[syzbot] [ntfs3?] memory leak in ni_add_subrecord
4 views
Skip to first unread message
syzbot
Nov 10, 2025, 1:10:32 PM (23 hours ago) Nov 10
to almaz.ale...@paragon-software.com, linux-...@vger.kernel.org, nt...@lists.linux.dev, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: e811c33b1f13 Merge tag 'drm-fixes-2025-11-08' of https://g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1590ea58580000
kernel config: https://syzkaller.appspot.com/x/.config?x=cb128cd5cb439809
dashboard link: https://syzkaller.appspot.com/bug?extid=3932ccb896e06f7414c9
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1431bbcd980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16250412580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cc3290299f36/disk-e811c33b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/987fe9401d05/vmlinux-e811c33b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/23be5a0e8ba6/bzImage-e811c33b.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/a2535f9cc9c1/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3932cc...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888110bef280 (size 128):
comm "syz.0.17", pid 6082, jiffies 4294944677
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 48 37 28 81 88 ff ff .........H7(....
backtrace (crc 126a088f):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x6a0 fs/ntfs3/frecord.c:988
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888109093400 (size 1024):
comm "syz.0.17", pid 6082, jiffies 4294944677
hex dump (first 32 bytes):
46 49 4c 45 2a 00 03 00 00 00 00 00 00 00 00 00 FILE*...........
03 00 00 00 30 00 01 00 88 02 00 00 00 04 00 00 ....0...........
backtrace (crc 7197c55e):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__do_kmalloc_node mm/slub.c:5645 [inline]
__kmalloc_noprof+0x3e3/0x6b0 mm/slub.c:5658
kmalloc_noprof include/linux/slab.h:961 [inline]
mi_init+0x2b/0x50 fs/ntfs3/record.c:105
mi_format_new+0x40/0x220 fs/ntfs3/record.c:422
ni_add_subrecord+0x6b/0x180 fs/ntfs3/frecord.c:321
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x6a0 fs/ntfs3/frecord.c:988
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888110bef680 (size 128):
comm "syz.0.18", pid 6093, jiffies 4294944686
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 48 37 28 81 88 ff ff .........H7(....
backtrace (crc ada06205):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x6a0 fs/ntfs3/frecord.c:988
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff8881135d2000 (size 1024):
comm "syz.0.18", pid 6093, jiffies 4294944686
hex dump (first 32 bytes):
46 49 4c 45 2a 00 03 00 00 00 00 00 00 00 00 00 FILE*...........
03 00 00 00 30 00 01 00 88 02 00 00 00 04 00 00 ....0...........
backtrace (crc 7197c55e):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__do_kmalloc_node mm/slub.c:5645 [inline]
__kmalloc_noprof+0x3e3/0x6b0 mm/slub.c:5658
kmalloc_noprof include/linux/slab.h:961 [inline]
mi_init+0x2b/0x50 fs/ntfs3/record.c:105
mi_format_new+0x40/0x220 fs/ntfs3/record.c:422
ni_add_subrecord+0x6b/0x180 fs/ntfs3/frecord.c:321
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x6a0 fs/ntfs3/frecord.c:988
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888110bef780 (size 128):
comm "syz.0.19", pid 6099, jiffies 4294944695
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 30 25 0f 81 88 ff ff .........0%.....
backtrace (crc 6428af85):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x6a0 fs/ntfs3/frecord.c:988
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: e811c33b1f13 Merge tag 'drm-fixes-2025-11-08' of https://g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1590ea58580000
kernel config: https://syzkaller.appspot.com/x/.config?x=cb128cd5cb439809
dashboard link: https://syzkaller.appspot.com/bug?extid=3932ccb896e06f7414c9
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1431bbcd980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16250412580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cc3290299f36/disk-e811c33b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/987fe9401d05/vmlinux-e811c33b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/23be5a0e8ba6/bzImage-e811c33b.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/a2535f9cc9c1/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3932cc...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888110bef280 (size 128):
comm "syz.0.17", pid 6082, jiffies 4294944677
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 48 37 28 81 88 ff ff .........H7(....
backtrace (crc 126a088f):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x6a0 fs/ntfs3/frecord.c:988
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888109093400 (size 1024):
comm "syz.0.17", pid 6082, jiffies 4294944677
hex dump (first 32 bytes):
46 49 4c 45 2a 00 03 00 00 00 00 00 00 00 00 00 FILE*...........
