From: syzbot <syzbot+edcb33c666a478ec67a9@syzkaller.appspotmail.com>
To: almaz.alexandrovich@paragon-software.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
ntfs3@lists.linux.dev, syzkaller-bugs@googlegroups.com
Subject: [syzbot] [ntfs3?] memory leak in run_add_entry
Date: Tue, 12 Sep 2023 03:30:51 -0700 [thread overview]
Message-ID: <000000000000da83b5060526ef9c@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 4a0fc73da97e Merge tag 's390-6.6-2' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16dce6a4680000
kernel config: https://syzkaller.appspot.com/x/.config?x=52403a23b631cefc
dashboard link: https://syzkaller.appspot.com/bug?extid=edcb33c666a478ec67a9
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15780480680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15c8a2a4680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7e7536435862/disk-4a0fc73d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f5b10d577113/vmlinux-4a0fc73d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/430b464e2d50/bzImage-4a0fc73d.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/551456fa5cb9/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+edcb33c666a478ec67a9@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810c45aa00 (size 64):
comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s)
hex dump (first 32 bytes):
00 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff815742ee>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff815742ee>] __kmalloc_node+0x4e/0x150 mm/slab_common.c:1030
[<ffffffff81563919>] kmalloc_node include/linux/slab.h:619 [inline]
[<ffffffff81563919>] kvmalloc_node+0x99/0x170 mm/util.c:607
[<ffffffff81bfd949>] kvmalloc include/linux/slab.h:737 [inline]
[<ffffffff81bfd949>] run_add_entry+0x559/0x720 fs/ntfs3/run.c:389
[<ffffffff81bfee3c>] run_unpack+0x53c/0x620 fs/ntfs3/run.c:1021
[<ffffffff81bfef97>] run_unpack_ex+0x77/0x320 fs/ntfs3/run.c:1060
[<ffffffff81bee9d3>] ntfs_read_mft fs/ntfs3/inode.c:400 [inline]
[<ffffffff81bee9d3>] ntfs_iget5+0x633/0x1a90 fs/ntfs3/inode.c:532
[<ffffffff81bd0ee6>] ntfs_loadlog_and_replay+0x86/0x280 fs/ntfs3/fsntfs.c:297
[<ffffffff81c022c7>] ntfs_fill_super+0x1057/0x22f0 fs/ntfs3/super.c:1222
[<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
[<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
[<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline]
[<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
[<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline]
[<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline]
[<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline]
[<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
[<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888108a8b218 (size 8):
comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s)
hex dump (first 8 bytes):
00 00 00 00 00 00 00 00 ........
backtrace:
[<ffffffff8157443b>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff8157443b>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
[<ffffffff81bc99ac>] kmalloc_array include/linux/slab.h:636 [inline]
[<ffffffff81bc99ac>] kcalloc include/linux/slab.h:667 [inline]
[<ffffffff81bc99ac>] wnd_init+0xdc/0x140 fs/ntfs3/bitmap.c:662
[<ffffffff81c023dd>] ntfs_fill_super+0x116d/0x22f0 fs/ntfs3/super.c:1257
[<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
[<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
[<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline]
[<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
[<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline]
[<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline]
[<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline]
[<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
[<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff88810bda6080 (size 64):
comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s)
hex dump (first 32 bytes):
00 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff815742ee>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff815742ee>] __kmalloc_node+0x4e/0x150 mm/slab_common.c:1030
[<ffffffff81563919>] kmalloc_node include/linux/slab.h:619 [inline]
[<ffffffff81563919>] kvmalloc_node+0x99/0x170 mm/util.c:607
[<ffffffff81bfd949>] kvmalloc include/linux/slab.h:737 [inline]
[<ffffffff81bfd949>] run_add_entry+0x559/0x720 fs/ntfs3/run.c:389
[<ffffffff81bfee3c>] run_unpack+0x53c/0x620 fs/ntfs3/run.c:1021
[<ffffffff81bfef97>] run_unpack_ex+0x77/0x320 fs/ntfs3/run.c:1060
[<ffffffff81bee9d3>] ntfs_read_mft fs/ntfs3/inode.c:400 [inline]
[<ffffffff81bee9d3>] ntfs_iget5+0x633/0x1a90 fs/ntfs3/inode.c:532
[<ffffffff81c0245d>] ntfs_fill_super+0x11ed/0x22f0 fs/ntfs3/super.c:1272
[<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
[<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
[<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline]
[<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
[<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline]
[<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline]
[<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline]
[<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
[<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
BUG: memory leak
unreferenced object 0xffff888108a8b4a8 (size 8):
comm "syz-executor381", pid 5019, jiffies 4294945074 (age 13.030s)
hex dump (first 8 bytes):
fd 03 00 00 00 00 00 00 ........
backtrace:
[<ffffffff8157443b>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
[<ffffffff8157443b>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
[<ffffffff81bc99ac>] kmalloc_array include/linux/slab.h:636 [inline]
[<ffffffff81bc99ac>] kcalloc include/linux/slab.h:667 [inline]
[<ffffffff81bc99ac>] wnd_init+0xdc/0x140 fs/ntfs3/bitmap.c:662
[<ffffffff81c02509>] ntfs_fill_super+0x1299/0x22f0 fs/ntfs3/super.c:1294
[<ffffffff81691a21>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
[<ffffffff8168ecda>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
[<ffffffff816d44ef>] do_new_mount fs/namespace.c:3335 [inline]
[<ffffffff816d44ef>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
[<ffffffff816d50e1>] do_mount fs/namespace.c:3675 [inline]
[<ffffffff816d50e1>] __do_sys_mount fs/namespace.c:3884 [inline]
[<ffffffff816d50e1>] __se_sys_mount fs/namespace.c:3861 [inline]
[<ffffffff816d50e1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
[<ffffffff84b2dfa8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84b2dfa8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
[<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
reply other threads:[~2023-09-12 10:30 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000da83b5060526ef9c@google.com \
--to=syzbot+edcb33c666a478ec67a9@syzkaller.appspotmail.com \
--cc=almaz.alexandrovich@paragon-software.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ntfs3@lists.linux.dev \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).