From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.7 required=3.0 tests=BAYES_00,FROM_LOCAL_HEX, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 86DEEC49EA7 for ; Mon, 28 Jun 2021 04:28:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6A9AE61C2F for ; Mon, 28 Jun 2021 04:28:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230394AbhF1Eam (ORCPT ); Mon, 28 Jun 2021 00:30:42 -0400 Received: from mail-io1-f70.google.com ([209.85.166.70]:52196 "EHLO mail-io1-f70.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229578AbhF1Eal (ORCPT ); Mon, 28 Jun 2021 00:30:41 -0400 Received: by mail-io1-f70.google.com with SMTP id x21-20020a5d99150000b02904e00bb129f0so12529010iol.18 for ; Sun, 27 Jun 2021 21:28:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=icxrGNLP9JeJyygKnYHu0Kd8QQahd5TDh1IJBmjQ4fU=; b=jrU3/62Iwz6JiD8VApeNSNzFnqod3pPtECWUYA2RnkJx6Xv52GggDIeDv3phMRl4bd E61ene4WlhG1zEfhvQVdJ81yvb7d3Yw9/cySUQ6sRD0W6r9kuzE1k2S26VJqDutFWMvU ASRe6uvxWx7oKvzfmAbY9wORRSY3A8ueRq993LOFXq9RWe/JpW0/THwTUu1wCOat9/Dc lWqoVDSZBBLREVlOL9ANGO9Em/0r9WQq+tF+4+J8kBYSTf5BgLQNOZUPcFCBP82ogiQg sRW/BWA2JsBb4UMvAP3BYf62zvksj0xdiPjww4p4eBXNZB3D0/YwenAhUCmhXVhD/c1m YqEQ== X-Gm-Message-State: AOAM530Ai0KABNKS1Zjx9zYwDU42N2XjxI1x7my2Kt1BV6WPH38y6LHh Ui9utzq9dFPSpThpkCt4fZvVH0XgrgTxJuqq/Sq/+s0gdsaz X-Google-Smtp-Source: ABdhPJz7x+mV90IRliuwgevDl/SQ8cw3MqpMFiOQ9959GwywBmL3g9wJR0IxB8UWyt3n+YMx9APc5G0ogAWyctYmtGl/Od5a/Frl MIME-Version: 1.0 X-Received: by 2002:a5d:9c43:: with SMTP id 3mr3689294iof.123.1624854496443; Sun, 27 Jun 2021 21:28:16 -0700 (PDT) Date: Sun, 27 Jun 2021 21:28:16 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <0000000000001285b905c5cbeb8f@google.com> Subject: [syzbot] memory leak in j1939_sk_sendmsg From: syzbot To: davem@davemloft.net, kernel@pengutronix.de, kuba@kernel.org, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, syzbot found the following issue on: HEAD commit: 7266f203 Merge tag 'pm-5.13-rc8' of git://git.kernel.org/p.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16e22d34300000 kernel config: https://syzkaller.appspot.com/x/.config?x=3aac8c6ef370586a dashboard link: https://syzkaller.appspot.com/bug?extid=085305c4b952053c9437 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11e0d6a4300000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13528400300000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+085305c4b952053c9437@syzkaller.appspotmail.com BUG: memory leak unreferenced object 0xffff888112d44400 (size 232): comm "syz-executor006", pid 8628, jiffies 4294942391 (age 8.470s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 80 d7 0f 81 88 ff ff 00 64 db 16 81 88 ff ff .........d...... backtrace: [] __alloc_skb+0x20f/0x280 net/core/skbuff.c:413 [] alloc_skb include/linux/skbuff.h:1107 [inline] [] alloc_skb_with_frags+0x6a/0x2c0 net/core/skbuff.c:5992 [] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2364 [] j1939_sk_alloc_skb net/can/j1939/socket.c:858 [inline] [] j1939_sk_send_loop net/can/j1939/socket.c:1040 [inline] [] j1939_sk_sendmsg+0x2e2/0x7d0 net/can/j1939/socket.c:1175 [] sock_sendmsg_nosec net/socket.c:654 [inline] [] sock_sendmsg+0x56/0x80 net/socket.c:674 [] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2862 [] kernel_sendpage.part.0+0xeb/0x150 net/socket.c:3618 [] kernel_sendpage net/socket.c:3615 [inline] [] sock_sendpage+0x5b/0x90 net/socket.c:947 [] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364 [] splice_from_pipe_feed fs/splice.c:418 [inline] [] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562 [] splice_from_pipe fs/splice.c:597 [inline] [] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746 [] do_splice_from fs/splice.c:767 [inline] [] direct_splice_actor+0x4b/0x70 fs/splice.c:936 [] splice_direct_to_actor+0x153/0x350 fs/splice.c:891 [] do_splice_direct+0xe8/0x150 fs/splice.c:979 [] do_sendfile+0x51f/0x760 fs/read_write.c:1260 [] __do_sys_sendfile64 fs/read_write.c:1325 [inline] [] __se_sys_sendfile64 fs/read_write.c:1311 [inline] [] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1311 BUG: memory leak unreferenced object 0xffff888116d2d800 (size 1024): comm "syz-executor006", pid 8628, jiffies 4294942391 (age 8.470s) hex dump (first 32 bytes): 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmalloc_reserve net/core/skbuff.c:354 [inline] [] __alloc_skb+0xdf/0x280 net/core/skbuff.c:425 [] alloc_skb include/linux/skbuff.h:1107 [inline] [] alloc_skb_with_frags+0x6a/0x2c0 net/core/skbuff.c:5992 [] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2364 [] j1939_sk_alloc_skb net/can/j1939/socket.c:858 [inline] [] j1939_sk_send_loop net/can/j1939/socket.c:1040 [inline] [] j1939_sk_sendmsg+0x2e2/0x7d0 net/can/j1939/socket.c:1175 [] sock_sendmsg_nosec net/socket.c:654 [inline] [] sock_sendmsg+0x56/0x80 net/socket.c:674 [] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2862 [] kernel_sendpage.part.0+0xeb/0x150 net/socket.c:3618 [] kernel_sendpage net/socket.c:3615 [inline] [] sock_sendpage+0x5b/0x90 net/socket.c:947 [] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364 [] splice_from_pipe_feed fs/splice.c:418 [inline] [] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562 [] splice_from_pipe fs/splice.c:597 [inline] [] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746 [] do_splice_from fs/splice.c:767 [inline] [] direct_splice_actor+0x4b/0x70 fs/splice.c:936 [] splice_direct_to_actor+0x153/0x350 fs/splice.c:891 [] do_splice_direct+0xe8/0x150 fs/splice.c:979 [] do_sendfile+0x51f/0x760 fs/read_write.c:1260 [] __do_sys_sendfile64 fs/read_write.c:1325 [inline] [] __se_sys_sendfile64 fs/read_write.c:1311 [inline] [] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1311 BUG: memory leak unreferenced object 0xffff888111010d00 (size 232): comm "syz-executor006", pid 8628, jiffies 4294942391 (age 8.470s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 80 d7 0f 81 88 ff ff 00 64 db 16 81 88 ff ff .........d...... backtrace: [] __alloc_skb+0x20f/0x280 net/core/skbuff.c:413 [] alloc_skb include/linux/skbuff.h:1107 [inline] [] alloc_skb_with_frags+0x6a/0x2c0 net/core/skbuff.c:5992 [] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2364 [] j1939_sk_alloc_skb net/can/j1939/socket.c:858 [inline] [] j1939_sk_send_loop net/can/j1939/socket.c:1040 [inline] [] j1939_sk_sendmsg+0x2e2/0x7d0 net/can/j1939/socket.c:1175 [] sock_sendmsg_nosec net/socket.c:654 [inline] [] sock_sendmsg+0x56/0x80 net/socket.c:674 [] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2862 [] kernel_sendpage.part.0+0xeb/0x150 net/socket.c:3618 [] kernel_sendpage net/socket.c:3615 [inline] [] sock_sendpage+0x5b/0x90 net/socket.c:947 [] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364 [] splice_from_pipe_feed fs/splice.c:418 [inline] [] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562 [] splice_from_pipe fs/splice.c:597 [inline] [] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746 [] do_splice_from fs/splice.c:767 [inline] [] direct_splice_actor+0x4b/0x70 fs/splice.c:936 [] splice_direct_to_actor+0x153/0x350 fs/splice.c:891 [] do_splice_direct+0xe8/0x150 fs/splice.c:979 [] do_sendfile+0x51f/0x760 fs/read_write.c:1260 [] __do_sys_sendfile64 fs/read_write.c:1325 [inline] [] __se_sys_sendfile64 fs/read_write.c:1311 [inline] [] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1311 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches