syzbot


memory leak in add_tree_block

Status: upstream: reported C repro on 2022/11/28 07:50
Labels: btrfs (incorrect?)
Reported-by: syzbot+be14ed7728594dc8bd42@syzkaller.appspotmail.com
First crash: 188d, last: 43d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] memory leak in add_tree_block 0 (1) 2022/11/28 07:50
Last patch testing requests (1)
Created Duration User Patch Repo Result
2023/04/18 04:40 10m retest repro upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88810f8ea480 (size 64):
  comm "syz-executor193", pid 3787, jiffies 4294971495 (age 12.820s)
  hex dump (first 32 bytes):
    03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff814ed790>] kmalloc_trace+0x20/0x90 mm/slab_common.c:1045
    [<ffffffff820869aa>] kmalloc include/linux/slab.h:553 [inline]
    [<ffffffff820869aa>] add_tree_block+0x3a/0x210 fs/btrfs/ref-verify.c:316
    [<ffffffff82087e7c>] btrfs_build_ref_tree+0x50c/0x750 fs/btrfs/ref-verify.c:471
    [<ffffffff846b818d>] open_ctree+0x19af/0x1fcb fs/btrfs/disk-io.c:3767
    [<ffffffff846b17d6>] btrfs_fill_super fs/btrfs/super.c:1461 [inline]
    [<ffffffff846b17d6>] btrfs_mount_root.cold+0x13/0xf5 fs/btrfs/super.c:1829
    [<ffffffff81662b0b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:610
    [<ffffffff815fc948>] vfs_get_tree+0x28/0x100 fs/super.c:1531
    [<ffffffff81638b61>] fc_mount fs/namespace.c:1043 [inline]
    [<ffffffff81638b61>] vfs_kern_mount.part.0+0xd1/0x120 fs/namespace.c:1073
    [<ffffffff81638bec>] vfs_kern_mount+0x3c/0x60 fs/namespace.c:1060
    [<ffffffff81f54029>] btrfs_mount+0x199/0x590 fs/btrfs/super.c:1889
    [<ffffffff81662b0b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:610
    [<ffffffff815fc948>] vfs_get_tree+0x28/0x100 fs/super.c:1531
    [<ffffffff81640487>] do_new_mount fs/namespace.c:3040 [inline]
    [<ffffffff81640487>] path_mount+0xc37/0x10d0 fs/namespace.c:3370
    [<ffffffff8164106e>] do_mount fs/namespace.c:3383 [inline]
    [<ffffffff8164106e>] __do_sys_mount fs/namespace.c:3591 [inline]
    [<ffffffff8164106e>] __se_sys_mount fs/namespace.c:3568 [inline]
    [<ffffffff8164106e>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3568
    [<ffffffff8485b285>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff8485b285>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810c91f040 (size 64):
  comm "syz-executor193", pid 3787, jiffies 4294971495 (age 12.820s)
  hex dump (first 32 bytes):
    03 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff814ed790>] kmalloc_trace+0x20/0x90 mm/slab_common.c:1045
    [<ffffffff82086355>] kmalloc include/linux/slab.h:553 [inline]
    [<ffffffff82086355>] kzalloc include/linux/slab.h:689 [inline]
    [<ffffffff82086355>] add_block_entry+0x35/0x320 fs/btrfs/ref-verify.c:267
    [<ffffffff82086a0e>] add_tree_block+0x9e/0x210 fs/btrfs/ref-verify.c:329
    [<ffffffff82087e7c>] btrfs_build_ref_tree+0x50c/0x750 fs/btrfs/ref-verify.c:471
    [<ffffffff846b818d>] open_ctree+0x19af/0x1fcb fs/btrfs/disk-io.c:3767
    [<ffffffff846b17d6>] btrfs_fill_super fs/btrfs/super.c:1461 [inline]
    [<ffffffff846b17d6>] btrfs_mount_root.cold+0x13/0xf5 fs/btrfs/super.c:1829
    [<ffffffff81662b0b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:610
    [<ffffffff815fc948>] vfs_get_tree+0x28/0x100 fs/super.c:1531
    [<ffffffff81638b61>] fc_mount fs/namespace.c:1043 [inline]
    [<ffffffff81638b61>] vfs_kern_mount.part.0+0xd1/0x120 fs/namespace.c:1073
    [<ffffffff81638bec>] vfs_kern_mount+0x3c/0x60 fs/namespace.c:1060
    [<ffffffff81f54029>] btrfs_mount+0x199/0x590 fs/btrfs/super.c:1889
    [<ffffffff81662b0b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:610
    [<ffffffff815fc948>] vfs_get_tree+0x28/0x100 fs/super.c:1531
    [<ffffffff81640487>] do_new_mount fs/namespace.c:3040 [inline]
    [<ffffffff81640487>] path_mount+0xc37/0x10d0 fs/namespace.c:3370
    [<ffffffff8164106e>] do_mount fs/namespace.c:3383 [inline]
    [<ffffffff8164106e>] __do_sys_mount fs/namespace.c:3591 [inline]
    [<ffffffff8164106e>] __se_sys_mount fs/namespace.c:3568 [inline]
    [<ffffffff8164106e>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3568
    [<ffffffff8485b285>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff8485b285>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80

