syzbot


memory leak in j1939_xtp_rx_rts

Status: auto-obsoleted due to no activity on 2023/09/08 22:49
Subsystems: can
[Documentation on labels]
Reported-by: syzbot+d56eaa979f1a3d6e2e2e@syzkaller.appspotmail.com
First crash: 1004d, last: 333d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] memory leak in j1939_xtp_rx_rts 0 (1) 2021/06/22 17:24
Last patch testing requests (7)
Created Duration User Patch Repo Result
2023/09/08 22:15 33m retest repro upstream OK log
2023/06/30 21:12 15m retest repro upstream OK log
2023/06/30 21:12 15m retest repro upstream report log
2023/04/21 07:44 15m retest repro upstream report log
2023/04/21 07:44 10m retest repro upstream report log
2022/10/19 01:30 9m retest repro upstream report log
2021/06/25 09:43 8m phind.uet@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888126b3d500 (size 232):
  comm "softirq", pid 0, jiffies 4294974634 (age 13.120s)
  hex dump (first 32 bytes):
    68 16 14 26 81 88 ff ff 68 16 14 26 81 88 ff ff  h..&....h..&....
    00 80 5d 22 81 88 ff ff 00 00 00 00 00 00 00 00  ..]"............
  backtrace:
    [<ffffffff836a0d5f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:413
    [<ffffffff83c599e1>] alloc_skb include/linux/skbuff.h:1107 [inline]
    [<ffffffff83c599e1>] j1939_session_fresh_new net/can/j1939/transport.c:1484 [inline]
    [<ffffffff83c599e1>] j1939_xtp_rx_rts_session_new net/can/j1939/transport.c:1578 [inline]
    [<ffffffff83c599e1>] j1939_xtp_rx_rts+0x451/0xac0 net/can/j1939/transport.c:1679
    [<ffffffff83c5a7eb>] j1939_tp_cmd_recv net/can/j1939/transport.c:1986 [inline]
    [<ffffffff83c5a7eb>] j1939_tp_recv+0x44b/0x640 net/can/j1939/transport.c:2067
    [<ffffffff83c515dc>] j1939_can_recv+0x2bc/0x420 net/can/j1939/main.c:101
    [<ffffffff83c43d98>] deliver net/can/af_can.c:574 [inline]
    [<ffffffff83c43d98>] can_rcv_filter+0xd8/0x290 net/can/af_can.c:608
    [<ffffffff83c44360>] can_receive+0xf0/0x140 net/can/af_can.c:665
    [<ffffffff83c4442d>] can_rcv+0x7d/0xf0 net/can/af_can.c:696
    [<ffffffff836d2e1a>] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5459
    [<ffffffff836d2ea7>] __netif_receive_skb+0x27/0xa0 net/core/dev.c:5573
    [<ffffffff836d3234>] process_backlog+0xb4/0x1a0 net/core/dev.c:6437
    [<ffffffff836d54fd>] __napi_poll+0x3d/0x2a0 net/core/dev.c:6985
    [<ffffffff836d5cea>] napi_poll net/core/dev.c:7052 [inline]
    [<ffffffff836d5cea>] net_rx_action+0x32a/0x410 net/core/dev.c:7139
    [<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:559
    [<ffffffff81238a0c>] do_softirq kernel/softirq.c:460 [inline]
    [<ffffffff81238a0c>] do_softirq+0x5c/0x80 kernel/softirq.c:447
    [<ffffffff81238a81>] __local_bh_enable_ip+0x51/0x60 kernel/softirq.c:384
    [<ffffffff840bf0cd>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
    [<ffffffff840bf0cd>] batadv_nc_purge_paths+0x19d/0x1f0 net/batman-adv/network-coding.c:467

