syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12516] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

memory leak in add_block_entry

Status: fixed on 2024/03/25 23:45
Subsystems: btrfs
[Documentation on labels]
Reported-by: syzbot+c563a3c79927971f950f@syzkaller.appspotmail.com
Fix commit: f03e274a8b29 btrfs: ref-verify: free ref cache before clearing mount opt
First crash: 325d, last: 129d
Discussions (3)
Title Replies (including bot) Last reply
[PATCH 4.19 24/41] btrfs: ref-verify: free ref cache before clearing mount opt 1 (1) 2024/03/13 17:04
[PATCH] btrfs: ref-verify: free ref cache before clearing mount opt 3 (3) 2024/01/04 16:00
[syzbot] [btrfs?] memory leak in add_block_entry 0 (1) 2023/06/10 12:57
Last patch testing requests (9)
Created Duration User Patch Repo Result
2024/01/03 14:27 14m retest repro upstream report log
2024/01/03 14:11 14m retest repro upstream report log
2023/12/19 15:58 10m retest repro upstream report log
2023/12/19 15:58 13m retest repro upstream report log
2023/10/25 13:48 11m retest repro upstream report log
2023/10/25 13:48 16m retest repro upstream report log
2023/10/10 13:23 28m retest repro upstream report log
2023/10/10 13:23 23m retest repro upstream report log
2023/08/15 12:54 9m retest repro upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88810ca65940 (size 64):
  comm "syz-executor222", pid 5067, jiffies 4294999953 (age 9.980s)
  hex dump (first 32 bytes):
    03 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81574285>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1114
    [<ffffffff821a19b5>] kmalloc include/linux/slab.h:599 [inline]
    [<ffffffff821a19b5>] kzalloc include/linux/slab.h:720 [inline]
    [<ffffffff821a19b5>] add_block_entry+0x35/0x320 fs/btrfs/ref-verify.c:270
    [<ffffffff821a2056>] add_tree_block+0x96/0x240 fs/btrfs/ref-verify.c:332
    [<ffffffff821a3649>] process_extent_item fs/btrfs/ref-verify.c:474 [inline]
    [<ffffffff821a3649>] process_leaf fs/btrfs/ref-verify.c:521 [inline]
    [<ffffffff821a3649>] walk_down_tree fs/btrfs/ref-verify.c:573 [inline]
    [<ffffffff821a3649>] btrfs_build_ref_tree+0x589/0x850 fs/btrfs/ref-verify.c:1006
    [<ffffffff8208d41f>] open_ctree+0x18af/0x2290 fs/btrfs/disk-io.c:3528
    [<ffffffff820532ff>] btrfs_fill_super fs/btrfs/super.c:1164 [inline]
    [<ffffffff820532ff>] btrfs_mount_root+0x5af/0x750 fs/btrfs/super.c:1529
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816cc11b>] fc_mount fs/namespace.c:1112 [inline]
    [<ffffffff816cc11b>] vfs_kern_mount.part.0+0xcb/0x110 fs/namespace.c:1142
    [<ffffffff816cc19f>] vfs_kern_mount+0x3f/0x60 fs/namespace.c:1129
    [<ffffffff820573db>] btrfs_mount+0x24b/0x6a0 fs/btrfs/super.c:1589
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d46af>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d46af>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d52a1>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d52a1>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d52a1>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d52a1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b38548>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b38548>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80

