syzbot


memory leak in j1939_sk_sendmsg

Status: upstream: reported C repro on 2021/06/28 04:28
Labels: can (incorrect?)
Reported-by: syzbot+085305c4b952053c9437@syzkaller.appspotmail.com
First crash: 713d, last: 13d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] memory leak in j1939_sk_sendmsg 0 (1) 2021/06/28 04:28
Last patch testing requests (14)
Created Duration User Patch Repo Result
2023/04/14 15:40 15m retest repro upstream OK log
2023/04/14 14:40 17m retest repro upstream OK log
2023/04/14 13:40 15m retest repro upstream OK log
2023/04/14 12:40 17m retest repro upstream report log
2023/04/14 11:40 21m retest repro upstream OK log
2022/12/24 06:31 14m retest repro upstream OK log
2022/12/23 23:31 14m retest repro upstream OK log
2022/12/23 22:31 14m retest repro upstream OK log
2022/12/23 18:31 11m retest repro upstream report log
2022/12/23 16:31 14m retest repro upstream report log
2022/04/22 04:07 7m k.kahurani@gmail.com patch upstream report log
2022/04/19 07:11 11m k.kahurani@gmail.com patch upstream report log
2022/04/18 07:10 6m k.kahurani@gmail.com upstream report log
2021/06/28 12:52 13m kael_w@yeah.net https://github.com/wanjb2115/linux.git 4b7d586b0179 report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888118809c00 (size 240):
  comm "syz-executor.1", pid 5231, jiffies 4294968343 (age 14.970s)
  hex dump (first 32 bytes):
    00 9b 80 18 81 88 ff ff 68 9a 41 16 81 88 ff ff  ........h.A.....
    00 00 50 15 81 88 ff ff 00 e8 75 19 81 88 ff ff  ..P.......u.....
  backtrace:
    [<ffffffff83dccd6d>] __alloc_skb+0x1fd/0x230 net/core/skbuff.c:644
    [<ffffffff83dd5acf>] alloc_skb include/linux/skbuff.h:1288 [inline]
    [<ffffffff83dd5acf>] alloc_skb_with_frags+0x6f/0x340 net/core/skbuff.c:6378
    [<ffffffff83dc25a3>] sock_alloc_send_pskb+0x3a3/0x3e0 net/core/sock.c:2729
    [<ffffffff84411d56>] sock_alloc_send_skb include/net/sock.h:1860 [inline]
    [<ffffffff84411d56>] j1939_sk_alloc_skb net/can/j1939/socket.c:864 [inline]
    [<ffffffff84411d56>] j1939_sk_send_loop net/can/j1939/socket.c:1121 [inline]
    [<ffffffff84411d56>] j1939_sk_sendmsg+0x2d6/0x810 net/can/j1939/socket.c:1256
    [<ffffffff83db7078>] sock_sendmsg_nosec net/socket.c:724 [inline]
    [<ffffffff83db7078>] sock_sendmsg+0x58/0xb0 net/socket.c:747
    [<ffffffff83dbd993>] sock_no_sendpage+0x93/0xc0 net/core/sock.c:3230
    [<ffffffff83db7bc1>] kernel_sendpage net/socket.c:3582 [inline]
    [<ffffffff83db7bc1>] kernel_sendpage+0xd1/0x2b0 net/socket.c:3576
    [<ffffffff83db7de9>] sock_sendpage+0x49/0x80 net/socket.c:1082
    [<ffffffff816b9996>] pipe_to_sendpage+0xa6/0x110 fs/splice.c:471
    [<ffffffff816bb201>] splice_from_pipe_feed fs/splice.c:525 [inline]
    [<ffffffff816bb201>] __splice_from_pipe+0x1f1/0x330 fs/splice.c:669
    [<ffffffff816bbb13>] splice_from_pipe fs/splice.c:704 [inline]
    [<ffffffff816bbb13>] generic_splice_sendpage+0x73/0xb0 fs/splice.c:852
    [<ffffffff816b9a4f>] do_splice_from fs/splice.c:873 [inline]
    [<ffffffff816b9a4f>] direct_splice_actor+0x4f/0x70 fs/splice.c:1039
    [<ffffffff816ba48d>] splice_direct_to_actor+0x14d/0x350 fs/splice.c:994
    [<ffffffff816ba77c>] do_splice_direct+0xec/0x150 fs/splice.c:1082
    [<ffffffff81656d1f>] do_sendfile+0x57f/0x7d0 fs/read_write.c:1254
    [<ffffffff8165acd6>] __do_sys_sendfile64 fs/read_write.c:1322 [inline]
    [<ffffffff8165acd6>] __se_sys_sendfile64 fs/read_write.c:1308 [inline]
    [<ffffffff8165acd6>] __x64_sys_sendfile64+0xe6/0x100 fs/read_write.c:1308

