syzbot


memory leak in can_create

Status: upstream: reported C repro on 2021/07/23 15:55
Reported-by: syzbot+ba3c733fb22a7be2ce04@syzkaller.appspotmail.com
First crash: 433d, last: 133d
Patch testing requests:
Created Duration User Patch Repo Result
2021/08/24 09:47 8m asha.16@itfac.mrt.ac.lk https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master report log
2021/07/24 14:16 8m phind.uet@gmail.com upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888111057c00 (size 1024):
  comm "syz-executor242", pid 3610, jiffies 4294944741 (age 8.180s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    1d 00 07 41 00 00 00 00 00 00 00 00 00 00 00 00  ...A............
  backtrace:
    [<ffffffff83818be2>] kmalloc include/linux/slab.h:586 [inline]
    [<ffffffff83818be2>] sk_prot_alloc+0xd2/0x1b0 net/core/sock.c:1936
    [<ffffffff8381c7c2>] sk_alloc+0x32/0x2e0 net/core/sock.c:1989
    [<ffffffff83e0c948>] can_create+0x108/0x300 net/can/af_can.c:158
    [<ffffffff838113fb>] __sock_create+0x1ab/0x2b0 net/socket.c:1468
    [<ffffffff8381437f>] sock_create net/socket.c:1519 [inline]
    [<ffffffff8381437f>] __sys_socket+0x6f/0x140 net/socket.c:1561
    [<ffffffff8381446a>] __do_sys_socket net/socket.c:1570 [inline]
    [<ffffffff8381446a>] __se_sys_socket net/socket.c:1568 [inline]
    [<ffffffff8381446a>] __x64_sys_socket+0x1a/0x20 net/socket.c:1568
    [<ffffffff84565cf5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84565cf5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff8881112e4de0 (size 32):
  comm "syz-executor242", pid 3610, jiffies 4294944741 (age 8.180s)
  hex dump (first 32 bytes):
    b0 2e 04 40 81 88 ff ff 00 00 00 00 00 00 00 00  ...@............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8224c9d3>] kmalloc include/linux/slab.h:581 [inline]
    [<ffffffff8224c9d3>] kzalloc include/linux/slab.h:714 [inline]
    [<ffffffff8224c9d3>] apparmor_sk_alloc_security+0x53/0xd0 security/apparmor/lsm.c:792
    [<ffffffff82212591>] security_sk_alloc+0x31/0x70 security/security.c:2279
    [<ffffffff83818bfd>] sk_prot_alloc+0xed/0x1b0 net/core/sock.c:1939
    [<ffffffff8381c7c2>] sk_alloc+0x32/0x2e0 net/core/sock.c:1989
    [<ffffffff83e0c948>] can_create+0x108/0x300 net/can/af_can.c:158
    [<ffffffff838113fb>] __sock_create+0x1ab/0x2b0 net/socket.c:1468
    [<ffffffff8381437f>] sock_create net/socket.c:1519 [inline]
    [<ffffffff8381437f>] __sys_socket+0x6f/0x140 net/socket.c:1561
    [<ffffffff8381446a>] __do_sys_socket net/socket.c:1570 [inline]
    [<ffffffff8381446a>] __se_sys_socket net/socket.c:1568 [inline]
    [<ffffffff8381446a>] __x64_sys_socket+0x1a/0x20 net/socket.c:1568
    [<ffffffff84565cf5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84565cf5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff88811133d800 (size 232):
  comm "syz-executor242", pid 3610, jiffies 4294944741 (age 8.180s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 06 0e 81 88 ff ff 00 7c 05 11 81 88 ff ff  .........|......
  backtrace:
    [<ffffffff83824166>] __alloc_skb+0x216/0x290 net/core/skbuff.c:414
    [<ffffffff83829b8a>] alloc_skb include/linux/skbuff.h:1300 [inline]
    [<ffffffff83829b8a>] alloc_skb_with_frags+0x6a/0x340 net/core/skbuff.c:5997
    [<ffffffff8381beb3>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2600
    [<ffffffff83e1b6af>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83e1b6af>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83e1b6af>] j1939_sk_sendmsg+0x2cf/0x810 net/can/j1939/socket.c:1253
    [<ffffffff838125e6>] sock_sendmsg_nosec net/socket.c:705 [inline]
    [<ffffffff838125e6>] sock_sendmsg+0x56/0x80 net/socket.c:725
    [<ffffffff83812b4c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2413
    [<ffffffff83816bbb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2467
    [<ffffffff83816cb8>] __sys_sendmsg+0x88/0x100 net/socket.c:2496
    [<ffffffff84565cf5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84565cf5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff88811133db00 (size 232):
  comm "syz-executor242", pid 3610, jiffies 4294944741 (age 8.180s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 06 0e 81 88 ff ff 00 7c 05 11 81 88 ff ff  .........|......
  backtrace:
    [<ffffffff83824166>] __alloc_skb+0x216/0x290 net/core/skbuff.c:414
    [<ffffffff83829b8a>] alloc_skb include/linux/skbuff.h:1300 [inline]
    [<ffffffff83829b8a>] alloc_skb_with_frags+0x6a/0x340 net/core/skbuff.c:5997
    [<ffffffff8381beb3>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2600
    [<ffffffff83e1b6af>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83e1b6af>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83e1b6af>] j1939_sk_sendmsg+0x2cf/0x810 net/can/j1939/socket.c:1253
    [<ffffffff838125e6>] sock_sendmsg_nosec net/socket.c:705 [inline]
    [<ffffffff838125e6>] sock_sendmsg+0x56/0x80 net/socket.c:725
    [<ffffffff83812b4c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2413
    [<ffffffff83816bbb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2467
    [<ffffffff83816cb8>] __sys_sendmsg+0x88/0x100 net/socket.c:2496
    [<ffffffff84565cf5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84565cf5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae


Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2022/05/15 19:45 upstream bc403203d65a 744a39e2 .config log report syz C memory leak in can_create
ci-upstream-gce-leak 2021/07/19 15:48 upstream 2734d6c1b1a0 e6a17580 .config log report syz C memory leak in can_create
* Struck through repros no longer work on HEAD.