re: memory leak in __ieee80211_beacon_get
35 views
Skip to first unread message
Nguyen Dinh Phi
Jun 12, 2021, 3:47:59 PM6/12/21
to syzbot+e832ab...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
syzbot
Jun 12, 2021, 4:03:10 PM6/12/21
to phin...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in __ieee80211_beacon_get
BUG: memory leak
unreferenced object 0xffff888110298e00 (size 232):
comm "softirq", pid 0, jiffies 4294951026 (age 12.520s)
hex dump (first 32 bytes):
50 5b f5 28 81 88 ff ff 50 5b f5 28 81 88 ff ff P[.(....P[.(....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8369f38f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:413
[<ffffffff836a408a>] __netdev_alloc_skb+0x6a/0x210 net/core/skbuff.c:492
[<ffffffff83f2e5f2>] netdev_alloc_skb include/linux/skbuff.h:2867 [inline]
[<ffffffff83f2e5f2>] dev_alloc_skb include/linux/skbuff.h:2880 [inline]
[<ffffffff83f2e5f2>] __ieee80211_beacon_get+0x662/0x7a0 net/mac80211/tx.c:4836
[<ffffffff83f2e7a7>] ieee80211_beacon_get_tim+0x47/0x1c0 net/mac80211/tx.c:4950
[<ffffffff82b06e21>] ieee80211_beacon_get include/net/mac80211.h:4938 [inline]
[<ffffffff82b06e21>] mac80211_hwsim_beacon_tx+0xa1/0x2c0 drivers/net/wireless/mac80211_hwsim.c:1799
[<ffffffff83f37885>] __iterate_interfaces+0x125/0x260 net/mac80211/util.c:793
[<ffffffff83f3809e>] ieee80211_iterate_active_interfaces_atomic+0x2e/0x40 net/mac80211/util.c:829
[<ffffffff82affec2>] mac80211_hwsim_beacon+0x52/0xb0 drivers/net/wireless/mac80211_hwsim.c:1852
[<ffffffff812e16da>] __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
[<ffffffff812e16da>] __hrtimer_run_queues+0x1ba/0x470 kernel/time/hrtimer.c:1601
[<ffffffff812e1a0e>] hrtimer_run_softirq+0x7e/0x100 kernel/time/hrtimer.c:1618
[<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:559
[<ffffffff81238b90>] invoke_softirq kernel/softirq.c:433 [inline]
[<ffffffff81238b90>] __irq_exit_rcu kernel/softirq.c:637 [inline]
[<ffffffff81238b90>] irq_exit_rcu+0xa0/0xc0 kernel/softirq.c:649
[<ffffffff84357852>] sysvec_apic_timer_interrupt+0x72/0x90 arch/x86/kernel/apic/apic.c:1100
[<ffffffff84400c02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647
[<ffffffff8134abb0>] __sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:917
[<ffffffff812aef01>] console_unlock+0x3a1/0x780 arch/x86/include/asm/irqflags.h:45
BUG: memory leak
unreferenced object 0xffff888128875a00 (size 512):
comm "softirq", pid 0, jiffies 4294951026 (age 12.520s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8369f25f>] kmalloc_reserve net/core/skbuff.c:354 [inline]
[<ffffffff8369f25f>] __alloc_skb+0xdf/0x280 net/core/skbuff.c:425
[<ffffffff836a408a>] __netdev_alloc_skb+0x6a/0x210 net/core/skbuff.c:492
[<ffffffff83f2e5f2>] netdev_alloc_skb include/linux/skbuff.h:2867 [inline]
[<ffffffff83f2e5f2>] dev_alloc_skb include/linux/skbuff.h:2880 [inline]
[<ffffffff83f2e5f2>] __ieee80211_beacon_get+0x662/0x7a0 net/mac80211/tx.c:4836
[<ffffffff83f2e7a7>] ieee80211_beacon_get_tim+0x47/0x1c0 net/mac80211/tx.c:4950
[<ffffffff82b06e21>] ieee80211_beacon_get include/net/mac80211.h:4938 [inline]
[<ffffffff82b06e21>] mac80211_hwsim_beacon_tx+0xa1/0x2c0 drivers/net/wireless/mac80211_hwsim.c:1799