BUG: memory leak
unreferenced object 0xffff888116419a00 (size 512):
  comm "syz-executor.1", pid 5231, jiffies 4294968343 (age 14.970s)
  hex dump (first 32 bytes):
    00 00 38 19 81 88 ff ff 08 9a 41 16 81 88 ff ff  ..8.......A.....
    08 9a 41 16 81 88 ff ff 18 9a 41 16 81 88 ff ff  ..A.......A.....
  backtrace:
    [<ffffffff81545984>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1057
    [<ffffffff844133cb>] kmalloc include/linux/slab.h:559 [inline]
    [<ffffffff844133cb>] kzalloc include/linux/slab.h:680 [inline]
    [<ffffffff844133cb>] j1939_session_new+0x5b/0x160 net/can/j1939/transport.c:1494
    [<ffffffff84418a84>] j1939_tp_send+0x154/0x350 net/can/j1939/transport.c:2004
    [<ffffffff84411f28>] j1939_sk_send_loop net/can/j1939/socket.c:1133 [inline]
    [<ffffffff84411f28>] j1939_sk_sendmsg+0x4a8/0x810 net/can/j1939/socket.c:1256
    [<ffffffff83db7078>] sock_sendmsg_nosec net/socket.c:724 [inline]
    [<ffffffff83db7078>] sock_sendmsg+0x58/0xb0 net/socket.c:747
    [<ffffffff83dbd993>] sock_no_sendpage+0x93/0xc0 net/core/sock.c:3230
    [<ffffffff83db7bc1>] kernel_sendpage net/socket.c:3582 [inline]
    [<ffffffff83db7bc1>] kernel_sendpage+0xd1/0x2b0 net/socket.c:3576
    [<ffffffff83db7de9>] sock_sendpage+0x49/0x80 net/socket.c:1082
    [<ffffffff816b9996>] pipe_to_sendpage+0xa6/0x110 fs/splice.c:471
    [<ffffffff816bb201>] splice_from_pipe_feed fs/splice.c:525 [inline]
    [<ffffffff816bb201>] __splice_from_pipe+0x1f1/0x330 fs/splice.c:669
    [<ffffffff816bbb13>] splice_from_pipe fs/splice.c:704 [inline]
    [<ffffffff816bbb13>] generic_splice_sendpage+0x73/0xb0 fs/splice.c:852
    [<ffffffff816b9a4f>] do_splice_from fs/splice.c:873 [inline]
    [<ffffffff816b9a4f>] direct_splice_actor+0x4f/0x70 fs/splice.c:1039
    [<ffffffff816ba48d>] splice_direct_to_actor+0x14d/0x350 fs/splice.c:994
    [<ffffffff816ba77c>] do_splice_direct+0xec/0x150 fs/splice.c:1082
    [<ffffffff81656d1f>] do_sendfile+0x57f/0x7d0 fs/read_write.c:1254
    [<ffffffff8165acd6>] __do_sys_sendfile64 fs/read_write.c:1322 [inline]
    [<ffffffff8165acd6>] __se_sys_sendfile64 fs/read_write.c:1308 [inline]
    [<ffffffff8165acd6>] __x64_sys_sendfile64+0xe6/0x100 fs/read_write.c:1308

BUG: memory leak
unreferenced object 0xffff888118809b00 (size 240):
  comm "syz-executor.1", pid 5231, jiffies 4294968343 (age 14.970s)
  hex dump (first 32 bytes):
    00 9a 80 18 81 88 ff ff 00 9c 80 18 81 88 ff ff  ................
    00 00 50 15 81 88 ff ff 00 e8 75 19 81 88 ff ff  ..P.......u.....
  backtrace:
    [<ffffffff83dccd6d>] __alloc_skb+0x1fd/0x230 net/core/skbuff.c:644
    [<ffffffff83dd5acf>] alloc_skb include/linux/skbuff.h:1288 [inline]
    [<ffffffff83dd5acf>] alloc_skb_with_frags+0x6f/0x340 net/core/skbuff.c:6378
    [<ffffffff83dc25a3>] sock_alloc_send_pskb+0x3a3/0x3e0 net/core/sock.c:2729
    [<ffffffff84411d56>] sock_alloc_send_skb include/net/sock.h:1860 [inline]
    [<ffffffff84411d56>] j1939_sk_alloc_skb net/can/j1939/socket.c:864 [inline]
    [<ffffffff84411d56>] j1939_sk_send_loop net/can/j1939/socket.c:1121 [inline]
    [<ffffffff84411d56>] j1939_sk_sendmsg+0x2d6/0x810 net/can/j1939/socket.c:1256
    [<ffffffff83db7078>] sock_sendmsg_nosec net/socket.c:724 [inline]
    [<ffffffff83db7078>] sock_sendmsg+0x58/0xb0 net/socket.c:747
    [<ffffffff83dbd993>] sock_no_sendpage+0x93/0xc0 net/core/sock.c:3230
    [<ffffffff83db7bc1>] kernel_sendpage net/socket.c:3582 [inline]
    [<ffffffff83db7bc1>] kernel_sendpage+0xd1/0x2b0 net/socket.c:3576
    [<ffffffff83db7de9>] sock_sendpage+0x49/0x80 net/socket.c:1082
    [<ffffffff816b9996>] pipe_to_sendpage+0xa6/0x110 fs/splice.c:471
    [<ffffffff816bb201>] splice_from_pipe_feed fs/splice.c:525 [inline]
    [<ffffffff816bb201>] __splice_from_pipe+0x1f1/0x330 fs/splice.c:669
    [<ffffffff816bbb13>] splice_from_pipe fs/splice.c:704 [inline]
    [<ffffffff816bbb13>] generic_splice_sendpage+0x73/0xb0 fs/splice.c:852
    [<ffffffff816b9a4f>] do_splice_from fs/splice.c:873 [inline]
    [<ffffffff816b9a4f>] direct_splice_actor+0x4f/0x70 fs/splice.c:1039
    [<ffffffff816ba48d>] splice_direct_to_actor+0x14d/0x350 fs/splice.c:994
    [<ffffffff816ba77c>] do_splice_direct+0xec/0x150 fs/splice.c:1082
    [<ffffffff81656d1f>] do_sendfile+0x57f/0x7d0 fs/read_write.c:1254
    [<ffffffff8165acd6>] __do_sys_sendfile64 fs/read_write.c:1322 [inline]
    [<ffffffff8165acd6>] __se_sys_sendfile64 fs/read_write.c:1308 [inline]
    [<ffffffff8165acd6>] __x64_sys_sendfile64+0xe6/0x100 fs/read_write.c:1308


Crashes (18):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/05/25 17:21 upstream 933174ae28ba 0513b3e6 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/09/12 23:05 upstream 80e78fcce86d f371ed7e .config console log report syz [disk image] [vmlinux] ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/08/04 09:24 upstream 200e340f2196 1c9013ac .config console log report syz C ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/08/04 08:54 upstream 200e340f2196 1c9013ac .config console log report syz C ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/05/14 05:26 upstream ec7f49619d8e 107f6434 .config console log report syz C ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/04/09 14:29 upstream 6c7376da2358 e22c3da3 .config console log report syz C ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2021/09/10 16:34 upstream bf9f243f23e6 5ae8508a .config console log report syz C ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2021/09/09 10:34 upstream 730bf31b8fc8 e2776ee4 .config console log report syz C ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2021/06/24 04:18 upstream 7266f2030eb0 fe4ab389 .config console log report syz C ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/08/07 12:18 upstream 20cf903a0c40 88e3a122 .config console log report syz ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/08/07 09:12 upstream 20cf903a0c40 88e3a122 .config console log report syz ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/06/01 08:35 upstream 2a5699b0de4e 3666edfe .config console log report syz ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/05/28 20:34 upstream 9d004b2f4fea a46af346 .config console log report syz ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/05/28 01:47 upstream 8291eaafed36 a46af346 .config console log report syz ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/05/26 09:34 upstream 7e062cda7d90 3037caa9 .config console log report syz ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/05/15 07:14 upstream 2fe1020d73ca 744a39e2 .config console log report syz ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/04/17 17:51 upstream a2c29ccd9477 8bcc32a6 .config console log report syz ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
2022/04/03 16:19 upstream be2d3ecedd99 79a2a8fc .config console log report syz ci-upstream-gce-leak memory leak in j1939_sk_sendmsg
* Struck through repros no longer work on HEAD.