syzbot


memory leak in add_tree_block

Status: fixed on 2024/03/25 23:45
Subsystems: btrfs
[Documentation on labels]
Reported-by: syzbot+be14ed7728594dc8bd42@syzkaller.appspotmail.com
Fix commit: f03e274a8b29 btrfs: ref-verify: free ref cache before clearing mount opt
First crash: 745d, last: 339d
Discussions (3)
Title Replies (including bot) Last reply
[PATCH 4.19 24/41] btrfs: ref-verify: free ref cache before clearing mount opt 1 (1) 2024/03/13 17:04
[PATCH] btrfs: ref-verify: free ref cache before clearing mount opt 3 (3) 2024/01/04 16:00
[syzbot] memory leak in add_tree_block 0 (2) 2023/11/13 10:22
Last patch testing requests (11)
Created Duration User Patch Repo Result
2024/01/03 20:35 15m retest repro upstream report log
2024/01/03 20:35 10m retest repro upstream report log
2023/11/13 10:22 18m jose.pekkarinen@foxhound.fi git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5a6a09e97199d6600d31383055f9d43fbbcbe86f report log
2023/11/08 22:18 18m retest repro upstream report log
2023/11/08 22:18 15m retest repro upstream report log
2023/10/25 19:46 16m retest repro upstream report log
2023/10/25 19:46 17m retest repro upstream report log
2023/10/25 19:46 17m retest repro upstream report log
2023/08/27 09:53 20m retest repro upstream report log
2023/08/27 09:53 29m retest repro upstream report log
2023/04/18 04:40 10m retest repro upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff8881102131c0 (size 64):
  comm "syz-executor400", pid 5074, jiffies 4294956444 (age 18.410s)
  hex dump (first 32 bytes):
    03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81574285>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1114
    [<ffffffff821a1ff9>] kmalloc include/linux/slab.h:599 [inline]
    [<ffffffff821a1ff9>] add_tree_block+0x39/0x240 fs/btrfs/ref-verify.c:319
    [<ffffffff821a3649>] process_extent_item fs/btrfs/ref-verify.c:474 [inline]
    [<ffffffff821a3649>] process_leaf fs/btrfs/ref-verify.c:521 [inline]
    [<ffffffff821a3649>] walk_down_tree fs/btrfs/ref-verify.c:573 [inline]
    [<ffffffff821a3649>] btrfs_build_ref_tree+0x589/0x850 fs/btrfs/ref-verify.c:1006
    [<ffffffff8208d41f>] open_ctree+0x18af/0x2290 fs/btrfs/disk-io.c:3528
    [<ffffffff820532ff>] btrfs_fill_super fs/btrfs/super.c:1164 [inline]
    [<ffffffff820532ff>] btrfs_mount_root+0x5af/0x750 fs/btrfs/super.c:1529
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816cc11b>] fc_mount fs/namespace.c:1112 [inline]
    [<ffffffff816cc11b>] vfs_kern_mount.part.0+0xcb/0x110 fs/namespace.c:1142
    [<ffffffff816cc19f>] vfs_kern_mount+0x3f/0x60 fs/namespace.c:1129
    [<ffffffff820573db>] btrfs_mount+0x24b/0x6a0 fs/btrfs/super.c:1589
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d46af>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d46af>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d52a1>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d52a1>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d52a1>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d52a1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b38548>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b38548>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff888110213440 (size 64):
  comm "syz-executor400", pid 5074, jiffies 4294956444 (age 18.410s)
  hex dump (first 32 bytes):
    03 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81574285>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1114
    [<ffffffff821a19b5>] kmalloc include/linux/slab.h:599 [inline]
    [<ffffffff821a19b5>] kzalloc include/linux/slab.h:720 [inline]
    [<ffffffff821a19b5>] add_block_entry+0x35/0x320 fs/btrfs/ref-verify.c:270
    [<ffffffff821a2056>] add_tree_block+0x96/0x240 fs/btrfs/ref-verify.c:332
    [<ffffffff821a3649>] process_extent_item fs/btrfs/ref-verify.c:474 [inline]
    [<ffffffff821a3649>] process_leaf fs/btrfs/ref-verify.c:521 [inline]
    [<ffffffff821a3649>] walk_down_tree fs/btrfs/ref-verify.c:573 [inline]
    [<ffffffff821a3649>] btrfs_build_ref_tree+0x589/0x850 fs/btrfs/ref-verify.c:1006
    [<ffffffff8208d41f>] open_ctree+0x18af/0x2290 fs/btrfs/disk-io.c:3528
    [<ffffffff820532ff>] btrfs_fill_super fs/btrfs/super.c:1164 [inline]
    [<ffffffff820532ff>] btrfs_mount_root+0x5af/0x750 fs/btrfs/super.c:1529
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816cc11b>] fc_mount fs/namespace.c:1112 [inline]
    [<ffffffff816cc11b>] vfs_kern_mount.part.0+0xcb/0x110 fs/namespace.c:1142
    [<ffffffff816cc19f>] vfs_kern_mount+0x3f/0x60 fs/namespace.c:1129
    [<ffffffff820573db>] btrfs_mount+0x24b/0x6a0 fs/btrfs/super.c:1589
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d46af>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d46af>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d52a1>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d52a1>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d52a1>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d52a1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b38548>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b38548>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80

