syzbot


memory leak in j1939_sk_sendmsg
Status: upstream: reported C repro on 2021/06/28 04:28
Reported-by: syzbot+085305c4b952053c9437@syzkaller.appspotmail.com
First crash: 331d, last: 6d03h
Patch testing requests:
Created Duration User Patch Repo Result
2022/04/22 04:07 7m k.kahurani@gmail.com patch upstream report log
2022/04/19 07:11 11m k.kahurani@gmail.com patch upstream report log
2022/04/18 07:10 6m k.kahurani@gmail.com upstream report log
2021/06/28 12:52 13m kael_w@yeah.net https://github.com/wanjb2115/linux.git 4b7d586b0179 report log

Sample crash report:
executing program
BUG: memory leak
unreferenced object 0xffff888110c80d00 (size 232):
  comm "syz-executor879", pid 3619, jiffies 4294945051 (age 12.420s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 80 73 0e 81 88 ff ff 00 e0 21 10 81 88 ff ff  ..s.......!.....
  backtrace:
    [<ffffffff83824166>] __alloc_skb+0x216/0x290 net/core/skbuff.c:414
    [<ffffffff83829b8a>] alloc_skb include/linux/skbuff.h:1300 [inline]
    [<ffffffff83829b8a>] alloc_skb_with_frags+0x6a/0x340 net/core/skbuff.c:5997
    [<ffffffff8381beb3>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2600
    [<ffffffff83e1b6af>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83e1b6af>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83e1b6af>] j1939_sk_sendmsg+0x2cf/0x810 net/can/j1939/socket.c:1253
    [<ffffffff838125e6>] sock_sendmsg_nosec net/socket.c:705 [inline]
    [<ffffffff838125e6>] sock_sendmsg+0x56/0x80 net/socket.c:725
    [<ffffffff83812b4c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2413
    [<ffffffff83816bbb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2467
    [<ffffffff83816cb8>] __sys_sendmsg+0x88/0x100 net/socket.c:2496
    [<ffffffff84565cf5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84565cf5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888110c80e00 (size 232):
  comm "syz-executor879", pid 3619, jiffies 4294945051 (age 12.420s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 80 73 0e 81 88 ff ff 00 e0 21 10 81 88 ff ff  ..s.......!.....
  backtrace:
    [<ffffffff83824166>] __alloc_skb+0x216/0x290 net/core/skbuff.c:414
    [<ffffffff83829b8a>] alloc_skb include/linux/skbuff.h:1300 [inline]
    [<ffffffff83829b8a>] alloc_skb_with_frags+0x6a/0x340 net/core/skbuff.c:5997
    [<ffffffff8381beb3>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2600
    [<ffffffff83e1b6af>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83e1b6af>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83e1b6af>] j1939_sk_sendmsg+0x2cf/0x810 net/can/j1939/socket.c:1253
    [<ffffffff838125e6>] sock_sendmsg_nosec net/socket.c:705 [inline]
    [<ffffffff838125e6>] sock_sendmsg+0x56/0x80 net/socket.c:725
    [<ffffffff83812b4c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2413
    [<ffffffff83816bbb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2467
    [<ffffffff83816cb8>] __sys_sendmsg+0x88/0x100 net/socket.c:2496
    [<ffffffff84565cf5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84565cf5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff88810c262400 (size 1024):
  comm "syz-executor879", pid 3621, jiffies 4294945570 (age 7.230s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    1d 00 07 41 00 00 00 00 00 00 00 00 00 00 00 00  ...A............
  backtrace:
    [<ffffffff83818be2>] kmalloc include/linux/slab.h:586 [inline]
    [<ffffffff83818be2>] sk_prot_alloc+0xd2/0x1b0 net/core/sock.c:1936
    [<ffffffff8381c7c2>] sk_alloc+0x32/0x2e0 net/core/sock.c:1989
    [<ffffffff83e0c948>] can_create+0x108/0x300 net/can/af_can.c:158
    [<ffffffff838113fb>] __sock_create+0x1ab/0x2b0 net/socket.c:1468
    [<ffffffff8381437f>] sock_create net/socket.c:1519 [inline]
    [<ffffffff8381437f>] __sys_socket+0x6f/0x140 net/socket.c:1561
    [<ffffffff8381446a>] __do_sys_socket net/socket.c:1570 [inline]
    [<ffffffff8381446a>] __se_sys_socket net/socket.c:1568 [inline]
    [<ffffffff8381446a>] __x64_sys_socket+0x1a/0x20 net/socket.c:1568
    [<ffffffff84565cf5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84565cf5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888110e9bdc0 (size 32):
  comm "syz-executor879", pid 3621, jiffies 4294945570 (age 7.230s)
  hex dump (first 32 bytes):
    b0 2e 04 40 81 88 ff ff 00 00 00 00 00 00 00 00  ...@............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8224c9d3>] kmalloc include/linux/slab.h:581 [inline]
    [<ffffffff8224c9d3>] kzalloc include/linux/slab.h:714 [inline]
    [<ffffffff8224c9d3>] apparmor_sk_alloc_security+0x53/0xd0 security/apparmor/lsm.c:792
    [<ffffffff82212591>] security_sk_alloc+0x31/0x70 security/security.c:2279
    [<ffffffff83818bfd>] sk_prot_alloc+0xed/0x1b0 net/core/sock.c:1939
    [<ffffffff8381c7c2>] sk_alloc+0x32/0x2e0 net/core/sock.c:1989
    [<ffffffff83e0c948>] can_create+0x108/0x300 net/can/af_can.c:158
    [<ffffffff838113fb>] __sock_create+0x1ab/0x2b0 net/socket.c:1468
    [<ffffffff8381437f>] sock_create net/socket.c:1519 [inline]
    [<ffffffff8381437f>] __sys_socket+0x6f/0x140 net/socket.c:1561
    [<ffffffff8381446a>] __do_sys_socket net/socket.c:1570 [inline]
    [<ffffffff8381446a>] __se_sys_socket net/socket.c:1568 [inline]
    [<ffffffff8381446a>] __x64_sys_socket+0x1a/0x20 net/socket.c:1568
    [<ffffffff84565cf5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84565cf5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

