memory leak in ___neigh

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	memory leak in ___neigh_create (2) net	C			26	176d	104d	0/26	upstream: reported syz repro on 2024/01/05 17:32

BUG: memory leak
unreferenced object 0xffff888128cc9800 (size 512):
  comm "kworker/0:7", pid 9227, jiffies 4294970896 (age 30.390s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 ed e0 85 ff ff ff ff  ................
    40 e8 a1 25 81 88 ff ff a0 f6 ff ff 00 00 00 00  @..%............
  backtrace:
    [<ffffffff8374f412>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff8374f412>] kzalloc include/linux/slab.h:721 [inline]
    [<ffffffff8374f412>] neigh_alloc net/core/neighbour.c:405 [inline]
    [<ffffffff8374f412>] ___neigh_create+0xd2/0xca0 net/core/neighbour.c:583
    [<ffffffff83b626b5>] ip6_finish_output2+0x7c5/0x990 net/ipv6/ip6_output.c:123
    [<ffffffff83b6778f>] __ip6_finish_output.part.0+0x22f/0x380 net/ipv6/ip6_output.c:191
    [<ffffffff83b67a01>] __ip6_finish_output net/ipv6/ip6_output.c:206 [inline]
    [<ffffffff83b67a01>] ip6_finish_output+0x121/0x190 net/ipv6/ip6_output.c:201
    [<ffffffff83b67b13>] NF_HOOK_COND include/linux/netfilter.h:296 [inline]
    [<ffffffff83b67b13>] ip6_output+0xa3/0x1b0 net/ipv6/ip6_output.c:224
    [<ffffffff83b9da05>] dst_output include/net/dst.h:450 [inline]
    [<ffffffff83b9da05>] NF_HOOK include/linux/netfilter.h:307 [inline]
    [<ffffffff83b9da05>] ndisc_send_skb+0x385/0x430 net/ipv6/ndisc.c:508
    [<ffffffff83ba1fa9>] ndisc_send_rs+0x79/0x2a0 net/ipv6/ndisc.c:702
    [<ffffffff83b7877e>] addrconf_dad_completed+0x17e/0x560 net/ipv6/addrconf.c:4211
    [<ffffffff83b78f3d>] addrconf_dad_work+0x3dd/0x900 net/ipv6/addrconf.c:4121
    [<ffffffff81265d0f>] process_one_work+0x2cf/0x620 kernel/workqueue.c:2297
    [<ffffffff81266619>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2444
    [<ffffffff8126fb18>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