[<ffffffff83f37885>] __iterate_interfaces+0x125/0x260 net/mac80211/util.c:793
[<ffffffff83f3809e>] ieee80211_iterate_active_interfaces_atomic+0x2e/0x40 net/mac80211/util.c:829
[<ffffffff82affec2>] mac80211_hwsim_beacon+0x52/0xb0 drivers/net/wireless/mac80211_hwsim.c:1852
[<ffffffff812e16da>] __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
[<ffffffff812e16da>] __hrtimer_run_queues+0x1ba/0x470 kernel/time/hrtimer.c:1601
[<ffffffff812e1a0e>] hrtimer_run_softirq+0x7e/0x100 kernel/time/hrtimer.c:1618
[<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:559
[<ffffffff81238b90>] invoke_softirq kernel/softirq.c:433 [inline]
[<ffffffff81238b90>] __irq_exit_rcu kernel/softirq.c:637 [inline]
[<ffffffff81238b90>] irq_exit_rcu+0xa0/0xc0 kernel/softirq.c:649
[<ffffffff84357852>] sysvec_apic_timer_interrupt+0x72/0x90 arch/x86/kernel/apic/apic.c:1100
[<ffffffff84400c02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647
[<ffffffff8134abb0>] __sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:917
[<ffffffff812aef01>] console_unlock+0x3a1/0x780 arch/x86/include/asm/irqflags.h:45
Tested on:
commit: 43cb5d49 Merge tag 'usb-5.13-rc6' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14d14998300000
kernel config: https://syzkaller.appspot.com/x/.config?x=368813419c19f008
dashboard link: https://syzkaller.appspot.com/bug?extid=e832ab33619901afc64a
compiler:
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in __ieee80211_beacon_get
BUG: memory leak
unreferenced object 0xffff888110298e00 (size 232):
comm "softirq", pid 0, jiffies 4294951026 (age 12.520s)
hex dump (first 32 bytes):
50 5b f5 28 81 88 ff ff 50 5b f5 28 81 88 ff ff P[.(....P[.(....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8369f38f>] __alloc_skb+0x20f/0x280 net/core/skbuff.c:413
[<ffffffff836a408a>] __netdev_alloc_skb+0x6a/0x210 net/core/skbuff.c:492
[<ffffffff83f2e5f2>] netdev_alloc_skb include/linux/skbuff.h:2867 [inline]
[<ffffffff83f2e5f2>] dev_alloc_skb include/linux/skbuff.h:2880 [inline]
[<ffffffff83f2e5f2>] __ieee80211_beacon_get+0x662/0x7a0 net/mac80211/tx.c:4836
[<ffffffff83f2e7a7>] ieee80211_beacon_get_tim+0x47/0x1c0 net/mac80211/tx.c:4950
[<ffffffff82b06e21>] ieee80211_beacon_get include/net/mac80211.h:4938 [inline]
[<ffffffff82b06e21>] mac80211_hwsim_beacon_tx+0xa1/0x2c0 drivers/net/wireless/mac80211_hwsim.c:1799
[<ffffffff83f37885>] __iterate_interfaces+0x125/0x260 net/mac80211/util.c:793
[<ffffffff83f3809e>] ieee80211_iterate_active_interfaces_atomic+0x2e/0x40 net/mac80211/util.c:829
[<ffffffff82affec2>] mac80211_hwsim_beacon+0x52/0xb0 drivers/net/wireless/mac80211_hwsim.c:1852
[<ffffffff812e16da>] __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
[<ffffffff812e16da>] __hrtimer_run_queues+0x1ba/0x470 kernel/time/hrtimer.c:1601
[<ffffffff812e1a0e>] hrtimer_run_softirq+0x7e/0x100 kernel/time/hrtimer.c:1618
[<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:559
[<ffffffff81238b90>] invoke_softirq kernel/softirq.c:433 [inline]
[<ffffffff81238b90>] __irq_exit_rcu kernel/softirq.c:637 [inline]
[<ffffffff81238b90>] irq_exit_rcu+0xa0/0xc0 kernel/softirq.c:649
[<ffffffff84357852>] sysvec_apic_timer_interrupt+0x72/0x90 arch/x86/kernel/apic/apic.c:1100