BUG: memory leak
unreferenced object 0xffff888126141600 (size 512):
  comm "softirq", pid 0, jiffies 4294974634 (age 13.120s)
  hex dump (first 32 bytes):
    00 e0 9f 2a 81 88 ff ff 08 16 14 26 81 88 ff ff  ...*.......&....
    08 16 14 26 81 88 ff ff 18 16 14 26 81 88 ff ff  ...&.......&....
  backtrace:
    [<ffffffff83c552eb>] kmalloc include/linux/slab.h:556 [inline]
    [<ffffffff83c552eb>] kzalloc include/linux/slab.h:686 [inline]
    [<ffffffff83c552eb>] j1939_session_new+0x5b/0x160 net/can/j1939/transport.c:1443
    [<ffffffff83c59a78>] j1939_session_fresh_new net/can/j1939/transport.c:1495 [inline]
    [<ffffffff83c59a78>] j1939_xtp_rx_rts_session_new net/can/j1939/transport.c:1578 [inline]
    [<ffffffff83c59a78>] j1939_xtp_rx_rts+0x4e8/0xac0 net/can/j1939/transport.c:1679
    [<ffffffff83c5a7eb>] j1939_tp_cmd_recv net/can/j1939/transport.c:1986 [inline]
    [<ffffffff83c5a7eb>] j1939_tp_recv+0x44b/0x640 net/can/j1939/transport.c:2067
    [<ffffffff83c515dc>] j1939_can_recv+0x2bc/0x420 net/can/j1939/main.c:101
    [<ffffffff83c43d98>] deliver net/can/af_can.c:574 [inline]
    [<ffffffff83c43d98>] can_rcv_filter+0xd8/0x290 net/can/af_can.c:608
    [<ffffffff83c44360>] can_receive+0xf0/0x140 net/can/af_can.c:665
    [<ffffffff83c4442d>] can_rcv+0x7d/0xf0 net/can/af_can.c:696
    [<ffffffff836d2e1a>] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5459
    [<ffffffff836d2ea7>] __netif_receive_skb+0x27/0xa0 net/core/dev.c:5573
    [<ffffffff836d3234>] process_backlog+0xb4/0x1a0 net/core/dev.c:6437
    [<ffffffff836d54fd>] __napi_poll+0x3d/0x2a0 net/core/dev.c:6985
    [<ffffffff836d5cea>] napi_poll net/core/dev.c:7052 [inline]
    [<ffffffff836d5cea>] net_rx_action+0x32a/0x410 net/core/dev.c:7139
    [<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:559
    [<ffffffff81238a0c>] do_softirq kernel/softirq.c:460 [inline]
    [<ffffffff81238a0c>] do_softirq+0x5c/0x80 kernel/softirq.c:447
    [<ffffffff81238a81>] __local_bh_enable_ip+0x51/0x60 kernel/softirq.c:384
    [<ffffffff840bf0cd>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
    [<ffffffff840bf0cd>] batadv_nc_purge_paths+0x19d/0x1f0 net/batman-adv/network-coding.c:467

BUG: memory leak
unreferenced object 0xffff888126b3d300 (size 232):
  comm "softirq", pid 0, jiffies 4294974634 (age 13.120s)
  hex dump (first 32 bytes):
    68 08 05 27 81 88 ff ff 68 08 05 27 81 88 ff ff  h..'....h..'....
    00 00 0b 22 81 88 ff ff 00 00 00 00 00 00 00 00  ..."............
  backtrace:
    [<ffffffff836a0d5f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:413
    [<ffffffff83c599e1>] alloc_skb include/linux/skbuff.h:1107 [inline]
    [<ffffffff83c599e1>] j1939_session_fresh_new net/can/j1939/transport.c:1484 [inline]
    [<ffffffff83c599e1>] j1939_xtp_rx_rts_session_new net/can/j1939/transport.c:1578 [inline]
    [<ffffffff83c599e1>] j1939_xtp_rx_rts+0x451/0xac0 net/can/j1939/transport.c:1679
    [<ffffffff83c5a7eb>] j1939_tp_cmd_recv net/can/j1939/transport.c:1986 [inline]
    [<ffffffff83c5a7eb>] j1939_tp_recv+0x44b/0x640 net/can/j1939/transport.c:2067
    [<ffffffff83c515dc>] j1939_can_recv+0x2bc/0x420 net/can/j1939/main.c:101
    [<ffffffff83c43d98>] deliver net/can/af_can.c:574 [inline]
    [<ffffffff83c43d98>] can_rcv_filter+0xd8/0x290 net/can/af_can.c:608
    [<ffffffff83c44360>] can_receive+0xf0/0x140 net/can/af_can.c:665
    [<ffffffff83c4442d>] can_rcv+0x7d/0xf0 net/can/af_can.c:696
    [<ffffffff836d2e1a>] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5459
    [<ffffffff836d2ea7>] __netif_receive_skb+0x27/0xa0 net/core/dev.c:5573
    [<ffffffff836d3234>] process_backlog+0xb4/0x1a0 net/core/dev.c:6437
    [<ffffffff836d54fd>] __napi_poll+0x3d/0x2a0 net/core/dev.c:6985
    [<ffffffff836d5cea>] napi_poll net/core/dev.c:7052 [inline]
    [<ffffffff836d5cea>] net_rx_action+0x32a/0x410 net/core/dev.c:7139
    [<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:559
    [<ffffffff81238a0c>] do_softirq kernel/softirq.c:460 [inline]
    [<ffffffff81238a0c>] do_softirq+0x5c/0x80 kernel/softirq.c:447
    [<ffffffff81238a81>] __local_bh_enable_ip+0x51/0x60 kernel/softirq.c:384
    [<ffffffff840bf0cd>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
    [<ffffffff840bf0cd>] batadv_nc_purge_paths+0x19d/0x1f0 net/batman-adv/network-coding.c:467


Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/06/18 17:18 upstream fd0aa1a4567d aba2b2fb .config console log report syz ci-upstream-gce-leak memory leak in j1939_xtp_rx_rts
2023/01/11 01:27 upstream 40c18f363a08 1dac8c7a .config console log report syz ci-upstream-gce-leak memory leak in j1939_xtp_rx_rts
* Struck through repros no longer work on HEAD.