| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251211184838.GN4859@twin.jikos.cz>
Date: Thu, 11 Dec 2025 19:48:38 +0100
From: David Sterba <dsterba@...e.cz>
To: Deepanshu Kartikey <kartikey406@...il.com>
Cc: clm@...com, dsterba@...e.com, miaox@...fujitsu.com,
linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
syzbot+eadd98df8bceb15d7fed@...kaller.appspotmail.com
Subject: Re: [PATCH] btrfs: fix memory leak of fs_devices in degraded seed
device path
On Wed, Dec 10, 2025 at 06:58:07PM +0530, Deepanshu Kartikey wrote:
> In open_seed_devices(), when find_fsid() fails and we're in DEGRADED
> mode, a new fs_devices is allocated via alloc_fs_devices() but is never
> added to the seed_list before returning. This contrasts with the normal
> path where fs_devices is properly added via list_add().
>
> If any error occurs later in read_one_dev() or btrfs_read_chunk_tree(),
> the cleanup code iterates seed_list to free seed devices, but this
> orphaned fs_devices is never found and never freed, causing a memory
> leak. Any devices allocated via add_missing_dev() and attached to this
> fs_devices are also leaked.
>
> Fix this by adding the newly allocated fs_devices to seed_list in the
> degraded path, consistent with the normal path.
>
> Fixes: 5f37583569442 ("Btrfs: move the missing device to its own fs device list")
> Reported-by: syzbot+eadd98df8bceb15d7fed@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=eadd98df8bceb15d7fed
> Tested-by: syzbot+eadd98df8bceb15d7fed@...kaller.appspotmail.com
> Signed-off-by: Deepanshu Kartikey <kartikey406@...il.com>
Reviewed-by: David Sterba <dsterba@...e.com>
Powered by blists - more mailing lists