syzbot


memory leak in ath9k_hif_usb_firmware_cb

Status: fixed on 2023/06/08 14:41
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+6692c72009680f7c4eb2@syzkaller.appspotmail.com
Fix commit: 9b25e3985477 wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
First crash: 1225d, last: 428d
Discussions (4)
Title Replies (including bot) Last reply
[PATCH] wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function 9 (9) 2023/01/17 11:52
[PATCH] ath9k: hif_usb: fix memory leak in ath9k_hif_usb_firmware_cb 5 (5) 2021/07/27 12:26
Re: Comment on the patch of "memory leak in ath9k_hif_usb_firmware_cb" 1 (1) 2021/06/07 05:25
memory leak in ath9k_hif_usb_firmware_cb 0 (1) 2020/11/10 18:25
Last patch testing requests (5)
Created Duration User Patch Repo Result
2021/07/09 05:45 15m mudongliangabcd@gmail.com patch upstream error OK
2021/04/27 06:23 16m dvyukov@google.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4a0225c3 OK
2021/04/27 05:38 7m dvyukov@google.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4a0225c3 error OK
2021/04/27 04:50 7m atulgopinathan@gmail.com patch upstream error OK
2021/04/27 04:46 7m atulgopinathan@gmail.com patch upstream error OK

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88810a8f9e00 (size 240):
  comm "kworker/1:2", pid 4384, jiffies 4294946945 (age 24.190s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff83b0dd52>] __alloc_skb+0x202/0x270 net/core/skbuff.c:552
    [<ffffffff82e4e8b0>] alloc_skb include/linux/skbuff.h:1270 [inline]
    [<ffffffff82e4e8b0>] ath9k_hif_usb_alloc_reg_in_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:961 [inline]
    [<ffffffff82e4e8b0>] ath9k_hif_usb_alloc_urbs+0x3b0/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1020
    [<ffffffff82e4ebc8>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1106 [inline]
    [<ffffffff82e4ebc8>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
    [<ffffffff82a4c927>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1107
    [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
    [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
    [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
    [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

BUG: memory leak
unreferenced object 0xffff888104200400 (size 512):
  comm "kworker/1:2", pid 4384, jiffies 4294946945 (age 24.190s)
  hex dump (first 32 bytes):
    12 01 00 02 ff ff ff 40 f3 0c 71 92 08 01 01 02  .......@..q.....
    03 01 09 02 48 00 01 01 00 80 fa 09 04 00 00 06  ....H...........
  backtrace:
    [<ffffffff814f9cb7>] __do_kmalloc_node mm/slab_common.c:967 [inline]
    [<ffffffff814f9cb7>] __kmalloc_node_track_caller+0x47/0x120 mm/slab_common.c:988
    [<ffffffff83b0dc31>] kmalloc_reserve net/core/skbuff.c:492 [inline]
    [<ffffffff83b0dc31>] __alloc_skb+0xe1/0x270 net/core/skbuff.c:565
    [<ffffffff82e4e8b0>] alloc_skb include/linux/skbuff.h:1270 [inline]
    [<ffffffff82e4e8b0>] ath9k_hif_usb_alloc_reg_in_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:961 [inline]
    [<ffffffff82e4e8b0>] ath9k_hif_usb_alloc_urbs+0x3b0/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1020
    [<ffffffff82e4ebc8>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1106 [inline]
    [<ffffffff82e4ebc8>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
    [<ffffffff82a4c927>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1107
    [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
    [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
    [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
    [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

BUG: memory leak
unreferenced object 0xffff88810a8f9800 (size 240):
  comm "kworker/1:2", pid 4384, jiffies 4294946945 (age 24.190s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff83b0dd52>] __alloc_skb+0x202/0x270 net/core/skbuff.c:552
    [<ffffffff82e4e8b0>] alloc_skb include/linux/skbuff.h:1270 [inline]
    [<ffffffff82e4e8b0>] ath9k_hif_usb_alloc_reg_in_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:961 [inline]
    [<ffffffff82e4e8b0>] ath9k_hif_usb_alloc_urbs+0x3b0/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1020
    [<ffffffff82e4ebc8>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1106 [inline]
    [<ffffffff82e4ebc8>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
    [<ffffffff82a4c927>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1107
    [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
    [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
    [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
    [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

BUG: memory leak
unreferenced object 0xffff88810a8f9c00 (size 240):
  comm "kworker/1:2", pid 4384, jiffies 4294948494 (age 8.700s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff83b0dd52>] __alloc_skb+0x202/0x270 net/core/skbuff.c:552
    [<ffffffff82e4e8b0>] alloc_skb include/linux/skbuff.h:1270 [inline]
    [<ffffffff82e4e8b0>] ath9k_hif_usb_alloc_reg_in_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:961 [inline]
    [<ffffffff82e4e8b0>] ath9k_hif_usb_alloc_urbs+0x3b0/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1020
    [<ffffffff82e4ebc8>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1106 [inline]
    [<ffffffff82e4ebc8>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
    [<ffffffff82a4c927>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1107
    [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
    [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
    [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
    [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

