memory leak in j1939_sk

memory leak in j1939_sk_sendmsg
Status: upstream: reported C repro on 2021/06/28 04:28
Reported-by: syzbot+085305c4b952053c9437@syzkaller.appspotmail.com
First crash: 85d, last: 6d15h

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/06/28 12:52	13m	kael_w@yeah.net		https://github.com/wanjb2115/linux.git 4b7d586b0179	report log

Sample crash report:

BUG: memory leak
unreferenced object 0xffff8881133d1d00 (size 232):
  comm "syz-executor303", pid 6840, jiffies 4294943681 (age 8.420s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 81 10 81 88 ff ff 00 0c 5b 16 81 88 ff ff  ..........[.....
  backtrace:
    [<ffffffff8370a28f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:414
    [<ffffffff83714b2a>] alloc_skb include/linux/skbuff.h:1116 [inline]
    [<ffffffff83714b2a>] alloc_skb_with_frags+0x6a/0x2b0 net/core/skbuff.c:6073
    [<ffffffff837022e3>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2475
    [<ffffffff83cdc86f>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83cdc86f>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83cdc86f>] j1939_sk_sendmsg+0x2cf/0x800 net/can/j1939/socket.c:1253
    [<ffffffff836f8fd6>] sock_sendmsg_nosec net/socket.c:704 [inline]
    [<ffffffff836f8fd6>] sock_sendmsg+0x56/0x80 net/socket.c:724
    [<ffffffff836ff11f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2980
    [<ffffffff836f8853>] kernel_sendpage.part.0+0xa3/0x140 net/socket.c:3504
    [<ffffffff836f95cb>] kernel_sendpage net/socket.c:3501 [inline]
    [<ffffffff836f95cb>] sock_sendpage+0x5b/0x90 net/socket.c:1003
    [<ffffffff815d1082>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
    [<ffffffff815d2f22>] splice_from_pipe_feed fs/splice.c:418 [inline]
    [<ffffffff815d2f22>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
    [<ffffffff815d374f>] splice_from_pipe fs/splice.c:597 [inline]
    [<ffffffff815d374f>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
    [<ffffffff815d113b>] do_splice_from fs/splice.c:767 [inline]
    [<ffffffff815d113b>] direct_splice_actor+0x4b/0x70 fs/splice.c:936
    [<ffffffff815d1853>] splice_direct_to_actor+0x153/0x350 fs/splice.c:891
    [<ffffffff815d1b38>] do_splice_direct+0xe8/0x150 fs/splice.c:979
    [<ffffffff81571bc7>] do_sendfile+0x587/0x7e0 fs/read_write.c:1249
    [<ffffffff81574632>] __do_sys_sendfile64 fs/read_write.c:1314 [inline]
    [<ffffffff81574632>] __se_sys_sendfile64 fs/read_write.c:1300 [inline]
    [<ffffffff81574632>] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1300

BUG: memory leak
unreferenced object 0xffff8881133d1400 (size 232):
  comm "syz-executor303", pid 6840, jiffies 4294943681 (age 8.420s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 81 10 81 88 ff ff 00 0c 5b 16 81 88 ff ff  ..........[.....
  backtrace:
    [<ffffffff8370a28f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:414
    [<ffffffff83714b2a>] alloc_skb include/linux/skbuff.h:1116 [inline]
    [<ffffffff83714b2a>] alloc_skb_with_frags+0x6a/0x2b0 net/core/skbuff.c:6073
    [<ffffffff837022e3>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2475
    [<ffffffff83cdc86f>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83cdc86f>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83cdc86f>] j1939_sk_sendmsg+0x2cf/0x800 net/can/j1939/socket.c:1253
    [<ffffffff836f8fd6>] sock_sendmsg_nosec net/socket.c:704 [inline]
    [<ffffffff836f8fd6>] sock_sendmsg+0x56/0x80 net/socket.c:724
    [<ffffffff836ff11f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2980
    [<ffffffff836f8853>] kernel_sendpage.part.0+0xa3/0x140 net/socket.c:3504
    [<ffffffff836f95cb>] kernel_sendpage net/socket.c:3501 [inline]
    [<ffffffff836f95cb>] sock_sendpage+0x5b/0x90 net/socket.c:1003
    [<ffffffff815d1082>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
    [<ffffffff815d2f22>] splice_from_pipe_feed fs/splice.c:418 [inline]
    [<ffffffff815d2f22>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
    [<ffffffff815d374f>] splice_from_pipe fs/splice.c:597 [inline]
    [<ffffffff815d374f>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
    [<ffffffff815d113b>] do_splice_from fs/splice.c:767 [inline]
    [<ffffffff815d113b>] direct_splice_actor+0x4b/0x70 fs/splice.c:936
    [<ffffffff815d1853>] splice_direct_to_actor+0x153/0x350 fs/splice.c:891
    [<ffffffff815d1b38>] do_splice_direct+0xe8/0x150 fs/splice.c:979
    [<ffffffff81571bc7>] do_sendfile+0x587/0x7e0 fs/read_write.c:1249
    [<ffffffff81574632>] __do_sys_sendfile64 fs/read_write.c:1314 [inline]
    [<ffffffff81574632>] __se_sys_sendfile64 fs/read_write.c:1300 [inline]
    [<ffffffff81574632>] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1300

