syzbot


memory leak in erase_aeb

Status: fixed on 2020/05/10 10:42
Subsystems: mtd
[Documentation on labels]
Reported-by: syzbot+f317896aae32eb281a58@syzkaller.appspotmail.com
Fix commit: c16f39d14a7e ubi: fastmap: Free unused fastmap anchor peb during detach
First crash: 1689d, last: 1535d
Discussions (7)
Title Replies (including bot) Last reply
[PATCH 4.19 000/245] 4.19.149-rc1 review 255 (255) 2020/10/01 11:14
[PATCH 5.4 000/388] 5.4.69-rc1 review 392 (392) 2020/09/30 14:29
[PATCH AUTOSEL 5.4 001/330] drm/v3d: don't leak bin job if v3d_job_init fails. 341 (341) 2020/09/24 20:54
[PATCH AUTOSEL 4.19 001/206] selinux: allow labeling before policy is loaded 208 (208) 2020/09/18 18:46
[PATCH 5.6 00/38] 5.6.4-rc1 review 44 (44) 2020/04/14 10:36
[PATCH 5.5 00/44] 5.5.17-rc1 review 48 (48) 2020/04/14 10:36
memory leak in erase_aeb 0 (2) 2020/01/11 17:19
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in erase_aeb (2) mtd syz 25 1464d 1534d 15/27 fixed on 2020/09/16 22:51

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888127cecb00 (size 32):
  comm "syz-executor527", pid 7144, jiffies 4294957528 (age 23.750s)
  hex dump (first 32 bytes):
    00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de  ........".......
    00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00  ................
  backtrace:
    [<0000000029f9ef6c>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<0000000029f9ef6c>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<0000000029f9ef6c>] slab_alloc mm/slab.c:3320 [inline]
    [<0000000029f9ef6c>] kmem_cache_alloc+0x13f/0x2c0 mm/slab.c:3484
    [<000000003092c936>] erase_aeb+0x2a/0x100 drivers/mtd/ubi/wl.c:1691
    [<00000000d507b66e>] ubi_wl_init+0x1ae/0x600 drivers/mtd/ubi/wl.c:1758
    [<0000000072e7d762>] ubi_attach+0x665/0x18e7 drivers/mtd/ubi/attach.c:1605
    [<0000000024d645cb>] ubi_attach_mtd_dev+0x5b3/0xd40 drivers/mtd/ubi/build.c:946
    [<00000000e6600cef>] ctrl_cdev_ioctl+0x149/0x1c0 drivers/mtd/ubi/cdev.c:1043
    [<000000001253992f>] vfs_ioctl fs/ioctl.c:47 [inline]
    [<000000001253992f>] file_ioctl fs/ioctl.c:545 [inline]
    [<000000001253992f>] do_vfs_ioctl+0x551/0x890 fs/ioctl.c:732
    [<00000000c49e8c94>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:749
    [<00000000261db07c>] __do_sys_ioctl fs/ioctl.c:756 [inline]
    [<00000000261db07c>] __se_sys_ioctl fs/ioctl.c:754 [inline]
    [<00000000261db07c>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:754
    [<000000004f01dc3e>] do_syscall_64+0x73/0x220 arch/x86/entry/common.c:294
    [<000000002de81d29>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888127cecb00 (size 32):
  comm "syz-executor527", pid 7144, jiffies 4294957528 (age 26.350s)
  hex dump (first 32 bytes):
    00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de  ........".......
    00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00  ................
