memory leak in scsi_init_io

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

We report a bug (in linux-5.5.13) found by FuzzUSB (a modified version
of syzkaller)

A memory buffer (i.e., struct scatterlist) is allocated, and not freed properly.
(not sure about the point where the allocated memory region is leaking.)

==================================================================
BUG: memory leak
unreferenced object 0xffff88805b337280 (size 256):
  comm "syz-executor.6", pid 5934, jiffies 4295016561 (age 16.340s)
  hex dump (first 32 bytes):
    00 46 5f 01 00 ea ff ff 00 00 00 00 00 10 00 00  .F_.............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006305194b>] kmemleak_alloc_recursive
2/./include/linux/kmemleak.h:43 [inline]
    [<000000006305194b>] slab_post_alloc_hook 2/mm/slab.h:586 [inline]
    [<000000006305194b>] slab_alloc_node 2/mm/slub.c:2767 [inline]
    [<000000006305194b>] slab_alloc 2/mm/slub.c:2775 [inline]
    [<000000006305194b>] kmem_cache_alloc+0x165/0x340 2/mm/slub.c:2780
    [<000000003f20764c>] mempool_alloc_slab+0x44/0x70 2/mm/mempool.c:513
    [<00000000561f62bb>] mempool_alloc+0x145/0x370 2/mm/mempool.c:393
    [<00000000322111ed>] sg_pool_alloc+0xe6/0x1a0 2/lib/sg_pool.c:67
    [<00000000b72ca391>] __sg_alloc_table+0xb0/0x370 2/lib/scatterlist.c:302
    [<00000000c61ae208>] sg_alloc_table_chained+0x6c/0x1c0 2/lib/sg_pool.c:132
    [<00000000cd52be39>] scsi_init_sgtable
2/drivers/scsi/scsi_lib.c:990 [inline]
    [<00000000cd52be39>] scsi_init_io+0x10e/0x340 2/drivers/scsi/scsi_lib.c:1025
    [<000000004dccec43>] sd_setup_read_write_cmnd
2/drivers/scsi/sd.c:1174 [inline]
    [<000000004dccec43>] sd_init_command+0xbdc/0x3400 2/drivers/scsi/sd.c:1290
    [<00000000644825df>] scsi_setup_fs_cmnd
2/drivers/scsi/scsi_lib.c:1211 [inline]
    [<00000000644825df>] scsi_setup_cmnd 2/drivers/scsi/scsi_lib.c:1229 [inline]
    [<00000000644825df>] scsi_mq_prep_fn 2/drivers/scsi/scsi_lib.c:1603 [inline]
    [<00000000644825df>] scsi_queue_rq+0xf18/0x2a30
2/drivers/scsi/scsi_lib.c:1671
    [<00000000d4c4c1c8>] blk_mq_dispatch_rq_list+0xa6e/0x1870
2/block/blk-mq.c:1238
    [<00000000e1d472b3>] blk_mq_do_dispatch_sched+0x198/0x3f0
2/block/blk-mq-sched.c:115
    [<000000002542d635>] blk_mq_sched_dispatch_requests+0x39a/0x600
2/block/blk-mq-sched.c:211
    [<000000000ffcbd69>] __blk_mq_run_hw_queue+0x12b/0x250 2/block/blk-mq.c:1368
    [<000000001cbeb84f>] __blk_mq_delay_run_hw_queue+0x467/0x4f0
2/block/blk-mq.c:1436
    [<000000003a7eefb7>] blk_mq_run_hw_queue+0x178/0x320 2/block/blk-mq.c:1473
    [<00000000bf63d47b>] blk_mq_get_tag+0x583/0xa00 2/block/blk-mq-tag.c:139
==================================================================
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux