Hello,
syzbot has tested the proposed patch but the reproducer still triggered
crash:
memory leak in batadv_tvlv_handler_register
BUG: memory leak
unreferenced object 0xffff888111d92700 (size 64):
comm "softirq", pid 0, jiffies 4294943085 (age 432.250s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 e0 0c 53 18 81 88 ff ff ..........S.....
00 00 00 00 00 00 00 00 30 0c 15 83 ff ff ff ff ........0.......
backtrace:
[<00000000d3f0230f>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000d3f0230f>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<00000000d3f0230f>] slab_alloc mm/slab.c:3326 [inline]
[<00000000d3f0230f>] kmem_cache_alloc_trace+0x13d/0x240 mm/slab.c:3553
[<00000000747d5656>] kmalloc include/linux/slab.h:547 [inline]
[<00000000747d5656>] kzalloc include/linux/slab.h:742 [inline]
[<00000000747d5656>] batadv_tvlv_handler_register+0xae/0x140
net/batman-adv/tvlv.c:529
[<0000000088e5cf3a>] batadv_tt_init+0x78/0x180
net/batman-adv/translation-table.c:4411
[<000000009209d3c1>] batadv_mesh_init+0x196/0x230
net/batman-adv/main.c:208
[<00000000633aabeb>] batadv_softif_init_late+0x1ca/0x220
net/batman-adv/soft-interface.c:861
[<000000000a876c86>] register_netdevice+0xbf/0x600 net/core/dev.c:8673
[<00000000edac1533>] __rtnl_newlink+0xaca/0xb30
net/core/rtnetlink.c:3199
[<00000000e77f2386>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3245
[<00000000be93558d>] rtnetlink_rcv_msg+0x2b7/0x420
net/core/rtnetlink.c:5214
[<00000000cb42d67d>] netlink_rcv_skb+0x61/0x170
net/netlink/af_netlink.c:2486
[<00000000b60991d4>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5232
[<000000007a05529d>] netlink_unicast_kernel
net/netlink/af_netlink.c:1311 [inline]
[<000000007a05529d>] netlink_unicast+0x1ec/0x2f0
net/netlink/af_netlink.c:1337
[<000000002166760b>] netlink_sendmsg+0x26a/0x480
net/netlink/af_netlink.c:1926
[<00000000b9b7ebd3>] sock_sendmsg_nosec net/socket.c:660 [inline]
[<00000000b9b7ebd3>] sock_sendmsg+0x54/0x70 net/socket.c:671
[<00000000aaaa766c>] __sys_sendto+0x148/0x1f0 net/socket.c:1964
[<000000002e85dca5>] __do_sys_sendto net/socket.c:1976 [inline]
[<000000002e85dca5>] __se_sys_sendto net/socket.c:1972 [inline]
[<000000002e85dca5>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1972
BUG: memory leak
unreferenced object 0xffff88812126e740 (size 64):
comm "softirq", pid 0, jiffies 4294943086 (age 432.240s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 e0 dc 7e 11 81 88 ff ff ..........~.....
00 00 00 00 00 00 00 00 30 0c 15 83 ff ff ff ff ........0.......
