[syzbot] [ntfs3?] memory leak in run_add_entry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

syzbot found the following issue on:

HEAD commit:    4a0fc73da97e Merge tag 's390-6.6-2' of git://git.kernel.or..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16dce6a4680000
kernel config:  https://syzkaller.appspot.com/x/.config?x=52403a23b631cefc
dashboard link: https://syzkaller.appspot.com/bug?extid=edcb33c666a478ec67a9
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15780480680000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=15c8a2a4680000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7e7536435862/disk-4a0fc73d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f5b10d577113/vmlinux-4a0fc73d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/430b464e2d50/bzImage-4a0fc73d.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/551456fa5cb9/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+edcb33c666a478ec67a9@xxxxxxxxxxxxxxxxxxxxxxxxx

BUG: memory leak
unreferenced object 0xffff88810c45aa00 (size 64):
  comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s)
  hex dump (first 32 bytes):
    00 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff815742ee>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
    [<ffffffff815742ee>] __kmalloc_node+0x4e/0x150 mm/slab_common.c:1030
    [<ffffffff81563919>] kmalloc_node include/linux/slab.h:619 [inline]
    [<ffffffff81563919>] kvmalloc_node+0x99/0x170 mm/util.c:607
    [<ffffffff81bfd949>] kvmalloc include/linux/slab.h:737 [inline]
    [<ffffffff81bfd949>] run_add_entry+0x559/0x720 fs/ntfs3/run.c:389
    [<ffffffff81bfee3c>] run_unpack+0x53c/0x620 fs/ntfs3/run.c:1021
    [<ffffffff81bfef97>] run_unpack_ex+0x77/0x320 fs/ntfs3/run.c:1060
    [<ffffffff81bee9d3>] ntfs_read_mft fs/ntfs3/inode.c:400 [inline]
    [<ffffffff81bee9d3>] ntfs_iget5+0x633/0x1a90 fs/ntfs3/inode.c:532
    [<ffffffff81bd0ee6>] ntfs_loadlog_and_replay+0x86/0x280 fs/ntfs3/fsntfs.c:297
    [<ffffffff81c022c7>] ntfs_fill_super+0x1057/0x22f0 fs/ntfs3/super.c:1222
    [<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
    [<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff888108a8b218 (size 8):
  comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s)
  hex dump (first 8 bytes):
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff8157443b>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
    [<ffffffff8157443b>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
    [<ffffffff81bc99ac>] kmalloc_array include/linux/slab.h:636 [inline]
    [<ffffffff81bc99ac>] kcalloc include/linux/slab.h:667 [inline]
    [<ffffffff81bc99ac>] wnd_init+0xdc/0x140 fs/ntfs3/bitmap.c:662
    [<ffffffff81c023dd>] ntfs_fill_super+0x116d/0x22f0 fs/ntfs3/super.c:1257
    [<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
    [<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810bda6080 (size 64):
  comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s)
  hex dump (first 32 bytes):
    00 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff815742ee>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
    [<ffffffff815742ee>] __kmalloc_node+0x4e/0x150 mm/slab_common.c:1030
    [<ffffffff81563919>] kmalloc_node include/linux/slab.h:619 [inline]
    [<ffffffff81563919>] kvmalloc_node+0x99/0x170 mm/util.c:607
    [<ffffffff81bfd949>] kvmalloc include/linux/slab.h:737 [inline]
    [<ffffffff81bfd949>] run_add_entry+0x559/0x720 fs/ntfs3/run.c:389
    [<ffffffff81bfee3c>] run_unpack+0x53c/0x620 fs/ntfs3/run.c:1021
    [<ffffffff81bfef97>] run_unpack_ex+0x77/0x320 fs/ntfs3/run.c:1060
    [<ffffffff81bee9d3>] ntfs_read_mft fs/ntfs3/inode.c:400 [inline]
    [<ffffffff81bee9d3>] ntfs_iget5+0x633/0x1a90 fs/ntfs3/inode.c:532
    [<ffffffff81c0245d>] ntfs_fill_super+0x11ed/0x22f0 fs/ntfs3/super.c:1272
    [<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
    [<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff888108a8b4a8 (size 8):
  comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s)
  hex dump (first 8 bytes):
    fd 03 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff8157443b>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
    [<ffffffff8157443b>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
    [<ffffffff81bc99ac>] kmalloc_array include/linux/slab.h:636 [inline]
    [<ffffffff81bc99ac>] kcalloc include/linux/slab.h:667 [inline]
    [<ffffffff81bc99ac>] wnd_init+0xdc/0x140 fs/ntfs3/bitmap.c:662
    [<ffffffff81c02509>] ntfs_fill_super+0x1299/0x22f0 fs/ntfs3/super.c:1294
    [<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
    [<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux