syzbot


memory leak in new_inode

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+aa12d6106ea4ca1b6aae@syzkaller.appspotmail.com
Fix commit: a8867f4e3809 ext4: fix memory leak in ext4_mb_init_backend on error path.
First crash: 807d, last: 498d
Last patch testing requests:
Created Duration User Patch Repo Result
2021/04/11 23:55 16m phil@philpotter.co.uk patch upstream OK
2021/04/11 11:41 7m phil@philpotter.co.uk upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff8881103755e0 (size 1184):
  comm "syz-executor173", pid 8382, jiffies 4294942518 (age 13.020s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8176b869>] ext4_alloc_inode+0x19/0x1a0 fs/ext4/super.c:1277
    [<ffffffff8157ce57>] alloc_inode+0x27/0x100 fs/inode.c:234
    [<ffffffff8157cf53>] new_inode_pseudo fs/inode.c:928 [inline]
    [<ffffffff8157cf53>] new_inode+0x23/0x100 fs/inode.c:957
    [<ffffffff8173c5e0>] ext4_mb_init_backend fs/ext4/mballoc.c:2689 [inline]
    [<ffffffff8173c5e0>] ext4_mb_init+0x410/0x7d0 fs/ext4/mballoc.c:2905
    [<ffffffff81782402>] ext4_fill_super+0x3722/0x5b20 fs/ext4/super.c:4983
    [<ffffffff8154f653>] mount_bdev+0x223/0x260 fs/super.c:1367
    [<ffffffff815af91b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:592
    [<ffffffff8154d248>] vfs_get_tree+0x28/0x100 fs/super.c:1497
    [<ffffffff8158d38e>] do_new_mount fs/namespace.c:2903 [inline]
    [<ffffffff8158d38e>] path_mount+0xc3e/0x1120 fs/namespace.c:3233
    [<ffffffff8158dfbe>] do_mount fs/namespace.c:3246 [inline]
    [<ffffffff8158dfbe>] __do_sys_mount fs/namespace.c:3454 [inline]
    [<ffffffff8158dfbe>] __se_sys_mount fs/namespace.c:3431 [inline]
    [<ffffffff8158dfbe>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3431
    [<ffffffff842e1f5d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888110181660 (size 1184):
  comm "syz-executor173", pid 8394, jiffies 4294943059 (age 7.610s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8176b869>] ext4_alloc_inode+0x19/0x1a0 fs/ext4/super.c:1277
    [<ffffffff8157ce57>] alloc_inode+0x27/0x100 fs/inode.c:234
    [<ffffffff8157cf53>] new_inode_pseudo fs/inode.c:928 [inline]
    [<ffffffff8157cf53>] new_inode+0x23/0x100 fs/inode.c:957
    [<ffffffff8173c5e0>] ext4_mb_init_backend fs/ext4/mballoc.c:2689 [inline]
    [<ffffffff8173c5e0>] ext4_mb_init+0x410/0x7d0 fs/ext4/mballoc.c:2905
    [<ffffffff81782402>] ext4_fill_super+0x3722/0x5b20 fs/ext4/super.c:4983
    [<ffffffff8154f653>] mount_bdev+0x223/0x260 fs/super.c:1367
    [<ffffffff815af91b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:592
    [<ffffffff8154d248>] vfs_get_tree+0x28/0x100 fs/super.c:1497
    [<ffffffff8158d38e>] do_new_mount fs/namespace.c:2903 [inline]
    [<ffffffff8158d38e>] path_mount+0xc3e/0x1120 fs/namespace.c:3233
    [<ffffffff8158dfbe>] do_mount fs/namespace.c:3246 [inline]
    [<ffffffff8158dfbe>] __do_sys_mount fs/namespace.c:3454 [inline]
    [<ffffffff8158dfbe>] __se_sys_mount fs/namespace.c:3431 [inline]
    [<ffffffff8158dfbe>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3431
    [<ffffffff842e1f5d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888110acd100 (size 256):
  comm "syz-executor173", pid 8394, jiffies 4294943059 (age 7.610s)
  hex dump (first 32 bytes):
    a0 7e 5a 00 81 88 ff ff 00 00 00 00 00 00 00 00  .~Z.............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8173bf5a>] kmalloc include/linux/slab.h:559 [inline]
    [<ffffffff8173bf5a>] ext4_mb_add_groupinfo+0x9a/0x310 fs/ext4/mballoc.c:2617
    [<ffffffff8173c63c>] ext4_mb_init_backend fs/ext4/mballoc.c:2707 [inline]
    [<ffffffff8173c63c>] ext4_mb_init+0x46c/0x7d0 fs/ext4/mballoc.c:2905
    [<ffffffff81782402>] ext4_fill_super+0x3722/0x5b20 fs/ext4/super.c:4983
    [<ffffffff8154f653>] mount_bdev+0x223/0x260 fs/super.c:1367
    [<ffffffff815af91b>] legacy_get_tree+0x2b/0x90 fs/fs_context.c:592
    [<ffffffff8154d248>] vfs_get_tree+0x28/0x100 fs/super.c:1497
    [<ffffffff8158d38e>] do_new_mount fs/namespace.c:2903 [inline]
    [<ffffffff8158d38e>] path_mount+0xc3e/0x1120 fs/namespace.c:3233
    [<ffffffff8158dfbe>] do_mount fs/namespace.c:3246 [inline]
    [<ffffffff8158dfbe>] __do_sys_mount fs/namespace.c:3454 [inline]
    [<ffffffff8158dfbe>] __se_sys_mount fs/namespace.c:3431 [inline]
    [<ffffffff8158dfbe>] __x64_sys_mount+0x18e/0x1d0 fs/namespace.c:3431
    [<ffffffff842e1f5d>] do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae


Crashes (5):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-leak 2021/04/26 02:38 upstream d2d09fbe33f8 2a82f1b3 .config console log report syz C memory leak in new_inode
ci-upstream-gce-leak 2021/04/08 03:38 upstream 3a22981230f9 6a81331a .config console log report syz C memory leak in new_inode
ci-upstream-gce-leak 2020/11/19 17:49 upstream c2e7554e1b85 0767f13f .config console log report syz C
ci-upstream-gce-leak 2021/09/24 15:36 upstream f9e36107ec70 8cac236e .config console log report syz memory leak in new_inode
ci-upstream-gce-leak 2021/06/14 08:37 upstream e4e453434a19 1ba81399 .config console log report syz memory leak in new_inode
* Struck through repros no longer work on HEAD.