syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5235] 🐞 Invalid [12492] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

memory leak in cfg80211_inform_single_bss_frame_data

Status: upstream: reported C repro on 2021/06/02 16:37
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+7a942657a255a9d9b18a@syzkaller.appspotmail.com
First crash: 1059d, last: 283d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] memory leak in cfg80211_inform_single_bss_frame_data 4 (8) 2022/07/13 10:35
Last patch testing requests (18)
Created Duration User Patch Repo Result
2024/04/10 06:43 16m retest repro upstream report log
2024/01/14 08:31 18m retest repro upstream report log
2023/11/05 07:28 22m retest repro upstream report log
2023/08/27 04:28 19m retest repro upstream report log
2023/08/27 04:28 22m retest repro upstream OK log
2023/08/27 04:28 40m retest repro upstream OK log
2023/05/28 15:02 15m retest repro upstream OK log
2023/05/28 14:05 15m retest repro upstream report log
2023/05/28 14:05 13m retest repro upstream report log
2023/05/28 14:05 18m retest repro upstream OK log
2022/07/13 10:26 8m code@siddh.me upstream report log
2022/07/13 08:58 8m code@siddh.me upstream report log
2021/10/26 10:48 9m fmdefrancesco@gmail.com patch upstream report log
2021/06/24 06:57 13m phind.uet@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git master log
2021/06/23 15:52 14m phind.uet@gmail.com upstream log
2021/06/22 11:42 13m phind.uet@gmail.com upstream log
2021/06/21 12:59 15m phind.uet@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master error OK
2021/06/04 06:00 14m mudongliangabcd@gmail.com upstream log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88811e7fdb40 (size 96):
  comm "kworker/1:0", pid 5028, jiffies 4295056523 (age 17.420s)
  hex dump (first 32 bytes):
    e4 70 a3 2e 80 00 06 00 00 00 00 00 00 00 00 00  .p..............
    00 00 00 00 00 00 00 00 28 00 00 00 01 00 06 10  ........(.......
  backtrace:
    [<ffffffff8155ce78>] __do_kmalloc_node mm/slab_common.c:984 [inline]
    [<ffffffff8155ce78>] __kmalloc+0x48/0x150 mm/slab_common.c:998
    [<ffffffff846f6628>] kmalloc include/linux/slab.h:586 [inline]
    [<ffffffff846f6628>] kzalloc include/linux/slab.h:703 [inline]
    [<ffffffff846f6628>] cfg80211_inform_single_bss_frame_data+0x198/0x8d0 net/wireless/scan.c:2852
    [<ffffffff846f8c7d>] cfg80211_inform_bss_frame_data+0x6d/0x140 net/wireless/scan.c:2912
    [<ffffffff847ac677>] ieee80211_bss_info_update+0x177/0x320 net/mac80211/scan.c:211
    [<ffffffff847bb864>] ieee80211_rx_bss_info net/mac80211/ibss.c:1124 [inline]
    [<ffffffff847bb864>] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1613 [inline]
    [<ffffffff847bb864>] ieee80211_ibss_rx_queued_mgmt+0x894/0x1210 net/mac80211/ibss.c:1642
    [<ffffffff847be421>] ieee80211_iface_process_skb net/mac80211/iface.c:1604 [inline]
    [<ffffffff847be421>] ieee80211_iface_work+0x601/0x790 net/mac80211/iface.c:1658
    [<ffffffff846dbdc8>] cfg80211_wiphy_work+0xf8/0x110 net/wireless/core.c:435
    [<ffffffff812c0cf1>] process_one_work+0x2f1/0x640 kernel/workqueue.c:2597
    [<ffffffff812c162c>] worker_thread+0x5c/0x5c0 kernel/workqueue.c:2748
    [<ffffffff812cb0fb>] kthread+0x12b/0x170 kernel/kthread.c:389
    [<ffffffff81002bef>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

