syzbot


memory leak in j1939_sk_sendmsg

Status: upstream: reported C repro on 2021/06/28 04:28
Reported-by: syzbot+085305c4b952053c9437@syzkaller.appspotmail.com
First crash: 459d, last: 13d
Patch testing requests:
Created Duration User Patch Repo Result
2022/04/22 04:07 7m k.kahurani@gmail.com patch upstream report log
2022/04/19 07:11 11m k.kahurani@gmail.com patch upstream report log
2022/04/18 07:10 6m k.kahurani@gmail.com upstream report log
2021/06/28 12:52 13m kael_w@yeah.net https://github.com/wanjb2115/linux.git 4b7d586b0179 report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88810a65c900 (size 240):
  comm "syz-executor852", pid 3608, jiffies 4294944187 (age 8.140s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 46 0b 81 88 ff ff 00 04 43 0b 81 88 ff ff  ..F.......C.....
  backtrace:
    [<ffffffff8385f186>] __alloc_skb+0x216/0x290 net/core/skbuff.c:414
    [<ffffffff83864d6a>] alloc_skb include/linux/skbuff.h:1434 [inline]
    [<ffffffff83864d6a>] alloc_skb_with_frags+0x6a/0x340 net/core/skbuff.c:6021
    [<ffffffff83856bb3>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2662
    [<ffffffff83e5d912>] sock_alloc_send_skb include/net/sock.h:1831 [inline]
    [<ffffffff83e5d912>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83e5d912>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83e5d912>] j1939_sk_sendmsg+0x2d2/0x810 net/can/j1939/socket.c:1253
    [<ffffffff8384d0b6>] sock_sendmsg_nosec net/socket.c:714 [inline]
    [<ffffffff8384d0b6>] sock_sendmsg+0x56/0x80 net/socket.c:734
    [<ffffffff8384d61c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2485
    [<ffffffff838517f8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2539
    [<ffffffff83851988>] __sys_sendmsg+0x88/0x100 net/socket.c:2568
    [<ffffffff845ad8d5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff845ad8d5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810a65c500 (size 240):
  comm "syz-executor852", pid 3608, jiffies 4294944187 (age 8.140s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 46 0b 81 88 ff ff 00 04 43 0b 81 88 ff ff  ..F.......C.....
  backtrace:
    [<ffffffff8385f186>] __alloc_skb+0x216/0x290 net/core/skbuff.c:414
    [<ffffffff83864d6a>] alloc_skb include/linux/skbuff.h:1434 [inline]
    [<ffffffff83864d6a>] alloc_skb_with_frags+0x6a/0x340 net/core/skbuff.c:6021
    [<ffffffff83856bb3>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2662
    [<ffffffff83e5d912>] sock_alloc_send_skb include/net/sock.h:1831 [inline]
    [<ffffffff83e5d912>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83e5d912>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83e5d912>] j1939_sk_sendmsg+0x2d2/0x810 net/can/j1939/socket.c:1253
    [<ffffffff8384d0b6>] sock_sendmsg_nosec net/socket.c:714 [inline]
    [<ffffffff8384d0b6>] sock_sendmsg+0x56/0x80 net/socket.c:734
    [<ffffffff8384d61c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2485
    [<ffffffff838517f8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2539
    [<ffffffff83851988>] __sys_sendmsg+0x88/0x100 net/socket.c:2568
    [<ffffffff845ad8d5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff845ad8d5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810cc95800 (size 2048):
  comm "syz-executor852", pid 3608, jiffies 4294944187 (age 8.140s)
  hex dump (first 32 bytes):
    15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8385f053>] kmalloc_reserve net/core/skbuff.c:354 [inline]
    [<ffffffff8385f053>] __alloc_skb+0xe3/0x290 net/core/skbuff.c:426
    [<ffffffff83864d6a>] alloc_skb include/linux/skbuff.h:1434 [inline]
    [<ffffffff83864d6a>] alloc_skb_with_frags+0x6a/0x340 net/core/skbuff.c:6021
    [<ffffffff83856bb3>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2662
    [<ffffffff83e5d912>] sock_alloc_send_skb include/net/sock.h:1831 [inline]
    [<ffffffff83e5d912>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83e5d912>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83e5d912>] j1939_sk_sendmsg+0x2d2/0x810 net/can/j1939/socket.c:1253
    [<ffffffff8384d0b6>] sock_sendmsg_nosec net/socket.c:714 [inline]
    [<ffffffff8384d0b6>] sock_sendmsg+0x56/0x80 net/socket.c:734
    [<ffffffff8384d61c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2485
    [<ffffffff838517f8>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2539
    [<ffffffff83851988>] __sys_sendmsg+0x88/0x100 net/socket.c:2568
    [<ffffffff845ad8d5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff845ad8d5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd


Crashes (17):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2022/08/04 09:24 upstream 200e340f2196 1c9013ac .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/08/04 08:54 upstream 200e340f2196 1c9013ac .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/05/14 05:26 upstream ec7f49619d8e 107f6434 .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/04/09 14:29 upstream 6c7376da2358 e22c3da3 .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2021/09/10 16:34 upstream bf9f243f23e6 5ae8508a .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2021/09/09 10:34 upstream 730bf31b8fc8 e2776ee4 .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2021/06/24 04:18 upstream 7266f2030eb0 fe4ab389 .config log report syz C memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/09/12 23:05 upstream 80e78fcce86d f371ed7e .config log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/08/07 12:18 upstream 20cf903a0c40 88e3a122 .config log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/08/07 09:12 upstream 20cf903a0c40 88e3a122 .config log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/06/01 08:35 upstream 2a5699b0de4e 3666edfe .config log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/05/28 20:34 upstream 9d004b2f4fea a46af346 .config log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/05/28 01:47 upstream 8291eaafed36 a46af346 .config log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/05/26 09:34 upstream 7e062cda7d90 3037caa9 .config log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/05/15 07:14 upstream 2fe1020d73ca 744a39e2 .config log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/04/17 17:51 upstream a2c29ccd9477 8bcc32a6 .config log report syz memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak 2022/04/03 16:19 upstream be2d3ecedd99 79a2a8fc .config log report syz memory leak in j1939_sk_sendmsg
* Struck through repros no longer work on HEAD.