memory leak in __ieee80211_beacon

memory leak in __ieee80211_beacon_get
Status: upstream: reported syz repro on 2021/02/07 07:20
Reported-by: syzbot+e832ab33619901afc64a@syzkaller.appspotmail.com
Fix commit: bd18de517923 mac80211_hwsim: drop pending frames on stop
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32]
First crash: 176d, last: 51d

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/06/21 03:01	14m	phind.uet@gmail.com		upstream	OK
2021/06/21 01:21	14m	phind.uet@gmail.com	patch	upstream	OK
2021/06/12 19:47	14m	phind.uet@gmail.com		upstream	report log
2021/03/11 10:54	12m	yildirim.fatih@gmail.com		upstream	report log

Sample crash report:

BUG: memory leak
unreferenced object 0xffff888126f43800 (size 232):
  comm "softirq", pid 0, jiffies 4295076373 (age 21.190s)
  hex dump (first 32 bytes):
    50 5b 8a 27 81 88 ff ff 50 5b 8a 27 81 88 ff ff  P[.'....P[.'....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff8369f7ff>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:413
    [<ffffffff836a44fa>] __netdev_alloc_skb+0x6a/0x210 net/core/skbuff.c:492
    [<ffffffff83f2ea62>] netdev_alloc_skb include/linux/skbuff.h:2867 [inline]
    [<ffffffff83f2ea62>] dev_alloc_skb include/linux/skbuff.h:2880 [inline]
    [<ffffffff83f2ea62>] __ieee80211_beacon_get+0x662/0x7a0 net/mac80211/tx.c:4836
    [<ffffffff83f2ec17>] ieee80211_beacon_get_tim+0x47/0x1c0 net/mac80211/tx.c:4950
    [<ffffffff82b07491>] ieee80211_beacon_get include/net/mac80211.h:4938 [inline]
    [<ffffffff82b07491>] mac80211_hwsim_beacon_tx+0xa1/0x2c0 drivers/net/wireless/mac80211_hwsim.c:1799
    [<ffffffff83f37cf5>] __iterate_interfaces+0x125/0x260 net/mac80211/util.c:793
    [<ffffffff83f3850e>] ieee80211_iterate_active_interfaces_atomic+0x2e/0x40 net/mac80211/util.c:829
    [<ffffffff82b00532>] mac80211_hwsim_beacon+0x52/0xb0 drivers/net/wireless/mac80211_hwsim.c:1852
    [<ffffffff812e16fa>] __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
    [<ffffffff812e16fa>] __hrtimer_run_queues+0x1ba/0x470 kernel/time/hrtimer.c:1601
    [<ffffffff812e1a2e>] hrtimer_run_softirq+0x7e/0x100 kernel/time/hrtimer.c:1618
    [<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:559
    [<ffffffff81238b90>] invoke_softirq kernel/softirq.c:433 [inline]
    [<ffffffff81238b90>] __irq_exit_rcu kernel/softirq.c:637 [inline]
    [<ffffffff81238b90>] irq_exit_rcu+0xa0/0xc0 kernel/softirq.c:649
    [<ffffffff84357972>] sysvec_apic_timer_interrupt+0x72/0x90 arch/x86/kernel/apic/apic.c:1100
    [<ffffffff84400c02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647
    [<ffffffff8134ad90>] __sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:917
    [<ffffffff812aef21>] console_unlock+0x3a1/0x780 arch/x86/include/asm/irqflags.h:45

Crashes (14):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	Title
ci-upstream-gce-leak	2021/06/08 10:19	upstream	614124bea77e	b718257f	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/05/17 18:53	upstream	d07f6ca923ea	a2eb125d	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/04/10 18:25	upstream	d4961772226d	bfeda1b1	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/04/09 00:21	upstream	454859c552da	6a81331a	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/28 04:42	upstream	0f4498cef9f5	a8529b82	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/27 02:20	upstream	db24726bfefa	a8529b82	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/26 13:41	upstream	db24726bfefa	6a383ecf	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/22 04:11	upstream	5ee96fa9dd78	bea32f74	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/18 20:50	upstream	6417f03132a6	7216542e	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/14 23:52	upstream	75013c6c52d8	cc1cff8f	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/03/08 23:21	upstream	144c79ef3353	09fbf400	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/02/13 04:34	upstream	dcc0b49040c7	98682e5e	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/02/13 02:43	upstream	dcc0b49040c7	98682e5e	.config	log	report	syz	memory leak in __ieee80211_beacon_get
ci-upstream-gce-leak	2021/02/03 07:14	upstream	3aaf0a27ffc2	624dad51	.config	log	report	syz	memory leak in __ieee80211_beacon_get