, jiffies 4294942178 (age 8.380s)
  hex dump (first 32 bytes):
    b0 8e 93 00 81 88 ff ff 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000802b960a>] lsm_cred_alloc security/security.c:534 [inline]
    [<00000000802b960a>] security_prepare_creds+0x9f/0xc0 security/security.c:1633
    [<00000000b1358a81>] prepare_creds+0x2c7/0x410 kernel/cred.c:285
    [<00000000f4b712f2>] copy_creds+0x3a/0x230 kernel/cred.c:358
    [<000000009664f26a>] copy_process+0x6a3/0x25c0 kernel/fork.c:1973
    [<0000000095deb8f1>] kernel_clone+0xf3/0x670 kernel/fork.c:2462
    [<000000009cfaa552>] kernel_thread+0x61/0x80 kernel/fork.c:2514
    [<00000000224e087e>] call_usermodehelper_exec_work kernel/umh.c:172 [inline]
    [<00000000224e087e>] call_usermodehelper_exec_work+0xc4/0x120 kernel/umh.c:158
    [<00000000e65b03c7>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<000000004fe61903>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<00000000a8044f9f>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<000000009ba91e5f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff888110c74d00 (size 232):
  comm "kworker/u4:5", pid 8448, jiffies 4294942178 (age 8.380s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 47 04 01 81 88 ff ff 00 df bc 0f 81 88 ff ff  .G..............
  backtrace:
    [<00000000c5c45f82>] kmem_cache_zalloc include/linux/slab.h:672 [inline]
    [<00000000c5c45f82>] __alloc_file+0x1f/0xf0 fs/file_table.c:101
    [<00000000c983ee17>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
    [<000000009244bbde>] alloc_file+0x33/0x1b0 fs/file_table.c:192
    [<00000000cfc99561>] alloc_file_pseudo+0xb2/0x140 fs/file_table.c:232
    [<00000000c87c5cd3>] create_pipe_files+0x138/0x2e0 fs/pipe.c:911
    [<000000005e8b4874>] umd_setup+0x33/0x220 kernel/usermode_driver.c:104
    [<0000000006668e98>] call_usermodehelper_exec_async+0xb4/0x1b0 kernel/umh.c:101
    [<000000009ba91e5f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff888110c3cdc8 (size 24):
  comm "kworker/u4:5", pid 8448, jiffies 4294942178 (age 8.380s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 b0 8e 93 00 81 88 ff ff  ................
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<00000000d8431c2e>] kmem_cache_zalloc include/linux/slab.h:672 [inline]
    [<00000000d8431c2e>] lsm_file_alloc security/security.c:569 [inline]
    [<00000000d8431c2e>] security_file_alloc+0x2a/0xb0 security/security.c:1457
    [<0000000049a90543>] __alloc_file+0x5d/0xf0 fs/file_table.c:106
    [<00000000c983ee17>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
    [<000000009244bbde>] alloc_file+0x33/0x1b0 fs/file_table.c:192
    [<00000000cfc99561>] alloc_file_pseudo+0xb2/0x140 fs/file_table.c:232
    [<00000000c87c5cd3>] create_pipe_files+0x138/0x2e0 fs/pipe.c:911
    [<000000005e8b4874>] umd_setup+0x33/0x220 kernel/usermode_driver.c:104
    [<0000000006668e98>] call_usermodehelper_exec_async+0xb4/0x1b0 kernel/umh.c:101
    [<000000009ba91e5f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff88810f942a00 (size 608):
  comm "kworker/u4:5", pid 8448, jiffies 4294942178 (age 8.380s)
  hex dump (first 32 bytes):
    80 11 04 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
  backtrace:
    [<000000002d7aaa6a>] alloc_inode+0xbe/0x100 fs/inode.c:235
    [<0000000008156b27>] new_inode_pseudo+0x13/0x70 fs/inode.c:927
    [<000000003c5cd2f8>] get_pipe_inode fs/pipe.c:855 [inline]
    [<000000003c5cd2f8>] create_pipe_files+0x2b/0x2e0 fs/pipe.c:895
    [<000000002a49a38e>] umd_setup+0xad/0x220 kernel/usermode_driver.c:115
    [<0000000006668e98>] call_usermodehelper_exec_async+0xb4/0x1b0 kernel/umh.c:101
    [<000000009ba91e5f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296


Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/18 03:24 upstream f40ddce88593 14052202 .config console log report syz C ci-upstream-gce-leak memory leak in prepare_creds
2021/02/15 09:13 upstream f40ddce88593 98682e5e .config console log report syz C ci-upstream-gce-leak memory leak in prepare_creds
2021/02/14 02:36 upstream ac30d8ce28d6 98682e5e .config console log report syz C ci-upstream-gce-leak memory leak in prepare_creds
2021/02/14 01:57 upstream ac30d8ce28d6 98682e5e .config console log report syz C ci-upstream-gce-leak memory leak in prepare_creds
2021/02/13 12:19 upstream c6d8570e4d64 98682e5e .config console log report syz C ci-upstream-gce-leak memory leak in prepare_creds
2021/02/05 15:05 upstream dd86e7fa07a3 23a562df .config console log report syz C ci-upstream-gce-leak memory leak in prepare_creds
2021/02/03 12:05 upstream 3aaf0a27ffc2 624dad51 .config console log report syz C ci-upstream-gce-leak memory leak in prepare_creds
2020/11/28 03:46 upstream 99c710c46dfc 486f93ef .config console log report syz C ci-upstream-gce-leak
2020/11/19 23:33 upstream 3494d58865ad 0767f13f .config console log report syz ci-upstream-gce-leak
2020/08/23 22:21 upstream c3d8f220d012 cef5ae68 .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.