  backtrace:
    [<0000000029f9ef6c>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<0000000029f9ef6c>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<0000000029f9ef6c>] slab_alloc mm/slab.c:3320 [inline]
    [<0000000029f9ef6c>] kmem_cache_alloc+0x13f/0x2c0 mm/slab.c:3484
    [<000000003092c936>] erase_aeb+0x2a/0x100 drivers/mtd/ubi/wl.c:1691
    [<00000000d507b66e>] ubi_wl_init+0x1ae/0x600 drivers/mtd/ubi/wl.c:1758
    [<0000000072e7d762>] ubi_attach+0x665/0x18e7 drivers/mtd/ubi/attach.c:1605
    [<0000000024d645cb>] ubi_attach_mtd_dev+0x5b3/0xd40 drivers/mtd/ubi/build.c:946
    [<00000000e6600cef>] ctrl_cdev_ioctl+0x149/0x1c0 drivers/mtd/ubi/cdev.c:1043
    [<000000001253992f>] vfs_ioctl fs/ioctl.c:47 [inline]
    [<000000001253992f>] file_ioctl fs/ioctl.c:545 [inline]
    [<000000001253992f>] do_vfs_ioctl+0x551/0x890 fs/ioctl.c:732
    [<00000000c49e8c94>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:749
    [<00000000261db07c>] __do_sys_ioctl fs/ioctl.c:756 [inline]
    [<00000000261db07c>] __se_sys_ioctl fs/ioctl.c:754 [inline]
    [<00000000261db07c>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:754
    [<000000004f01dc3e>] do_syscall_64+0x73/0x220 arch/x86/entry/common.c:294
    [<000000002de81d29>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888127cecb00 (size 32):
  comm "syz-executor527", pid 7144, jiffies 4294957528 (age 32.820s)
  hex dump (first 32 bytes):
    00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de  ........".......
    00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00  ................
  backtrace:
    [<0000000029f9ef6c>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<0000000029f9ef6c>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<0000000029f9ef6c>] slab_alloc mm/slab.c:3320 [inline]
    [<0000000029f9ef6c>] kmem_cache_alloc+0x13f/0x2c0 mm/slab.c:3484
    [<000000003092c936>] erase_aeb+0x2a/0x100 drivers/mtd/ubi/wl.c:1691
    [<00000000d507b66e>] ubi_wl_init+0x1ae/0x600 drivers/mtd/ubi/wl.c:1758
    [<0000000072e7d762>] ubi_attach+0x665/0x18e7 drivers/mtd/ubi/attach.c:1605
    [<0000000024d645cb>] ubi_attach_mtd_dev+0x5b3/0xd40 drivers/mtd/ubi/build.c:946
    [<00000000e6600cef>] ctrl_cdev_ioctl+0x149/0x1c0 drivers/mtd/ubi/cdev.c:1043
    [<000000001253992f>] vfs_ioctl fs/ioctl.c:47 [inline]
    [<000000001253992f>] file_ioctl fs/ioctl.c:545 [inline]
    [<000000001253992f>] do_vfs_ioctl+0x551/0x890 fs/ioctl.c:732
    [<00000000c49e8c94>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:749
    [<00000000261db07c>] __do_sys_ioctl fs/ioctl.c:756 [inline]
    [<00000000261db07c>] __se_sys_ioctl fs/ioctl.c:754 [inline]
    [<00000000261db07c>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:754
    [<000000004f01dc3e>] do_syscall_64+0x73/0x220 arch/x86/entry/common.c:294
    [<000000002de81d29>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