BUG: memory leak
unreferenced object 0xffff888117a5c800 (size 256):
  comm "syz-executor.5", pid 9646, jiffies 4294971857 (age 20.780s)
  hex dump (first 32 bytes):
    80 2e e4 28 81 88 ff ff 30 55 57 81 ff ff ff ff  ...(....0UW.....
    e0 92 9e 10 81 88 ff ff c0 63 52 00 81 88 ff ff  .........cR.....
  backtrace:
    [<ffffffff815755af>] kmem_cache_zalloc include/linux/slab.h:711 [inline]
    [<ffffffff815755af>] __alloc_file+0x1f/0xf0 fs/file_table.c:101
    [<ffffffff81575d19>] alloc_empty_file+0x69/0x120 fs/file_table.c:150
    [<ffffffff8158d27e>] path_openat+0x4e/0x1b70 fs/namei.c:3547
    [<ffffffff81591351>] do_filp_open+0xc1/0x1b0 fs/namei.c:3588
    [<ffffffff8156cdad>] do_sys_openat2+0xed/0x260 fs/open.c:1200
    [<ffffffff8156d65f>] do_sys_open fs/open.c:1216 [inline]
    [<ffffffff8156d65f>] __do_sys_openat fs/open.c:1232 [inline]
    [<ffffffff8156d65f>] __se_sys_openat fs/open.c:1227 [inline]
    [<ffffffff8156d65f>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1227
    [<ffffffff843fbcd5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff843fbcd5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888112a108e8 (size 760):
  comm "systemd-udevd", pid 9648, jiffies 4294971862 (age 20.730s)
  hex dump (first 32 bytes):
    00 00 00 00 01 00 00 00 00 00 20 00 00 00 00 00  .......... .....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81478f48>] shmem_alloc_inode+0x18/0x40 mm/shmem.c:3738
    [<ffffffff815a6b47>] alloc_inode+0x27/0x100 fs/inode.c:237
    [<ffffffff815a6c43>] new_inode_pseudo fs/inode.c:938 [inline]
    [<ffffffff815a6c43>] new_inode+0x23/0x100 fs/inode.c:967
    [<ffffffff81479e7d>] shmem_get_inode+0xcd/0x460 mm/shmem.c:2288
    [<ffffffff8147a337>] shmem_mknod+0x37/0x130 mm/shmem.c:2827
    [<ffffffff8158ea17>] lookup_open fs/namei.c:3282 [inline]
    [<ffffffff8158ea17>] open_last_lookups fs/namei.c:3352 [inline]
    [<ffffffff8158ea17>] path_openat+0x17e7/0x1b70 fs/namei.c:3558
    [<ffffffff81591351>] do_filp_open+0xc1/0x1b0 fs/namei.c:3588
    [<ffffffff8156cdad>] do_sys_openat2+0xed/0x260 fs/open.c:1200
    [<ffffffff8156d49d>] do_sys_open fs/open.c:1216 [inline]
    [<ffffffff8156d49d>] __do_sys_open fs/open.c:1224 [inline]
    [<ffffffff8156d49d>] __se_sys_open fs/open.c:1220 [inline]
    [<ffffffff8156d49d>] __x64_sys_open+0x7d/0xe0 fs/open.c:1220
    [<ffffffff843fbcd5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff843fbcd5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888126ad8020 (size 32):
  comm "systemd-udevd", pid 9648, jiffies 4294971862 (age 20.730s)
  hex dump (first 32 bytes):
    98 0a a1 12 81 88 ff ff 40 ca 13 82 ff ff ff ff  ........@.......
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8213dfda>] kmem_cache_zalloc include/linux/slab.h:711 [inline]
    [<ffffffff8213dfda>] lsm_inode_alloc security/security.c:593 [inline]
    [<ffffffff8213dfda>] security_inode_alloc+0x2a/0xb0 security/security.c:1018
    [<ffffffff815a4a44>] inode_init_always+0x114/0x270 fs/inode.c:170
    [<ffffffff815a6b64>] alloc_inode+0x44/0x100 fs/inode.c:244
    [<ffffffff815a6c43>] new_inode_pseudo fs/inode.c:938 [inline]
    [<ffffffff815a6c43>] new_inode+0x23/0x100 fs/inode.c:967
    [<ffffffff81479e7d>] shmem_get_inode+0xcd/0x460 mm/shmem.c:2288
    [<ffffffff8147a337>] shmem_mknod+0x37/0x130 mm/shmem.c:2827
    [<ffffffff8158ea17>] lookup_open fs/namei.c:3282 [inline]
    [<ffffffff8158ea17>] open_last_lookups fs/namei.c:3352 [inline]
    [<ffffffff8158ea17>] path_openat+0x17e7/0x1b70 fs/namei.c:3558
    [<ffffffff81591351>] do_filp_open+0xc1/0x1b0 fs/namei.c:3588
    [<ffffffff8156cdad>] do_sys_openat2+0xed/0x260 fs/open.c:1200
    [<ffffffff8156d49d>] do_sys_open fs/open.c:1216 [inline]
    [<ffffffff8156d49d>] __do_sys_open fs/open.c:1224 [inline]
    [<ffffffff8156d49d>] __se_sys_open fs/open.c:1220 [inline]
    [<ffffffff8156d49d>] __x64_sys_open+0x7d/0xe0 fs/open.c:1220
    [<ffffffff843fbcd5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff843fbcd5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

[  366.831151][    C1

Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	Manager	Title
2021/09/28 08:30	upstream	0513e464f900	78494d16	.config	console log	report	syz	ci-upstream-gce-leak	memory leak in ___neigh_create
2021/06/17 09:22	upstream	6b00bc639f1f	aba2b2fb	.config	console log	report	syz	ci-upstream-gce-leak	memory leak in ___neigh_create
2021/06/11 03:29	upstream	f09eacca59d2	1ba81399	.config	console log	report	syz	ci-upstream-gce-leak	memory leak in ___neigh_create
2021/04/29 22:01	upstream	d2b6f8a17919	77e2b668	.config	console log	report	syz	ci-upstream-gce-leak	memory leak in ___neigh_create
2021/04/17 17:29	upstream	9cdbf6467424	7e2b734b	.config	console log	report	syz	ci-upstream-gce-leak	memory leak in ___neigh_create
2021/04/03 10:18	upstream	d93a0d43e3d0	6a81331a	.config	console log	report	syz	ci-upstream-gce-leak	memory leak in ___neigh_create
2021/01/27 17:18	upstream	2ab38c17aac1	a0ebf917	.config	console log	report	syz	ci-upstream-gce-leak	memory leak in ___neigh_create
2020/12/23 11:06	upstream	614cb5894306	04201c06	.config	console log	report	syz	ci-upstream-gce-leak
2020/12/15 22:30	upstream	148842c98a24	97183ed7	.config	console log	report	syz	ci-upstream-gce-leak