syzbot


memory leak in cfg80211_inform_single_bss_frame_data

Status: upstream: reported C repro on 2021/06/02 16:37
Reported-by: syzbot+7a942657a255a9d9b18a@syzkaller.appspotmail.com
First crash: 494d, last: 134d
Patch testing requests:
Created Duration User Patch Repo Result
2022/07/13 10:26 8m code@siddh.me upstream report log
2022/07/13 08:58 8m code@siddh.me upstream report log
2021/10/26 10:48 9m fmdefrancesco@gmail.com patch upstream report log
2021/06/24 06:57 13m phind.uet@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git master log
2021/06/23 15:52 14m phind.uet@gmail.com upstream log
2021/06/22 11:42 13m phind.uet@gmail.com upstream log
2021/06/21 12:59 15m phind.uet@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master error
2021/06/04 06:00 14m mudongliangabcd@gmail.com upstream log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88810477b480 (size 96):
  comm "kworker/u4:0", pid 8, jiffies 4294962865 (age 11.010s)
  hex dump (first 32 bytes):
    f0 50 d7 27 da df 05 00 00 00 00 00 00 00 00 00  .P.'............
    00 00 00 00 00 00 00 00 28 00 00 00 01 00 06 10  ........(.......
  backtrace:
    [<ffffffff8403ca16>] cfg80211_inform_single_bss_frame_data+0x186/0x6a0 net/wireless/scan.c:2445
    [<ffffffff8403cf7b>] cfg80211_inform_bss_frame_data+0x4b/0x460 net/wireless/scan.c:2506
    [<ffffffff840de2f6>] ieee80211_bss_info_update+0x196/0x440 net/mac80211/scan.c:190
    [<ffffffff840ecab2>] ieee80211_rx_bss_info net/mac80211/ibss.c:1119 [inline]
    [<ffffffff840ecab2>] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1610 [inline]
    [<ffffffff840ecab2>] ieee80211_ibss_rx_queued_mgmt+0x7d2/0x11a0 net/mac80211/ibss.c:1639
    [<ffffffff840ef551>] ieee80211_iface_process_skb net/mac80211/iface.c:1527 [inline]
    [<ffffffff840ef551>] ieee80211_iface_work+0x601/0x780 net/mac80211/iface.c:1581
    [<ffffffff8126e14f>] process_one_work+0x2bf/0x600 kernel/workqueue.c:2289
    [<ffffffff8126ea79>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
    [<ffffffff812786f5>] kthread+0x125/0x160 kernel/kthread.c:376
    [<ffffffff8100222f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302

BUG: memory leak
unreferenced object 0xffff888105f50100 (size 96):
  comm "kworker/u4:0", pid 8, jiffies 4294962865 (age 11.010s)
  hex dump (first 32 bytes):
    00 51 d7 27 da df 05 00 00 00 00 00 00 00 00 00  .Q.'............
    00 00 00 00 00 00 00 00 28 00 00 00 01 00 06 10  ........(.......
  backtrace:
    [<ffffffff8403ca16>] cfg80211_inform_single_bss_frame_data+0x186/0x6a0 net/wireless/scan.c:2445
    [<ffffffff8403cf7b>] cfg80211_inform_bss_frame_data+0x4b/0x460 net/wireless/scan.c:2506
    [<ffffffff840de2f6>] ieee80211_bss_info_update+0x196/0x440 net/mac80211/scan.c:190
    [<ffffffff840ecab2>] ieee80211_rx_bss_info net/mac80211/ibss.c:1119 [inline]
    [<ffffffff840ecab2>] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1610 [inline]
    [<ffffffff840ecab2>] ieee80211_ibss_rx_queued_mgmt+0x7d2/0x11a0 net/mac80211/ibss.c:1639
    [<ffffffff840ef551>] ieee80211_iface_process_skb net/mac80211/iface.c:1527 [inline]
    [<ffffffff840ef551>] ieee80211_iface_work+0x601/0x780 net/mac80211/iface.c:1581
    [<ffffffff8126e14f>] process_one_work+0x2bf/0x600 kernel/workqueue.c:2289
    [<ffffffff8126ea79>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
    [<ffffffff812786f5>] kthread+0x125/0x160 kernel/kthread.c:376
    [<ffffffff8100222f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302

BUG: memory leak
unreferenced object 0xffff88810477b680 (size 96):
  comm "kworker/u4:3", pid 782, jiffies 4294962875 (age 10.910s)
  hex dump (first 32 bytes):
    03 e1 d8 27 da df 05 00 00 00 00 00 00 00 00 00  ...'............
    00 00 00 00 00 00 00 00 28 00 00 00 01 00 06 10  ........(.......
  backtrace:
    [<ffffffff8403ca16>] cfg80211_inform_single_bss_frame_data+0x186/0x6a0 net/wireless/scan.c:2445
    [<ffffffff8403cf7b>] cfg80211_inform_bss_frame_data+0x4b/0x460 net/wireless/scan.c:2506
    [<ffffffff840de2f6>] ieee80211_bss_info_update+0x196/0x440 net/mac80211/scan.c:190
    [<ffffffff840ecab2>] ieee80211_rx_bss_info net/mac80211/ibss.c:1119 [inline]
    [<ffffffff840ecab2>] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1610 [inline]
    [<ffffffff840ecab2>] ieee80211_ibss_rx_queued_mgmt+0x7d2/0x11a0 net/mac80211/ibss.c:1639
    [<ffffffff840ef551>] ieee80211_iface_process_skb net/mac80211/iface.c:1527 [inline]
    [<ffffffff840ef551>] ieee80211_iface_work+0x601/0x780 net/mac80211/iface.c:1581
    [<ffffffff8126e14f>] process_one_work+0x2bf/0x600 kernel/workqueue.c:2289
    [<ffffffff8126ea79>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
    [<ffffffff812786f5>] kthread+0x125/0x160 kernel/kthread.c:376
    [<ffffffff8100222f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302

BUG: memory leak
unreferenced object 0xffff88810477b600 (size 96):
  comm "kworker/u4:3", pid 782, jiffies 4294962875 (age 10.910s)
  hex dump (first 32 bytes):
    17 e1 d8 27 da df 05 00 00 00 00 00 00 00 00 00  ...'............
    00 00 00 00 00 00 00 00 28 00 00 00 01 00 06 10  ........(.......
  backtrace:
    [<ffffffff8403ca16>] cfg80211_inform_single_bss_frame_data+0x186/0x6a0 net/wireless/scan.c:2445
    [<ffffffff8403cf7b>] cfg80211_inform_bss_frame_data+0x4b/0x460 net/wireless/scan.c:2506
    [<ffffffff840de2f6>] ieee80211_bss_info_update+0x196/0x440 net/mac80211/scan.c:190
    [<ffffffff840ecab2>] ieee80211_rx_bss_info net/mac80211/ibss.c:1119 [inline]
    [<ffffffff840ecab2>] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1610 [inline]
    [<ffffffff840ecab2>] ieee80211_ibss_rx_queued_mgmt+0x7d2/0x11a0 net/mac80211/ibss.c:1639
    [<ffffffff840ef551>] ieee80211_iface_process_skb net/mac80211/iface.c:1527 [inline]
    [<ffffffff840ef551>] ieee80211_iface_work+0x601/0x780 net/mac80211/iface.c:1581
    [<ffffffff8126e14f>] process_one_work+0x2bf/0x600 kernel/workqueue.c:2289
    [<ffffffff8126ea79>] worker_thread+0x59/0x5b0 kernel/workqueue.c:2436
    [<ffffffff812786f5>] kthread+0x125/0x160 kernel/kthread.c:376
    [<ffffffff8100222f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302

[ 

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2022/05/25 18:23 upstream fdaf9a5840ac 647c0e27 .config log report syz C memory leak in cfg80211_inform_single_bss_frame_data
ci-upstream-gce-leak 2021/10/25 22:32 upstream 87066fdd2e30 4f0000ee .config log report syz C memory leak in cfg80211_inform_single_bss_frame_data
ci-upstream-gce-leak 2021/09/09 08:55 upstream 730bf31b8fc8 e2776ee4 .config log report syz memory leak in cfg80211_inform_single_bss_frame_data
ci-upstream-gce-leak 2021/05/30 18:36 upstream b90e90f40b4f 325a8dab .config log report syz memory leak in cfg80211_inform_single_bss_frame_data
* Struck through repros no longer work on HEAD.