BUG: memory leak
unreferenced object 0xffff88810ca1ed80 (size 96):
  comm "syz-executor400", pid 5074, jiffies 4294956444 (age 18.410s)
  hex dump (first 32 bytes):
    00 10 10 00 00 00 00 00 00 10 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00  ................
  backtrace:
    [<ffffffff81574285>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1114
    [<ffffffff821a19ce>] kmalloc include/linux/slab.h:599 [inline]
    [<ffffffff821a19ce>] kzalloc include/linux/slab.h:720 [inline]
    [<ffffffff821a19ce>] add_block_entry+0x4e/0x320 fs/btrfs/ref-verify.c:271
    [<ffffffff821a2056>] add_tree_block+0x96/0x240 fs/btrfs/ref-verify.c:332
    [<ffffffff821a3649>] process_extent_item fs/btrfs/ref-verify.c:474 [inline]
    [<ffffffff821a3649>] process_leaf fs/btrfs/ref-verify.c:521 [inline]
    [<ffffffff821a3649>] walk_down_tree fs/btrfs/ref-verify.c:573 [inline]
    [<ffffffff821a3649>] btrfs_build_ref_tree+0x589/0x850 fs/btrfs/ref-verify.c:1006
    [<ffffffff8208d41f>] open_ctree+0x18af/0x2290 fs/btrfs/disk-io.c:3528
    [<ffffffff820532ff>] btrfs_fill_super fs/btrfs/super.c:1164 [inline]
    [<ffffffff820532ff>] btrfs_mount_root+0x5af/0x750 fs/btrfs/super.c:1529
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816cc11b>] fc_mount fs/namespace.c:1112 [inline]
    [<ffffffff816cc11b>] vfs_kern_mount.part.0+0xcb/0x110 fs/namespace.c:1142
    [<ffffffff816cc19f>] vfs_kern_mount+0x3f/0x60 fs/namespace.c:1129
    [<ffffffff820573db>] btrfs_mount+0x24b/0x6a0 fs/btrfs/super.c:1589
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d46af>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d46af>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d52a1>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d52a1>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d52a1>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d52a1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b38548>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b38548>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80


Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/10/11 14:36 upstream 94f6f0550c62 83165b57 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in add_tree_block
2023/09/29 12:41 upstream 9ed22ae6be81 d265efd8 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in add_tree_block
2023/09/26 05:06 upstream 6465e260f487 0b6a67ac .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in add_tree_block
2023/06/14 21:00 upstream b6dad5178cea d2ee9228 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in add_tree_block
2022/11/24 07:39 upstream 4312098baf37 12c66417 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in add_tree_block
* Struck through repros no longer work on HEAD.