memory leak in v9fs_session

memory leak in v9fs_session_init
Status: upstream: reported C repro on 2019/07/24 12:08
Reported-by: syzbot+15b759334fd44cd9785a@syzkaller.appspotmail.com
First crash: 640d, last: 270d

Cause bisection: introduced by (bisect log) :
commit 16490980e396fac079248b23b1dd81e7d48bebf3
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue May 17 02:51:04 2016 +0000

Merge tag 'device-properties-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Crash: memory leak in v9fs_session_init (log)
Repro: C syz .config

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/09/23 10:41	15m	anant.thazhemadam@gmail.com		upstream	OK
2020/04/08 20:09	15m	rikard.falkeborn@gmail.com	patch	git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v5.6	log
2020/04/08 19:52	13m	rikard.falkeborn@gmail.com	patch	upstream	log
2020/04/08 18:18	13m	rikard.falkeborn@gmail.com	patch	upstream	log

Sample crash report:

BUG: memory leak
unreferenced object 0xffff88811bc51f00 (size 128):
  comm "syz-executor216", pid 6442, jiffies 4294951677 (age 21.770s)
  hex dump (first 32 bytes):
    31 2f ff ff ff 7f a0 59 68 e7 e8 95 40 2d 2d 5e  1/.....Yh...@--^
    27 ee bc 85 89 56 d7 08 c7 3e b4 c9 3d 2e 11 e5  '....V...>..=...
  backtrace:
    [<000000005046d0a0>] kmemdup_nul+0x2d/0x70 mm/util.c:150
    [<00000000f07b6da1>] v9fs_parse_options fs/9p/v9fs.c:281 [inline]
    [<00000000f07b6da1>] v9fs_session_init+0x288/0x840 fs/9p/v9fs.c:422
    [<00000000cc8c0325>] v9fs_mount+0x56/0x390 fs/9p/vfs_super.c:124
    [<000000003b3be20f>] legacy_get_tree+0x26/0x70 fs/fs_context.c:592
    [<000000006fd88ea2>] vfs_get_tree+0x28/0xe0 fs/super.c:1547
    [<0000000027b3f87c>] do_new_mount fs/namespace.c:2875 [inline]
    [<0000000027b3f87c>] do_mount+0xa63/0xe40 fs/namespace.c:3200
    [<0000000000b41d39>] __do_sys_mount fs/namespace.c:3410 [inline]
    [<0000000000b41d39>] __se_sys_mount fs/namespace.c:3387 [inline]
    [<0000000000b41d39>] __x64_sys_mount+0xb0/0x120 fs/namespace.c:3387
    [<00000000efdcfca9>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:384
    [<00000000c364b4b8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811bc51f00 (size 128):
  comm "syz-executor216", pid 6442, jiffies 4294951677 (age 22.980s)
  hex dump (first 32 bytes):
    31 2f ff ff ff 7f a0 59 68 e7 e8 95 40 2d 2d 5e  1/.....Yh...@--^
    27 ee bc 85 89 56 d7 08 c7 3e b4 c9 3d 2e 11 e5  '....V...>..=...
  backtrace:
    [<000000005046d0a0>] kmemdup_nul+0x2d/0x70 mm/util.c:150
    [<00000000f07b6da1>] v9fs_parse_options fs/9p/v9fs.c:281 [inline]
    [<00000000f07b6da1>] v9fs_session_init+0x288/0x840 fs/9p/v9fs.c:422
    [<00000000cc8c0325>] v9fs_mount+0x56/0x390 fs/9p/vfs_super.c:124
    [<000000003b3be20f>] legacy_get_tree+0x26/0x70 fs/fs_context.c:592
    [<000000006fd88ea2>] vfs_get_tree+0x28/0xe0 fs/super.c:1547
    [<0000000027b3f87c>] do_new_mount fs/namespace.c:2875 [inline]
    [<0000000027b3f87c>] do_mount+0xa63/0xe40 fs/namespace.c:3200
    [<0000000000b41d39>] __do_sys_mount fs/namespace.c:3410 [inline]
    [<0000000000b41d39>] __se_sys_mount fs/namespace.c:3387 [inline]
    [<0000000000b41d39>] __x64_sys_mount+0xb0/0x120 fs/namespace.c:3387
    [<00000000efdcfca9>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:384
    [<00000000c364b4b8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811bc51f00 (size 128):
  comm "syz-executor216", pid 6442, jiffies 4294951677 (age 24.190s)
  hex dump (first 32 bytes):
    31 2f ff ff ff 7f a0 59 68 e7 e8 95 40 2d 2d 5e  1/.....Yh...@--^
    27 ee bc 85 89 56 d7 08 c7 3e b4 c9 3d 2e 11 e5  '....V...>..=...