[<ffffffff84400c02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647
[<ffffffff8134abb0>] __sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:917
[<ffffffff812aef01>] console_unlock+0x3a1/0x780 arch/x86/include/asm/irqflags.h:45
BUG: memory leak
unreferenced object 0xffff888128875a00 (size 512):
comm "softirq", pid 0, jiffies 4294951026 (age 12.520s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8369f25f>] kmalloc_reserve net/core/skbuff.c:354 [inline]
[<ffffffff8369f25f>] __alloc_skb+0xdf/0x280 net/core/skbuff.c:425
[<ffffffff836a408a>] __netdev_alloc_skb+0x6a/0x210 net/core/skbuff.c:492
[<ffffffff83f2e5f2>] netdev_alloc_skb include/linux/skbuff.h:2867 [inline]
[<ffffffff83f2e5f2>] dev_alloc_skb include/linux/skbuff.h:2880 [inline]
[<ffffffff83f2e5f2>] __ieee80211_beacon_get+0x662/0x7a0 net/mac80211/tx.c:4836
[<ffffffff83f2e7a7>] ieee80211_beacon_get_tim+0x47/0x1c0 net/mac80211/tx.c:4950
[<ffffffff82b06e21>] ieee80211_beacon_get include/net/mac80211.h:4938 [inline]
[<ffffffff82b06e21>] mac80211_hwsim_beacon_tx+0xa1/0x2c0 drivers/net/wireless/mac80211_hwsim.c:1799
[<ffffffff83f37885>] __iterate_interfaces+0x125/0x260 net/mac80211/util.c:793
[<ffffffff83f3809e>] ieee80211_iterate_active_interfaces_atomic+0x2e/0x40 net/mac80211/util.c:829
[<ffffffff82affec2>] mac80211_hwsim_beacon+0x52/0xb0 drivers/net/wireless/mac80211_hwsim.c:1852
[<ffffffff812e16da>] __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
[<ffffffff812e16da>] __hrtimer_run_queues+0x1ba/0x470 kernel/time/hrtimer.c:1601
[<ffffffff812e1a0e>] hrtimer_run_softirq+0x7e/0x100 kernel/time/hrtimer.c:1618
[<ffffffff846000bf>] __do_softirq+0xbf/0x2ab kernel/softirq.c:559
[<ffffffff81238b90>] invoke_softirq kernel/softirq.c:433 [inline]
[<ffffffff81238b90>] __irq_exit_rcu kernel/softirq.c:637 [inline]
[<ffffffff81238b90>] irq_exit_rcu+0xa0/0xc0 kernel/softirq.c:649
[<ffffffff84357852>] sysvec_apic_timer_interrupt+0x72/0x90 arch/x86/kernel/apic/apic.c:1100
[<ffffffff84400c02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647
[<ffffffff8134abb0>] __sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:917
[<ffffffff812aef01>] console_unlock+0x3a1/0x780 arch/x86/include/asm/irqflags.h:45
Tested on:
commit: 43cb5d49 Merge tag 'usb-5.13-rc6' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14d14998300000
kernel config: https://syzkaller.appspot.com/x/.config?x=368813419c19f008
dashboard link: https://syzkaller.appspot.com/bug?extid=e832ab33619901afc64a
compiler:
syzbot
Jun 20, 2021, 9:36:12 PM6/20/21
to phin...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+e832ab...@syzkaller.appspotmail.com
Tested on:
commit: 13311e74 Linux 5.13-rc7
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=be86be9dadf57eea
patch: https://syzkaller.appspot.com/x/patch.diff?x=165f2fec300000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+e832ab...@syzkaller.appspotmail.com
Tested on:
commit: 13311e74 Linux 5.13-rc7
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=be86be9dadf57eea
patch: https://syzkaller.appspot.com/x/patch.diff?x=165f2fec300000
Note: testing is done by a robot and is best-effort only.
