syzbot


memory leak in wnd_init

Status: auto-obsoleted due to no activity on 2024/01/03 16:01
Subsystems: ntfs3
[Documentation on labels]
Reported-by: syzbot+9ccdd15480e9d9833822@syzkaller.appspotmail.com
First crash: 176d, last: 159d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] fs/ntfs3: Fix memory leak in ntfs_fill_super() 1 (1) 2023/09/16 17:58
[syzbot] [ntfs3?] memory leak in wnd_init 0 (1) 2023/09/12 03:43
Last patch testing requests (8)
Created Duration User Patch Repo Result
2023/12/01 04:56 18m retest repro upstream OK log
2023/10/10 10:01 18m retest repro upstream OK log
2023/10/06 06:11 33m almaz.alexandrovich@paragon-software.com https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master OK log
2023/09/28 13:50 19m almaz.alexandrovich@paragon-software.com https://github.com/Paragon-Software-Group/linux-ntfs3.git master OK log
2023/09/22 03:59 10m retest repro upstream report log
2023/09/16 17:12 20m syoshida@redhat.com patch upstream OK log
2023/09/13 11:11 12m eadavis@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4a0fc73da97e report log
2023/09/13 01:07 10m eadavis@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4a0fc73da97e report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888143f6fc60 (size 8):
  comm "syz-executor122", pid 5019, jiffies 4294941557 (age 13.450s)
  hex dump (first 8 bytes):
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff815748bb>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
    [<ffffffff815748bb>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
    [<ffffffff81bcba8c>] kmalloc_array include/linux/slab.h:636 [inline]
    [<ffffffff81bcba8c>] kcalloc include/linux/slab.h:667 [inline]
    [<ffffffff81bcba8c>] wnd_init+0xdc/0x140 fs/ntfs3/bitmap.c:662
    [<ffffffff81c044bd>] ntfs_fill_super+0x116d/0x22f0 fs/ntfs3/super.c:1257
    [<ffffffff81691eb1>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
    [<ffffffff8168f1ba>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d464f>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d464f>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d5241>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d5241>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d5241>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d5241>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b32fc8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b32fc8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810e355180 (size 64):
  comm "syz-executor122", pid 5019, jiffies 4294941557 (age 13.450s)
  hex dump (first 32 bytes):
    00 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8157476e>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
    [<ffffffff8157476e>] __kmalloc_node+0x4e/0x150 mm/slab_common.c:1030
    [<ffffffff81563d99>] kmalloc_node include/linux/slab.h:619 [inline]
    [<ffffffff81563d99>] kvmalloc_node+0x99/0x170 mm/util.c:607
    [<ffffffff81bffa29>] kvmalloc include/linux/slab.h:737 [inline]
    [<ffffffff81bffa29>] run_add_entry+0x559/0x720 fs/ntfs3/run.c:389
    [<ffffffff81c00f1c>] run_unpack+0x53c/0x620 fs/ntfs3/run.c:1021
    [<ffffffff81c01077>] run_unpack_ex+0x77/0x320 fs/ntfs3/run.c:1060
    [<ffffffff81bf0ab3>] ntfs_read_mft fs/ntfs3/inode.c:400 [inline]
    [<ffffffff81bf0ab3>] ntfs_iget5+0x633/0x1a90 fs/ntfs3/inode.c:532
    [<ffffffff81c0453d>] ntfs_fill_super+0x11ed/0x22f0 fs/ntfs3/super.c:1272
    [<ffffffff81691eb1>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
    [<ffffffff8168f1ba>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d464f>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d464f>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d5241>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d5241>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d5241>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d5241>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b32fc8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b32fc8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff888143f6fc68 (size 8):
  comm "syz-executor122", pid 5019, jiffies 4294941557 (age 13.450s)
  hex dump (first 8 bytes):
    fd 03 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff815748bb>] __do_kmalloc_node mm/slab_common.c:1022 [inline]
    [<ffffffff815748bb>] __kmalloc+0x4b/0x150 mm/slab_common.c:1036
    [<ffffffff81bcba8c>] kmalloc_array include/linux/slab.h:636 [inline]
    [<ffffffff81bcba8c>] kcalloc include/linux/slab.h:667 [inline]
    [<ffffffff81bcba8c>] wnd_init+0xdc/0x140 fs/ntfs3/bitmap.c:662
    [<ffffffff81c045e9>] ntfs_fill_super+0x1299/0x22f0 fs/ntfs3/super.c:1294
    [<ffffffff81691eb1>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
    [<ffffffff8168f1ba>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d464f>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d464f>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d5241>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d5241>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d5241>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d5241>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b32fc8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b32fc8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810d424000 (size 64):
  comm "syz-executor122", pid 5019, jiffies 4294941557 (age 13.450s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 40 40 42 0d 81 88 ff ff  ........@@B.....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81bc9ebc>] wnd_add_free_ext+0x6c/0x860 fs/ntfs3/bitmap.c:337
    [<ffffffff81bcb855>] wnd_rescan+0x4a5/0x600 fs/ntfs3/bitmap.c:621
    [<ffffffff81bcbaa2>] wnd_init+0xf2/0x140 fs/ntfs3/bitmap.c:666
    [<ffffffff81c045e9>] ntfs_fill_super+0x1299/0x22f0 fs/ntfs3/super.c:1294
    [<ffffffff81691eb1>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
    [<ffffffff8168f1ba>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d464f>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d464f>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d5241>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d5241>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d5241>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d5241>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b32fc8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b32fc8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810d424040 (size 64):
  comm "syz-executor122", pid 5019, jiffies 4294941557 (age 13.450s)
  hex dump (first 32 bytes):
    00 40 42 0d 81 88 ff ff 00 00 00 00 00 00 00 00  .@B.............
    00 00 00 00 00 00 00 00 97 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81bcbe4f>] wnd_remove_free_ext+0x35f/0xb20 fs/ntfs3/bitmap.c:475
    [<ffffffff81bcd67e>] wnd_zone_set+0x8e/0xb0 fs/ntfs3/bitmap.c:1422
    [<ffffffff81bcfb60>] ntfs_refresh_zone+0x120/0x140 fs/ntfs3/fsntfs.c:838
    [<ffffffff81c04618>] ntfs_fill_super+0x12c8/0x22f0 fs/ntfs3/super.c:1303
    [<ffffffff81691eb1>] get_tree_bdev+0x1b1/0x280 fs/super.c:1577
    [<ffffffff8168f1ba>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d464f>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d464f>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d5241>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d5241>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d5241>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d5241>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b32fc8>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b32fc8>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd


Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/09/25 16:00 upstream 6465e260f487 0b6a67ac .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in wnd_init
2023/09/08 03:38 upstream 4a0fc73da97e 72324844 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in wnd_init
* Struck through repros no longer work on HEAD.