syzbot


memory leak in j1939_xtp_rx_rts

Status: upstream: reported syz repro on 2021/06/22 17:24
Labels: can (incorrect?)
Reported-by: syzbot+d56eaa979f1a3d6e2e2e@syzkaller.appspotmail.com
First crash: 715d, last: 43d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] memory leak in j1939_xtp_rx_rts 0 (1) 2021/06/22 17:24
Last patch testing requests (4)
Created Duration User Patch Repo Result
2023/04/21 07:44 15m retest repro upstream report log
2023/04/21 07:44 10m retest repro upstream report log
2022/10/19 01:30 9m retest repro upstream report log
2021/06/25 09:43 8m phind.uet@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88811746d700 (size 240):
  comm "softirq", pid 0, jiffies 4295102128 (age 12.360s)
  hex dump (first 32 bytes):
    68 08 b0 16 81 88 ff ff 68 08 b0 16 81 88 ff ff  h.......h.......
    00 00 82 14 81 88 ff ff 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff83b0da72>] __alloc_skb+0x202/0x270 net/core/skbuff.c:552
    [<ffffffff84137c2d>] alloc_skb include/linux/skbuff.h:1270 [inline]
    [<ffffffff84137c2d>] j1939_session_fresh_new net/can/j1939/transport.c:1532 [inline]
    [<ffffffff84137c2d>] j1939_xtp_rx_rts_session_new net/can/j1939/transport.c:1628 [inline]
    [<ffffffff84137c2d>] j1939_xtp_rx_rts+0x46d/0xb00 net/can/j1939/transport.c:1732
    [<ffffffff841388da>] j1939_tp_cmd_recv net/can/j1939/transport.c:2054 [inline]
    [<ffffffff841388da>] j1939_tp_recv+0x2ca/0x700 net/can/j1939/transport.c:2141
    [<ffffffff8412efc0>] j1939_can_recv net/can/j1939/main.c:112 [inline]
    [<ffffffff8412efc0>] j1939_can_recv+0x330/0x490 net/can/j1939/main.c:38
    [<ffffffff84120ae8>] deliver net/can/af_can.c:572 [inline]
    [<ffffffff84120ae8>] can_rcv_filter+0xd8/0x290 net/can/af_can.c:606
    [<ffffffff84121150>] can_receive+0xf0/0x140 net/can/af_can.c:663
    [<ffffffff8412128a>] can_rcv+0xea/0x100 net/can/af_can.c:687
    [<ffffffff83b404ca>] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5482
    [<ffffffff83b4054f>] __netif_receive_skb+0x1f/0x90 net/core/dev.c:5596
    [<ffffffff83b408b4>] process_backlog+0xb4/0x190 net/core/dev.c:5924
    [<ffffffff83b41e9d>] __napi_poll+0x3d/0x290 net/core/dev.c:6485
    [<ffffffff83b426cc>] napi_poll net/core/dev.c:6552 [inline]
    [<ffffffff83b426cc>] net_rx_action+0x3ac/0x490 net/core/dev.c:6663
    [<ffffffff8490ccbb>] __do_softirq+0xeb/0x2ef kernel/softirq.c:571

BUG: memory leak
unreferenced object 0xffff888116b00800 (size 512):
  comm "softirq", pid 0, jiffies 4295102128 (age 12.360s)
  hex dump (first 32 bytes):
    00 80 1f 19 81 88 ff ff 08 08 b0 16 81 88 ff ff  ................
    08 08 b0 16 81 88 ff ff 18 08 b0 16 81 88 ff ff  ................
  backtrace:
    [<ffffffff814f94a0>] kmalloc_trace+0x20/0x90 mm/slab_common.c:1062
    [<ffffffff8413311b>] kmalloc include/linux/slab.h:580 [inline]
    [<ffffffff8413311b>] kzalloc include/linux/slab.h:720 [inline]
    [<ffffffff8413311b>] j1939_session_new+0x5b/0x160 net/can/j1939/transport.c:1491
    [<ffffffff84137cc4>] j1939_session_fresh_new net/can/j1939/transport.c:1543 [inline]
    [<ffffffff84137cc4>] j1939_xtp_rx_rts_session_new net/can/j1939/transport.c:1628 [inline]
    [<ffffffff84137cc4>] j1939_xtp_rx_rts+0x504/0xb00 net/can/j1939/transport.c:1732
    [<ffffffff841388da>] j1939_tp_cmd_recv net/can/j1939/transport.c:2054 [inline]
    [<ffffffff841388da>] j1939_tp_recv+0x2ca/0x700 net/can/j1939/transport.c:2141
    [<ffffffff8412efc0>] j1939_can_recv net/can/j1939/main.c:112 [inline]
    [<ffffffff8412efc0>] j1939_can_recv+0x330/0x490 net/can/j1939/main.c:38
    [<ffffffff84120ae8>] deliver net/can/af_can.c:572 [inline]
    [<ffffffff84120ae8>] can_rcv_filter+0xd8/0x290 net/can/af_can.c:606
    [<ffffffff84121150>] can_receive+0xf0/0x140 net/can/af_can.c:663
    [<ffffffff8412128a>] can_rcv+0xea/0x100 net/can/af_can.c:687
    [<ffffffff83b404ca>] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5482
    [<ffffffff83b4054f>] __netif_receive_skb+0x1f/0x90 net/core/dev.c:5596
    [<ffffffff83b408b4>] process_backlog+0xb4/0x190 net/core/dev.c:5924
    [<ffffffff83b41e9d>] __napi_poll+0x3d/0x290 net/core/dev.c:6485
    [<ffffffff83b426cc>] napi_poll net/core/dev.c:6552 [inline]
    [<ffffffff83b426cc>] net_rx_action+0x3ac/0x490 net/core/dev.c:6663
    [<ffffffff8490ccbb>] __do_softirq+0xeb/0x2ef kernel/softirq.c:571


Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/01/11 01:27 upstream 40c18f363a08 1dac8c7a .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in j1939_xtp_rx_rts
2021/06/18 17:18 upstream fd0aa1a4567d aba2b2fb .config console log report syz ci-upstream-gce-leak memory leak in j1939_xtp_rx_rts
* Struck through repros no longer work on HEAD.