All of lore.kernel.org
 help / color / mirror / Atom feed
From: syzbot <syzbot+6f8cd9a0155b366d227f@syzkaller.appspotmail.com>
To: chao@kernel.org, huyue2@coolpad.com, jefflexu@linux.alibaba.com,
	linux-erofs@lists.ozlabs.org, linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com, xiang@kernel.org
Subject: [syzbot] memory leak in z_erofs_do_read_page
Date: Thu, 01 Dec 2022 03:54:41 -0800	[thread overview]
Message-ID: <000000000000e7574205eec2e2ad@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    ef4d3ea40565 afs: Fix server->active leak in afs_put_server
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1251434b880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=979161df0e247659
dashboard link: https://syzkaller.appspot.com/bug?extid=6f8cd9a0155b366d227f
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1102d8d5880000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1549a85b880000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3221db92d084/disk-ef4d3ea4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/909a41154e5c/vmlinux-ef4d3ea4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/31207496b5e3/bzImage-ef4d3ea4.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/53f3c05f9892/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6f8cd9a0155b366d227f@syzkaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff88811009c7f8 (size 136):
  comm "syz-executor227", pid 3659, jiffies 4294973830 (age 12.500s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff821db19b>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff821db19b>] z_erofs_alloc_pcluster fs/erofs/zdata.c:152 [inline]
    [<ffffffff821db19b>] z_erofs_register_pcluster fs/erofs/zdata.c:497 [inline]
    [<ffffffff821db19b>] z_erofs_collector_begin fs/erofs/zdata.c:576 [inline]
    [<ffffffff821db19b>] z_erofs_do_read_page+0x99b/0x1740 fs/erofs/zdata.c:728
    [<ffffffff821dee9e>] z_erofs_readahead+0x24e/0x580 fs/erofs/zdata.c:1670
    [<ffffffff814bc0d6>] read_pages+0x86/0x3d0 mm/readahead.c:161
    [<ffffffff814bc60d>] page_cache_ra_unbounded+0x1ed/0x220 mm/readahead.c:270
    [<ffffffff814bcfe9>] do_page_cache_ra mm/readahead.c:300 [inline]
    [<ffffffff814bcfe9>] page_cache_ra_order+0x399/0x410 mm/readahead.c:560
    [<ffffffff814bd48d>] ondemand_readahead+0x42d/0x640 mm/readahead.c:682
    [<ffffffff814bd7d8>] page_cache_sync_ra+0x138/0x140 mm/readahead.c:709
    [<ffffffff814ac448>] page_cache_sync_readahead include/linux/pagemap.h:1213 [inline]
    [<ffffffff814ac448>] filemap_get_pages+0x158/0xa00 mm/filemap.c:2581
    [<ffffffff814ace2e>] filemap_read+0x13e/0x520 mm/filemap.c:2675
    [<ffffffff814ad3e9>] generic_file_read_iter+0x1d9/0x280 mm/filemap.c:2821
    [<ffffffff815f782f>] __kernel_read+0x13f/0x340 fs/read_write.c:428
    [<ffffffff822729ac>] integrity_kernel_read+0x2c/0x40 security/integrity/iint.c:199
    [<ffffffff82276d4c>] ima_calc_file_hash_tfm+0x11c/0x1d0 security/integrity/ima/ima_crypto.c:485
    [<ffffffff82277131>] ima_calc_file_shash security/integrity/ima/ima_crypto.c:516 [inline]
    [<ffffffff82277131>] ima_calc_file_hash+0xf1/0xa70 security/integrity/ima/ima_crypto.c:573
    [<ffffffff82278b57>] ima_collect_measurement+0x307/0x380 security/integrity/ima/ima_api.c:292
    [<ffffffff82274dbd>] process_measurement+0x7cd/0xdb0 security/integrity/ima/ima_main.c:337

BUG: memory leak
unreferenced object 0xffff88811009ca18 (size 136):
  comm "syz-executor227", pid 3663, jiffies 4294974353 (age 7.270s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff821db19b>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff821db19b>] z_erofs_alloc_pcluster fs/erofs/zdata.c:152 [inline]
    [<ffffffff821db19b>] z_erofs_register_pcluster fs/erofs/zdata.c:497 [inline]
    [<ffffffff821db19b>] z_erofs_collector_begin fs/erofs/zdata.c:576 [inline]
    [<ffffffff821db19b>] z_erofs_do_read_page+0x99b/0x1740 fs/erofs/zdata.c:728
    [<ffffffff821dee9e>] z_erofs_readahead+0x24e/0x580 fs/erofs/zdata.c:1670
    [<ffffffff814bc0d6>] read_pages+0x86/0x3d0 mm/readahead.c:161
    [<ffffffff814bc60d>] page_cache_ra_unbounded+0x1ed/0x220 mm/readahead.c:270
    [<ffffffff814bcfe9>] do_page_cache_ra mm/readahead.c:300 [inline]
    [<ffffffff814bcfe9>] page_cache_ra_order+0x399/0x410 mm/readahead.c:560
    [<ffffffff814bd48d>] ondemand_readahead+0x42d/0x640 mm/readahead.c:682
    [<ffffffff814bd7d8>] page_cache_sync_ra+0x138/0x140 mm/readahead.c:709
    [<ffffffff814ac448>] page_cache_sync_readahead include/linux/pagemap.h:1213 [inline]
    [<ffffffff814ac448>] filemap_get_pages+0x158/0xa00 mm/filemap.c:2581
    [<ffffffff814ace2e>] filemap_read+0x13e/0x520 mm/filemap.c:2675
    [<ffffffff814ad3e9>] generic_file_read_iter+0x1d9/0x280 mm/filemap.c:2821
    [<ffffffff815f782f>] __kernel_read+0x13f/0x340 fs/read_write.c:428
    [<ffffffff822729ac>] integrity_kernel_read+0x2c/0x40 security/integrity/iint.c:199
    [<ffffffff82276d4c>] ima_calc_file_hash_tfm+0x11c/0x1d0 security/integrity/ima/ima_crypto.c:485
    [<ffffffff82277131>] ima_calc_file_shash security/integrity/ima/ima_crypto.c:516 [inline]
    [<ffffffff82277131>] ima_calc_file_hash+0xf1/0xa70 security/integrity/ima/ima_crypto.c:573
    [<ffffffff82278b57>] ima_collect_measurement+0x307/0x380 security/integrity/ima/ima_api.c:292
    [<ffffffff82274dbd>] process_measurement+0x7cd/0xdb0 security/integrity/ima/ima_main.c:337



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

                 reply	other threads:[~2022-12-01 11:54 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000e7574205eec2e2ad@google.com \
    --to=syzbot+6f8cd9a0155b366d227f@syzkaller.appspotmail.com \
    --cc=chao@kernel.org \
    --cc=huyue2@coolpad.com \
    --cc=jefflexu@linux.alibaba.com \
    --cc=linux-erofs@lists.ozlabs.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=xiang@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.