BUG: memory leak
unreferenced object 0xffff88810caab580 (size 96):
  comm "syz-executor193", pid 3787, jiffies 4294971495 (age 12.820s)
  hex dump (first 32 bytes):
    00 10 10 00 00 00 00 00 00 10 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00  ................
  backtrace:
    [<ffffffff814ed790>] kmalloc_trace+0x20/0x90 mm/slab_common.c:1045
    [<ffffffff8208636e>] kmalloc include/linux/slab.h:553 [inline]
    [<ffffffff8208636e>] kzalloc include/linux/slab.h:689 [inline]
    [<ffffffff8208636e>] add_block_entry+0x4e/0x320 fs/btrfs/ref-verify.c:268
    [<ffffffff82086a0e>] add_tree_block+0x9e/0x210 fs/btrfs/ref-verify.c:329
    [<ffffffff82087e7c>] btrfs_build_ref_tree+0x50c/0x750 fs/btrfs/ref-verify.c:471
    [<ffffffff846b818d>] open_ctree+0x19af/0x1fcb fs/btrfs/disk-io.c:3767
    [<ffffffff846b17d6>] btrfs_fill_super fs/btrfs/super.c:1461 [inline]
    [<ffffffff846b17d6>] btrfs_mount_root.cold+0x13/0xf5 fs/btrfs/super.c:1829
    [<ffffffff81662b0b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:610
    [<ffffffff815fc948>] vfs_get_tree+0x28/0x100 fs/super.c:1531
    [<ffffffff81638b61>] fc_mount fs/namespace.c:1043 [inline]
    [<ffffffff81638b61>] vfs_kern_mount.part.0+0xd1/0x120 fs/namespace.c:1073
    [<ffffffff81638bec>] vfs_kern_mount+0x3c/0x60 fs/namespace.c:1060
    [<ffffffff81f54029>] btrfs_mount+0x199/0x590 fs/btrfs/super.c:1889
    [<ffffffff81662b0b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:610
    [<ffffffff815fc948>] vfs_get_tree+0x28/0x100 fs/super.c:1531
    [<ffffffff81640487>] do_new_mount fs/namespace.c:3040 [inline]
    [<ffffffff81640487>] path_mount+0xc37/0x10d0 fs/namespace.c:3370
    [<ffffffff8164106e>] do_mount fs/namespace.c:3383 [inline]
    [<ffffffff8164106e>] __do_sys_mount fs/namespace.c:3591 [inline]
    [<ffffffff8164106e>] __se_sys_mount fs/namespace.c:3568 [inline]
    [<ffffffff8164106e>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3568
    [<ffffffff8485b285>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff8485b285>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80


Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2022/11/24 07:39 upstream 4312098baf37 12c66417 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in add_tree_block
* Struck through repros no longer work on HEAD.