From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-il1-f199.google.com (mail-il1-f199.google.com [209.85.166.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDD0C15AC1 for ; Thu, 11 Jan 2024 12:23:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-il1-f199.google.com with SMTP id e9e14a558f8ab-35fc70bd879so42167375ab.3 for ; Thu, 11 Jan 2024 04:23:27 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704975807; x=1705580607; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=C+Do2wLekHyOSCIJUK3h/DUjhFiTmTBs0NQIfxE6tXs=; b=eX+A7oGjU7DzeUztMuJmdB/3kZWLnqmvCKCUUhXz1E9fvikaBmkZfHWlpd8z9DXfIP DdjD+o/krFhjchq2IAxcmrl1EIjwoj8qKj/KRbDOSJqwBKM7g3ry640DpjtjzMOWnzNx Db4KjZIv2SAvWkl1HiX82BRPzwMxy470mumqbAGXldWHC169lD9IDr4sgB+1obidnFU2 eNgeiYV4NdszMlbIbAxVNZRPPokx4Cbm8Ajssndze1r7m2KvgmIo3YRVJBujCYSoLDu1 vCbXl/xn9KBtufLPFxwvKy7ZvbOCvKcFiJQaQxkJpszC1IO6GRriz57IgF1dWZDEJbkf AH/g== X-Gm-Message-State: AOJu0YzoLlp6/x1maIOY+5Dc21i71b01ap/V3xfLmZitQNJk05xwkQml xkBOlRAWXHmHIQo5ACU0r5vkkBOEhqnk9sKTpyytDVmGa+Xg X-Google-Smtp-Source: AGHT+IEOL4YeE4wbgAcDOYdGqJ9PUjvQ4D6o/XE7rUpmKpy6r3CX4iz/JQLWeTrC8A4y69HqggnOTe+W/4Tn9uRXqjFw2QKY6yfQ Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6e02:1ba4:b0:35f:affb:bd7b with SMTP id n4-20020a056e021ba400b0035faffbbd7bmr139929ili.2.1704975807167; Thu, 11 Jan 2024 04:23:27 -0800 (PST) Date: Thu, 11 Jan 2024 04:23:27 -0800 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <0000000000005644b8060eaa9d6e@google.com> Subject: [syzbot] [can?] memory leak in can_create (2) From: syzbot To: davem@davemloft.net, edumazet@google.com, kernel@pengutronix.de, kuba@kernel.org, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, mkl@pengutronix.de, netdev@vger.kernel.org, o.rempel@pengutronix.de, pabeni@redhat.com, robin@protonic.nl, socketcan@hartkopp.net, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Hello, syzbot found the following issue on: HEAD commit: 52b1853b080a Merge tag 'i2c-for-6.7-final' of git://git.ke.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=17315deee80000 kernel config: https://syzkaller.appspot.com/x/.config?x=dcb7609da8da79e3 dashboard link: https://syzkaller.appspot.com/bug?extid=521ac15269e89d8546e8 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14aa5a41e80000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0f9568a404dd/disk-52b1853b.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/e339a63284ed/vmlinux-52b1853b.xz kernel image: https://storage.googleapis.com/syzbot-assets/8aae66c13215/bzImage-52b1853b.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+521ac15269e89d8546e8@syzkaller.appspotmail.com BUG: memory leak unreferenced object 0xffff88811f2c8400 (size 1024): comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1d 00 07 41 00 00 00 00 00 00 00 00 00 00 00 00 ...A............ backtrace: [] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [] slab_post_alloc_hook mm/slab.h:766 [inline] [] slab_alloc_node mm/slub.c:3478 [inline] [] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517 [] __do_kmalloc_node mm/slab_common.c:1006 [inline] [] __kmalloc+0x4b/0x150 mm/slab_common.c:1020 [] kmalloc include/linux/slab.h:604 [inline] [] sk_prot_alloc+0x112/0x1b0 net/core/sock.c:2082 [] sk_alloc+0x36/0x2f0 net/core/sock.c:2135 [] can_create+0x194/0x320 net/can/af_can.c:158 [] __sock_create+0x19f/0x2e0 net/socket.c:1571 [] sock_create net/socket.c:1622 [inline] [] __sys_socket_create net/socket.c:1659 [inline] [] __sys_socket+0xb8/0x1a0 net/socket.c:1706 [] __do_sys_socket net/socket.c:1720 [inline] [] __se_sys_socket net/socket.c:1718 [inline] [] __x64_sys_socket+0x1b/0x20 net/socket.c:1718 [] do_syscall_x64 arch/x86/entry/common.c:52 [inline] [] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 [] entry_SYSCALL_64_after_hwframe+0x63/0x6b BUG: memory leak unreferenced object 0xffff888120161490 (size 16): comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s) hex dump (first 16 bytes): 00 c3 87 00 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [] slab_post_alloc_hook mm/slab.h:766 [inline] [] slab_alloc_node mm/slub.c:3478 [inline] [] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517 [] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098 [] kmalloc include/linux/slab.h:600 [inline] [] kzalloc include/linux/slab.h:721 [inline] [] apparmor_sk_alloc_security+0x52/0xd0 security/apparmor/lsm.c:997 [] security_sk_alloc+0x47/0x80 security/security.c:4411 [] sk_prot_alloc+0x12d/0x1b0 net/core/sock.c:2085 [] sk_alloc+0x36/0x2f0 net/core/sock.c:2135 [] can_create+0x194/0x320 net/can/af_can.c:158 [] __sock_create+0x19f/0x2e0 net/socket.c:1571 [] sock_create net/socket.c:1622 [inline] [] __sys_socket_create net/socket.c:1659 [inline] [] __sys_socket+0xb8/0x1a0 net/socket.c:1706 [] __do_sys_socket net/socket.c:1720 [inline] [] __se_sys_socket net/socket.c:1718 [inline] [] __x64_sys_socket+0x1b/0x20 net/socket.c:1718 [] do_syscall_x64 arch/x86/entry/common.c:52 [inline] [] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 [] entry_SYSCALL_64_after_hwframe+0x63/0x6b BUG: memory leak unreferenced object 0xffff88811fbf2000 (size 8192): comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s) hex dump (first 32 bytes): 00 20 bf 1f 81 88 ff ff 00 20 bf 1f 81 88 ff ff . ....... ...... 00 00 00 00 00 00 00 00 00 00 5f 1b 81 88 ff ff .........._..... backtrace: [] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [] slab_post_alloc_hook mm/slab.h:766 [inline] [] slab_alloc_node mm/slub.c:3478 [inline] [] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517 [] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098 [] kmalloc include/linux/slab.h:600 [inline] [] kzalloc include/linux/slab.h:721 [inline] [] j1939_priv_create net/can/j1939/main.c:135 [inline] [] j1939_netdev_start+0x159/0x6f0 net/can/j1939/main.c:272 [] j1939_sk_bind+0x21e/0x550 net/can/j1939/socket.c:485 [] __sys_bind+0x11c/0x130 net/socket.c:1847 [] __do_sys_bind net/socket.c:1858 [inline] [] __se_sys_bind net/socket.c:1856 [inline] [] __x64_sys_bind+0x1c/0x20 net/socket.c:1856 [] do_syscall_x64 arch/x86/entry/common.c:52 [inline] [] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 [] entry_SYSCALL_64_after_hwframe+0x63/0x6b BUG: memory leak unreferenced object 0xffff888120daf700 (size 240): comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s) hex dump (first 32 bytes): 68 aa 12 1e 81 88 ff ff 68 aa 12 1e 81 88 ff ff h.......h....... 00 00 5f 1b 81 88 ff ff 00 84 2c 1f 81 88 ff ff .._.......,..... backtrace: [] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [] slab_post_alloc_hook mm/slab.h:766 [inline] [] slab_alloc_node mm/slub.c:3478 [inline] [] kmem_cache_alloc_node+0x2c7/0x450 mm/slub.c:3523 [] __alloc_skb+0x1ef/0x230 net/core/skbuff.c:641 [] alloc_skb include/linux/skbuff.h:1286 [inline] [] alloc_skb_with_frags+0x71/0x3a0 net/core/skbuff.c:6334 [] sock_alloc_send_pskb+0x3ab/0x3e0 net/core/sock.c:2787 [] sock_alloc_send_skb include/net/sock.h:1884 [inline] [] j1939_sk_alloc_skb net/can/j1939/socket.c:864 [inline] [] j1939_sk_send_loop net/can/j1939/socket.c:1128 [inline] [] j1939_sk_sendmsg+0x2f8/0x7f0 net/can/j1939/socket.c:1263 [] sock_sendmsg_nosec net/socket.c:730 [inline] [] __sock_sendmsg+0x52/0xa0 net/socket.c:745 [] ____sys_sendmsg+0x365/0x470 net/socket.c:2586 [] ___sys_sendmsg+0xc9/0x130 net/socket.c:2640 [] __sys_sendmsg+0xa6/0x120 net/socket.c:2669 [] do_syscall_x64 arch/x86/entry/common.c:52 [inline] [] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 [] entry_SYSCALL_64_after_hwframe+0x63/0x6b --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup