Re: Observation of a memory leak with commit 314001f0bf92 ("af_unix: Add OOB support")

[Shoaib Rao]

Hi Lukas,

I took a look at the patch and I fail to see how prepare_creds() could 
be impacted by the patch. The only reference to a cred in the patch is 
via maybe_add_creds().

prepare_creds() is called to make a copy of the current creds which will 
be later modified. If there is any leak it would be in the caller not 
releasing the memory. The patch does not do anything with creds.

If there is any more information that can help identify the issue, I 
will be happy to look into it.

Note that a lot of bugs are timing related, so while it might seem that 
a change is causing the problem, it may not be the cause, it may just be 
changing the environment for the bug to show up.

Shoaib

On 1/6/22 22:48, Lukas Bulwahn wrote:
> Dear Rao and David,
>
>
> In our syzkaller instance running on linux-next,
> https://urldefense.com/v3/__https://elisa-builder-00.iol.unh.edu/syzkaller-next/__;!!ACWV5N9M2RV99hQ!YR_lD5j1kvA5QfrbPcM5nMVZZkWNcF-UEE4vKA20TPkslzzGDVPqpL-6heEhBZ_e$ , we have been
> observing a memory leak in prepare_creds,
> https://urldefense.com/v3/__https://elisa-builder-00.iol.unh.edu/syzkaller-next/report?id=1dcac8539d69ad9eb94ab2c8c0d99c11a0b516a3__;!!ACWV5N9M2RV99hQ!YR_lD5j1kvA5QfrbPcM5nMVZZkWNcF-UEE4vKA20TPkslzzGDVPqpL-6hS1luOMv$ ,
> for quite some time.
>
> It is reproducible on v5.15-rc1, v5.15, v5.16-rc8 and next-20220104.
> So, it is in mainline, was released and has not been fixed in
> linux-next yet.
>
> As syzkaller also provides a reproducer, we bisected this memory leak
> to be introduced with  commit 314001f0bf92 ("af_unix: Add OOB
> support").
>
> We also tested that reverting this commit on torvalds' current tree
> made the memory leak with the reproducer go away.
>
> Could you please have a look how your commit introduces this memory
> leak? We will gladly support testing your fix in case help is needed.
>
>
> Best regards,
>
> Lukas