BUG: memory leak
unreferenced object 0xffff88811e7fdf60 (size 96):
  comm "kworker/1:0", pid 5028, jiffies 4295056523 (age 17.420s)
  hex dump (first 32 bytes):
    05 71 a3 2e 80 00 06 00 00 00 00 00 00 00 00 00  .q..............
    00 00 00 00 00 00 00 00 28 00 00 00 01 00 06 10  ........(.......
  backtrace:
    [<ffffffff8155ce78>] __do_kmalloc_node mm/slab_common.c:984 [inline]
    [<ffffffff8155ce78>] __kmalloc+0x48/0x150 mm/slab_common.c:998
    [<ffffffff846f6628>] kmalloc include/linux/slab.h:586 [inline]
    [<ffffffff846f6628>] kzalloc include/linux/slab.h:703 [inline]
    [<ffffffff846f6628>] cfg80211_inform_single_bss_frame_data+0x198/0x8d0 net/wireless/scan.c:2852
    [<ffffffff846f8c7d>] cfg80211_inform_bss_frame_data+0x6d/0x140 net/wireless/scan.c:2912
    [<ffffffff847ac677>] ieee80211_bss_info_update+0x177/0x320 net/mac80211/scan.c:211
    [<ffffffff847bb864>] ieee80211_rx_bss_info net/mac80211/ibss.c:1124 [inline]
    [<ffffffff847bb864>] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1613 [inline]
    [<ffffffff847bb864>] ieee80211_ibss_rx_queued_mgmt+0x894/0x1210 net/mac80211/ibss.c:1642
    [<ffffffff847be421>] ieee80211_iface_process_skb net/mac80211/iface.c:1604 [inline]
    [<ffffffff847be421>] ieee80211_iface_work+0x601/0x790 net/mac80211/iface.c:1658
    [<ffffffff846dbdc8>] cfg80211_wiphy_work+0xf8/0x110 net/wireless/core.c:435
    [<ffffffff812c0cf1>] process_one_work+0x2f1/0x640 kernel/workqueue.c:2597
    [<ffffffff812c162c>] worker_thread+0x5c/0x5c0 kernel/workqueue.c:2748
    [<ffffffff812cb0fb>] kthread+0x12b/0x170 kernel/kthread.c:389
    [<ffffffff81002bef>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

BUG: memory leak
unreferenced object 0xffff888120f6fcc0 (size 96):
  comm "kworker/1:0", pid 5028, jiffies 4295056523 (age 17.420s)
  hex dump (first 32 bytes):
    1f 71 a3 2e 80 00 06 00 00 00 00 00 00 00 00 00  .q..............
    00 00 00 00 00 00 00 00 28 00 00 00 01 00 06 10  ........(.......
  backtrace:
    [<ffffffff8155ce78>] __do_kmalloc_node mm/slab_common.c:984 [inline]
    [<ffffffff8155ce78>] __kmalloc+0x48/0x150 mm/slab_common.c:998
    [<ffffffff846f6628>] kmalloc include/linux/slab.h:586 [inline]
    [<ffffffff846f6628>] kzalloc include/linux/slab.h:703 [inline]
    [<ffffffff846f6628>] cfg80211_inform_single_bss_frame_data+0x198/0x8d0 net/wireless/scan.c:2852
    [<ffffffff846f8c7d>] cfg80211_inform_bss_frame_data+0x6d/0x140 net/wireless/scan.c:2912
    [<ffffffff847ac677>] ieee80211_bss_info_update+0x177/0x320 net/mac80211/scan.c:211
    [<ffffffff847bb864>] ieee80211_rx_bss_info net/mac80211/ibss.c:1124 [inline]
    [<ffffffff847bb864>] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1613 [inline]
    [<ffffffff847bb864>] ieee80211_ibss_rx_queued_mgmt+0x894/0x1210 net/mac80211/ibss.c:1642
    [<ffffffff847be421>] ieee80211_iface_process_skb net/mac80211/iface.c:1604 [inline]
    [<ffffffff847be421>] ieee80211_iface_work+0x601/0x790 net/mac80211/iface.c:1658
    [<ffffffff846dbdc8>] cfg80211_wiphy_work+0xf8/0x110 net/wireless/core.c:435
    [<ffffffff812c0cf1>] process_one_work+0x2f1/0x640 kernel/workqueue.c:2597
    [<ffffffff812c162c>] worker_thread+0x5c/0x5c0 kernel/workqueue.c:2748
    [<ffffffff812cb0fb>] kthread+0x12b/0x170 kernel/kthread.c:389
    [<ffffffff81002bef>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