  backtrace:
    [<000000005046d0a0>] kmemdup_nul+0x2d/0x70 mm/util.c:150
    [<00000000f07b6da1>] v9fs_parse_options fs/9p/v9fs.c:281 [inline]
    [<00000000f07b6da1>] v9fs_session_init+0x288/0x840 fs/9p/v9fs.c:422
    [<00000000cc8c0325>] v9fs_mount+0x56/0x390 fs/9p/vfs_super.c:124
    [<000000003b3be20f>] legacy_get_tree+0x26/0x70 fs/fs_context.c:592
    [<000000006fd88ea2>] vfs_get_tree+0x28/0xe0 fs/super.c:1547
    [<0000000027b3f87c>] do_new_mount fs/namespace.c:2875 [inline]
    [<0000000027b3f87c>] do_mount+0xa63/0xe40 fs/namespace.c:3200
    [<0000000000b41d39>] __do_sys_mount fs/namespace.c:3410 [inline]
    [<0000000000b41d39>] __se_sys_mount fs/namespace.c:3387 [inline]
    [<0000000000b41d39>] __x64_sys_mount+0xb0/0x120 fs/namespace.c:3387
    [<00000000efdcfca9>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:384
    [<00000000c364b4b8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811bc51f00 (size 128):
  comm "syz-executor216", pid 6442, jiffies 4294951677 (age 25.420s)
  hex dump (first 32 bytes):
    31 2f ff ff ff 7f a0 59 68 e7 e8 95 40 2d 2d 5e  1/.....Yh...@--^
    27 ee bc 85 89 56 d7 08 c7 3e b4 c9 3d 2e 11 e5  '....V...>..=...
  backtrace:
    [<000000005046d0a0>] kmemdup_nul+0x2d/0x70 mm/util.c:150
    [<00000000f07b6da1>] v9fs_parse_options fs/9p/v9fs.c:281 [inline]
    [<00000000f07b6da1>] v9fs_session_init+0x288/0x840 fs/9p/v9fs.c:422
    [<00000000cc8c0325>] v9fs_mount+0x56/0x390 fs/9p/vfs_super.c:124
    [<000000003b3be20f>] legacy_get_tree+0x26/0x70 fs/fs_context.c:592
    [<000000006fd88ea2>] vfs_get_tree+0x28/0xe0 fs/super.c:1547
    [<0000000027b3f87c>] do_new_mount fs/namespace.c:2875 [inline]
    [<0000000027b3f87c>] do_mount+0xa63/0xe40 fs/namespace.c:3200
    [<0000000000b41d39>] __do_sys_mount fs/namespace.c:3410 [inline]
    [<0000000000b41d39>] __se_sys_mount fs/namespace.c:3387 [inline]
    [<0000000000b41d39>] __x64_sys_mount+0xb0/0x120 fs/namespace.c:3387
    [<00000000efdcfca9>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:384
    [<00000000c364b4b8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811bc51f00 (size 128):
  comm "syz-executor216", pid 6442, jiffies 4294951677 (age 26.620s)
  hex dump (first 32 bytes):
    31 2f ff ff ff 7f a0 59 68 e7 e8 95 40 2d 2d 5e  1/.....Yh...@--^
    27 ee bc 85 89 56 d7 08 c7 3e b4 c9 3d 2e 11 e5  '....V...>..=...