backtrace:
[<00000000d3f0230f>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000d3f0230f>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<00000000d3f0230f>] slab_alloc mm/slab.c:3326 [inline]
[<00000000d3f0230f>] kmem_cache_alloc_trace+0x13d/0x240 mm/slab.c:3553
[<00000000747d5656>] kmalloc include/linux/slab.h:547 [inline]
[<00000000747d5656>] kzalloc include/linux/slab.h:742 [inline]
[<00000000747d5656>] batadv_tvlv_handler_register+0xae/0x140
net/batman-adv/tvlv.c:529
[<0000000088e5cf3a>] batadv_tt_init+0x78/0x180
net/batman-adv/translation-table.c:4411
[<000000009209d3c1>] batadv_mesh_init+0x196/0x230
net/batman-adv/main.c:208
[<00000000633aabeb>] batadv_softif_init_late+0x1ca/0x220
net/batman-adv/soft-interface.c:861
[<000000000a876c86>] register_netdevice+0xbf/0x600 net/core/dev.c:8673
[<00000000edac1533>] __rtnl_newlink+0xaca/0xb30
net/core/rtnetlink.c:3199
[<00000000e77f2386>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3245
[<00000000be93558d>] rtnetlink_rcv_msg+0x2b7/0x420
net/core/rtnetlink.c:5214
[<00000000cb42d67d>] netlink_rcv_skb+0x61/0x170
net/netlink/af_netlink.c:2486
[<00000000b60991d4>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5232
[<000000007a05529d>] netlink_unicast_kernel
net/netlink/af_netlink.c:1311 [inline]
[<000000007a05529d>] netlink_unicast+0x1ec/0x2f0
net/netlink/af_netlink.c:1337
[<000000002166760b>] netlink_sendmsg+0x26a/0x480
net/netlink/af_netlink.c:1926
[<00000000b9b7ebd3>] sock_sendmsg_nosec net/socket.c:660 [inline]
[<00000000b9b7ebd3>] sock_sendmsg+0x54/0x70 net/socket.c:671
[<00000000aaaa766c>] __sys_sendto+0x148/0x1f0 net/socket.c:1964
[<000000002e85dca5>] __do_sys_sendto net/socket.c:1976 [inline]
[<000000002e85dca5>] __se_sys_sendto net/socket.c:1972 [inline]
[<000000002e85dca5>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1972
BUG: memory leak
unreferenced object 0xffff8881131318c0 (size 64):
comm "softirq", pid 0, jiffies 4294943090 (age 432.200s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 e0 6c f7 20 81 88 ff ff .........l. ....
00 00 00 00 00 00 00 00 30 0c 15 83 ff ff ff ff ........0.......
backtrace:
[<00000000d3f0230f>] kmemleak_alloc_recursive
include/linux/kmemleak.h:55 [inline]
[<00000000d3f0230f>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<00000000d3f0230f>] slab_alloc mm/slab.c:3326 [inline]
[<00000000d3f0230f>] kmem_cache_alloc_trace+0x13d/0x240 mm/slab.c:3553
[<00000000747d5656>] kmalloc include/linux/slab.h:547 [inline]
[<00000000747d5656>] kzalloc include/linux/slab.h:742 [inline]
[<00000000747d5656>] batadv_tvlv_handler_register+0xae/0x140
net/batman-adv/tvlv.c:529
[<0000000088e5cf3a>] batadv_tt_init+0x78/0x180
net/batman-adv/translation-table.c:4411
[<000000009209d3c1>] batadv_mesh_init+0x196/0x230
net/batman-adv/main.c:208
[<00000000633aabeb>] batadv_softif_init_late+0x1ca/0x220
net/batman-adv/soft-interface.c:861
[<000000000a876c86>] register_netdevice+0xbf/0x600 net/core/dev.c:8673
[<00000000edac1533>] __rtnl_newlink+0xaca/0xb30
net/core/rtnetlink.c:3199
[<00000000e77f2386>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3245
[<00000000be93558d>] rtnetlink_rcv_msg+0x2b7/0x420
net/core/rtnetlink.c:5214
[<00000000cb42d67d>] netlink_rcv_skb+0x61/0x170
net/netlink/af_netlink.c:2486
[<00000000b60991d4>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5232
[<000000007a05529d>] netlink_unicast_kernel
net/netlink/af_netlink.c:1311 [inline]
[<000000007a05529d>] netlink_unicast+0x1ec/0x2f0
net/netlink/af_netlink.c:1337
[<000000002166760b>] netlink_sendmsg+0x26a/0x480
net/netlink/af_netlink.c:1926
[<00000000b9b7ebd3>] sock_sendmsg_nosec net/socket.c:660 [inline]
[<00000000b9b7ebd3>] sock_sendmsg+0x54/0x70 net/socket.c:671
[<00000000aaaa766c>] __sys_sendto+0x148/0x1f0 net/socket.c:1964
[<000000002e85dca5>] __do_sys_sendto net/socket.c:1976 [inline]
[<000000002e85dca5>] __se_sys_sendto net/socket.c:1972 [inline]
[<000000002e85dca5>] __x64_sys_sendto+0x2a/0x30 net/socket.c:1972
Tested on:
commit: 35ef6249 selinux: fix memeory leak in policydb_init()
git tree:
https://gitlab.com/omos/linux-public.git
selinux-fix-memleak-roles
console output:
https://syzkaller.appspot.com/x/log.txt?x=17a3adf4600000
kernel config:
https://syzkaller.appspot.com/x/.config?x=a7177d0eb46e0e76