syzbot


memory leak in can_create (2)

Status: upstream: reported syz repro on 2024/01/11 12:23
Subsystems: can
[Documentation on labels]
Reported-by: syzbot+521ac15269e89d8546e8@syzkaller.appspotmail.com
First crash: 104d, last: 104d
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] Monthly can report (Jan 2024) 0 (1) 2024/01/16 07:55
[syzbot] [can?] memory leak in can_create (2) 0 (1) 2024/01/11 12:23
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in can_create can C 2 706d 1002d 0/26 auto-obsoleted due to no activity on 2023/04/14 06:29
Last patch testing requests (2)
Created Duration User Patch Repo Result
2024/04/10 16:16 13m retest repro upstream report log
2024/01/24 20:03 4h26m retest repro upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88811f2c8400 (size 1024):
  comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    1d 00 07 41 00 00 00 00 00 00 00 00 00 00 00 00  ...A............
  backtrace:
    [<ffffffff8163470d>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
    [<ffffffff8163470d>] slab_post_alloc_hook mm/slab.h:766 [inline]
    [<ffffffff8163470d>] slab_alloc_node mm/slub.c:3478 [inline]
    [<ffffffff8163470d>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517
    [<ffffffff8157f9db>] __do_kmalloc_node mm/slab_common.c:1006 [inline]
    [<ffffffff8157f9db>] __kmalloc+0x4b/0x150 mm/slab_common.c:1020
    [<ffffffff83eccc42>] kmalloc include/linux/slab.h:604 [inline]
    [<ffffffff83eccc42>] sk_prot_alloc+0x112/0x1b0 net/core/sock.c:2082
    [<ffffffff83ecffb6>] sk_alloc+0x36/0x2f0 net/core/sock.c:2135
    [<ffffffff84535474>] can_create+0x194/0x320 net/can/af_can.c:158
    [<ffffffff83ec53cf>] __sock_create+0x19f/0x2e0 net/socket.c:1571
    [<ffffffff83ec8c58>] sock_create net/socket.c:1622 [inline]
    [<ffffffff83ec8c58>] __sys_socket_create net/socket.c:1659 [inline]
    [<ffffffff83ec8c58>] __sys_socket+0xb8/0x1a0 net/socket.c:1706
    [<ffffffff83ec8d5b>] __do_sys_socket net/socket.c:1720 [inline]
    [<ffffffff83ec8d5b>] __se_sys_socket net/socket.c:1718 [inline]
    [<ffffffff83ec8d5b>] __x64_sys_socket+0x1b/0x20 net/socket.c:1718
    [<ffffffff84b71e0f>] do_syscall_x64 arch/x86/entry/common.c:52 [inline]
    [<ffffffff84b71e0f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b

BUG: memory leak
unreferenced object 0xffff888120161490 (size 16):
  comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s)
  hex dump (first 16 bytes):
    00 c3 87 00 81 88 ff ff 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8163470d>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
    [<ffffffff8163470d>] slab_post_alloc_hook mm/slab.h:766 [inline]
    [<ffffffff8163470d>] slab_alloc_node mm/slub.c:3478 [inline]
    [<ffffffff8163470d>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517
    [<ffffffff8157f335>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098
    [<ffffffff823a7a92>] kmalloc include/linux/slab.h:600 [inline]
    [<ffffffff823a7a92>] kzalloc include/linux/slab.h:721 [inline]
    [<ffffffff823a7a92>] apparmor_sk_alloc_security+0x52/0xd0 security/apparmor/lsm.c:997
    [<ffffffff8236b887>] security_sk_alloc+0x47/0x80 security/security.c:4411
    [<ffffffff83eccc5d>] sk_prot_alloc+0x12d/0x1b0 net/core/sock.c:2085
    [<ffffffff83ecffb6>] sk_alloc+0x36/0x2f0 net/core/sock.c:2135
    [<ffffffff84535474>] can_create+0x194/0x320 net/can/af_can.c:158
    [<ffffffff83ec53cf>] __sock_create+0x19f/0x2e0 net/socket.c:1571
    [<ffffffff83ec8c58>] sock_create net/socket.c:1622 [inline]
    [<ffffffff83ec8c58>] __sys_socket_create net/socket.c:1659 [inline]
    [<ffffffff83ec8c58>] __sys_socket+0xb8/0x1a0 net/socket.c:1706
    [<ffffffff83ec8d5b>] __do_sys_socket net/socket.c:1720 [inline]
    [<ffffffff83ec8d5b>] __se_sys_socket net/socket.c:1718 [inline]
    [<ffffffff83ec8d5b>] __x64_sys_socket+0x1b/0x20 net/socket.c:1718
    [<ffffffff84b71e0f>] do_syscall_x64 arch/x86/entry/common.c:52 [inline]
    [<ffffffff84b71e0f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b