  backtrace:
    [<000000005046d0a0>] kmemdup_nul+0x2d/0x70 mm/util.c:150
    [<00000000f07b6da1>] v9fs_parse_options fs/9p/v9fs.c:281 [inline]
    [<00000000f07b6da1>] v9fs_session_init+0x288/0x840 fs/9p/v9fs.c:422
    [<00000000cc8c0325>] v9fs_mount+0x56/0x390 fs/9p/vfs_super.c:124
    [<000000003b3be20f>] legacy_get_tree+0x26/0x70 fs/fs_context.c:592
    [<000000006fd88ea2>] vfs_get_tree+0x28/0xe0 fs/super.c:1547
    [<0000000027b3f87c>] do_new_mount fs/namespace.c:2875 [inline]
    [<0000000027b3f87c>] do_mount+0xa63/0xe40 fs/namespace.c:3200
    [<0000000000b41d39>] __do_sys_mount fs/namespace.c:3410 [inline]
    [<0000000000b41d39>] __se_sys_mount fs/namespace.c:3387 [inline]
    [<0000000000b41d39>] __x64_sys_mount+0xb0/0x120 fs/namespace.c:3387
    [<00000000efdcfca9>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:384
    [<00000000c364b4b8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811bc51f00 (size 128):
  comm "syz-executor216", pid 6442, jiffies 4294951677 (age 27.840s)
  hex dump (first 32 bytes):
    31 2f ff ff ff 7f a0 59 68 e7 e8 95 40 2d 2d 5e  1/.....Yh...@--^
    27 ee bc 85 89 56 d7 08 c7 3e b4 c9 3d 2e 11 e5  '....V...>..=...
  backtrace:
    [<000000005046d0a0>] kmemdup_nul+0x2d/0x70 mm/util.c:150
    [<00000000f07b6da1>] v9fs_parse_options fs/9p/v9fs.c:281 [inline]
    [<00000000f07b6da1>] v9fs_session_init+0x288/0x840 fs/9p/v9fs.c:422
    [<00000000cc8c0325>] v9fs_mount+0x56/0x390 fs/9p/vfs_super.c:124
    [<000000003b3be20f>] legacy_get_tree+0x26/0x70 fs/fs_context.c:592
    [<000000006fd88ea2>] vfs_get_tree+0x28/0xe0 fs/super.c:1547
    [<0000000027b3f87c>] do_new_mount fs/namespace.c:2875 [inline]
    [<0000000027b3f87c>] do_mount+0xa63/0xe40 fs/namespace.c:3200
    [<0000000000b41d39>] __do_sys_mount fs/namespace.c:3410 [inline]
    [<0000000000b41d39>] __se_sys_mount fs/namespace.c:3387 [inline]
    [<0000000000b41d39>] __x64_sys_mount+0xb0/0x120 fs/namespace.c:3387
    [<00000000efdcfca9>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:384
    [<00000000c364b4b8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811bc51f00 (size 128):
  comm "syz-executor216", pid 6442, jiffies 4294951677 (age 30.150s)
  hex dump (first 32 bytes):
    31 2f ff ff ff 7f a0 59 68 e7 e8 95 40 2d 2d 5e  1/.....Yh...@--^
    27 ee bc 85 89 56 d7 08 c7 3e b4 c9 3d 2e 11 e5  '....V...>..=...
  backtrace:
    [<000000005046d0a0>] kmemdup_nul+0x2d/0x70 mm/util.c:150
    [<00000000f07b6da1>] v9fs_parse_options fs/9p/v9fs.c:281 [inline]
    [<00000000f07b6da1>] v9fs_session_init+0x288/0x840 fs/9p/v9fs.c:422
    [<00000000cc8c0325>] v9fs_mount+0x56/0x390 fs/9p/vfs_super.c:124
    [<000000003b3be20f>] legacy_get_tree+0x26/0x70 fs/fs_context.c:592
    [<000000006fd88ea2>] vfs_get_tree+0x28/0xe0 fs/super.c:1547
    [<0000000027b3f87c>] do_new_mount fs/namespace.c:2875 [inline]
    [<0000000027b3f87c>] do_mount+0xa63/0xe40 fs/namespace.c:3200
    [<0000000000b41d39>] __do_sys_mount fs/namespace.c:3410 [inline]
    [<0000000000b41d39>] __se_sys_mount fs/namespace.c:3387 [inline]
    [<0000000000b41d39>] __x64_sys_mount+0xb0/0x120 fs/namespace.c:3387
    [<00000000efdcfca9>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:384
    [<00000000c364b4b8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

executing program

Crashes (77):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-gce-leak	2020/07/25 08:47	upstream	68845a55	1f7cc1ca	.config	log	report	syz	C
ci-upstream-gce-leak	2020/07/22 03:17	upstream	4fa640dc	21f1765e	.config	log	report	syz	C
ci-upstream-gce-leak	2020/07/10 05:29	upstream	0bddd227	bc238812	.config	log	report	syz	C
ci-upstream-gce-leak	2020/06/28 06:29	upstream	4a21185c	ffec44b5	.config	log	report	syz	C
ci-upstream-gce-leak	2020/05/26 05:18	upstream	9cb1fd0e	8ca3b7d2	.config	log	report	syz	C
ci-upstream-gce-leak	2020/05/19 05:10	upstream	45088963	684d3606	.config	log	report	syz	C
ci-upstream-gce-leak	2020/05/18 06:53	upstream	b9bbe6ed	37bccd4e	.config	log	report	syz	C
ci-upstream-gce-leak	2020/05/05 09:39	upstream	47cf1b42	9941337c	.config	log	report	syz	C
ci-upstream-gce-leak	2020/05/05 09:08	upstream	47cf1b42	9941337c	.config	log	report	syz	C
ci-upstream-gce-leak	2020/05/03 12:20	upstream	f66ed1eb	5457883a	.config	log	report	syz	C
ci-upstream-gce-leak	2020/05/02 18:45	upstream	690e2aba	58da4c35	.config	log	report	syz	C
ci-upstream-gce-leak	2020/04/29 10:31	upstream	3f777e19	e3ecea2e	.config	log	report	syz	C
ci-upstream-gce-leak	2020/04/29 09:48	upstream	3f777e19	e3ecea2e	.config	log	report	syz	C
ci-upstream-gce-leak	2020/04/27 11:47	upstream	6a8b55ed	0ce7569e	.config	log	report	syz	C
ci-upstream-gce-leak	2020/04/18 03:03	upstream	95988fbc	435c6d53	.config	log	report	syz	C
ci-upstream-gce-leak	2020/04/14 23:40	upstream	8632e9b5	3f3c5574	.config	log	report	syz	C
ci-upstream-gce-leak	2020/04/12 06:19	upstream	b032227c	a8c6a3f8	.config	log	report	syz	C
ci-upstream-gce-leak	2020/04/08 15:45	upstream	f5e94d10	db9bcd4b	.config	log	report	syz	C
ci-upstream-gce-leak	2020/04/03 22:54	upstream	bef7b2a7	5ed396e6	.config	log	report	syz	C
ci-upstream-gce-leak	2020/03/31 11:07	upstream	673b41e0	c8d1cc20	.config	log	report	syz	C
ci-upstream-gce-leak	2020/03/30 01:10	upstream	e595dd94	05736b29	.config	log	report	syz	C
ci-upstream-gce-leak	2020/03/26 07:56	upstream	1b649e0b	e8e6c7d2	.config	log	report	syz	C
ci-upstream-gce-leak	2020/03/17 03:59	upstream	fb33c651	749688d2	.config	log	report	syz	C
ci-upstream-gce-leak	2020/03/14 23:47	upstream	69a4d0ba	749688d2	.config	log	report	syz	C
ci-upstream-gce-leak	2020/02/26 05:43	upstream	f8788d86	59b57593	.config	log	report	syz	C
ci-upstream-gce-leak	2020/02/22 09:14	upstream	b0dd1eb2	2ffa6679	.config	log	report	syz	C
ci-upstream-gce-leak	2020/02/08 11:05	upstream	41dcd67e	06150bf1	.config	log	report	syz	C
ci-upstream-gce-leak	2020/01/22 09:18	upstream	d96d875e	8eda0b95	.config	log	report	syz	C
ci-upstream-gce-leak	2019/12/29 04:59	upstream	bf8d1cd4	af6b8ef8	.config	log	report	syz	C
ci-upstream-gce-leak	2019/12/24 07:08	upstream	46cf053e	be5c2c81	.config	log	report	syz	C
ci-upstream-gce-leak	2019/12/22 10:36	upstream	b8e382a1	bc586918	.config	log	report	syz	C
ci-upstream-gce-leak	2019/12/05 12:20	upstream	aedc0650	b2088328	.config	log	report	syz	C
ci-upstream-gce-leak	2019/11/30 09:29	upstream	81b6b964	3a75be00	.config	log	report	syz	C
ci-upstream-gce-leak	2019/11/27 04:03	upstream	be2eca94	1048481f	.config	log	report	syz	C
ci-upstream-gce-leak	2019/11/24 19:55	upstream	6b8a7946	598ca6c8	.config	log	report	syz	C
ci-upstream-gce-leak	2019/11/13 16:50	upstream	0e3f1ad8	048f2d49	.config	log	report	syz	C
ci-upstream-gce-leak	2019/11/12 16:30	upstream	de620fb9	048f2d49	.config	log	report	syz	C
ci-upstream-gce-leak	2019/11/12 03:17	upstream	31f4f5b4	048f2d49	.config	log	report	syz	C
ci-upstream-gce-leak	2019/11/09 13:16	upstream	6737e763	dc438b91	.config	log	report	syz	C