BUG: memory leak
unreferenced object 0xffff888120f6f120 (size 96):
  comm "kworker/1:0", pid 5028, jiffies 4295056523 (age 17.420s)
  hex dump (first 32 bytes):
    39 71 a3 2e 80 00 06 00 00 00 00 00 00 00 00 00  9q..............
    00 00 00 00 00 00 00 00 28 00 00 00 01 00 06 10  ........(.......
  backtrace:
    [<ffffffff8155ce78>] __do_kmalloc_node mm/slab_common.c:984 [inline]
    [<ffffffff8155ce78>] __kmalloc+0x48/0x150 mm/slab_common.c:998
    [<ffffffff846f6628>] kmalloc include/linux/slab.h:586 [inline]
    [<ffffffff846f6628>] kzalloc include/linux/slab.h:703 [inline]
    [<ffffffff846f6628>] cfg80211_inform_single_bss_frame_data+0x198/0x8d0 net/wireless/scan.c:2852
    [<ffffffff846f8c7d>] cfg80211_inform_bss_frame_data+0x6d/0x140 net/wireless/scan.c:2912
    [<ffffffff847ac677>] ieee80211_bss_info_update+0x177/0x320 net/mac80211/scan.c:211
    [<ffffffff847bb864>] ieee80211_rx_bss_info net/mac80211/ibss.c:1124 [inline]
    [<ffffffff847bb864>] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1613 [inline]
    [<ffffffff847bb864>] ieee80211_ibss_rx_queued_mgmt+0x894/0x1210 net/mac80211/ibss.c:1642
    [<ffffffff847be421>] ieee80211_iface_process_skb net/mac80211/iface.c:1604 [inline]
    [<ffffffff847be421>] ieee80211_iface_work+0x601/0x790 net/mac80211/iface.c:1658
    [<ffffffff846dbdc8>] cfg80211_wiphy_work+0xf8/0x110 net/wireless/core.c:435
    [<ffffffff812c0cf1>] process_one_work+0x2f1/0x640 kernel/workqueue.c:2597
    [<ffffffff812c162c>] worker_thread+0x5c/0x5c0 kernel/workqueue.c:2748
    [<ffffffff812cb0fb>] kthread+0x12b/0x170 kernel/kthread.c:389
    [<ffffffff81002bef>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/07/15 06:12 upstream 2772d7df3c93 35d9ecc5 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in cfg80211_inform_single_bss_frame_data
2022/05/25 18:23 upstream fdaf9a5840ac 647c0e27 .config console log report syz C ci-upstream-gce-leak memory leak in cfg80211_inform_single_bss_frame_data
2021/10/25 22:32 upstream 87066fdd2e30 4f0000ee .config console log report syz C ci-upstream-gce-leak memory leak in cfg80211_inform_single_bss_frame_data
2023/03/19 14:02 upstream a3671bd86a97 7939252e .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in cfg80211_inform_single_bss_frame_data
2021/09/09 08:55 upstream 730bf31b8fc8 e2776ee4 .config console log report syz ci-upstream-gce-leak memory leak in cfg80211_inform_single_bss_frame_data
2021/05/30 18:36 upstream b90e90f40b4f 325a8dab .config console log report syz ci-upstream-gce-leak memory leak in cfg80211_inform_single_bss_frame_data
* Struck through repros no longer work on HEAD.