syzbot

 sign-in | mailing list | source | docs
🐞 Open [1165] 🐞 Fixed [4326] 🐞 Invalid [9671] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

memory leak in j1939_sk_sendmsg

Status: upstream: reported C repro on 2021/06/28 04:28
Reported-by: syzbot+085305c4b952053c9437@syzkaller.appspotmail.com
First crash: 594d, last: 148d
Last patch testing requests:
Created Duration User Patch Repo Result
2022/12/24 06:31 14m retest repro upstream OK log
2022/12/23 23:31 14m retest repro upstream OK log
2022/12/23 22:31 14m retest repro upstream OK log
2022/12/23 18:31 11m retest repro upstream report log
2022/12/23 16:31 14m retest repro upstream report log
2022/12/23 14:31 14m retest repro upstream OK log
2022/12/23 08:31 14m retest repro upstream OK log
2022/12/23 07:31 14m retest repro upstream OK log
2022/12/23 06:31 14m retest repro upstream report log
2022/12/23 04:31 13m retest repro upstream report log
2022/04/22 04:07 7m k.kahurani@gmail.com patch upstream report log
2022/04/19 07:11 11m k.kahurani@gmail.com patch upstream report log
2022/04/18 07:10 6m k.kahurani@gmail.com upstream report log
2021/06/28 12:52 13m kael_w@yeah.net https://github.com/wanjb2115/linux.git 4b7d586b0179 report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff8881119ddd00 (size 232):
  comm "syz-executor637", pid 6835, jiffies 4294942875 (age 8.290s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 80 51 14 81 88 ff ff 00 d0 61 17 81 88 ff ff  ..Q.......a.....
  backtrace:
    [<ffffffff8370aacf>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:414
    [<ffffffff8371536a>] alloc_skb include/linux/skbuff.h:1116 [inline]
    [<ffffffff8371536a>] alloc_skb_with_frags+0x6a/0x2b0 net/core/skbuff.c:6073
    [<ffffffff83702b23>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2475
    [<ffffffff83cdd08f>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83cdd08f>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83cdd08f>] j1939_sk_sendmsg+0x2cf/0x800 net/can/j1939/socket.c:1253
    [<ffffffff836f9846>] sock_sendmsg_nosec net/socket.c:704 [inline]
    [<ffffffff836f9846>] sock_sendmsg+0x56/0x80 net/socket.c:724
    [<ffffffff836ff95f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2980
    [<ffffffff836f90c3>] kernel_sendpage.part.0+0xa3/0x140 net/socket.c:3504
    [<ffffffff836f9e2b>] kernel_sendpage net/socket.c:3501 [inline]
    [<ffffffff836f9e2b>] sock_sendpage+0x5b/0x90 net/socket.c:1003
    [<ffffffff815d1f92>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
    [<ffffffff815d3e22>] splice_from_pipe_feed fs/splice.c:418 [inline]
    [<ffffffff815d3e22>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
    [<ffffffff815d464f>] splice_from_pipe fs/splice.c:597 [inline]
    [<ffffffff815d464f>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
    [<ffffffff815d204b>] do_splice_from fs/splice.c:767 [inline]
    [<ffffffff815d204b>] direct_splice_actor+0x4b/0x70 fs/splice.c:936
    [<ffffffff815d2763>] splice_direct_to_actor+0x153/0x350 fs/splice.c:891
    [<ffffffff815d2a48>] do_splice_direct+0xe8/0x150 fs/splice.c:979
    [<ffffffff81572b77>] do_sendfile+0x587/0x7e0 fs/read_write.c:1249
    [<ffffffff815755e2>] __do_sys_sendfile64 fs/read_write.c:1314 [inline]
    [<ffffffff815755e2>] __se_sys_sendfile64 fs/read_write.c:1300 [inline]
    [<ffffffff815755e2>] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1300

BUG: memory leak
unreferenced object 0xffff8881119ddc00 (size 232):
  comm "syz-executor637", pid 6835, jiffies 4294942875 (age 8.290s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 80 51 14 81 88 ff ff 00 d0 61 17 81 88 ff ff  ..Q.......a.....
  backtrace:
    [<ffffffff8370aacf>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:414
    [<ffffffff8371536a>] alloc_skb include/linux/skbuff.h:1116 [inline]
    [<ffffffff8371536a>] alloc_skb_with_frags+0x6a/0x2b0 net/core/skbuff.c:6073
    [<ffffffff83702b23>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2475
    [<ffffffff83cdd08f>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83cdd08f>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83cdd08f>] j1939_sk_sendmsg+0x2cf/0x800 net/can/j1939/socket.c:1253
    [<ffffffff836f9846>] sock_sendmsg_nosec net/socket.c:704 [inline]
    [<ffffffff836f9846>] sock_sendmsg+0x56/0x80 net/socket.c:724
    [<ffffffff836ff95f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2980
    [<ffffffff836f90c3>] kernel_sendpage.part.0+0xa3/0x140 net/socket.c:3504
    [<ffffffff836f9e2b>] kernel_sendpage net/socket.c:3501 [inline]
    [<ffffffff836f9e2b>] sock_sendpage+0x5b/0x90 net/socket.c:1003
    [<ffffffff815d1f92>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
    [<ffffffff815d3e22>] splice_from_pipe_feed fs/splice.c:418 [inline]
    [<ffffffff815d3e22>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
    [<ffffffff815d464f>] splice_from_pipe fs/splice.c:597 [inline]
    [<ffffffff815d464f>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
    [<ffffffff815d204b>] do_splice_from fs/splice.c:767 [inline]
    [<ffffffff815d204b>] direct_splice_actor+0x4b/0x70 fs/splice.c:936
    [<ffffffff815d2763>] splice_direct_to_actor+0x153/0x350 fs/splice.c:891
    [<ffffffff815d2a48>] do_splice_direct+0xe8/0x150 fs/splice.c:979
    [<ffffffff81572b77>] do_sendfile+0x587/0x7e0 fs/read_write.c:1249
    [<ffffffff815755e2>] __do_sys_sendfile64 fs/read_write.c:1314 [inline]
    [<ffffffff815755e2>] __se_sys_sendfile64 fs/read_write.c:1300 [inline]
    [<ffffffff815755e2>] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1300

