• Shakeel Butt's avatar
    mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node · 373ecad9
    Shakeel Butt authored
    commit 3510955b327176fd4cbab5baa75b449f077722a2 upstream.
    
    Syzbot reported following memory leak:
    
    ffffffffda RBX: 0000000000000003 RCX: 0000000000441f79
    BUG: memory leak
    unreferenced object 0xffff888114f26040 (size 32):
      comm "syz-executor626", pid 7056, jiffies 4294948701 (age 39.410s)
      hex dump (first 32 bytes):
        40 60 f2 14 81 88 ff ff 40 60 f2 14 81 88 ff ff  @`......@`......
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
      backtrace:
         slab_post_alloc_hook mm/slab.h:439 [inline]
         slab_alloc mm/slab.c:3326 [inline]
         kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
         kmalloc include/linux/slab.h:547 [inline]
         __memcg_init_list_lru_node+0x58/0xf0 mm/list_lru.c:352
         memcg_init_list_lru_node mm/list_lru.c:375 [inline]
         memcg_init_list_lru mm/list_lru.c:459 [inline]
         __list_lru_init+0x193/0x2a0 mm/list_lru.c:626
         alloc_super+0x2e0/0x310 fs/super.c:269
         sget_userns+0x94/0x2a0 fs/super.c:609
         sget+0x8d/0xb0 fs/super.c:660
         mount_nodev+0x31/0xb0 fs/super.c:1387
         fuse_mount+0x2d/0x40 fs/fuse/inode.c:1236
         legacy_get_tree+0x27/0x80 fs/fs_context.c:661
         vfs_get_tree+0x2e/0x120 fs/super.c:1476
         do_new_mount fs/namespace.c:2790 [inline]
         do_mount+0x932/0xc50 fs/namespace.c:3110
         ksys_mount+0xab/0x120 fs/namespace.c:3319
         __do_sys_mount fs/namespace.c:3333 [inline]
         __se_sys_mount fs/namespace.c:3330 [inline]
         __x64_sys_mount+0x26/0x30 fs/namespace.c:3330
         do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
         entry_SYSCALL_64_after_hwframe+0x44/0xa9
    
    This is a simple off by one bug on the error path.
    
    Link: http://lkml.kernel.org/r/20190528043202.99980-1-shakeelb@google.com
    Fixes: 60d3fd32 ("list_lru: introduce per-memcg lists")
    Reported-by: syzbot+f90a420dfe2b1b03cb2c@syzkaller.appspotmail.com
    Signed-off-by: 's avatarShakeel Butt <shakeelb@google.com>
    Acked-by: 's avatarMichal Hocko <mhocko@suse.com>
    Reviewed-by: 's avatarKirill Tkhai <ktkhai@virtuozzo.com>
    Cc: <stable@vger.kernel.org>	[4.0+]
    Signed-off-by: 's avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    373ecad9