03 00 00 00 30 00 01 00 88 02 00 00 00 04 00 00 ....0...........
backtrace (crc 7197c55e):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__do_kmalloc_node mm/slub.c:5645 [inline]
__kmalloc_noprof+0x3e3/0x6b0 mm/slub.c:5658
kmalloc_noprof include/linux/slab.h:961 [inline]
mi_init+0x2b/0x50 fs/ntfs3/record.c:105
mi_format_new+0x40/0x220 fs/ntfs3/record.c:422
ni_add_subrecord+0x6b/0x180 fs/ntfs3/frecord.c:321
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x6a0 fs/ntfs3/frecord.c:988
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888110bef680 (size 128):
comm "syz.0.18", pid 6093, jiffies 4294944686
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 48 37 28 81 88 ff ff .........H7(....
backtrace (crc ada06205):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x6a0 fs/ntfs3/frecord.c:988
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff8881135d2000 (size 1024):
comm "syz.0.18", pid 6093, jiffies 4294944686
hex dump (first 32 bytes):
46 49 4c 45 2a 00 03 00 00 00 00 00 00 00 00 00 FILE*...........
03 00 00 00 30 00 01 00 88 02 00 00 00 04 00 00 ....0...........
backtrace (crc 7197c55e):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__do_kmalloc_node mm/slub.c:5645 [inline]
__kmalloc_noprof+0x3e3/0x6b0 mm/slub.c:5658
kmalloc_noprof include/linux/slab.h:961 [inline]
mi_init+0x2b/0x50 fs/ntfs3/record.c:105
mi_format_new+0x40/0x220 fs/ntfs3/record.c:422
ni_add_subrecord+0x6b/0x180 fs/ntfs3/frecord.c:321
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x6a0 fs/ntfs3/frecord.c:988
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888110bef780 (size 128):
comm "syz.0.19", pid 6099, jiffies 4294944695
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 30 25 0f 81 88 ff ff .........0%.....
backtrace (crc 6428af85):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x6a0 fs/ntfs3/frecord.c:988
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Edward Adam Davis
Nov 10, 2025, 7:06:59 PM (18 hours ago) Nov 10
to syzbot+3932cc...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
#syz test
diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c
index 8f9fe1d7a690..a557e3ec0d4c 100644
--- a/fs/ntfs3/frecord.c
+++ b/fs/ntfs3/frecord.c
@@ -1015,9 +1015,9 @@ static int ni_ins_attr_ext(struct ntfs_inode *ni, struct ATTR_LIST_ENTRY *le,
out2:
ni_remove_mi(ni, mi);
- mi_put(mi);
out1:
+ mi_put(mi);
ntfs_mark_rec_free(sbi, rno, is_mft);
out:
diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c
index 8f9fe1d7a690..a557e3ec0d4c 100644
--- a/fs/ntfs3/frecord.c
+++ b/fs/ntfs3/frecord.c
@@ -1015,9 +1015,9 @@ static int ni_ins_attr_ext(struct ntfs_inode *ni, struct ATTR_LIST_ENTRY *le,
out2:
ni_remove_mi(ni, mi);
- mi_put(mi);
out1:
+ mi_put(mi);
ntfs_mark_rec_free(sbi, rno, is_mft);
out:
syzbot
Nov 10, 2025, 8:20:04 PM (16 hours ago) Nov 10
to ead...@qq.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in ni_add_subrecord
BUG: memory leak
unreferenced object 0xffff888126a90e00 (size 128):
comm "syz.0.17", pid 6726, jiffies 4294946753
backtrace (crc 5c7e5ed8):
comm "syz.0.17", pid 6726, jiffies 4294946753
comm "syz.0.18", pid 6736, jiffies 4294946763
backtrace (crc db17ea11):
comm "syz.0.18", pid 6736, jiffies 4294946763
comm "syz.0.19", pid 6746, jiffies 4294946771
backtrace (crc af0a413f):
commit: 4427259c Merge tag 'riscv-for-linus-6.18-rc6' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1771960a580000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in ni_add_subrecord
BUG: memory leak
unreferenced object 0xffff888126a90e00 (size 128):
comm "syz.0.17", pid 6726, jiffies 4294946753
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 b8 51 13 81 88 ff ff ..........Q.....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 5c7e5ed8):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x690 fs/ntfs3/frecord.c:988
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888108b8c400 (size 1024):
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
comm "syz.0.17", pid 6726, jiffies 4294946753
hex dump (first 32 bytes):
46 49 4c 45 2a 00 03 00 00 00 00 00 00 00 00 00 FILE*...........