BUG: memory leak
unreferenced object 0xffff88810dae1c00 (size 512):
  comm "kworker/1:2", pid 4384, jiffies 4294948494 (age 8.700s)
  hex dump (first 32 bytes):
    12 01 00 02 ff ff ff 40 f3 0c 71 92 08 01 01 02  .......@..q.....
    03 01 09 02 48 00 01 01 00 80 fa 09 04 00 00 06  ....H...........
  backtrace:
    [<ffffffff814f9cb7>] __do_kmalloc_node mm/slab_common.c:967 [inline]
    [<ffffffff814f9cb7>] __kmalloc_node_track_caller+0x47/0x120 mm/slab_common.c:988
    [<ffffffff83b0dc31>] kmalloc_reserve net/core/skbuff.c:492 [inline]
    [<ffffffff83b0dc31>] __alloc_skb+0xe1/0x270 net/core/skbuff.c:565
    [<ffffffff82e4e8b0>] alloc_skb include/linux/skbuff.h:1270 [inline]
    [<ffffffff82e4e8b0>] ath9k_hif_usb_alloc_reg_in_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:961 [inline]
    [<ffffffff82e4e8b0>] ath9k_hif_usb_alloc_urbs+0x3b0/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1020
    [<ffffffff82e4ebc8>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1106 [inline]
    [<ffffffff82e4ebc8>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
    [<ffffffff82a4c927>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1107
    [<ffffffff8129519a>] process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289
    [<ffffffff81295ab9>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
    [<ffffffff8129fb05>] kthread+0x125/0x160 kernel/kthread.c:376
    [<ffffffff8100224f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308


Crashes (1591):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/15 12:07 upstream 7c6984405241 a63719e7 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/21 08:07 upstream b6bb9676f216 d3e76707 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/13 10:31 upstream 3a28c2c89f4b 67be1ae7 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/12 13:21 upstream 830b3c68c1fb 67be1ae7 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/11 06:28 upstream 296a7b7eb792 67be1ae7 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/10 11:20 upstream 3ecc37918c80 67be1ae7 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/10 10:58 upstream 3ecc37918c80 67be1ae7 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/10 10:12 upstream 3ecc37918c80 67be1ae7 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/07 02:03 upstream 8ed710da2873 d88f3abb .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/05 07:44 upstream 0ba09b173387 e080de16 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/03 06:25 upstream a4412fdd49dc e080de16 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/03 05:38 upstream a4412fdd49dc e080de16 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/02 07:38 upstream 355479c70a48 e080de16 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/12/01 01:54 upstream ef4d3ea40565 4c2a66e8 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/30 18:46 upstream 01f856ae6d0c 4c2a66e8 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/30 16:12 upstream 01f856ae6d0c 4c2a66e8 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/30 04:07 upstream 01f856ae6d0c 05dc7993 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/29 11:19 upstream ca57f02295f1 ca9683b8 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/29 08:18 upstream ca57f02295f1 ca9683b8 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/28 23:13 upstream b7b275e60bcd 247de55b .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/25 12:27 upstream 08ad43d554ba 74a66371 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/24 02:20 upstream 4312098baf37 12c66417 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/23 04:35 upstream eb7081409f94 9da37ae8 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/22 12:05 upstream eb7081409f94 1c576c23 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/22 08:19 upstream eb7081409f94 1c576c23 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/20 12:52 upstream b6e7fdfd6f6a 5bb70014 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/20 12:12 upstream b6e7fdfd6f6a 5bb70014 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/20 03:54 upstream fe24a97cf254 5bb70014 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/19 00:55 upstream 84368d882b96 5bb70014 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/15 20:24 upstream e01d50cbd6ee 97de9cfc .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/15 13:46 upstream e01d50cbd6ee 97de9cfc .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/13 18:06 upstream fef7fd48922d 3ead01ad .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/13 13:48 upstream fef7fd48922d 3ead01ad .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/11 19:57 upstream 4bbf3422df78 3ead01ad .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/10 09:14 upstream f67dd6ce0723 b2488a87 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/09 15:45 upstream f141df371335 5fa28208 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/08 12:27 upstream 59f2f4b8a757 881db35d .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/04 23:49 upstream ee6050c8af96 6d752409 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/04 22:01 upstream ee6050c8af96 6d752409 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2021/07/08 21:51 upstream 3dbdb38e2869 1b20171a .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2021/04/27 02:52 upstream 9f4ad9e425a1 805b5003 .config console log report syz C ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2021/01/11 08:37 upstream 0653161f0fac 2c1f2513 .config console log report syz C ci-upstream-gce-leak
2020/11/10 11:22 upstream 407ab579637c cca87986 .config console log report syz C ci-upstream-gce-leak
2020/11/09 19:06 upstream f8394f232b1e 64069d48 .config console log report syz C ci-upstream-gce-leak
2022/11/23 02:23 upstream eb7081409f94 9da37ae8 .config console log report syz ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/23 01:31 upstream eb7081409f94 9da37ae8 .config console log report syz ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
2022/11/22 15:21 upstream eb7081409f94 1c576c23 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in ath9k_hif_usb_firmware_cb
* Struck through repros no longer work on HEAD.