lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 23 Nov 2023 20:07:19 -0800
From:   syzbot <syzbot+81670362c283f3dd889c@...kaller.appspotmail.com>
To:     clm@...com, dsterba@...e.com, josef@...icpanda.com,
        linux-btrfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: [syzbot] [btrfs?] memory leak in clear_state_bit

Hello,

syzbot found the following issue on:

HEAD commit:    98b1cc82c4af Linux 6.7-rc2
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1617a610e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f1b9d95ada516af
dashboard link: https://syzkaller.appspot.com/bug?extid=81670362c283f3dd889c
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10e5bdd4e80000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13b506f0e80000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6b6d520f592c/disk-98b1cc82.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c2cb6183fd56/vmlinux-98b1cc82.xz
kernel image: https://storage.googleapis.com/syzbot-assets/de520cfc8b93/bzImage-98b1cc82.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/97f709bf4312/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+81670362c283f3dd889c@...kaller.appspotmail.com

write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
BUG: memory leak
unreferenced object 0xffff888100812800 (size 64):
  comm "syz-executor358", pid 5076, jiffies 4294970941 (age 12.950s)
  hex dump (first 32 bytes):
    00 00 48 00 00 00 00 00 ff ff 48 00 00 00 00 00  ..H.......H.....
    60 b6 52 02 00 c9 ff ff 60 b6 52 02 00 c9 ff ff  `.R.....`.R.....
  backtrace:
    [<ffffffff816339bd>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
    [<ffffffff816339bd>] slab_post_alloc_hook mm/slab.h:766 [inline]
    [<ffffffff816339bd>] slab_alloc_node mm/slub.c:3478 [inline]
    [<ffffffff816339bd>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517
    [<ffffffff8157e845>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098
    [<ffffffff8215ec8b>] kmalloc include/linux/slab.h:600 [inline]
    [<ffffffff8215ec8b>] ulist_add_merge fs/btrfs/ulist.c:210 [inline]
    [<ffffffff8215ec8b>] ulist_add_merge+0xcb/0x2b0 fs/btrfs/ulist.c:198
    [<ffffffff821b3964>] add_extent_changeset fs/btrfs/extent-io-tree.c:199 [inline]
    [<ffffffff821b3964>] add_extent_changeset fs/btrfs/extent-io-tree.c:186 [inline]
    [<ffffffff821b3964>] clear_state_bit+0xa4/0x1f0 fs/btrfs/extent-io-tree.c:559
    [<ffffffff821b4b12>] __clear_extent_bit+0x432/0x840 fs/btrfs/extent-io-tree.c:731
    [<ffffffff82169c7d>] __btrfs_qgroup_release_data+0x21d/0x4a0 fs/btrfs/qgroup.c:4123
    [<ffffffff820e2737>] alloc_ordered_extent+0x57/0x2c0 fs/btrfs/ordered-data.c:159
    [<ffffffff820e2dc8>] btrfs_alloc_ordered_extent+0x78/0x4f0 fs/btrfs/ordered-data.c:274
    [<ffffffff820ab67a>] btrfs_create_dio_extent+0xba/0x1b0 fs/btrfs/inode.c:6953
    [<ffffffff820c47ac>] btrfs_get_blocks_direct_write fs/btrfs/inode.c:7343 [inline]
    [<ffffffff820c47ac>] btrfs_dio_iomap_begin+0xcbc/0x11a0 fs/btrfs/inode.c:7594
    [<ffffffff81772039>] iomap_iter+0x219/0x590 fs/iomap/iter.c:91
    [<ffffffff8177968b>] __iomap_dio_rw+0x2bb/0xd40 fs/iomap/direct-io.c:658
    [<ffffffff820c4da3>] btrfs_dio_write+0x73/0xa0 fs/btrfs/inode.c:7798
    [<ffffffff820cf774>] btrfs_direct_write fs/btrfs/file.c:1543 [inline]
    [<ffffffff820cf774>] btrfs_do_write_iter+0x454/0x960 fs/btrfs/file.c:1684
    [<ffffffff816924c4>] call_write_iter include/linux/fs.h:2020 [inline]
    [<ffffffff816924c4>] do_iter_readv_writev+0x154/0x220 fs/read_write.c:735
    [<ffffffff81693c4c>] do_iter_write+0xec/0x370 fs/read_write.c:860

write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