Hello, syzbot found the following issue on: HEAD commit: 4a0fc73da97e Merge tag 's390-6.6-2' of git://git.kernel.or.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16dce6a4680000 kernel config: https://syzkaller.appspot.com/x/.config?x=52403a23b631cefc dashboard link: https://syzkaller.appspot.com/bug?extid=edcb33c666a478ec67a9 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15780480680000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15c8a2a4680000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/7e7536435862/disk-4a0fc73d.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/f5b10d577113/vmlinux-4a0fc73d.xz kernel image: https://storage.googleapis.com/syzbot-assets/430b464e2d50/bzImage-4a0fc73d.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/551456fa5cb9/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+edcb33c666a478ec67a9@xxxxxxxxxxxxxxxxxxxxxxxxx BUG: memory leak unreferenced object 0xffff88810c45aa00 (size 64): comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s) hex dump (first 32 bytes): 00 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff815742ee>] __do_kmalloc_node mm/slab_common.c:1022 [inline] [<ffffffff815742ee>] __kmalloc_node+0x4e/0x150 mm/slab_common.c:1030 [<ffffffff81563919>] kmalloc_node include/linux/slab.h:619 [inline] [<ffffffff81563919>] kvmalloc_node+0x99/0x170 mm/util.c:607 [<ffffffff81bfd949>] kvmalloc include/linux/slab.h:737 [inline] [<ffffffff81bfd949>] run_add_entry+0x559/0x720 fs/ntfs3/run.c:389 [<ffffffff81bfee3c>] run_unpack+0x53c/0x620 fs/ntfs3/run.c:1021 [<ffffffff81bfef97>] run_unpack_ex+0x77/0x320 fs/ntfs3/run.c:1060 [<ffffffff81bee9d3>] ntfs_read_mft fs/ntfs3/inode.c:400 [inline] [<ffffffff81bee9d3>] ntfs_iget5+0x633/0x1a90 fs/ntfs3/inode.c:532 [<ffffffff81bd0ee6>] ntfs_loadlog_and_replay+0x86/0x280 fs/ntfs3/fsntfs.c:297 [<ffffffff81c022c7>] ntfs_fill_super+0x1057/0x22f0 fs/ntfs3/super.c:1222 [<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577 [<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750 [<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline] [<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662 [<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline] [<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline] [<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline] [<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861 [<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff888108a8b218 (size 8): comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s) hex dump (first 8 bytes): 00 00 00 00 00 00 00 00 ........ backtrace: [<ffffffff8157443b>] __do_kmalloc_node mm/slab_common.c:1022 [inline] [<ffffffff8157443b>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036 [<ffffffff81bc99ac>] kmalloc_array include/linux/slab.h:636 [inline] [<ffffffff81bc99ac>] kcalloc include/linux/slab.h:667 [inline] [<ffffffff81bc99ac>] wnd_init+0xdc/0x140 fs/ntfs3/bitmap.c:662 [<ffffffff81c023dd>] ntfs_fill_super+0x116d/0x22f0 fs/ntfs3/super.c:1257 [<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577 [<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750 [<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline] [<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662 [<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline] [<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline] [<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline] [<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861 [<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff88810bda6080 (size 64): comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s) hex dump (first 32 bytes): 00 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff815742ee>] __do_kmalloc_node mm/slab_common.c:1022 [inline] [<ffffffff815742ee>] __kmalloc_node+0x4e/0x150 mm/slab_common.c:1030 [<ffffffff81563919>] kmalloc_node include/linux/slab.h:619 [inline] [<ffffffff81563919>] kvmalloc_node+0x99/0x170 mm/util.c:607 [<ffffffff81bfd949>] kvmalloc include/linux/slab.h:737 [inline] [<ffffffff81bfd949>] run_add_entry+0x559/0x720 fs/ntfs3/run.c:389 [<ffffffff81bfee3c>] run_unpack+0x53c/0x620 fs/ntfs3/run.c:1021 [<ffffffff81bfef97>] run_unpack_ex+0x77/0x320 fs/ntfs3/run.c:1060 [<ffffffff81bee9d3>] ntfs_read_mft fs/ntfs3/inode.c:400 [inline] [<ffffffff81bee9d3>] ntfs_iget5+0x633/0x1a90 fs/ntfs3/inode.c:532 [<ffffffff81c0245d>] ntfs_fill_super+0x11ed/0x22f0 fs/ntfs3/super.c:1272 [<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577 [<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750 [<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline] [<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662 [<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline] [<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline] [<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline] [<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861 [<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0xffff888108a8b4a8 (size 8): comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s) hex dump (first 8 bytes): fd 03 00 00 00 00 00 00 ........ backtrace: [<ffffffff8157443b>] __do_kmalloc_node mm/slab_common.c:1022 [inline] [<ffffffff8157443b>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036 [<ffffffff81bc99ac>] kmalloc_array include/linux/slab.h:636 [inline] [<ffffffff81bc99ac>] kcalloc include/linux/slab.h:667 [inline] [<ffffffff81bc99ac>] wnd_init+0xdc/0x140 fs/ntfs3/bitmap.c:662 [<ffffffff81c02509>] ntfs_fill_super+0x1299/0x22f0 fs/ntfs3/super.c:1294 [<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577 [<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750 [<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline] [<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662 [<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline] [<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline] [<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline] [<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861 [<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