BUG: memory leak
unreferenced object 0xffff888110c79900 (size 232):
  comm "syz-executor879", pid 3621, jiffies 4294945570 (age 7.230s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 80 73 0e 81 88 ff ff 00 24 26 0c 81 88 ff ff  ..s......$&.....
  backtrace:
    [<ffffffff83824166>] __alloc_skb+0x216/0x290 net/core/skbuff.c:414
    [<ffffffff83829b8a>] alloc_skb include/linux/skbuff.h:1300 [inline]
    [<ffffffff83829b8a>] alloc_skb_with_frags+0x6a/0x340 net/core/skbuff.c:5997
    [<ffffffff8381beb3>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2600
    [<ffffffff83e1b6af>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83e1b6af>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83e1b6af>] j1939_sk_sendmsg+0x2cf/0x810 net/can/j1939/socket.c:1253
    [<ffffffff838125e6>] sock_sendmsg_nosec net/socket.c:705 [inline]
    [<ffffffff838125e6>] sock_sendmsg+0x56/0x80 net/socket.c:725
    [<ffffffff83812b4c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2413
    [<ffffffff83816bbb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2467
    [<ffffffff83816cb8>] __sys_sendmsg+0x88/0x100 net/socket.c:2496
    [<ffffffff84565cf5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84565cf5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae


Crashes (8):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2022/05/14 05:26 upstream ec7f49619d8e 107f6434 .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/04/09 14:29 upstream 6c7376da2358 e22c3da3 .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2021/09/10 16:34 upstream bf9f243f23e6 5ae8508a .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2021/09/09 10:34 upstream 730bf31b8fc8 e2776ee4 .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2021/06/24 04:18 upstream 7266f2030eb0 fe4ab389 .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/05/15 07:14 upstream 2fe1020d73ca 744a39e2 .config log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/04/17 17:51 upstream a2c29ccd9477 8bcc32a6 .config log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/04/03 16:19 upstream be2d3ecedd99 79a2a8fc .config log report syz memory leak in j1939_sk_sendmsg