memory leak in new

memory leak in new_inode
Status: upstream: reported C repro on 2020/11/20 15:15
Reported-by: syzbot+aa12d6106ea4ca1b6aae@syzkaller.appspotmail.com
Fix commit: a8867f4e3809 ext4: fix memory leak in ext4_mb_init_backend on error path.
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32]
First crash: 250d, last: 44d

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/04/11 23:55	16m	phil@philpotter.co.uk	patch	upstream	OK
2021/04/11 11:41	7m	phil@philpotter.co.uk		upstream	report log

Sample crash report:

BUG: memory leak
unreferenced object 0xffff8881103755e0 (size 1184):
  comm "syz-executor173", pid 8382, jiffies 4294942518 (age 13.020s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8176b869>] ext4_alloc_inode+0x19/0x1a0 fs/ext4/super.c:1277
    [<ffffffff8157ce57>] alloc_inode+0x27/0x100 fs/inode.c:234
    [<ffffffff8157cf53>] new_inode_pseudo fs/inode.c:928 [inline]
    [<ffffffff8157cf53>] new_inode+0x23/0x100 fs/inode.c:957
    [<ffffffff8173c5e0>] ext4_mb_init_backend fs/ext4/mballoc.c:2689 [inline]
    [<ffffffff8173c5e0>] ext4_mb_init+0x410/0x7d0 fs/ext4/mballoc.c:2905
    [<ffffffff81782402>] ext4_fill_super+0x3722/0x5b20 fs/ext4/super.c:4983
    [<ffffffff8154f653>] mount_bdev+0x223/0x260 fs/super.c:1367
    [<ffffffff815af91b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:592
    [<ffffffff8154d248>] vfs_get_tree+0x28/0x100 fs/super.c:1497
    [<ffffffff8158d38e>] do_new_mount fs/namespace.c:2903 [inline]
    [<ffffffff8158d38e>] path_mount+0xc3e/0x1120 fs/namespace.c:3233
    [<ffffffff8158dfbe>] do_mount fs/namespace.c:3246 [inline]
    [<ffffffff8158dfbe>] __do_sys_mount fs/namespace.c:3454 [inline]
    [<ffffffff8158dfbe>] __se_sys_mount fs/namespace.c:3431 [inline]
    [<ffffffff8158dfbe>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3431
    [<ffffffff842e1f5d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888110181660 (size 1184):
  comm "syz-executor173", pid 8394, jiffies 4294943059 (age 7.610s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8176b869>] ext4_alloc_inode+0x19/0x1a0 fs/ext4/super.c:1277
    [<ffffffff8157ce57>] alloc_inode+0x27/0x100 fs/inode.c:234
    [<ffffffff8157cf53>] new_inode_pseudo fs/inode.c:928 [inline]
    [<ffffffff8157cf53>] new_inode+0x23/0x100 fs/inode.c:957
    [<ffffffff8173c5e0>] ext4_mb_init_backend fs/ext4/mballoc.c:2689 [inline]
    [<ffffffff8173c5e0>] ext4_mb_init+0x410/0x7d0 fs/ext4/mballoc.c:2905
    [<ffffffff81782402>] ext4_fill_super+0x3722/0x5b20 fs/ext4/super.c:4983
    [<ffffffff8154f653>] mount_bdev+0x223/0x260 fs/super.c:1367
    [<ffffffff815af91b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:592
    [<ffffffff8154d248>] vfs_get_tree+0x28/0x100 fs/super.c:1497
    [<ffffffff8158d38e>] do_new_mount fs/namespace.c:2903 [inline]
    [<ffffffff8158d38e>] path_mount+0xc3e/0x1120 fs/namespace.c:3233
    [<ffffffff8158dfbe>] do_mount fs/namespace.c:3246 [inline]
    [<ffffffff8158dfbe>] __do_sys_mount fs/namespace.c:3454 [inline]
    [<ffffffff8158dfbe>] __se_sys_mount fs/namespace.c:3431 [inline]
    [<ffffffff8158dfbe>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3431
    [<ffffffff842e1f5d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888110acd100 (size 256):
  comm "syz-executor173", pid 8394, jiffies 4294943059 (age 7.610s)
  hex dump (first 32 bytes):
    a0 7e 5a 00 81 88 ff ff 00 00 00 00 00 00 00 00  .~Z.............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8173bf5a>] kmalloc include/linux/slab.h:559 [inline]
    [<ffffffff8173bf5a>] ext4_mb_add_groupinfo+0x9a/0x310 fs/ext4/mballoc.c:2617
    [<ffffffff8173c63c>] ext4_mb_init_backend fs/ext4/mballoc.c:2707 [inline]
    [<ffffffff8173c63c>] ext4_mb_init+0x46c/0x7d0 fs/ext4/mballoc.c:2905
    [<ffffffff81782402>] ext4_fill_super+0x3722/0x5b20 fs/ext4/super.c:4983
    [<ffffffff8154f653>] mount_bdev+0x223/0x260 fs/super.c:1367
    [<ffffffff815af91b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:592
    [<ffffffff8154d248>] vfs_get_tree+0x28/0x100 fs/super.c:1497
    [<ffffffff8158d38e>] do_new_mount fs/namespace.c:2903 [inline]
    [<ffffffff8158d38e>] path_mount+0xc3e/0x1120 fs/namespace.c:3233
    [<ffffffff8158dfbe>] do_mount fs/namespace.c:3246 [inline]
    [<ffffffff8158dfbe>] __do_sys_mount fs/namespace.c:3454 [inline]
    [<ffffffff8158dfbe>] __se_sys_mount fs/namespace.c:3431 [inline]
    [<ffffffff8158dfbe>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3431
    [<ffffffff842e1f5d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

Crashes (4):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Title
ci-upstream-gce-leak	2021/04/26 02:38	upstream	d2d09fbe33f8	2a82f1b3	.config	log	report	syz	C	memory leak in new_inode
ci-upstream-gce-leak	2021/04/08 03:38	upstream	3a22981230f9	6a81331a	.config	log	report	syz	C	memory leak in new_inode
ci-upstream-gce-leak	2020/11/19 17:49	upstream	c2e7554e1b85	0767f13f	.config	log	report	syz	C
ci-upstream-gce-leak	2021/06/14 08:37	upstream	e4e453434a19	1ba81399	.config	log	report	syz		memory leak in new_inode