BUG: memory leak
unreferenced object 0xffff88811777d400 (size 1024):
  comm "syz-executor637", pid 6835, jiffies 4294942875 (age 8.290s)
  hex dump (first 32 bytes):
    0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8370a99f>] kmalloc_reserve net/core/skbuff.c:355 [inline]
    [<ffffffff8370a99f>] __alloc_skb+0xdf/0x280 net/core/skbuff.c:426
    [<ffffffff8371536a>] alloc_skb include/linux/skbuff.h:1116 [inline]
    [<ffffffff8371536a>] alloc_skb_with_frags+0x6a/0x2b0 net/core/skbuff.c:6073
    [<ffffffff83702b23>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2475
    [<ffffffff83cdd08f>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83cdd08f>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83cdd08f>] j1939_sk_sendmsg+0x2cf/0x800 net/can/j1939/socket.c:1253
    [<ffffffff836f9846>] sock_sendmsg_nosec net/socket.c:704 [inline]
    [<ffffffff836f9846>] sock_sendmsg+0x56/0x80 net/socket.c:724
    [<ffffffff836ff95f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2980
    [<ffffffff836f90c3>] kernel_sendpage.part.0+0xa3/0x140 net/socket.c:3504
    [<ffffffff836f9e2b>] kernel_sendpage net/socket.c:3501 [inline]
    [<ffffffff836f9e2b>] sock_sendpage+0x5b/0x90 net/socket.c:1003
    [<ffffffff815d1f92>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
    [<ffffffff815d3e22>] splice_from_pipe_feed fs/splice.c:418 [inline]
    [<ffffffff815d3e22>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
    [<ffffffff815d464f>] splice_from_pipe fs/splice.c:597 [inline]
    [<ffffffff815d464f>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
    [<ffffffff815d204b>] do_splice_from fs/splice.c:767 [inline]
    [<ffffffff815d204b>] direct_splice_actor+0x4b/0x70 fs/splice.c:936
    [<ffffffff815d2763>] splice_direct_to_actor+0x153/0x350 fs/splice.c:891
    [<ffffffff815d2a48>] do_splice_direct+0xe8/0x150 fs/splice.c:979
    [<ffffffff81572b77>] do_sendfile+0x587/0x7e0 fs/read_write.c:1249
    [<ffffffff815755e2>] __do_sys_sendfile64 fs/read_write.c:1314 [inline]
    [<ffffffff815755e2>] __se_sys_sendfile64 fs/read_write.c:1300 [inline]
    [<ffffffff815755e2>] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1300

Crashes (17):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-leak 2021/09/09 10:34 upstream 730bf31b8fc8 e2776ee4 .config console log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/09/12 23:05 upstream 80e78fcce86d f371ed7e .config console log report syz [disk image] [vmlinux] memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/08/07 12:18 upstream 20cf903a0c40 88e3a122 .config console log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/05/28 01:47 upstream 8291eaafed36 a46af346 .config console log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/05/26 09:34 upstream 7e062cda7d90 3037caa9 .config console log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/08/04 09:24 upstream 200e340f2196 1c9013ac .config console log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/08/04 08:54 upstream 200e340f2196 1c9013ac .config console log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/05/14 05:26 upstream ec7f49619d8e 107f6434 .config console log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/04/09 14:29 upstream 6c7376da2358 e22c3da3 .config console log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2021/09/10 16:34 upstream bf9f243f23e6 5ae8508a .config console log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2021/06/24 04:18 upstream 7266f2030eb0 fe4ab389 .config console log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/08/07 09:12 upstream 20cf903a0c40 88e3a122 .config console log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/06/01 08:35 upstream 2a5699b0de4e 3666edfe .config console log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/05/28 20:34 upstream 9d004b2f4fea a46af346 .config console log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/05/15 07:14 upstream 2fe1020d73ca 744a39e2 .config console log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/04/17 17:51 upstream a2c29ccd9477 8bcc32a6 .config console log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/04/03 16:19 upstream be2d3ecedd99 79a2a8fc .config console log report syz memory leak in j1939_sk_sendmsg
* Struck through repros no longer work on HEAD.