ci-upstream-gce-leak	2019/11/05 11:38	upstream	a99d8080	76630fc9	.config	log	report	syz	C
ci-upstream-gce-leak	2019/11/03 02:52	upstream	9d234505	a41ca8fa	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/31 08:20	upstream	320000e7	a41ca8fa	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/27 17:15	upstream	5a1e843c	25bb509e	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/26 08:51	upstream	8caacaad	413926c5	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/25 23:48	upstream	39a38bcb	c2e837da	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/25 22:58	upstream	39a38bcb	c2e837da	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/19 06:30	upstream	b9959c7a	8c88c9c1	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/16 17:29	upstream	3b1f00ac	d4ea592f	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/12 17:04	upstream	1c0cc5f1	426631dd	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/06 11:42	upstream	43b815c6	f3f7d9c8	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/04 04:08	upstream	cc3a7bfe	fc17ba49	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/01 20:38	upstream	54ecb8f7	b7a87a83	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/01 11:49	upstream	54ecb8f7	c7a4fb99	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/01 11:16	upstream	54ecb8f7	c7a4fb99	.config	log	report	syz	C
ci-upstream-gce-leak	2019/10/01 00:14	upstream	97f9a3c4	c7a4fb99	.config	log	report	syz	C
ci-upstream-gce-leak	2019/09/25 08:58	upstream	351c8a09	e38a6630	.config	log	report	syz	C
ci-upstream-gce-leak	2019/09/20 23:53	upstream	574cc453	d96e88f3	.config	log	report	syz	C
ci-upstream-gce-leak	2019/09/14 09:54	upstream	a7f89616	32d59357	.config	log	report	syz	C
ci-upstream-gce-leak	2019/09/08 00:33	upstream	1e3778cb	a60cb4cd	.config	log	report	syz	C
ci-upstream-gce-leak	2019/09/05 08:25	upstream	3b47fd5c	040fda58	.config	log	report	syz	C
ci-upstream-gce-leak	2019/08/28 07:05	upstream	6525771f	fd37b39e	.config	log	report	syz	C
ci-upstream-gce-leak	2019/08/26 16:09	upstream	a55aa89a	d21c5d9d	.config	log	report	syz	C
ci-upstream-gce-leak	2019/08/24 13:34	upstream	9140d8bd	78ded196	.config	log	report	syz	C
ci-upstream-gce-leak	2019/08/17 12:21	upstream	6e625a1a	8fd428a1	.config	log	report	syz	C
ci-upstream-gce-leak	2019/08/12 19:11	upstream	d45331b0	acb51638	.config	log	report	syz	C
ci-upstream-gce-leak	2019/08/07 01:57	upstream	f4eb1423	c6f01e54	.config	log	report	syz	C
ci-upstream-gce-leak	2019/08/06 04:52	upstream	0eb0ce0a	6affd8e8	.config	log	report	syz	C
ci-upstream-gce-leak	2019/08/02 06:24	upstream	1e78030e	835dffe7	.config	log	report	syz	C
ci-upstream-gce-leak	2019/07/21 21:01	upstream	c6dd78fc	1656845f	.config	log	report	syz	C
ci-upstream-gce-leak	2019/07/21 01:27	upstream	c6dd78fc	1656845f	.config	log	report	syz	C
ci-upstream-gce-leak	2019/07/20 10:43	upstream	abdfd52a	1656845f	.config	log	report	syz	C
ci-upstream-gce-leak	2020/07/25 00:15	upstream	f37e99ac	554af388	.config	log	report	syz
ci-upstream-gce-leak	2020/04/26 16:05	upstream	b2768df2	99b258dd	.config	log	report	syz
ci-upstream-gce-leak	2020/04/19 01:39	upstream	90280eaa	365fba24	.config	log	report	syz
ci-upstream-gce-leak	2020/03/18 13:37	upstream	ac309e77	97bc55ce	.config	log	report	syz
ci-upstream-gce-leak	2019/12/29 18:46	upstream	bf8d1cd4	af6b8ef8	.config	log	report	syz
ci-upstream-gce-leak	2019/11/17 13:52	upstream	fe30021c	d5696d51	.config	log	report	syz