BUG: memory leak
unreferenced object 0xffff88811fbf2000 (size 8192):
  comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s)
  hex dump (first 32 bytes):
    00 20 bf 1f 81 88 ff ff 00 20 bf 1f 81 88 ff ff  . ....... ......
    00 00 00 00 00 00 00 00 00 00 5f 1b 81 88 ff ff  .........._.....
  backtrace:
    [<ffffffff8163470d>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
    [<ffffffff8163470d>] slab_post_alloc_hook mm/slab.h:766 [inline]
    [<ffffffff8163470d>] slab_alloc_node mm/slub.c:3478 [inline]
    [<ffffffff8163470d>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517
    [<ffffffff8157f335>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098
    [<ffffffff845437c9>] kmalloc include/linux/slab.h:600 [inline]
    [<ffffffff845437c9>] kzalloc include/linux/slab.h:721 [inline]
    [<ffffffff845437c9>] j1939_priv_create net/can/j1939/main.c:135 [inline]
    [<ffffffff845437c9>] j1939_netdev_start+0x159/0x6f0 net/can/j1939/main.c:272
    [<ffffffff8454540e>] j1939_sk_bind+0x21e/0x550 net/can/j1939/socket.c:485
    [<ffffffff83ec926c>] __sys_bind+0x11c/0x130 net/socket.c:1847
    [<ffffffff83ec929c>] __do_sys_bind net/socket.c:1858 [inline]
    [<ffffffff83ec929c>] __se_sys_bind net/socket.c:1856 [inline]
    [<ffffffff83ec929c>] __x64_sys_bind+0x1c/0x20 net/socket.c:1856
    [<ffffffff84b71e0f>] do_syscall_x64 arch/x86/entry/common.c:52 [inline]
    [<ffffffff84b71e0f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b

BUG: memory leak
unreferenced object 0xffff888120daf700 (size 240):
  comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s)
  hex dump (first 32 bytes):
    68 aa 12 1e 81 88 ff ff 68 aa 12 1e 81 88 ff ff  h.......h.......
    00 00 5f 1b 81 88 ff ff 00 84 2c 1f 81 88 ff ff  .._.......,.....
  backtrace:
    [<ffffffff81632177>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
    [<ffffffff81632177>] slab_post_alloc_hook mm/slab.h:766 [inline]
    [<ffffffff81632177>] slab_alloc_node mm/slub.c:3478 [inline]
    [<ffffffff81632177>] kmem_cache_alloc_node+0x2c7/0x450 mm/slub.c:3523
    [<ffffffff83edcb9f>] __alloc_skb+0x1ef/0x230 net/core/skbuff.c:641
    [<ffffffff83ee6111>] alloc_skb include/linux/skbuff.h:1286 [inline]
    [<ffffffff83ee6111>] alloc_skb_with_frags+0x71/0x3a0 net/core/skbuff.c:6334
    [<ffffffff83ed0c4b>] sock_alloc_send_pskb+0x3ab/0x3e0 net/core/sock.c:2787
    [<ffffffff84545de8>] sock_alloc_send_skb include/net/sock.h:1884 [inline]
    [<ffffffff84545de8>] j1939_sk_alloc_skb net/can/j1939/socket.c:864 [inline]
    [<ffffffff84545de8>] j1939_sk_send_loop net/can/j1939/socket.c:1128 [inline]
    [<ffffffff84545de8>] j1939_sk_sendmsg+0x2f8/0x7f0 net/can/j1939/socket.c:1263
    [<ffffffff83ec6c92>] sock_sendmsg_nosec net/socket.c:730 [inline]
    [<ffffffff83ec6c92>] __sock_sendmsg+0x52/0xa0 net/socket.c:745
    [<ffffffff83ec72f5>] ____sys_sendmsg+0x365/0x470 net/socket.c:2586
    [<ffffffff83ecb019>] ___sys_sendmsg+0xc9/0x130 net/socket.c:2640
    [<ffffffff83ecb1c6>] __sys_sendmsg+0xa6/0x120 net/socket.c:2669
    [<ffffffff84b71e0f>] do_syscall_x64 arch/x86/entry/common.c:52 [inline]
    [<ffffffff84b71e0f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b


Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/01/07 12:20 upstream 52b1853b080a d0304e9c .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in can_create
* Struck through repros no longer work on HEAD.