syzbot


memory leak in bio_copy_user_iov

Status: fixed on 2020/06/30 18:57
Reported-by: syzbot+03e5c8ebd22cc6c3a8cb@syzkaller.appspotmail.com
Fix commit: 3b7995a98ad7 block: fix memleak when __blk_rq_map_user_iov() is failed
First crash: 2005d, last: 1817d
Cause bisection: introduced by (bisect log) :
commit 664820265d70a759dceca87b6eb200cd2b93cda8
Author: Mike Snitzer <snitzer@redhat.com>
Date: Thu Feb 18 20:44:39 2016 +0000

  dm: do not return target from dm_get_live_table_for_ioctl()

Crash: INFO: rcu detected stall in corrupted (log)
Repro: C syz .config
  
Discussions (3)
Title Replies (including bot) Last reply
memory leak in bio_copy_user_iov 1 (3) 2019/07/29 01:03
Reminder: 11 open syzbot bugs in block subsystem 1 (1) 2019/07/24 02:26
Reminder: 11 open syzbot bugs in block subsystem 1 (1) 2019/06/25 06:17

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888115992800 (size 2048):
  comm "syz-executor299", pid 6943, jiffies 4294991292 (age 244.720s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    20 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00   ...............
  backtrace:
    [<00000000069232c5>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<00000000069232c5>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<00000000069232c5>] slab_alloc mm/slab.c:3319 [inline]
    [<00000000069232c5>] __do_kmalloc mm/slab.c:3653 [inline]
    [<00000000069232c5>] __kmalloc+0x169/0x300 mm/slab.c:3664
    [<000000004449d9c5>] kmalloc include/linux/slab.h:561 [inline]
    [<000000004449d9c5>] bio_alloc_bioset+0x1b8/0x2c0 block/bio.c:440
    [<00000000f14737de>] bio_kmalloc include/linux/bio.h:405 [inline]
    [<00000000f14737de>] bio_copy_user_iov+0x121/0x4d0 block/bio.c:1248
    [<00000000ffc280e5>] __blk_rq_map_user_iov block/blk-map.c:73 [inline]
    [<00000000ffc280e5>] blk_rq_map_user_iov+0xc6/0x2b0 block/blk-map.c:142
    [<000000004c86ad46>] blk_rq_map_user+0x71/0xb0 block/blk-map.c:172
    [<00000000e493491c>] sg_start_req drivers/scsi/sg.c:1813 [inline]
    [<00000000e493491c>] sg_common_write.isra.0+0x619/0xa10 drivers/scsi/sg.c:809
    [<00000000dd94a794>] sg_write.part.0+0x325/0x570 drivers/scsi/sg.c:709
    [<00000000c41a2c62>] sg_write+0x44/0x64 drivers/scsi/sg.c:617
    [<00000000170f783b>] __vfs_write+0x43/0xa0 fs/read_write.c:494
    [<00000000d08ac09c>] vfs_write fs/read_write.c:558 [inline]
    [<00000000d08ac09c>] vfs_write+0xee/0x210 fs/read_write.c:542
    [<00000000ba9bdecf>] ksys_write+0x7c/0x130 fs/read_write.c:611
    [<00000000580f199d>] __do_sys_write fs/read_write.c:623 [inline]
    [<00000000580f199d>] __se_sys_write fs/read_write.c:620 [inline]
    [<00000000580f199d>] __x64_sys_write+0x1e/0x30 fs/read_write.c:620
    [<00000000b6a81d43>] do_syscall_64+0x73/0x1f0 arch/x86/entry/common.c:290
    [<00000000fb75a745>] entry_SYSCALL_64_after_hwframe+0x44/0xa9