03 00 00 00 30 00 01 00 88 02 00 00 00 04 00 00 ....0...........
backtrace (crc 7197c55e):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__do_kmalloc_node mm/slub.c:5645 [inline]
__kmalloc_noprof+0x3e3/0x6b0 mm/slub.c:5658
kmalloc_noprof include/linux/slab.h:961 [inline]
mi_init+0x2b/0x50 fs/ntfs3/record.c:105
mi_format_new+0x40/0x220 fs/ntfs3/record.c:422
ni_add_subrecord+0x6b/0x180 fs/ntfs3/frecord.c:321
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x690 fs/ntfs3/frecord.c:988
46 49 4c 45 2a 00 03 00 00 00 00 00 00 00 00 00 FILE*...........
03 00 00 00 30 00 01 00 88 02 00 00 00 04 00 00 ....0...........
backtrace (crc 7197c55e):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__do_kmalloc_node mm/slub.c:5645 [inline]
__kmalloc_noprof+0x3e3/0x6b0 mm/slub.c:5658
kmalloc_noprof include/linux/slab.h:961 [inline]
mi_init+0x2b/0x50 fs/ntfs3/record.c:105
mi_format_new+0x40/0x220 fs/ntfs3/record.c:422
ni_add_subrecord+0x6b/0x180 fs/ntfs3/frecord.c:321
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff88812586cb00 (size 128):
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
comm "syz.0.18", pid 6736, jiffies 4294946763
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 e8 f5 0e 81 88 ff ff ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc db17ea11):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x690 fs/ntfs3/frecord.c:988
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff8881275a6000 (size 1024):
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
comm "syz.0.18", pid 6736, jiffies 4294946763
hex dump (first 32 bytes):
46 49 4c 45 2a 00 03 00 00 00 00 00 00 00 00 00 FILE*...........
03 00 00 00 30 00 01 00 88 02 00 00 00 04 00 00 ....0...........
backtrace (crc 7197c55e):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__do_kmalloc_node mm/slub.c:5645 [inline]
__kmalloc_noprof+0x3e3/0x6b0 mm/slub.c:5658
kmalloc_noprof include/linux/slab.h:961 [inline]
mi_init+0x2b/0x50 fs/ntfs3/record.c:105
mi_format_new+0x40/0x220 fs/ntfs3/record.c:422
ni_add_subrecord+0x6b/0x180 fs/ntfs3/frecord.c:321
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x690 fs/ntfs3/frecord.c:988
46 49 4c 45 2a 00 03 00 00 00 00 00 00 00 00 00 FILE*...........
03 00 00 00 30 00 01 00 88 02 00 00 00 04 00 00 ....0...........
backtrace (crc 7197c55e):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__do_kmalloc_node mm/slub.c:5645 [inline]
__kmalloc_noprof+0x3e3/0x6b0 mm/slub.c:5658
kmalloc_noprof include/linux/slab.h:961 [inline]
mi_init+0x2b/0x50 fs/ntfs3/record.c:105
mi_format_new+0x40/0x220 fs/ntfs3/record.c:422
ni_add_subrecord+0x6b/0x180 fs/ntfs3/frecord.c:321
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888125f77780 (size 128):
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
comm "syz.0.19", pid 6746, jiffies 4294946771
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 c8 51 13 81 88 ff ff ..........Q.....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc af0a413f):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_ins_attr_ext+0x40c/0x690 fs/ntfs3/frecord.c:988
slab_post_alloc_hook mm/slub.c:4979 [inline]
slab_alloc_node mm/slub.c:5284 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5762
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ni_insert_attr+0x1d1/0x480 fs/ntfs3/frecord.c:1091
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
Tested on:
ni_insert_resident+0x85/0x140 fs/ntfs3/frecord.c:1475
ni_add_name+0x15b/0x2e0 fs/ntfs3/frecord.c:2987
ni_rename+0x4c/0x100 fs/ntfs3/frecord.c:3026
ntfs_rename+0x46c/0x5d0 fs/ntfs3/namei.c:332
vfs_rename+0x94b/0x1340 fs/namei.c:5216
do_renameat2+0x5f5/0x870 fs/namei.c:5364
__do_sys_rename fs/namei.c:5411 [inline]
__se_sys_rename fs/namei.c:5409 [inline]
__x64_sys_rename+0x42/0x50 fs/namei.c:5409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
commit: 4427259c Merge tag 'riscv-for-linus-6.18-rc6' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1771960a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=cb128cd5cb439809
dashboard link: https://syzkaller.appspot.com/bug?extid=3932ccb896e06f7414c9
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=167e960a580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3932ccb896e06f7414c9
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Edward Adam Davis
6:05 AM (7 hours ago) 6:05 AM
to syzbot+3932cc...@syzkaller.appspotmail.com, almaz.ale...@paragon-software.com, linux-...@vger.kernel.org, nt...@lists.linux.dev, syzkall...@googlegroups.com
If a rb node with the same ino already exists in the rb tree, the newly
alloced mft_inode in ni_add_subrecord() will not have its memory cleaned
up, which leads to the memory leak issue reported by syzbot.
The best option to avoid this issue is to put the newly alloced mft node
when a rb node with the same ino already exists in the rb tree and return
the rb node found in the rb tree to the parent layer.
syzbot reported:
Reported-by: syzbot+3932cc...@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <ead...@qq.com>
---
fs/ntfs3/frecord.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c
index 8f9fe1d7a690..b6cbc1fc3455 100644
--- a/fs/ntfs3/frecord.c
+++ b/fs/ntfs3/frecord.c
@@ -325,8 +325,10 @@ bool ni_add_subrecord(struct ntfs_inode *ni, CLST rno, struct mft_inode **mi)
mi_get_ref(&ni->mi, &m->mrec->parent_ref);
- ni_add_mi(ni, m);
- *mi = m;
+ *mi = ni_ins_mi(ni, &ni->mi_tree, m->rno, &m->node);
+ if (*mi != m)
+ mi_put(m);
+
return true;
}
--
2.43.0
alloced mft_inode in ni_add_subrecord() will not have its memory cleaned
up, which leads to the memory leak issue reported by syzbot.
The best option to avoid this issue is to put the newly alloced mft node
when a rb node with the same ino already exists in the rb tree and return
the rb node found in the rb tree to the parent layer.
syzbot reported:
BUG: memory leak
unreferenced object 0xffff888110bef280 (size 128):
backtrace (crc 126a088f):
unreferenced object 0xffff888110bef280 (size 128):
ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715
BUG: memory leak
unreferenced object 0xffff888109093400 (size 1024):
backtrace (crc 7197c55e):
unreferenced object 0xffff888109093400 (size 1024):
mi_init+0x2b/0x50 fs/ntfs3/record.c:105
mi_format_new+0x40/0x220 fs/ntfs3/record.c:422
Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
mi_format_new+0x40/0x220 fs/ntfs3/record.c:422
Reported-by: syzbot+3932cc...@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <ead...@qq.com>
---
fs/ntfs3/frecord.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c
index 8f9fe1d7a690..b6cbc1fc3455 100644
--- a/fs/ntfs3/frecord.c
+++ b/fs/ntfs3/frecord.c
@@ -325,8 +325,10 @@ bool ni_add_subrecord(struct ntfs_inode *ni, CLST rno, struct mft_inode **mi)
mi_get_ref(&ni->mi, &m->mrec->parent_ref);
- ni_add_mi(ni, m);
- *mi = m;
+ *mi = ni_ins_mi(ni, &ni->mi_tree, m->rno, &m->node);
+ if (*mi != m)
+ mi_put(m);
+
return true;
}
--
2.43.0
Edward Adam Davis
6:14 AM (6 hours ago) 6:14 AM
to syzbot+3932cc...@syzkaller.appspotmail.com, almaz.ale...@paragon-software.com, linux-...@vger.kernel.org, nt...@lists.linux.dev, syzkall...@googlegroups.com
After ntfs_look_free_mft() executes successfully, all subsequent code
that fails to execute must put mi.
Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
fs/ntfs3/frecord.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c
index b6cbc1fc3455..e5a005d216f3 100644
--- a/fs/ntfs3/frecord.c
+++ b/fs/ntfs3/frecord.c
@@ -1017,9 +1017,9 @@ static int ni_ins_attr_ext(struct ntfs_inode *ni, struct ATTR_LIST_ENTRY *le,
out2:
ni_remove_mi(ni, mi);
- mi_put(mi);
out1:
+ mi_put(mi);
ntfs_mark_rec_free(sbi, rno, is_mft);
out:
--
2.43.0
that fails to execute must put mi.
Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c
index b6cbc1fc3455..e5a005d216f3 100644
--- a/fs/ntfs3/frecord.c
+++ b/fs/ntfs3/frecord.c
@@ -1017,9 +1017,9 @@ static int ni_ins_attr_ext(struct ntfs_inode *ni, struct ATTR_LIST_ENTRY *le,
out2:
ni_remove_mi(ni, mi);
- mi_put(mi);
out1:
+ mi_put(mi);
ntfs_mark_rec_free(sbi, rno, is_mft);
out:
2.43.0
Reply all
Reply to author
Forward
0 new messages