linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* memory leak in reiserfs_fill_super
@ 2019-12-12  1:25 syzbot
  2019-12-14 23:12 ` [PATCH] " Randy Dunlap
  0 siblings, 1 reply; 3+ messages in thread
From: syzbot @ 2019-12-12  1:25 UTC (permalink / raw)
  To: deepa.kernel, jack, jeffm, jlayton, linux-kernel, reiserfs-devel,
	syzkaller-bugs, viro

Hello,

syzbot found the following crash on:

HEAD commit:    6794862a Merge tag 'for-5.5-rc1-kconfig-tag' of git://git...
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1158c12ee00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=bbf3a35184a3ed64
dashboard link: https://syzkaller.appspot.com/bug?extid=1c6756baf4b16b94d2a6
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=165a64fae00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12083661e00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+1c6756baf4b16b94d2a6@syzkaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff88811ff310c0 (size 32):
   comm "syz-executor671", pid 7128, jiffies 4294943335 (age 13.580s)
   hex dump (first 32 bytes):
     2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
     01 00 00 00 01 00 00 00 18 00 00 00 00 00 00 00  ................
   backtrace:
     [<000000004089eb3d>] kmemleak_alloc_recursive  
include/linux/kmemleak.h:43 [inline]
     [<000000004089eb3d>] slab_post_alloc_hook mm/slab.h:586 [inline]
     [<000000004089eb3d>] slab_alloc mm/slab.c:3320 [inline]
     [<000000004089eb3d>] __do_kmalloc mm/slab.c:3654 [inline]
     [<000000004089eb3d>] __kmalloc_track_caller+0x165/0x300 mm/slab.c:3671
     [<000000008421832f>] kstrdup+0x3a/0x70 mm/util.c:60
     [<0000000043bf75e5>] reiserfs_fill_super+0x500/0x1120  
fs/reiserfs/super.c:1946
     [<000000009cbc0e69>] mount_bdev+0x1ce/0x210 fs/super.c:1415
     [<00000000934dd7f3>] get_super_block+0x35/0x40 fs/reiserfs/super.c:2604
     [<00000000cf77f9c8>] legacy_get_tree+0x27/0x80 fs/fs_context.c:647
     [<000000000d70f443>] vfs_get_tree+0x2d/0xe0 fs/super.c:1545
     [<00000000be5ed892>] do_new_mount fs/namespace.c:2822 [inline]
     [<00000000be5ed892>] do_mount+0x97c/0xc80 fs/namespace.c:3142
     [<00000000f546ac03>] ksys_mount+0xab/0x120 fs/namespace.c:3351
     [<000000005818601f>] __do_sys_mount fs/namespace.c:3365 [inline]
     [<000000005818601f>] __se_sys_mount fs/namespace.c:3362 [inline]
     [<000000005818601f>] __x64_sys_mount+0x26/0x30 fs/namespace.c:3362
     [<00000000a358ffb7>] do_syscall_64+0x73/0x220  
arch/x86/entry/common.c:294
     [<00000000cb1c9cc8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff8881232e08e0 (size 32):
   comm "syz-executor671", pid 7135, jiffies 4294943878 (age 8.150s)
   hex dump (first 32 bytes):
     2e 00 63 75 72 69 74 79 2e 73 65 6c 69 6e 75 78  ..curity.selinux
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
   backtrace:
     [<000000004089eb3d>] kmemleak_alloc_recursive  
include/linux/kmemleak.h:43 [inline]
     [<000000004089eb3d>] slab_post_alloc_hook mm/slab.h:586 [inline]
     [<000000004089eb3d>] slab_alloc mm/slab.c:3320 [inline]
     [<000000004089eb3d>] __do_kmalloc mm/slab.c:3654 [inline]
     [<000000004089eb3d>] __kmalloc_track_caller+0x165/0x300 mm/slab.c:3671
     [<000000008421832f>] kstrdup+0x3a/0x70 mm/util.c:60
     [<0000000043bf75e5>] reiserfs_fill_super+0x500/0x1120  
fs/reiserfs/super.c:1946
     [<000000009cbc0e69>] mount_bdev+0x1ce/0x210 fs/super.c:1415
     [<00000000934dd7f3>] get_super_block+0x35/0x40 fs/reiserfs/super.c:2604
     [<00000000cf77f9c8>] legacy_get_tree+0x27/0x80 fs/fs_context.c:647
     [<000000000d70f443>] vfs_get_tree+0x2d/0xe0 fs/super.c:1545
     [<00000000be5ed892>] do_new_mount fs/namespace.c:2822 [inline]
     [<00000000be5ed892>] do_mount+0x97c/0xc80 fs/namespace.c:3142
     [<00000000f546ac03>] ksys_mount+0xab/0x120 fs/namespace.c:3351
     [<000000005818601f>] __do_sys_mount fs/namespace.c:3365 [inline]
     [<000000005818601f>] __se_sys_mount fs/namespace.c:3362 [inline]
     [<000000005818601f>] __x64_sys_mount+0x26/0x30 fs/namespace.c:3362
     [<00000000a358ffb7>] do_syscall_64+0x73/0x220  
arch/x86/entry/common.c:294
     [<00000000cb1c9cc8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9



---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [PATCH] Re: memory leak in reiserfs_fill_super
  2019-12-12  1:25 memory leak in reiserfs_fill_super syzbot
@ 2019-12-14 23:12 ` Randy Dunlap
  2019-12-16 11:57   ` Jan Kara
  0 siblings, 1 reply; 3+ messages in thread
From: Randy Dunlap @ 2019-12-14 23:12 UTC (permalink / raw)
  To: syzbot, deepa.kernel, jack, jeffm, jlayton, linux-kernel,
	reiserfs-devel, syzkaller-bugs, viro

From: Randy Dunlap <rdunlap@infradead.org>

fill_super() conditionally allocates a jdev string if "jdev=x"
is specified.  put_super() should free that memory.

Reported-by: syzbot+1c6756baf4b16b94d2a6@syzkaller.appspotmail.com
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
---
 fs/reiserfs/super.c |    1 +
 1 file changed, 1 insertion(+)

--- linux-next-20191213.orig/fs/reiserfs/super.c
+++ linux-next-20191213/fs/reiserfs/super.c
@@ -629,6 +629,7 @@ static void reiserfs_put_super(struct su
 	reiserfs_write_unlock(s);
 	mutex_destroy(&REISERFS_SB(s)->lock);
 	destroy_workqueue(REISERFS_SB(s)->commit_wq);
+	kfree(REISERFS_SB(s)->s_jdev);
 	kfree(s->s_fs_info);
 	s->s_fs_info = NULL;
 }


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] Re: memory leak in reiserfs_fill_super
  2019-12-14 23:12 ` [PATCH] " Randy Dunlap
@ 2019-12-16 11:57   ` Jan Kara
  0 siblings, 0 replies; 3+ messages in thread
From: Jan Kara @ 2019-12-16 11:57 UTC (permalink / raw)
  To: Randy Dunlap
  Cc: syzbot, deepa.kernel, jack, jeffm, jlayton, linux-kernel,
	reiserfs-devel, syzkaller-bugs, viro

On Sat 14-12-19 15:12:57, Randy Dunlap wrote:
> From: Randy Dunlap <rdunlap@infradead.org>
> 
> fill_super() conditionally allocates a jdev string if "jdev=x"
> is specified.  put_super() should free that memory.
> 
> Reported-by: syzbot+1c6756baf4b16b94d2a6@syzkaller.appspotmail.com
> Signed-off-by: Randy Dunlap <rdunlap@infradead.org>

Thanks Randy but I've already sent a similar (and more complete) fix to this
bug as part of [1].

								Honza

[1] https://lore.kernel.org/linux-fsdevel/20191212105018.910-1-jack@suse.cz/

> ---
>  fs/reiserfs/super.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> --- linux-next-20191213.orig/fs/reiserfs/super.c
> +++ linux-next-20191213/fs/reiserfs/super.c
> @@ -629,6 +629,7 @@ static void reiserfs_put_super(struct su
>  	reiserfs_write_unlock(s);
>  	mutex_destroy(&REISERFS_SB(s)->lock);
>  	destroy_workqueue(REISERFS_SB(s)->commit_wq);
> +	kfree(REISERFS_SB(s)->s_jdev);
>  	kfree(s->s_fs_info);
>  	s->s_fs_info = NULL;
>  }
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-12-16 11:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-12  1:25 memory leak in reiserfs_fill_super syzbot
2019-12-14 23:12 ` [PATCH] " Randy Dunlap
2019-12-16 11:57   ` Jan Kara

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).