syzbot

 sign-in | mailing list | source | docs
🐞 Open [987] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12505] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

memory leak in ieee80211_check_fast_xmit

Status: fixed on 2020/11/16 12:12
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+2e293dbd67de2836ba42@syzkaller.appspotmail.com
Fix commit: dcd479e10a05 mac80211: always wind down STA state
First crash: 1310d, last: 1265d
Discussions (21)
Title Replies (including bot) Last reply
[PATCH 4.4 00/15] 4.4.245-rc1 review 22 (22) 2020/11/23 02:40
[PATCH 5.9 00/14] 5.9.10-rc1 review 20 (20) 2020/11/22 09:18
[PATCH 4.19 00/14] 4.19.159-rc1 review 20 (20) 2020/11/22 09:13
[PATCH 4.9 00/16] 4.9.245-rc1 review 22 (22) 2020/11/22 08:01
[PATCH 5.4 00/17] 5.4.79-rc1 review 21 (21) 2020/11/21 18:37
[PATCH 4.14 00/17] 4.14.208-rc1 review 20 (20) 2020/11/21 18:36
[PATCH 5.9 000/255] 5.9.9-rc1 review 264 (264) 2020/11/19 12:14
[PATCH 4.19 000/101] 4.19.158-rc1 review 109 (109) 2020/11/18 22:17
[PATCH 5.4 000/151] 5.4.78-rc1 review 155 (155) 2020/11/18 15:24
[PATCH 4.14 00/85] 4.14.207-rc1 review 88 (88) 2020/11/18 15:22
[PATCH 4.9 00/78] 4.9.244-rc1 review 82 (82) 2020/11/18 15:22
[PATCH 4.4 00/64] 4.4.244-rc1 review 68 (68) 2020/11/18 15:22
[PATCH AUTOSEL 4.19 01/21] usb: gadget: goku_udc: fix potential crashes in probe 23 (23) 2020/11/14 22:58
[PATCH AUTOSEL 5.9 01/55] ASoC: mediatek: mt8183-da7219: fix DAPM paths for rt1015 61 (61) 2020/11/13 22:40
[PATCH] mac80211: wind down station state earlier 2 (2) 2020/11/12 08:26
[PATCH AUTOSEL 4.4 01/10] usb: gadget: goku_udc: fix potential crashes in probe 10 (10) 2020/11/10 03:56
[PATCH AUTOSEL 4.9 01/12] usb: gadget: goku_udc: fix potential crashes in probe 12 (12) 2020/11/10 03:56
[PATCH AUTOSEL 4.14 01/14] usb: gadget: goku_udc: fix potential crashes in probe 14 (14) 2020/11/10 03:56
[PATCH AUTOSEL 5.4 01/42] ASoC: qcom: sdm845: set driver name correctly 42 (42) 2020/11/10 03:54
[PATCH] mac80211: always wind down STA state 2 (2) 2020/10/09 14:18
memory leak in ieee80211_check_fast_xmit 0 (1) 2020/09/24 09:26
Last patch testing requests (1)
Created Duration User Patch Repo Result
2020/10/01 04:58 15m anant.thazhemadam@gmail.com patch upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888118a57200 (size 96):
  comm "kworker/u4:3", pid 2969, jiffies 4294959703 (age 33.610s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 1e 0a 04 00 00 00 08 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 50  ..............PP
  backtrace:
    [<00000000e736a426>] kmemdup+0x23/0x50 mm/util.c:128
    [<00000000566d6647>] kmemdup include/linux/string.h:472 [inline]
    [<00000000566d6647>] ieee80211_check_fast_xmit+0x4a0/0x780 net/mac80211/tx.c:3109
    [<00000000d482c4fd>] sta_info_move_state+0x116/0x540 net/mac80211/sta_info.c:2024
    [<00000000282cd05e>] sta_info_pre_move_state net/mac80211/sta_info.h:704 [inline]
    [<00000000282cd05e>] ieee80211_ibss_finish_sta+0x16e/0x1f0 net/mac80211/ibss.c:587
    [<00000000324a88eb>] ieee80211_ibss_work+0x11f/0x540 net/mac80211/ibss.c:1700
    [<00000000971c9285>] ieee80211_iface_work+0x50a/0x5b0 net/mac80211/iface.c:1476
    [<0000000087ea77bb>] process_one_work+0x27d/0x590 kernel/workqueue.c:2272
    [<00000000db2946ac>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2418
    [<00000000aa4028fd>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000c5bdd85e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff888118a57200 (size 96):
  comm "kworker/u4:3", pid 2969, jiffies 4294959703 (age 33.690s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 1e 0a 04 00 00 00 08 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 50  ..............PP
  backtrace:
    [<00000000e736a426>] kmemdup+0x23/0x50 mm/util.c:128
    [<00000000566d6647>] kmemdup include/linux/string.h:472 [inline]