BUG: memory leak
unreferenced object 0xffff888117a7a800 (size 1024):
  comm "syz-executor303", pid 6840, jiffies 4294943681 (age 8.420s)
  hex dump (first 32 bytes):
    0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8370a15f>] kmalloc_reserve net/core/skbuff.c:355 [inline]
    [<ffffffff8370a15f>] __alloc_skb+0xdf/0x280 net/core/skbuff.c:426
    [<ffffffff83714b2a>] alloc_skb include/linux/skbuff.h:1116 [inline]
    [<ffffffff83714b2a>] alloc_skb_with_frags+0x6a/0x2b0 net/core/skbuff.c:6073
    [<ffffffff837022e3>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2475
    [<ffffffff83cdc86f>] j1939_sk_alloc_skb net/can/j1939/socket.c:861 [inline]
    [<ffffffff83cdc86f>] j1939_sk_send_loop net/can/j1939/socket.c:1118 [inline]
    [<ffffffff83cdc86f>] j1939_sk_sendmsg+0x2cf/0x800 net/can/j1939/socket.c:1253
    [<ffffffff836f8fd6>] sock_sendmsg_nosec net/socket.c:704 [inline]
    [<ffffffff836f8fd6>] sock_sendmsg+0x56/0x80 net/socket.c:724
    [<ffffffff836ff11f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2980
    [<ffffffff836f8853>] kernel_sendpage.part.0+0xa3/0x140 net/socket.c:3504
    [<ffffffff836f95cb>] kernel_sendpage net/socket.c:3501 [inline]
    [<ffffffff836f95cb>] sock_sendpage+0x5b/0x90 net/socket.c:1003
    [<ffffffff815d1082>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
    [<ffffffff815d2f22>] splice_from_pipe_feed fs/splice.c:418 [inline]
    [<ffffffff815d2f22>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
    [<ffffffff815d374f>] splice_from_pipe fs/splice.c:597 [inline]
    [<ffffffff815d374f>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
    [<ffffffff815d113b>] do_splice_from fs/splice.c:767 [inline]
    [<ffffffff815d113b>] direct_splice_actor+0x4b/0x70 fs/splice.c:936
    [<ffffffff815d1853>] splice_direct_to_actor+0x153/0x350 fs/splice.c:891
    [<ffffffff815d1b38>] do_splice_direct+0xe8/0x150 fs/splice.c:979
    [<ffffffff81571bc7>] do_sendfile+0x587/0x7e0 fs/read_write.c:1249
    [<ffffffff81574632>] __do_sys_sendfile64 fs/read_write.c:1314 [inline]
    [<ffffffff81574632>] __se_sys_sendfile64 fs/read_write.c:1300 [inline]
    [<ffffffff81574632>] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1300

Crashes (3):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Title
ci-upstream-gce-leak	2021/09/10 16:34	upstream	bf9f243f23e6	5ae8508a	.config	log	report	syz	C	memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak	2021/09/09 10:34	upstream	730bf31b8fc8	e2776ee4	.config	log	report	syz	C	memory leak in j1939_sk_sendmsg
ci-upstream-gce-leak	2021/06/24 04:18	upstream	7266f2030eb0	fe4ab389	.config	log	report	syz	C	memory leak in j1939_sk_sendmsg