executing program
executing program
executing program
executing program
executing program

Crashes (109):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/01/11 17:19 upstream bef1d88263ff 4c04afaa .config console log report syz C ci-upstream-gce-leak
2020/05/10 00:41 upstream 1d3962ae3b3d 88cb3e92 .config console log report syz ci-upstream-gce-leak
2020/05/02 20:03 upstream 690e2aba7beb 58da4c35 .config console log report syz ci-upstream-gce-leak
2020/05/02 08:55 upstream 052c467cb587 bc734e7a .config console log report syz ci-upstream-gce-leak
2020/04/30 09:33 upstream 1d2cc5ac6f66 2dd552a5 .config console log report syz ci-upstream-gce-leak
2020/04/22 07:58 upstream 189522da8b3a 2e44d63e .config console log report syz ci-upstream-gce-leak
2020/04/21 08:14 upstream ae83d0b416db 98a9f9e6 .config console log report syz ci-upstream-gce-leak
2020/04/19 15:43 upstream 50cc09c18985 6dfd45e1 .config console log report syz ci-upstream-gce-leak
2020/04/18 12:10 upstream 90280eaa88ac 435c6d53 .config console log report syz ci-upstream-gce-leak
2020/04/17 14:00 upstream 7a56db0299f9 18397578 .config console log report syz ci-upstream-gce-leak
2020/04/16 12:24 upstream 00086336a8d9 c743fcb3 .config console log report syz ci-upstream-gce-leak
2020/04/16 11:54 upstream 00086336a8d9 c743fcb3 .config console log report syz ci-upstream-gce-leak
2020/04/14 11:40 upstream 8f3d9f354286 3f3c5574 .config console log report syz ci-upstream-gce-leak
2020/04/13 13:34 upstream 8f3d9f354286 17a986e5 .config console log report syz ci-upstream-gce-leak
2020/04/12 13:23 upstream b032227c6293 36b0b050 .config console log report syz ci-upstream-gce-leak
2020/04/12 07:19 upstream b032227c6293 a8c6a3f8 .config console log report syz ci-upstream-gce-leak
2020/04/11 19:13 upstream 5b8b9d0c6d0e a8c6a3f8 .config console log report syz ci-upstream-gce-leak
2020/04/11 09:21 upstream ab6f762f0f53 a8c6a3f8 .config console log report syz ci-upstream-gce-leak
2020/04/11 08:47 upstream ab6f762f0f53 a8c6a3f8 .config console log report syz ci-upstream-gce-leak
2020/04/10 13:48 upstream c0cc271173b2 a8c6a3f8 .config console log report syz ci-upstream-gce-leak
2020/04/10 00:16 upstream 5d30bcacd91a a8c6a3f8 .config console log report syz ci-upstream-gce-leak
2020/04/09 00:47 upstream ae46d2aa6a7f db9bcd4b .config console log report syz ci-upstream-gce-leak
2020/04/08 15:31 upstream f5e94d10e4c4 db9bcd4b .config console log report syz ci-upstream-gce-leak
2020/04/08 05:55 upstream 763dede1b248 db9bcd4b .config console log report syz ci-upstream-gce-leak
2020/04/03 21:31 upstream bef7b2a7be28 5ed396e6 .config console log report syz ci-upstream-gce-leak
2020/04/03 21:09 upstream bef7b2a7be28 5ed396e6 .config console log report syz ci-upstream-gce-leak
2020/04/03 20:38 upstream bef7b2a7be28 5ed396e6 .config console log report syz ci-upstream-gce-leak
2020/04/03 15:58 upstream bef7b2a7be28 5ed396e6 .config console log report syz ci-upstream-gce-leak
2020/04/03 03:05 upstream 7be97138e727 a34e2c33 .config console log report syz ci-upstream-gce-leak
2020/04/02 17:17 upstream 919dce24701f a34e2c33 .config console log report syz ci-upstream-gce-leak
2020/04/02 11:05 upstream 919dce24701f a34e2c33 .config console log report syz ci-upstream-gce-leak
2020/04/01 17:18 upstream 1a323ea5356e a34e2c33 .config console log report syz ci-upstream-gce-leak
2020/04/01 10:45 upstream 56a451b78067 a34e2c33 .config console log report syz ci-upstream-gce-leak
2020/03/31 05:35 upstream 673b41e04a03 c8d1cc20 .config console log report syz ci-upstream-gce-leak
2020/03/30 16:31 upstream 7111951b8d49 c8d1cc20 .config console log report syz ci-upstream-gce-leak
2020/03/29 20:55 upstream e595dd94515e 05736b29 .config console log report syz ci-upstream-gce-leak
2020/03/28 17:58 upstream 69c5eea3128e f1ebdfba .config console log report syz ci-upstream-gce-leak
2020/03/28 17:26 upstream 69c5eea3128e f1ebdfba .config console log report syz ci-upstream-gce-leak
2020/03/28 05:22 upstream 527630fbf4f1 831e9a81 .config console log report syz ci-upstream-gce-leak
2020/03/27 12:25 upstream f3e69428b5e2 7d95711b .config console log report syz ci-upstream-gce-leak
2020/03/27 08:43 upstream f3e69428b5e2 7d95711b .config console log report syz ci-upstream-gce-leak
2020/03/27 00:44 upstream 9420e8ade435 6d25c5a0 .config console log report syz ci-upstream-gce-leak
2020/03/26 23:22 upstream 9420e8ade435 6d25c5a0 .config console log report syz ci-upstream-gce-leak
2020/03/26 11:58 upstream 1b649e0bcae7 e8e6c7d2 .config console log report syz ci-upstream-gce-leak
2020/03/25 16:15 upstream 76ccd234269b 41f049cc .config console log report syz ci-upstream-gce-leak
2020/03/25 09:20 upstream 76ccd234269b 41f049cc .config console log report syz ci-upstream-gce-leak
2020/03/24 22:14 upstream 76ccd234269b 68660b21 .config console log report syz ci-upstream-gce-leak
2020/03/23 04:18 upstream 67d584e33e54 78267cec .config console log report syz ci-upstream-gce-leak
2020/03/22 04:44 upstream b74b991fb8b9 78267cec .config console log report syz ci-upstream-gce-leak
2020/03/21 22:16 upstream 5ad0ec0b8652 4288d95e .config console log report syz ci-upstream-gce-leak
2019/12/08 04:59 upstream ad910e36da4c 1508f453 .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.