syzbot
Jun 21, 2021, 2:30:11 AM6/21/21
to phin...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+e832ab...@syzkaller.appspotmail.com
Tested on:
commit: 13311e74 Linux 5.13-rc7
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=be86be9dadf57eea
dashboard link: https://syzkaller.appspot.com/bug?extid=e832ab33619901afc64a
compiler:
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+e832ab...@syzkaller.appspotmail.com
Tested on:
commit: 13311e74 Linux 5.13-rc7
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=be86be9dadf57eea
dashboard link: https://syzkaller.appspot.com/bug?extid=e832ab33619901afc64a
compiler:
Phi Nguyen
Jun 22, 2021, 4:58:12 AM6/22/21
to syzkaller-bugs
This one was fixed by this commit :
[PATCH] mac80211_hwsim: drop pending frames on stop - Johannes Berg (kernel.org)
Vào lúc 14:30:11 UTC+8 ngày Thứ Hai, 21 tháng 6, 2021, syzbot đã viết:
Pavel Skripkin
Jun 22, 2021, 5:00:35 AM6/22/21
to Phi Nguyen, syzkaller-bugs
On Tue, 22 Jun 2021 01:58:12 -0700 (PDT)
Phi Nguyen <phin...@gmail.com> wrote:
> This one was fixed by this commit : [PATCH] mac80211_hwsim: drop
> pending frames on stop - Johannes Berg (kernel.org)
> <https://lore.kernel.org/linux-wireless/20210517170429.b0f85ab0eda1.Ie42a6ec6b940c971f3441286aeaaae2fe368e29a@changeid/>
Phi Nguyen <phin...@gmail.com> wrote:
> This one was fixed by this commit : [PATCH] mac80211_hwsim: drop
> pending frames on stop - Johannes Berg (kernel.org)
>
Let's tell syzbot about it
#syz fix: mac80211_hwsim: drop pending frames on stop
> Vào lúc 14:30:11 UTC+8 ngày Thứ Hai, 21 tháng 6, 2021, syzbot đã viết:
>
> > Hello,
> >
> > syzbot has tested the proposed patch and the reproducer did not
> > trigger any issue:
> >
> > Reported-and-tested-by: syzbot+e832ab...@syzkaller.appspotmail.com
> >
> > Tested on:
> >
> > commit: 13311e74 Linux 5.13-rc7
> > git tree: upstream
> > kernel config:
> > https://syzkaller.appspot.com/x/.config?x=be86be9dadf57eea
> > dashboard link:
> > https://syzkaller.appspot.com/bug?extid=e832ab33619901afc64a
> > compiler:
> >
> > Note: testing is done by a robot and is best-effort only.
> >
>
Pavel Skripkin
syzbot
Jun 22, 2021, 5:00:37 AM6/22/21
to Pavel Skripkin, paskr...@gmail.com, phin...@gmail.com, syzkall...@googlegroups.com
> On Tue, 22 Jun 2021 01:58:12 -0700 (PDT)
> Phi Nguyen <phin...@gmail.com> wrote:
>
>> This one was fixed by this commit : [PATCH] mac80211_hwsim: drop
>> pending frames on stop - Johannes Berg (kernel.org)
>> <https://lore.kernel.org/linux-wireless/20210517170429.b0f85ab0eda1.Ie42a6ec6b940c971f3441286aeaaae2fe368e29a@changeid/>
>>
>
> Let's tell syzbot about it
>
> #syz fix: mac80211_hwsim: drop pending frames on stop
I see the command but can't find the corresponding bug.
> Phi Nguyen <phin...@gmail.com> wrote:
>
>> This one was fixed by this commit : [PATCH] mac80211_hwsim: drop
>> pending frames on stop - Johannes Berg (kernel.org)
>> <https://lore.kernel.org/linux-wireless/20210517170429.b0f85ab0eda1.Ie42a6ec6b940c971f3441286aeaaae2fe368e29a@changeid/>
>>
>
> Let's tell syzbot about it
>
> #syz fix: mac80211_hwsim: drop pending frames on stop
Please resend the email to syzbo...@syzkaller.appspotmail.com address
that is the sender of the bug report (also present in the Reported-by tag).
>
>> Vào lúc 14:30:11 UTC+8 ngày Thứ Hai, 21 tháng 6, 2021, syzbot đã viết:
>>
>> > Hello,
>> >
>> > syzbot has tested the proposed patch and the reproducer did not
>> > trigger any issue:
>> >
>> > Reported-and-tested-by: syzbot+e832ab...@syzkaller.appspotmail.com
>> >
>> > Tested on:
>> >
>> > commit: 13311e74 Linux 5.13-rc7
>> > git tree: upstream
>> > kernel config:
>> > https://syzkaller.appspot.com/x/.config?x=be86be9dadf57eea
>> > dashboard link:
>> > https://syzkaller.appspot.com/bug?extid=e832ab33619901afc64a
>> > compiler:
>> >
>> > Note: testing is done by a robot and is best-effort only.
>> >
>>
>
>
>
>
> With regards,
> Pavel Skripkin
>
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/20210622120027.3c00e641%40gmail.com.
Pavel Skripkin
Jun 22, 2021, 5:01:55 AM6/22/21
to syzbot, phin...@gmail.com, syzkall...@googlegroups.com
#syz fix: mac80211_hwsim: drop pending frames on stop
With regards,
Pavel Skripkin
Reply all
Reply to author
Forward
0 new messages