BUG: memory leak
unreferenced object 0xffff88810b8fdc00 (size 96):
  comm "syz-executor222", pid 5067, jiffies 4294999953 (age 9.980s)
  hex dump (first 32 bytes):
    00 10 10 00 00 00 00 00 00 10 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00  ................
  backtrace:
    [<ffffffff81574285>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1114
    [<ffffffff821a19ce>] kmalloc include/linux/slab.h:599 [inline]
    [<ffffffff821a19ce>] kzalloc include/linux/slab.h:720 [inline]
    [<ffffffff821a19ce>] add_block_entry+0x4e/0x320 fs/btrfs/ref-verify.c:271
    [<ffffffff821a2056>] add_tree_block+0x96/0x240 fs/btrfs/ref-verify.c:332
    [<ffffffff821a3649>] process_extent_item fs/btrfs/ref-verify.c:474 [inline]
    [<ffffffff821a3649>] process_leaf fs/btrfs/ref-verify.c:521 [inline]
    [<ffffffff821a3649>] walk_down_tree fs/btrfs/ref-verify.c:573 [inline]
    [<ffffffff821a3649>] btrfs_build_ref_tree+0x589/0x850 fs/btrfs/ref-verify.c:1006
    [<ffffffff8208d41f>] open_ctree+0x18af/0x2290 fs/btrfs/disk-io.c:3528
    [<ffffffff820532ff>] btrfs_fill_super fs/btrfs/super.c:1164 [inline]
    [<ffffffff820532ff>] btrfs_mount_root+0x5af/0x750 fs/btrfs/super.c:1529
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816cc11b>] fc_mount fs/namespace.c:1112 [inline]
    [<ffffffff816cc11b>] vfs_kern_mount.part.0+0xcb/0x110 fs/namespace.c:1142
    [<ffffffff816cc19f>] vfs_kern_mount+0x3f/0x60 fs/namespace.c:1129
    [<ffffffff820573db>] btrfs_mount+0x24b/0x6a0 fs/btrfs/super.c:1589
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d46af>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d46af>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d52a1>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d52a1>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d52a1>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d52a1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b38548>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b38548>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80

BUG: memory leak
unreferenced object 0xffff88810ca659c0 (size 64):
  comm "syz-executor222", pid 5067, jiffies 4294999953 (age 9.980s)
  hex dump (first 32 bytes):
    05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81574285>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1114
    [<ffffffff821a19b5>] kmalloc include/linux/slab.h:599 [inline]
    [<ffffffff821a19b5>] kzalloc include/linux/slab.h:720 [inline]
    [<ffffffff821a19b5>] add_block_entry+0x35/0x320 fs/btrfs/ref-verify.c:270
    [<ffffffff821a2056>] add_tree_block+0x96/0x240 fs/btrfs/ref-verify.c:332
    [<ffffffff821a3649>] process_extent_item fs/btrfs/ref-verify.c:474 [inline]
    [<ffffffff821a3649>] process_leaf fs/btrfs/ref-verify.c:521 [inline]
    [<ffffffff821a3649>] walk_down_tree fs/btrfs/ref-verify.c:573 [inline]
    [<ffffffff821a3649>] btrfs_build_ref_tree+0x589/0x850 fs/btrfs/ref-verify.c:1006
    [<ffffffff8208d41f>] open_ctree+0x18af/0x2290 fs/btrfs/disk-io.c:3528
    [<ffffffff820532ff>] btrfs_fill_super fs/btrfs/super.c:1164 [inline]
    [<ffffffff820532ff>] btrfs_mount_root+0x5af/0x750 fs/btrfs/super.c:1529
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816cc11b>] fc_mount fs/namespace.c:1112 [inline]
    [<ffffffff816cc11b>] vfs_kern_mount.part.0+0xcb/0x110 fs/namespace.c:1142
    [<ffffffff816cc19f>] vfs_kern_mount+0x3f/0x60 fs/namespace.c:1129
    [<ffffffff820573db>] btrfs_mount+0x24b/0x6a0 fs/btrfs/super.c:1589
    [<ffffffff816f9579>] legacy_get_tree+0x29/0x80 fs/fs_context.c:638
    [<ffffffff8168f22a>] vfs_get_tree+0x2a/0x130 fs/super.c:1750
    [<ffffffff816d46af>] do_new_mount fs/namespace.c:3335 [inline]
    [<ffffffff816d46af>] path_mount+0xc8f/0x10d0 fs/namespace.c:3662
    [<ffffffff816d52a1>] do_mount fs/namespace.c:3675 [inline]
    [<ffffffff816d52a1>] __do_sys_mount fs/namespace.c:3884 [inline]
    [<ffffffff816d52a1>] __se_sys_mount fs/namespace.c:3861 [inline]
    [<ffffffff816d52a1>] __x64_sys_mount+0x1a1/0x1f0 fs/namespace.c:3861
    [<ffffffff84b38548>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84b38548>] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/10/11 13:44 upstream 94f6f0550c62 83165b57 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in add_block_entry
2023/09/26 05:58 upstream 6465e260f487 0b6a67ac .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in add_block_entry
2023/09/21 15:05 upstream 42dc814987c1 0b6a67ac .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci-upstream-gce-leak memory leak in add_block_entry
2023/06/06 12:54 upstream f8dba31b0a82 a4ae4f42 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-leak memory leak in add_block_entry
* Struck through repros no longer work on HEAD.