Crashes (34):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/25 03:56 upstream f116b96685a0 d01bb02a .config console log report syz C ci-upstream-gce-leak
2019/10/16 10:57 upstream 3b1f00aceb7a d4ea592f .config console log report syz C ci-upstream-gce-leak
2019/08/19 13:23 upstream d1abaeb3be7b b8ceabfc .config console log report syz C ci-upstream-gce-leak
2019/08/18 12:46 upstream 8fde2832bd0b 55bf8926 .config console log report syz C ci-upstream-gce-leak
2019/08/17 07:03 upstream 2d63ba3e41db 8fd428a1 .config console log report syz C ci-upstream-gce-leak
2019/07/30 21:27 upstream 2a11c76e5301 f28bf2a5 .config console log report syz C ci-upstream-gce-leak
2019/07/27 08:08 upstream 3ea54d9b0d65 c85e1c5b .config console log report syz C ci-upstream-gce-leak
2019/06/29 21:35 upstream 01305db842e1 7509bf36 .config console log report syz C ci-upstream-gce-leak
2019/06/16 15:46 upstream e01e060fe00d 442206d7 .config console log report syz C ci-upstream-gce-leak
2019/06/15 17:33 upstream 0011572c8830 442206d7 .config console log report syz C ci-upstream-gce-leak
2019/12/20 23:49 upstream 6398b9fc818e bc586918 .config console log report syz ci-upstream-gce-leak
2019/12/17 01:20 upstream 510c9788991c b80769fc .config console log report syz ci-upstream-gce-leak
2019/12/15 16:17 upstream 07c4b9e9f71a eef6e580 .config console log report syz ci-upstream-gce-leak
2019/12/13 23:14 upstream 37d4e84f765b 5b2ca5da .config console log report syz ci-upstream-gce-leak
2019/12/12 02:34 upstream 687dec9b9459 d973f528 .config console log report syz ci-upstream-gce-leak
2019/12/09 21:44 upstream e42617b825f8 b31eda3d .config console log report syz ci-upstream-gce-leak
2019/12/09 21:12 upstream e42617b825f8 b31eda3d .config console log report syz ci-upstream-gce-leak
2019/12/08 18:58 upstream 9455d25f4e3b 1508f453 .config console log report syz ci-upstream-gce-leak
2019/12/08 11:07 upstream ad910e36da4c 1508f453 .config console log report syz ci-upstream-gce-leak
2019/12/07 19:09 upstream eea2d5da29e3 85f26751 .config console log report syz ci-upstream-gce-leak
2019/12/07 17:04 upstream eea2d5da29e3 85f26751 .config console log report syz ci-upstream-gce-leak
2019/12/06 04:43 upstream b0d4beaa5a4b 98b4ef2d .config console log report syz ci-upstream-gce-leak
2019/11/22 08:38 upstream 81429eb8d9ca 8098ea0f .config console log report syz ci-upstream-gce-leak
2019/11/19 08:54 upstream af42d3466bdc 5bc70212 .config console log report syz ci-upstream-gce-leak
2019/10/21 11:24 upstream 7d194c2100ad 8c88c9c1 .config console log report syz ci-upstream-gce-leak
2019/10/18 03:25 upstream 283ea345934d 8c88c9c1 .config console log report syz ci-upstream-gce-leak
2019/08/28 18:41 upstream 6525771f58cb fd37b39e .config console log report syz ci-upstream-gce-leak
2019/08/24 22:44 upstream 361469211f87 d21c5d9d .config console log report syz ci-upstream-gce-leak
2019/08/16 03:58 upstream a69e90512d9d 8fd428a1 .config console log report syz ci-upstream-gce-leak
2019/08/14 01:04 upstream ee1c7bd33e66 ef801a3e .config console log report syz ci-upstream-gce-leak
2019/08/13 06:57 upstream d45331b00ddb 8620c2c2 .config console log report syz ci-upstream-gce-leak
2019/07/24 00:17 upstream c6dd78fcb8ee de453f34 .config console log report syz ci-upstream-gce-leak
2019/06/28 07:04 upstream c84afab02c31 7509bf36 .config console log report syz ci-upstream-gce-leak
2019/06/27 01:39 upstream 249155c20f9b 7509bf36 .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.