memory leak in __ieee80211_beacon

memory leak in __ieee80211_beacon_get
Status: upstream: reported syz repro on 2021/02/07 07:20
Reported-by: syzbot+e832ab33619901afc64a@syzkaller.appspotmail.com
First crash: 95d, last: 29d

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/03/11 10:54	12m	yildirim.fatih@gmail.com		upstream	report log

Sample crash report:

BUG: memory leak
unreferenced object 0xffff88810de3e800 (size 232):
  comm "softirq", pid 0, jiffies 4295017886 (age 13.250s)
  hex dump (first 32 bytes):
    50 5b 7b 24 81 88 ff ff 50 5b 7b 24 81 88 ff ff  P[{$....P[{$....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8364c0bf>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:412
    [<ffffffff8365106a>] __netdev_alloc_skb+0x6a/0x210 net/core/skbuff.c:491
    [<ffffffff83ec3c72>] netdev_alloc_skb include/linux/skbuff.h:2864 [inline]
    [<ffffffff83ec3c72>] dev_alloc_skb include/linux/skbuff.h:2877 [inline]
    [<ffffffff83ec3c72>] __ieee80211_beacon_get+0x662/0x7a0 net/mac80211/tx.c:4814
    [<ffffffff83ec3e27>] ieee80211_beacon_get_tim+0x47/0x1c0 net/mac80211/tx.c:4928
    [<ffffffff82ad25f1>] ieee80211_beacon_get include/net/mac80211.h:4934 [inline]
    [<ffffffff82ad25f1>] mac80211_hwsim_beacon_tx+0xa1/0x2c0 drivers/net/wireless/mac80211_hwsim.c:1799
    [<ffffffff83eccf95>] __iterate_interfaces+0x125/0x260 net/mac80211/util.c:793
    [<ffffffff83ecd7fe>] ieee80211_iterate_active_interfaces_atomic+0x2e/0x40 net/mac80211/util.c:829
    [<ffffffff82acb692>] mac80211_hwsim_beacon+0x52/0xb0 drivers/net/wireless/mac80211_hwsim.c:1852
    [<ffffffff812da59a>] __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
    [<ffffffff812da59a>] __hrtimer_run_queues+0x1ba/0x470 kernel/time/hrtimer.c:1601
    [<ffffffff812da8ce>] hrtimer_run_softirq+0x7e/0x100 kernel/time/hrtimer.c:1618
    [<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:345
    [<ffffffff81233103>] invoke_softirq kernel/softirq.c:221 [inline]
    [<ffffffff81233103>] __irq_exit_rcu kernel/softirq.c:422 [inline]
    [<ffffffff81233103>] irq_exit_rcu+0x93/0xc0 kernel/softirq.c:434
    [<ffffffff842e4642>] sysvec_apic_timer_interrupt+0x72/0x90 arch/x86/kernel/apic/apic.c:1100
    [<ffffffff84400c02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
    [<ffffffff81343b35>] get_current arch/x86/include/asm/current.h:15 [inline]
    [<ffffffff81343b35>] write_comp_data kernel/kcov.c:217 [inline]
    [<ffffffff81343b35>] __sanitizer_cov_trace_const_cmp2+0x15/0x80 kernel/kcov.c:277
    [<ffffffff820f3d14>] tomoyo_check_acl+0x154/0x190 security/tomoyo/domain.c:183

BUG: memory leak
unreferenced object 0xffff8881236b4a00 (size 512):
  comm "softirq", pid 0, jiffies 4295017886 (age 13.250s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8364bf8f>] kmalloc_reserve net/core/skbuff.c:353 [inline]
    [<ffffffff8364bf8f>] __alloc_skb+0xdf/0x280 net/core/skbuff.c:424
    [<ffffffff8365106a>] __netdev_alloc_skb+0x6a/0x210 net/core/skbuff.c:491
    [<ffffffff83ec3c72>] netdev_alloc_skb include/linux/skbuff.h:2864 [inline]
    [<ffffffff83ec3c72>] dev_alloc_skb include/linux/skbuff.h:2877 [inline]
    [<ffffffff83ec3c72>] __ieee80211_beacon_get+0x662/0x7a0 net/mac80211/tx.c:4814
    [<ffffffff83ec3e27>] ieee80211_beacon_get_tim+0x47/0x1c0 net/mac80211/tx.c:4928
    [<ffffffff82ad25f1>] ieee80211_beacon_get include/net/mac80211.h:4934 [inline]
    [<ffffffff82ad25f1>] mac80211_hwsim_beacon_tx+0xa1/0x2c0 drivers/net/wireless/mac80211_hwsim.c:1799
    [<ffffffff83eccf95>] __iterate_interfaces+0x125/0x260 net/mac80211/util.c:793
    [<ffffffff83ecd7fe>] ieee80211_iterate_active_interfaces_atomic+0x2e/0x40 net/mac80211/util.c:829
    [<ffffffff82acb692>] mac80211_hwsim_beacon+0x52/0xb0 drivers/net/wireless/mac80211_hwsim.c:1852
    [<ffffffff812da59a>] __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
    [<ffffffff812da59a>] __hrtimer_run_queues+0x1ba/0x470 kernel/time/hrtimer.c:1601
    [<ffffffff812da8ce>] hrtimer_run_softirq+0x7e/0x100 kernel/time/hrtimer.c:1618
    [<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:345
    [<ffffffff81233103>] invoke_softirq kernel/softirq.c:221 [inline]
    [<ffffffff81233103>] __irq_exit_rcu kernel/softirq.c:422 [inline]
    [<ffffffff81233103>] irq_exit_rcu+0x93/0xc0 kernel/softirq.c:434
    [<ffffffff842e4642>] sysvec_apic_timer_interrupt+0x72/0x90 arch/x86/kernel/apic/apic.c:1100
    [<ffffffff84400c02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
    [<ffffffff81343b35>] get_current arch/x86/include/asm/current.h:15 [inline]
    [<ffffffff81343b35>] write_comp_data kernel/kcov.c:217 [inline]
    [<ffffffff81343b35>] __sanitizer_cov_trace_const_cmp2+0x15/0x80 kernel/kcov.c:277
    [<ffffffff820f3d14>] tomoyo_check_acl+0x154/0x190 security/tomoyo/domain.c:183

Crashes (12):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	Title
ci-upstream-gce-leak	2021/04/10 18:25	upstream	d4961772	bfeda1b1	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/04/09 00:21	upstream	454859c5	6a81331a	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/28 04:42	upstream	0f4498ce	a8529b82	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/27 02:20	upstream	db24726b	a8529b82	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/26 13:41	upstream	db24726b	6a383ecf	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/22 04:11	upstream	5ee96fa9	bea32f74	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/18 20:50	upstream	6417f031	7216542e	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/14 23:52	upstream	75013c6c	cc1cff8f	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/08 23:21	upstream	144c79ef	09fbf400	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/02/13 04:34	upstream	dcc0b490	98682e5e	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/02/13 02:43	upstream	dcc0b490	98682e5e	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/02/03 07:14	upstream	3aaf0a27	624dad51	.config	log	report	syz	memory leak in __ieee80211_beacon_get