    [<00000000566d6647>] ieee80211_check_fast_xmit+0x4a0/0x780 net/mac80211/tx.c:3109
    [<00000000d482c4fd>] sta_info_move_state+0x116/0x540 net/mac80211/sta_info.c:2024
    [<00000000282cd05e>] sta_info_pre_move_state net/mac80211/sta_info.h:704 [inline]
    [<00000000282cd05e>] ieee80211_ibss_finish_sta+0x16e/0x1f0 net/mac80211/ibss.c:587
    [<00000000324a88eb>] ieee80211_ibss_work+0x11f/0x540 net/mac80211/ibss.c:1700
    [<00000000971c9285>] ieee80211_iface_work+0x50a/0x5b0 net/mac80211/iface.c:1476
    [<0000000087ea77bb>] process_one_work+0x27d/0x590 kernel/workqueue.c:2272
    [<00000000db2946ac>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2418
    [<00000000aa4028fd>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000c5bdd85e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff888118a57200 (size 96):
  comm "kworker/u4:3", pid 2969, jiffies 4294959703 (age 33.780s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 1e 0a 04 00 00 00 08 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 50  ..............PP
  backtrace:
    [<00000000e736a426>] kmemdup+0x23/0x50 mm/util.c:128
    [<00000000566d6647>] kmemdup include/linux/string.h:472 [inline]
    [<00000000566d6647>] ieee80211_check_fast_xmit+0x4a0/0x780 net/mac80211/tx.c:3109
    [<00000000d482c4fd>] sta_info_move_state+0x116/0x540 net/mac80211/sta_info.c:2024
    [<00000000282cd05e>] sta_info_pre_move_state net/mac80211/sta_info.h:704 [inline]
    [<00000000282cd05e>] ieee80211_ibss_finish_sta+0x16e/0x1f0 net/mac80211/ibss.c:587
    [<00000000324a88eb>] ieee80211_ibss_work+0x11f/0x540 net/mac80211/ibss.c:1700
    [<00000000971c9285>] ieee80211_iface_work+0x50a/0x5b0 net/mac80211/iface.c:1476
    [<0000000087ea77bb>] process_one_work+0x27d/0x590 kernel/workqueue.c:2272
    [<00000000db2946ac>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2418
    [<00000000aa4028fd>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000c5bdd85e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff888118a57200 (size 96):
  comm "kworker/u4:3", pid 2969, jiffies 4294959703 (age 33.860s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 1e 0a 04 00 00 00 08 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 50  ..............PP
  backtrace:
    [<00000000e736a426>] kmemdup+0x23/0x50 mm/util.c:128
    [<00000000566d6647>] kmemdup include/linux/string.h:472 [inline]
    [<00000000566d6647>] ieee80211_check_fast_xmit+0x4a0/0x780 net/mac80211/tx.c:3109
    [<00000000d482c4fd>] sta_info_move_state+0x116/0x540 net/mac80211/sta_info.c:2024
    [<00000000282cd05e>] sta_info_pre_move_state net/mac80211/sta_info.h:704 [inline]
    [<00000000282cd05e>] ieee80211_ibss_finish_sta+0x16e/0x1f0 net/mac80211/ibss.c:587
    [<00000000324a88eb>] ieee80211_ibss_work+0x11f/0x540 net/mac80211/ibss.c:1700
    [<00000000971c9285>] ieee80211_iface_work+0x50a/0x5b0 net/mac80211/iface.c:1476
    [<0000000087ea77bb>] process_one_work+0x27d/0x590 kernel/workqueue.c:2272
    [<00000000db2946ac>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2418
    [<00000000aa4028fd>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000c5bdd85e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff888118a57200 (size 96):
  comm "kworker/u4:3", pid 2969, jiffies 4294959703 (age 33.940s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 1e 0a 04 00 00 00 08 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 50  ..............PP
  backtrace:
    [<00000000e736a426>] kmemdup+0x23/0x50 mm/util.c:128
    [<00000000566d6647>] kmemdup include/linux/string.h:472 [inline]
    [<00000000566d6647>] ieee80211_check_fast_xmit+0x4a0/0x780 net/mac80211/tx.c:3109
    [<00000000d482c4fd>] sta_info_move_state+0x116/0x540 net/mac80211/sta_info.c:2024
    [<00000000282cd05e>] sta_info_pre_move_state net/mac80211/sta_info.h:704 [inline]
    [<00000000282cd05e>] ieee80211_ibss_finish_sta+0x16e/0x1f0 net/mac80211/ibss.c:587
