Hello, syzbot found the following issue on: HEAD commit: 52b1853b080a Merge tag 'i2c-for-6.7-final' of git://git.ke.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=17315deee80000 kernel config: https://syzkaller.appspot.com/x/.config?x=dcb7609da8da79e3 dashboard link: https://syzkaller.appspot.com/bug?extid=521ac15269e89d8546e8 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14aa5a41e80000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0f9568a404dd/disk-52b1853b.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/e339a63284ed/vmlinux-52b1853b.xz kernel image: https://storage.googleapis.com/syzbot-assets/8aae66c13215/bzImage-52b1853b.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+521ac15269e89d8546e8@xxxxxxxxxxxxxxxxxxxxxxxxx BUG: memory leak unreferenced object 0xffff88811f2c8400 (size 1024): comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1d 00 07 41 00 00 00 00 00 00 00 00 00 00 00 00 ...A............ backtrace: [<ffffffff8163470d>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [<ffffffff8163470d>] slab_post_alloc_hook mm/slab.h:766 [inline] [<ffffffff8163470d>] slab_alloc_node mm/slub.c:3478 [inline] [<ffffffff8163470d>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517 [<ffffffff8157f9db>] __do_kmalloc_node mm/slab_common.c:1006 [inline] [<ffffffff8157f9db>] __kmalloc+0x4b/0x150 mm/slab_common.c:1020 [<ffffffff83eccc42>] kmalloc include/linux/slab.h:604 [inline] [<ffffffff83eccc42>] sk_prot_alloc+0x112/0x1b0 net/core/sock.c:2082 [<ffffffff83ecffb6>] sk_alloc+0x36/0x2f0 net/core/sock.c:2135 [<ffffffff84535474>] can_create+0x194/0x320 net/can/af_can.c:158 [<ffffffff83ec53cf>] __sock_create+0x19f/0x2e0 net/socket.c:1571 [<ffffffff83ec8c58>] sock_create net/socket.c:1622 [inline] [<ffffffff83ec8c58>] __sys_socket_create net/socket.c:1659 [inline] [<ffffffff83ec8c58>] __sys_socket+0xb8/0x1a0 net/socket.c:1706 [<ffffffff83ec8d5b>] __do_sys_socket net/socket.c:1720 [inline] [<ffffffff83ec8d5b>] __se_sys_socket net/socket.c:1718 [inline] [<ffffffff83ec8d5b>] __x64_sys_socket+0x1b/0x20 net/socket.c:1718 [<ffffffff84b71e0f>] do_syscall_x64 arch/x86/entry/common.c:52 [inline] [<ffffffff84b71e0f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b BUG: memory leak unreferenced object 0xffff888120161490 (size 16): comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s) hex dump (first 16 bytes): 00 c3 87 00 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff8163470d>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [<ffffffff8163470d>] slab_post_alloc_hook mm/slab.h:766 [inline] [<ffffffff8163470d>] slab_alloc_node mm/slub.c:3478 [inline] [<ffffffff8163470d>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517 [<ffffffff8157f335>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098 [<ffffffff823a7a92>] kmalloc include/linux/slab.h:600 [inline] [<ffffffff823a7a92>] kzalloc include/linux/slab.h:721 [inline] [<ffffffff823a7a92>] apparmor_sk_alloc_security+0x52/0xd0 security/apparmor/lsm.c:997 [<ffffffff8236b887>] security_sk_alloc+0x47/0x80 security/security.c:4411 [<ffffffff83eccc5d>] sk_prot_alloc+0x12d/0x1b0 net/core/sock.c:2085 [<ffffffff83ecffb6>] sk_alloc+0x36/0x2f0 net/core/sock.c:2135 [<ffffffff84535474>] can_create+0x194/0x320 net/can/af_can.c:158 [<ffffffff83ec53cf>] __sock_create+0x19f/0x2e0 net/socket.c:1571 [<ffffffff83ec8c58>] sock_create net/socket.c:1622 [inline] [<ffffffff83ec8c58>] __sys_socket_create net/socket.c:1659 [inline] [<ffffffff83ec8c58>] __sys_socket+0xb8/0x1a0 net/socket.c:1706 [<ffffffff83ec8d5b>] __do_sys_socket net/socket.c:1720 [inline] [<ffffffff83ec8d5b>] __se_sys_socket net/socket.c:1718 [inline] [<ffffffff83ec8d5b>] __x64_sys_socket+0x1b/0x20 net/socket.c:1718 [<ffffffff84b71e0f>] do_syscall_x64 arch/x86/entry/common.c:52 [inline] [<ffffffff84b71e0f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b BUG: memory leak unreferenced object 0xffff88811fbf2000 (size 8192): comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s) hex dump (first 32 bytes): 00 20 bf 1f 81 88 ff ff 00 20 bf 1f 81 88 ff ff . ....... ...... 00 00 00 00 00 00 00 00 00 00 5f 1b 81 88 ff ff .........._..... backtrace: [<ffffffff8163470d>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [<ffffffff8163470d>] slab_post_alloc_hook mm/slab.h:766 [inline] [<ffffffff8163470d>] slab_alloc_node mm/slub.c:3478 [inline] [<ffffffff8163470d>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517 [<ffffffff8157f335>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098 [<ffffffff845437c9>] kmalloc include/linux/slab.h:600 [inline] [<ffffffff845437c9>] kzalloc include/linux/slab.h:721 [inline] [<ffffffff845437c9>] j1939_priv_create net/can/j1939/main.c:135 [inline] [<ffffffff845437c9>] j1939_netdev_start+0x159/0x6f0 net/can/j1939/main.c:272 [<ffffffff8454540e>] j1939_sk_bind+0x21e/0x550 net/can/j1939/socket.c:485 [<ffffffff83ec926c>] __sys_bind+0x11c/0x130 net/socket.c:1847 [<ffffffff83ec929c>] __do_sys_bind net/socket.c:1858 [inline] [<ffffffff83ec929c>] __se_sys_bind net/socket.c:1856 [inline] [<ffffffff83ec929c>] __x64_sys_bind+0x1c/0x20 net/socket.c:1856 [<ffffffff84b71e0f>] do_syscall_x64 arch/x86/entry/common.c:52 [inline] [<ffffffff84b71e0f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b BUG: memory leak unreferenced object 0xffff888120daf700 (size 240): comm "syz-executor.6", pid 5653, jiffies 4295068840 (age 14.060s) hex dump (first 32 bytes): 68 aa 12 1e 81 88 ff ff 68 aa 12 1e 81 88 ff ff h.......h....... 00 00 5f 1b 81 88 ff ff 00 84 2c 1f 81 88 ff ff .._.......,..... backtrace: [<ffffffff81632177>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [<ffffffff81632177>] slab_post_alloc_hook mm/slab.h:766 [inline] [<ffffffff81632177>] slab_alloc_node mm/slub.c:3478 [inline] [<ffffffff81632177>] kmem_cache_alloc_node+0x2c7/0x450 mm/slub.c:3523 [<ffffffff83edcb9f>] __alloc_skb+0x1ef/0x230 net/core/skbuff.c:641 [<ffffffff83ee6111>] alloc_skb include/linux/skbuff.h:1286 [inline] [<ffffffff83ee6111>] alloc_skb_with_frags+0x71/0x3a0 net/core/skbuff.c:6334 [<ffffffff83ed0c4b>] sock_alloc_send_pskb+0x3ab/0x3e0 net/core/sock.c:2787 [<ffffffff84545de8>] sock_alloc_send_skb include/net/sock.h:1884 [inline] [<ffffffff84545de8>] j1939_sk_alloc_skb net/can/j1939/socket.c:864 [inline] [<ffffffff84545de8>] j1939_sk_send_loop net/can/j1939/socket.c:1128 [inline] [<ffffffff84545de8>] j1939_sk_sendmsg+0x2f8/0x7f0 net/can/j1939/socket.c:1263 [<ffffffff83ec6c92>] sock_sendmsg_nosec net/socket.c:730 [inline] [<ffffffff83ec6c92>] __sock_sendmsg+0x52/0xa0 net/socket.c:745 [<ffffffff83ec72f5>] ____sys_sendmsg+0x365/0x470 net/socket.c:2586 [<ffffffff83ecb019>] ___sys_sendmsg+0xc9/0x130 net/socket.c:2640 [<ffffffff83ecb1c6>] __sys_sendmsg+0xa6/0x120 net/socket.c:2669 [<ffffffff84b71e0f>] do_syscall_x64 arch/x86/entry/common.c:52 [inline] [<ffffffff84b71e0f>] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0x6b --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
