lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000000000000876b4405ec984835@google.com>
Date:   Thu, 03 Nov 2022 15:14:39 -0700
From:   syzbot <syzbot+05a0f0ccab4a25626e38@...kaller.appspotmail.com>
To:     adilger.kernel@...ger.ca, linux-ext4@...r.kernel.org,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com,
        tytso@....edu
Subject: [syzbot] memory leak in __insert_pending

Hello,

syzbot found the following issue on:

HEAD commit:    882ad2a2a8ff Merge tag 'random-6.1-rc3-for-linus' of git:/..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14aad446880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8e0c1dbca40c1f1d
dashboard link: https://syzkaller.appspot.com/bug?extid=05a0f0ccab4a25626e38
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11dc2096880000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13a9300a880000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f8f0ce1c9534/disk-882ad2a2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/206eb0f33f01/vmlinux-882ad2a2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/13e639ad2934/bzImage-882ad2a2.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/7347d92c0f64/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+05a0f0ccab4a25626e38@...kaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff888111c8a1e0 (size 32):
  comm "syz-executor114", pid 3614, jiffies 4294956785 (age 12.710s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8178729a>] __insert_pending.isra.0+0xaa/0xf0 fs/ext4/extents_status.c:1895
    [<ffffffff8178b044>] ext4_es_insert_delayed_block+0x224/0x230 fs/ext4/extents_status.c:2018
    [<ffffffff817a7ae5>] ext4_insert_delayed_block fs/ext4/inode.c:1704 [inline]
    [<ffffffff817a7ae5>] ext4_da_map_blocks fs/ext4/inode.c:1796 [inline]
    [<ffffffff817a7ae5>] ext4_da_get_block_prep+0x3a5/0x7e0 fs/ext4/inode.c:1860
    [<ffffffff81653016>] __block_write_begin_int+0x1d6/0x9d0 fs/buffer.c:1991
    [<ffffffff8179cf7b>] ext4_da_convert_inline_data_to_extent fs/ext4/inline.c:877 [inline]
    [<ffffffff8179cf7b>] ext4_da_write_inline_data_begin+0x39b/0xb10 fs/ext4/inline.c:939
    [<ffffffff817b0307>] ext4_da_write_begin+0x477/0x4e0 fs/ext4/inode.c:2986
    [<ffffffff8148755f>] generic_perform_write+0xff/0x2b0 mm/filemap.c:3753
    [<ffffffff8178c54b>] ext4_buffered_write_iter+0xbb/0x1d0 fs/ext4/file.c:285
    [<ffffffff8178c71f>] ext4_file_write_iter+0xbf/0xbf0 fs/ext4/file.c:700
    [<ffffffff815d8517>] call_write_iter include/linux/fs.h:2191 [inline]
    [<ffffffff815d8517>] do_iter_readv_writev+0x147/0x210 fs/read_write.c:735
    [<ffffffff815d9afc>] do_iter_write+0xdc/0x300 fs/read_write.c:861
    [<ffffffff815d9d59>] vfs_iter_write+0x39/0x60 fs/read_write.c:902
    [<ffffffff8163eb44>] iter_file_splice_write+0x434/0x660 fs/splice.c:686
    [<ffffffff8163c57b>] do_splice_from fs/splice.c:764 [inline]
    [<ffffffff8163c57b>] direct_splice_actor+0x4b/0x70 fs/splice.c:931
    [<ffffffff8163cd19>] splice_direct_to_actor+0x149/0x350 fs/splice.c:886
    [<ffffffff8163d008>] do_splice_direct+0xe8/0x150 fs/splice.c:974

BUG: memory leak
unreferenced object 0xffff888111c8a260 (size 32):
  comm "syz-executor114", pid 3618, jiffies 4294957317 (age 7.390s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8178729a>] __insert_pending.isra.0+0xaa/0xf0 fs/ext4/extents_status.c:1895
    [<ffffffff8178b044>] ext4_es_insert_delayed_block+0x224/0x230 fs/ext4/extents_status.c:2018
    [<ffffffff817a7ae5>] ext4_insert_delayed_block fs/ext4/inode.c:1704 [inline]
    [<ffffffff817a7ae5>] ext4_da_map_blocks fs/ext4/inode.c:1796 [inline]
    [<ffffffff817a7ae5>] ext4_da_get_block_prep+0x3a5/0x7e0 fs/ext4/inode.c:1860
    [<ffffffff81653016>] __block_write_begin_int+0x1d6/0x9d0 fs/buffer.c:1991
    [<ffffffff8179cf7b>] ext4_da_convert_inline_data_to_extent fs/ext4/inline.c:877 [inline]
    [<ffffffff8179cf7b>] ext4_da_write_inline_data_begin+0x39b/0xb10 fs/ext4/inline.c:939
    [<ffffffff817b0307>] ext4_da_write_begin+0x477/0x4e0 fs/ext4/inode.c:2986
    [<ffffffff8148755f>] generic_perform_write+0xff/0x2b0 mm/filemap.c:3753
    [<ffffffff8178c54b>] ext4_buffered_write_iter+0xbb/0x1d0 fs/ext4/file.c:285
    [<ffffffff8178c71f>] ext4_file_write_iter+0xbf/0xbf0 fs/ext4/file.c:700
    [<ffffffff815d8517>] call_write_iter include/linux/fs.h:2191 [inline]
    [<ffffffff815d8517>] do_iter_readv_writev+0x147/0x210 fs/read_write.c:735
    [<ffffffff815d9afc>] do_iter_write+0xdc/0x300 fs/read_write.c:861
    [<ffffffff815d9d59>] vfs_iter_write+0x39/0x60 fs/read_write.c:902
    [<ffffffff8163eb44>] iter_file_splice_write+0x434/0x660 fs/splice.c:686
    [<ffffffff8163c57b>] do_splice_from fs/splice.c:764 [inline]
    [<ffffffff8163c57b>] direct_splice_actor+0x4b/0x70 fs/splice.c:931
    [<ffffffff8163cd19>] splice_direct_to_actor+0x149/0x350 fs/splice.c:886
    [<ffffffff8163d008>] do_splice_direct+0xe8/0x150 fs/splice.c:974



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