    [<00000000324a88eb>] ieee80211_ibss_work+0x11f/0x540 net/mac80211/ibss.c:1700
    [<00000000971c9285>] ieee80211_iface_work+0x50a/0x5b0 net/mac80211/iface.c:1476
    [<0000000087ea77bb>] process_one_work+0x27d/0x590 kernel/workqueue.c:2272
    [<00000000db2946ac>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2418
    [<00000000aa4028fd>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000c5bdd85e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff888118a57200 (size 96):
  comm "kworker/u4:3", pid 2969, jiffies 4294959703 (age 34.020s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 1e 0a 04 00 00 00 08 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 50  ..............PP
  backtrace:
    [<00000000e736a426>] kmemdup+0x23/0x50 mm/util.c:128
    [<00000000566d6647>] kmemdup include/linux/string.h:472 [inline]
    [<00000000566d6647>] ieee80211_check_fast_xmit+0x4a0/0x780 net/mac80211/tx.c:3109
    [<00000000d482c4fd>] sta_info_move_state+0x116/0x540 net/mac80211/sta_info.c:2024
    [<00000000282cd05e>] sta_info_pre_move_state net/mac80211/sta_info.h:704 [inline]
    [<00000000282cd05e>] ieee80211_ibss_finish_sta+0x16e/0x1f0 net/mac80211/ibss.c:587
    [<00000000324a88eb>] ieee80211_ibss_work+0x11f/0x540 net/mac80211/ibss.c:1700
    [<00000000971c9285>] ieee80211_iface_work+0x50a/0x5b0 net/mac80211/iface.c:1476
    [<0000000087ea77bb>] process_one_work+0x27d/0x590 kernel/workqueue.c:2272
    [<00000000db2946ac>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2418
    [<00000000aa4028fd>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000c5bdd85e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff888118a57200 (size 96):
  comm "kworker/u4:3", pid 2969, jiffies 4294959703 (age 34.100s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 1e 0a 04 00 00 00 08 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 50  ..............PP
  backtrace:
    [<00000000e736a426>] kmemdup+0x23/0x50 mm/util.c:128
    [<00000000566d6647>] kmemdup include/linux/string.h:472 [inline]
    [<00000000566d6647>] ieee80211_check_fast_xmit+0x4a0/0x780 net/mac80211/tx.c:3109
    [<00000000d482c4fd>] sta_info_move_state+0x116/0x540 net/mac80211/sta_info.c:2024
    [<00000000282cd05e>] sta_info_pre_move_state net/mac80211/sta_info.h:704 [inline]
    [<00000000282cd05e>] ieee80211_ibss_finish_sta+0x16e/0x1f0 net/mac80211/ibss.c:587
    [<00000000324a88eb>] ieee80211_ibss_work+0x11f/0x540 net/mac80211/ibss.c:1700
    [<00000000971c9285>] ieee80211_iface_work+0x50a/0x5b0 net/mac80211/iface.c:1476
    [<0000000087ea77bb>] process_one_work+0x27d/0x590 kernel/workqueue.c:2272
    [<00000000db2946ac>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2418
    [<00000000aa4028fd>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000c5bdd85e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff888118a57200 (size 96):
  comm "kworker/u4:3", pid 2969, jiffies 4294959703 (age 34.180s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 1e 0a 04 00 00 00 08 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 50  ..............PP
  backtrace:
    [<00000000e736a426>] kmemdup+0x23/0x50 mm/util.c:128
    [<00000000566d6647>] kmemdup include/linux/string.h:472 [inline]
    [<00000000566d6647>] ieee80211_check_fast_xmit+0x4a0/0x780 net/mac80211/tx.c:3109
    [<00000000d482c4fd>] sta_info_move_state+0x116/0x540 net/mac80211/sta_info.c:2024
    [<00000000282cd05e>] sta_info_pre_move_state net/mac80211/sta_info.h:704 [inline]
    [<00000000282cd05e>] ieee80211_ibss_finish_sta+0x16e/0x1f0 net/mac80211/ibss.c:587
    [<00000000324a88eb>] ieee80211_ibss_work+0x11f/0x540 net/mac80211/ibss.c:1700
    [<00000000971c9285>] ieee80211_iface_work+0x50a/0x5b0 net/mac80211/iface.c:1476
    [<0000000087ea77bb>] process_one_work+0x27d/0x590 kernel/workqueue.c:2272
    [<00000000db2946ac>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2418
