memory leak in exfat_parse_param

From: butt3rflyh4ck
Date: Tue Jun 02 2020 - 01:03:20 EST

Next message: kbuild test robot: "drivers/ptp/ptp_ines.c:837:34: warning: unused variable 'ines_ptp_ctrl_of_match'"
Previous message: Michael S. Tsirkin: "Re: [PATCH 1/6] vhost: allow device that does not depend on vhost worker"
Next in thread: Al Viro: "Re: memory leak in exfat_parse_param"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I report a bug (in linux-5.7.0-rc7) found by syzkaller.

kernel config: https://github.com/butterflyhack/syzkaller-fuzz/blob/master/config-v5.7.0-rc7

and can reproduce.

A param->string held by exfat_mount_options.

BUG: memory leak

unreferenced object 0xffff88801972e090 (size 8):
comm "syz-executor.2", pid 16298, jiffies 4295172466 (age 14.060s)
hex dump (first 8 bytes):
6b 6f 69 38 2d 75 00 00 koi8-u..
backtrace:
[<000000005bfe35d6>] kstrdup+0x36/0x70 mm/util.c:60
[<0000000018ed3277>] exfat_parse_param+0x160/0x5e0 fs/exfat/super.c:276
[<000000007680462b>] vfs_parse_fs_param+0x2b4/0x610 fs/fs_context.c:147
[<0000000097c027f2>] vfs_parse_fs_string+0xe6/0x150 fs/fs_context.c:191
[<00000000371bf78f>] generic_parse_monolithic+0x16f/0x1f0
fs/fs_context.c:231
[<000000005ce5eb1b>] do_new_mount fs/namespace.c:2812 [inline]
[<000000005ce5eb1b>] do_mount+0x12bb/0x1b30 fs/namespace.c:3141
[<00000000b642040c>] __do_sys_mount fs/namespace.c:3350 [inline]
[<00000000b642040c>] __se_sys_mount fs/namespace.c:3327 [inline]
[<00000000b642040c>] __x64_sys_mount+0x18f/0x230 fs/namespace.c:3327
[<000000003b024e98>] do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
[<00000000ce2b698c>] entry_SYSCALL_64_after_hwframe+0x49/0xb3

Next message: kbuild test robot: "drivers/ptp/ptp_ines.c:837:34: warning: unused variable 'ines_ptp_ctrl_of_match'"
Previous message: Michael S. Tsirkin: "Re: [PATCH 1/6] vhost: allow device that does not depend on vhost worker"
Next in thread: Al Viro: "Re: memory leak in exfat_parse_param"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]