| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 27 Jun 2021 21:28:16 -0700
From: syzbot <syzbot+085305c4b952053c9437@...kaller.appspotmail.com>
To: davem@...emloft.net, kernel@...gutronix.de, kuba@...nel.org,
linux-can@...r.kernel.org, linux-kernel@...r.kernel.org,
linux@...pel-privat.de, mkl@...gutronix.de, netdev@...r.kernel.org,
robin@...tonic.nl, socketcan@...tkopp.net,
syzkaller-bugs@...glegroups.com
Subject: [syzbot] memory leak in j1939_sk_sendmsg
Hello,
syzbot found the following issue on:
HEAD commit: 7266f203 Merge tag 'pm-5.13-rc8' of git://git.kernel.org/p..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16e22d34300000
kernel config: https://syzkaller.appspot.com/x/.config?x=3aac8c6ef370586a
dashboard link: https://syzkaller.appspot.com/bug?extid=085305c4b952053c9437
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11e0d6a4300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13528400300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+085305c4b952053c9437@...kaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888112d44400 (size 232):
comm "syz-executor006", pid 8628, jiffies 4294942391 (age 8.470s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 80 d7 0f 81 88 ff ff 00 64 db 16 81 88 ff ff .........d......
backtrace:
[<ffffffff836a0f8f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:413
[<ffffffff836ac44a>] alloc_skb include/linux/skbuff.h:1107 [inline]
[<ffffffff836ac44a>] alloc_skb_with_frags+0x6a/0x2c0 net/core/skbuff.c:5992
[<ffffffff83699e63>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2364
[<ffffffff83c54592>] j1939_sk_alloc_skb net/can/j1939/socket.c:858 [inline]
[<ffffffff83c54592>] j1939_sk_send_loop net/can/j1939/socket.c:1040 [inline]
[<ffffffff83c54592>] j1939_sk_sendmsg+0x2e2/0x7d0 net/can/j1939/socket.c:1175
[<ffffffff83690ad6>] sock_sendmsg_nosec net/socket.c:654 [inline]
[<ffffffff83690ad6>] sock_sendmsg+0x56/0x80 net/socket.c:674
[<ffffffff83696e9f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2862
[<ffffffff836903db>] kernel_sendpage.part.0+0xeb/0x150 net/socket.c:3618
[<ffffffff836910bb>] kernel_sendpage net/socket.c:3615 [inline]
[<ffffffff836910bb>] sock_sendpage+0x5b/0x90 net/socket.c:947
[<ffffffff815b8862>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
[<ffffffff815ba702>] splice_from_pipe_feed fs/splice.c:418 [inline]
[<ffffffff815ba702>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
[<ffffffff815baf2f>] splice_from_pipe fs/splice.c:597 [inline]
[<ffffffff815baf2f>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
[<ffffffff815b891b>] do_splice_from fs/splice.c:767 [inline]
[<ffffffff815b891b>] direct_splice_actor+0x4b/0x70 fs/splice.c:936
[<ffffffff815b9033>] splice_direct_to_actor+0x153/0x350 fs/splice.c:891
[<ffffffff815b9318>] do_splice_direct+0xe8/0x150 fs/splice.c:979
[<ffffffff8155a64f>] do_sendfile+0x51f/0x760 fs/read_write.c:1260
[<ffffffff8155cf82>] __do_sys_sendfile64 fs/read_write.c:1325 [inline]
[<ffffffff8155cf82>] __se_sys_sendfile64 fs/read_write.c:1311 [inline]
[<ffffffff8155cf82>] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1311
BUG: memory leak
unreferenced object 0xffff888116d2d800 (size 1024):
comm "syz-executor006", pid 8628, jiffies 4294942391 (age 8.470s)
hex dump (first 32 bytes):
0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff836a0e5f>] kmalloc_reserve net/core/skbuff.c:354 [inline]
[<ffffffff836a0e5f>] __alloc_skb+0xdf/0x280 net/core/skbuff.c:425
[<ffffffff836ac44a>] alloc_skb include/linux/skbuff.h:1107 [inline]
[<ffffffff836ac44a>] alloc_skb_with_frags+0x6a/0x2c0 net/core/skbuff.c:5992
[<ffffffff83699e63>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2364
[<ffffffff83c54592>] j1939_sk_alloc_skb net/can/j1939/socket.c:858 [inline]
[<ffffffff83c54592>] j1939_sk_send_loop net/can/j1939/socket.c:1040 [inline]
[<ffffffff83c54592>] j1939_sk_sendmsg+0x2e2/0x7d0 net/can/j1939/socket.c:1175
[<ffffffff83690ad6>] sock_sendmsg_nosec net/socket.c:654 [inline]
[<ffffffff83690ad6>] sock_sendmsg+0x56/0x80 net/socket.c:674
[<ffffffff83696e9f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2862
[<ffffffff836903db>] kernel_sendpage.part.0+0xeb/0x150 net/socket.c:3618
[<ffffffff836910bb>] kernel_sendpage net/socket.c:3615 [inline]
[<ffffffff836910bb>] sock_sendpage+0x5b/0x90 net/socket.c:947
[<ffffffff815b8862>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
[<ffffffff815ba702>] splice_from_pipe_feed fs/splice.c:418 [inline]
[<ffffffff815ba702>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
[<ffffffff815baf2f>] splice_from_pipe fs/splice.c:597 [inline]
[<ffffffff815baf2f>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
[<ffffffff815b891b>] do_splice_from fs/splice.c:767 [inline]
[<ffffffff815b891b>] direct_splice_actor+0x4b/0x70 fs/splice.c:936
[<ffffffff815b9033>] splice_direct_to_actor+0x153/0x350 fs/splice.c:891
[<ffffffff815b9318>] do_splice_direct+0xe8/0x150 fs/splice.c:979
[<ffffffff8155a64f>] do_sendfile+0x51f/0x760 fs/read_write.c:1260
[<ffffffff8155cf82>] __do_sys_sendfile64 fs/read_write.c:1325 [inline]
[<ffffffff8155cf82>] __se_sys_sendfile64 fs/read_write.c:1311 [inline]
[<ffffffff8155cf82>] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1311
BUG: memory leak
unreferenced object 0xffff888111010d00 (size 232):
comm "syz-executor006", pid 8628, jiffies 4294942391 (age 8.470s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 80 d7 0f 81 88 ff ff 00 64 db 16 81 88 ff ff .........d......
backtrace:
[<ffffffff836a0f8f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:413
[<ffffffff836ac44a>] alloc_skb include/linux/skbuff.h:1107 [inline]
[<ffffffff836ac44a>] alloc_skb_with_frags+0x6a/0x2c0 net/core/skbuff.c:5992
[<ffffffff83699e63>] sock_alloc_send_pskb+0x353/0x3c0 net/core/sock.c:2364
[<ffffffff83c54592>] j1939_sk_alloc_skb net/can/j1939/socket.c:858 [inline]
[<ffffffff83c54592>] j1939_sk_send_loop net/can/j1939/socket.c:1040 [inline]
[<ffffffff83c54592>] j1939_sk_sendmsg+0x2e2/0x7d0 net/can/j1939/socket.c:1175
[<ffffffff83690ad6>] sock_sendmsg_nosec net/socket.c:654 [inline]
[<ffffffff83690ad6>] sock_sendmsg+0x56/0x80 net/socket.c:674
[<ffffffff83696e9f>] sock_no_sendpage+0x8f/0xc0 net/core/sock.c:2862
[<ffffffff836903db>] kernel_sendpage.part.0+0xeb/0x150 net/socket.c:3618
[<ffffffff836910bb>] kernel_sendpage net/socket.c:3615 [inline]
[<ffffffff836910bb>] sock_sendpage+0x5b/0x90 net/socket.c:947
[<ffffffff815b8862>] pipe_to_sendpage+0xa2/0x110 fs/splice.c:364
[<ffffffff815ba702>] splice_from_pipe_feed fs/splice.c:418 [inline]
[<ffffffff815ba702>] __splice_from_pipe+0x1e2/0x330 fs/splice.c:562
[<ffffffff815baf2f>] splice_from_pipe fs/splice.c:597 [inline]
[<ffffffff815baf2f>] generic_splice_sendpage+0x6f/0xa0 fs/splice.c:746
[<ffffffff815b891b>] do_splice_from fs/splice.c:767 [inline]
[<ffffffff815b891b>] direct_splice_actor+0x4b/0x70 fs/splice.c:936
[<ffffffff815b9033>] splice_direct_to_actor+0x153/0x350 fs/splice.c:891
[<ffffffff815b9318>] do_splice_direct+0xe8/0x150 fs/splice.c:979
[<ffffffff8155a64f>] do_sendfile+0x51f/0x760 fs/read_write.c:1260
[<ffffffff8155cf82>] __do_sys_sendfile64 fs/read_write.c:1325 [inline]
[<ffffffff8155cf82>] __se_sys_sendfile64 fs/read_write.c:1311 [inline]
[<ffffffff8155cf82>] __x64_sys_sendfile64+0xe2/0x100 fs/read_write.c:1311
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Powered by blists - more mailing lists