    [<00000000aa4028fd>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000c5bdd85e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory
write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory
write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory

Crashes (983):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/11/06 16:09 upstream 521b619acdc8 64069d48 .config console log report syz C ci-upstream-gce-leak
2020/11/06 12:23 upstream 521b619acdc8 64069d48 .config console log report syz C ci-upstream-gce-leak
2020/11/06 06:56 upstream 521b619acdc8 64069d48 .config console log report syz C ci-upstream-gce-leak
2020/11/06 04:59 upstream 521b619acdc8 64069d48 .config console log report syz C ci-upstream-gce-leak
2020/11/06 00:39 upstream 521b619acdc8 64069d48 .config console log report syz C ci-upstream-gce-leak
2020/11/05 23:53 upstream 521b619acdc8 64069d48 .config console log report syz C ci-upstream-gce-leak
2020/11/05 23:48 upstream 521b619acdc8 64069d48 .config console log report syz C ci-upstream-gce-leak
2020/11/05 05:21 upstream 4ef8451b3326 64069d48 .config console log report syz C ci-upstream-gce-leak
2020/11/05 02:20 upstream 4ef8451b3326 64069d48 .config console log report syz C ci-upstream-gce-leak
2020/11/05 01:34 upstream 4ef8451b3326 64069d48 .config console log report syz C ci-upstream-gce-leak
2020/09/30 15:54 upstream 02de58b24d2e 8516f6d3 .config console log report syz C ci-upstream-gce-leak
2020/09/24 08:27 upstream c9c9e6a49f89 54289b08 .config console log report syz C ci-upstream-gce-leak
2020/09/22 16:25 upstream 98477740630f 3e8f6c27 .config console log report syz C ci-upstream-gce-leak
2020/11/06 23:15 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/06 20:37 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/06 15:37 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/06 11:27 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/06 08:17 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/06 07:12 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/06 06:19 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/06 05:40 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/06 03:32 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/06 01:47 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/06 01:32 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/06 00:32 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 23:58 upstream 521b619acdc8 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 20:10 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 19:53 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 19:09 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 17:24 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 16:51 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 15:40 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 13:51 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 13:15 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 12:12 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 10:45 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 10:27 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 10:19 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 07:46 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 05:56 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 04:06 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 03:00 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/05 02:36 upstream 4ef8451b3326 64069d48 .config console log report syz ci-upstream-gce-leak
2020/11/04 18:12 upstream 4ef8451b3326 cba33199 .config console log report syz ci-upstream-gce-leak
2020/11/04 17:11 upstream 4ef8451b3326 cba33199 .config console log report syz ci-upstream-gce-leak
2020/11/04 15:18 upstream 4ef8451b3326 cba33199 .config console log report syz ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.