syzbot


memory leak in j1939_xtp_rx_rts

Status: upstream: reported syz repro on 2021/06/22 17:24
Reported-by: syzbot+d56eaa979f1a3d6e2e2e@syzkaller.appspotmail.com
First crash: 469d, last: 469d
Patch testing requests:
Created Duration User Patch Repo Result
2021/06/25 09:43 8m phind.uet@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888126b3d500 (size 232):
  comm "softirq", pid 0, jiffies 4294974634 (age 13.120s)
  hex dump (first 32 bytes):
    68 16 14 26 81 88 ff ff 68 16 14 26 81 88 ff ff  h..&....h..&....
    00 80 5d 22 81 88 ff ff 00 00 00 00 00 00 00 00  ..]"............
  backtrace:
    [<ffffffff836a0d5f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:413
    [<ffffffff83c599e1>] alloc_skb include/linux/skbuff.h:1107 [inline]
    [<ffffffff83c599e1>] j1939_session_fresh_new net/can/j1939/transport.c:1484 [inline]
    [<ffffffff83c599e1>] j1939_xtp_rx_rts_session_new net/can/j1939/transport.c:1578 [inline]
    [<ffffffff83c599e1>] j1939_xtp_rx_rts+0x451/0xac0 net/can/j1939/transport.c:1679
    [<ffffffff83c5a7eb>] j1939_tp_cmd_recv net/can/j1939/transport.c:1986 [inline]
    [<ffffffff83c5a7eb>] j1939_tp_recv+0x44b/0x640 net/can/j1939/transport.c:2067
    [<ffffffff83c515dc>] j1939_can_recv+0x2bc/0x420 net/can/j1939/main.c:101
    [<ffffffff83c43d98>] deliver net/can/af_can.c:574 [inline]
    [<ffffffff83c43d98>] can_rcv_filter+0xd8/0x290 net/can/af_can.c:608
    [<ffffffff83c44360>] can_receive+0xf0/0x140 net/can/af_can.c:665
    [<ffffffff83c4442d>] can_rcv+0x7d/0xf0 net/can/af_can.c:696
    [<ffffffff836d2e1a>] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5459
    [<ffffffff836d2ea7>] __netif_receive_skb+0x27/0xa0 net/core/dev.c:5573
    [<ffffffff836d3234>] process_backlog+0xb4/0x1a0 net/core/dev.c:6437
    [<ffffffff836d54fd>] __napi_poll+0x3d/0x2a0 net/core/dev.c:6985
    [<ffffffff836d5cea>] napi_poll net/core/dev.c:7052 [inline]
    [<ffffffff836d5cea>] net_rx_action+0x32a/0x410 net/core/dev.c:7139
    [<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:559
    [<ffffffff81238a0c>] do_softirq kernel/softirq.c:460 [inline]
    [<ffffffff81238a0c>] do_softirq+0x5c/0x80 kernel/softirq.c:447
    [<ffffffff81238a81>] __local_bh_enable_ip+0x51/0x60 kernel/softirq.c:384
    [<ffffffff840bf0cd>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
    [<ffffffff840bf0cd>] batadv_nc_purge_paths+0x19d/0x1f0 net/batman-adv/network-coding.c:467

BUG: memory leak
unreferenced object 0xffff888126141600 (size 512):
  comm "softirq", pid 0, jiffies 4294974634 (age 13.120s)
  hex dump (first 32 bytes):
    00 e0 9f 2a 81 88 ff ff 08 16 14 26 81 88 ff ff  ...*.......&....
    08 16 14 26 81 88 ff ff 18 16 14 26 81 88 ff ff  ...&.......&....
  backtrace:
    [<ffffffff83c552eb>] kmalloc include/linux/slab.h:556 [inline]
    [<ffffffff83c552eb>] kzalloc include/linux/slab.h:686 [inline]
    [<ffffffff83c552eb>] j1939_session_new+0x5b/0x160 net/can/j1939/transport.c:1443
    [<ffffffff83c59a78>] j1939_session_fresh_new net/can/j1939/transport.c:1495 [inline]
    [<ffffffff83c59a78>] j1939_xtp_rx_rts_session_new net/can/j1939/transport.c:1578 [inline]
    [<ffffffff83c59a78>] j1939_xtp_rx_rts+0x4e8/0xac0 net/can/j1939/transport.c:1679
    [<ffffffff83c5a7eb>] j1939_tp_cmd_recv net/can/j1939/transport.c:1986 [inline]
    [<ffffffff83c5a7eb>] j1939_tp_recv+0x44b/0x640 net/can/j1939/transport.c:2067
    [<ffffffff83c515dc>] j1939_can_recv+0x2bc/0x420 net/can/j1939/main.c:101
    [<ffffffff83c43d98>] deliver net/can/af_can.c:574 [inline]
    [<ffffffff83c43d98>] can_rcv_filter+0xd8/0x290 net/can/af_can.c:608
    [<ffffffff83c44360>] can_receive+0xf0/0x140 net/can/af_can.c:665
    [<ffffffff83c4442d>] can_rcv+0x7d/0xf0 net/can/af_can.c:696
    [<ffffffff836d2e1a>] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5459
    [<ffffffff836d2ea7>] __netif_receive_skb+0x27/0xa0 net/core/dev.c:5573
    [<ffffffff836d3234>] process_backlog+0xb4/0x1a0 net/core/dev.c:6437
    [<ffffffff836d54fd>] __napi_poll+0x3d/0x2a0 net/core/dev.c:6985
    [<ffffffff836d5cea>] napi_poll net/core/dev.c:7052 [inline]
    [<ffffffff836d5cea>] net_rx_action+0x32a/0x410 net/core/dev.c:7139
    [<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:559
    [<ffffffff81238a0c>] do_softirq kernel/softirq.c:460 [inline]
    [<ffffffff81238a0c>] do_softirq+0x5c/0x80 kernel/softirq.c:447
    [<ffffffff81238a81>] __local_bh_enable_ip+0x51/0x60 kernel/softirq.c:384
    [<ffffffff840bf0cd>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
    [<ffffffff840bf0cd>] batadv_nc_purge_paths+0x19d/0x1f0 net/batman-adv/network-coding.c:467

BUG: memory leak
unreferenced object 0xffff888126b3d300 (size 232):
  comm "softirq", pid 0, jiffies 4294974634 (age 13.120s)
  hex dump (first 32 bytes):
    68 08 05 27 81 88 ff ff 68 08 05 27 81 88 ff ff  h..'....h..'....
    00 00 0b 22 81 88 ff ff 00 00 00 00 00 00 00 00  ..."............
  backtrace:
    [<ffffffff836a0d5f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:413
    [<ffffffff83c599e1>] alloc_skb include/linux/skbuff.h:1107 [inline]
    [<ffffffff83c599e1>] j1939_session_fresh_new net/can/j1939/transport.c:1484 [inline]
    [<ffffffff83c599e1>] j1939_xtp_rx_rts_session_new net/can/j1939/transport.c:1578 [inline]
    [<ffffffff83c599e1>] j1939_xtp_rx_rts+0x451/0xac0 net/can/j1939/transport.c:1679
    [<ffffffff83c5a7eb>] j1939_tp_cmd_recv net/can/j1939/transport.c:1986 [inline]
    [<ffffffff83c5a7eb>] j1939_tp_recv+0x44b/0x640 net/can/j1939/transport.c:2067
    [<ffffffff83c515dc>] j1939_can_recv+0x2bc/0x420 net/can/j1939/main.c:101
    [<ffffffff83c43d98>] deliver net/can/af_can.c:574 [inline]
    [<ffffffff83c43d98>] can_rcv_filter+0xd8/0x290 net/can/af_can.c:608
    [<ffffffff83c44360>] can_receive+0xf0/0x140 net/can/af_can.c:665
    [<ffffffff83c4442d>] can_rcv+0x7d/0xf0 net/can/af_can.c:696
    [<ffffffff836d2e1a>] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5459
    [<ffffffff836d2ea7>] __netif_receive_skb+0x27/0xa0 net/core/dev.c:5573
    [<ffffffff836d3234>] process_backlog+0xb4/0x1a0 net/core/dev.c:6437
    [<ffffffff836d54fd>] __napi_poll+0x3d/0x2a0 net/core/dev.c:6985
    [<ffffffff836d5cea>] napi_poll net/core/dev.c:7052 [inline]
    [<ffffffff836d5cea>] net_rx_action+0x32a/0x410 net/core/dev.c:7139
    [<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:559
    [<ffffffff81238a0c>] do_softirq kernel/softirq.c:460 [inline]
    [<ffffffff81238a0c>] do_softirq+0x5c/0x80 kernel/softirq.c:447
    [<ffffffff81238a81>] __local_bh_enable_ip+0x51/0x60 kernel/softirq.c:384
    [<ffffffff840bf0cd>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
    [<ffffffff840bf0cd>] batadv_nc_purge_paths+0x19d/0x1f0 net/batman-adv/network-coding.c:467


Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2021/06/18 17:18 upstream fd0aa1a4567d aba2b2fb .config log report syz memory leak in j1939_xtp_rx_rts
* Struck through repros no longer work on HEAD.