Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in __hw_addr_add_ex
BUG: memory leak
unreferenced object 0xffff88811c4ad980 (size 128):
comm "syz-executor.7", pid 7035, jiffies 4294944058 (age 96.630s)
hex dump (first 32 bytes):
b8 02 25 17 81 88 ff ff 22 01 00 00 00 00 ad de ..%.....".......
90 d9 4a 1c 81 88 ff ff 00 00 00 00 00 00 00 00 ..J.............
backtrace:
[<ffffffff83747c9e>] kmalloc include/linux/slab.h:591 [inline]
[<ffffffff83747c9e>] __hw_addr_create net/core/dev_addr_lists.c:29 [inline]
[<ffffffff83747c9e>] __hw_addr_add_ex+0x16e/0x410 net/core/dev_addr_lists.c:93
[<ffffffff837491fa>] __hw_addr_add net/core/dev_addr_lists.c:118 [inline]
[<ffffffff837491fa>] dev_addr_init+0x8a/0xe0 net/core/dev_addr_lists.c:537
[<ffffffff83733cd2>] alloc_netdev_mqs+0xd2/0x530 net/core/dev.c:10810
[<ffffffff828f847b>] __tun_chr_ioctl.isra.0+0x15eb/0x2080 drivers/net/tun.c:2690
[<ffffffff81599c8c>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff81599c8c>] __do_sys_ioctl fs/ioctl.c:874 [inline]
[<ffffffff81599c8c>] __se_sys_ioctl fs/ioctl.c:860 [inline]
[<ffffffff81599c8c>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860
[<ffffffff84401ca5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84401ca5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff888128484e00 (size 128):
comm "syz-executor.7", pid 7035, jiffies 4294944309 (age 94.140s)
hex dump (first 32 bytes):
b8 22 fe 1b 81 88 ff ff 22 01 00 00 00 00 ad de ."......".......
10 4e 48 28 81 88 ff ff 00 00 00 00 00 00 00 00 .NH(............
backtrace:
[<ffffffff83747c9e>] kmalloc include/linux/slab.h:591 [inline]
[<ffffffff83747c9e>] __hw_addr_create net/core/dev_addr_lists.c:29 [inline]
[<ffffffff83747c9e>] __hw_addr_add_ex+0x16e/0x410 net/core/dev_addr_lists.c:93
[<ffffffff837491fa>] __hw_addr_add net/core/dev_addr_lists.c:118 [inline]
[<ffffffff837491fa>] dev_addr_init+0x8a/0xe0 net/core/dev_addr_lists.c:537
[<ffffffff83733cd2>] alloc_netdev_mqs+0xd2/0x530 net/core/dev.c:10810
[<ffffffff82bbff98>] nsim_create+0x38/0x210 drivers/net/netdevsim/netdev.c:350
[<ffffffff82bc0ab7>] __nsim_dev_port_add+0x1a7/0x380 drivers/net/netdevsim/dev.c:1312
[<ffffffff82bc0cdd>] nsim_dev_port_add_all+0x4d/0xd0 drivers/net/netdevsim/dev.c:1372
[<ffffffff82bc2b7d>] nsim_dev_probe+0x75d/0x8b0 drivers/net/netdevsim/dev.c:1513
[<ffffffff82664d97>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82664d97>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8266513c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8266513c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff8266523a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82665aa6>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff82661d27>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff82665622>] __device_attach+0x122/0x260 drivers/base/dd.c:969
[<ffffffff82663996>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487
[<ffffffff8265fd8b>] device_add+0x5fb/0xdf0 drivers/base/core.c:3396
[<ffffffff82bc8899>] nsim_bus_dev_new drivers/net/netdevsim/bus.c:435 [inline]
[<ffffffff82bc8899>] new_device_store+0x229/0x360 drivers/net/netdevsim/bus.c:302
BUG: memory leak
unreferenced object 0xffff888128421f00 (size 256):
comm "syz-executor.7", pid 7035, jiffies 4294944309 (age 94.140s)
hex dump (first 32 bytes):
ff 02 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ................
00 b0 41 28 81 88 ff ff 00 30 48 28 81 88 ff ff ..A(.....0H(....
backtrace:
[<ffffffff83bbaeb1>] kmalloc include/linux/slab.h:591 [inline]
[<ffffffff83bbaeb1>] kzalloc include/linux/slab.h:721 [inline]
[<ffffffff83bbaeb1>] mca_alloc net/ipv6/mcast.c:880 [inline]
[<ffffffff83bbaeb1>] __ipv6_dev_mc_inc+0x201/0x5d0 net/ipv6/mcast.c:936
[<ffffffff83b77735>] ipv6_add_dev+0x435/0x750 net/ipv6/addrconf.c:466
[<ffffffff83b817b9>] addrconf_notify+0x419/0xde0 net/ipv6/addrconf.c:3505
[<ffffffff81273f7d>] notifier_call_chain kernel/notifier.c:83 [inline]
[<ffffffff81273f7d>] raw_notifier_call_chain+0x5d/0xa0 kernel/notifier.c:391
[<ffffffff8372d408>] call_netdevice_notifiers_info+0x78/0xe0 net/core/dev.c:1996
[<ffffffff83746ff4>] call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
[<ffffffff83746ff4>] call_netdevice_notifiers net/core/dev.c:2022 [inline]
[<ffffffff83746ff4>] register_netdevice+0x7a4/0x8d0 net/core/dev.c:10330
[<ffffffff82bc0106>] nsim_init_netdevsim drivers/net/netdevsim/netdev.c:317 [inline]
[<ffffffff82bc0106>] nsim_create+0x1a6/0x210 drivers/net/netdevsim/netdev.c:365
[<ffffffff82bc0ab7>] __nsim_dev_port_add+0x1a7/0x380 drivers/net/netdevsim/dev.c:1312
[<ffffffff82bc0cdd>] nsim_dev_port_add_all+0x4d/0xd0 drivers/net/netdevsim/dev.c:1372
[<ffffffff82bc2b7d>] nsim_dev_probe+0x75d/0x8b0 drivers/net/netdevsim/dev.c:1513
[<ffffffff82664d97>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82664d97>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8266513c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8266513c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff8266523a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82665aa6>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff82661d27>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff82665622>] __device_attach+0x122/0x260 drivers/base/dd.c:969
Tested on:
commit: 3906fe9b Linux 5.15-rc7
git tree: upstream
console output:
https://syzkaller.appspot.com/x/log.txt?x=11e12d54b00000
kernel config:
https://syzkaller.appspot.com/x/.config?x=cb7244ea6e0a3dd9
patch:
https://syzkaller.appspot.com/x/patch.diff?x=136bc7f8b00000