Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1425505rwd; Sun, 14 May 2023 19:57:23 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4iBDJ4dO9rZ7Kw+gl4Snq16XCyxSBHYYNfkA2qGOq+RTJI1BHNiZKQBxR2J7K4WmQju2/Y X-Received: by 2002:a05:6a20:4419:b0:100:1044:9ccb with SMTP id ce25-20020a056a20441900b0010010449ccbmr34579001pzb.60.1684119443274; Sun, 14 May 2023 19:57:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684119443; cv=none; d=google.com; s=arc-20160816; b=spBWRCdwdyebd9/NK0yxi68xCrI6NRuA/Ud1eQV/Sqi7tLB5c9R/wtw5HdDSuksrQz fWLulcWI+S4mdhwQMH19HRJUBI+4yFN5Zsxltat2O1AuuaVFhSTYC0vS6Hh21C/zIynP c9ltoTG3s53WvsjLn21IShgXdO9uQzsmE/ApfXGY0dwynyU3CuEIvxKc6Gr/1ZkxsG9s Ks7MUvn6szXroI3uu4rp1FMU23qAy76DJEpTFm1OJMZ1xPzkwskjkxfYglYf3fTJUGAt Ten2zY2BnXTIW72LPor2JSnO1GjKyZ2L+bCGiqZb6cemBFOZD52UyZAarHCP16SVB1f8 LmWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:to:subject:user-agent:mime-version:date:message-id; bh=SCmoin+Ek0trmHcsRg4yMrAhrg5/nWU7ziFlK7/WbMU=; b=bokzkHAVrb3f8roK5pCboAgbwb7IfennVJoi7N5TVTIvjwug7S4AdMHfip5AGrms/M ruMENxpz9HUiiWMQbNSqN65ajVG3NKRlfV9BoPkRiemNBH2TvW62nz55ctVCxNh9FcZB DxmmJPQ0WmVaI/6hQF9iFx8MUD4bkX56J5HTetHz2bs97q/C7sXy2VKlqDHFXGcwz4bZ VC2k675svxK2Tw2Bw0L0Rjc61wJ8moU85I3OcScviV1Qzx1rNV43oM7W+m8289+qeM2/ HGPgTHzkvcv2q5WhYL6fBboL96ji6FyqJcN1ithDusBb+UdpndDlx/G8o3cRlEtbWoNp R5+Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u190-20020a6279c7000000b006444d8bfde7si16191083pfc.393.2023.05.14.19.57.11; Sun, 14 May 2023 19:57:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230501AbjEOCp1 (ORCPT + 99 others); Sun, 14 May 2023 22:45:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229708AbjEOCp0 (ORCPT ); Sun, 14 May 2023 22:45:26 -0400 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33B5ED9; Sun, 14 May 2023 19:45:24 -0700 (PDT) Received: from dggpeml500026.china.huawei.com (unknown [172.30.72.57]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4QKNwz27qgzLmGM; Mon, 15 May 2023 10:44:03 +0800 (CST) Received: from [10.174.178.66] (10.174.178.66) by dggpeml500026.china.huawei.com (7.185.36.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Mon, 15 May 2023 10:45:21 +0800 Message-ID: Date: Mon, 15 May 2023 10:45:20 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.0.2 Subject: Re: [syzbot] [wireless?] memory leak in hwsim_new_radio_nl To: syzbot , , , , , , , , , , References: <000000000000383da505fb8509b7@google.com> From: shaozhengchao In-Reply-To: <000000000000383da505fb8509b7@google.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.178.66] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpeml500026.china.huawei.com (7.185.36.106) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SORTED_RECIPS,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2023/5/13 4:34, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 105131df9c3b Merge tag 'dt-fixes-6.4' of git://git.kernel... > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=1193dc92280000 > kernel config: https://syzkaller.appspot.com/x/.config?x=fa9562c0bfb72fa2 > dashboard link: https://syzkaller.appspot.com/bug?extid=904ce6fbb38532d9795c > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10b4577c280000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14a9e29e280000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/029c9c553eb9/disk-105131df.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/c807843227d1/vmlinux-105131df.xz > kernel image: https://storage.googleapis.com/syzbot-assets/dfce3441d47b/bzImage-105131df.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+904ce6fbb38532d9795c@syzkaller.appspotmail.com > > Warning: Permanently added '10.128.1.177' (ECDSA) to the list of known hosts. > executing program > executing program > BUG: memory leak > unreferenced object 0xffff88810e2ac920 (size 32): > comm "syz-executor238", pid 4983, jiffies 4294944120 (age 14.000s) > hex dump (first 32 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [] kmalloc_trace+0x24/0x90 mm/slab_common.c:1057 > [] kmalloc include/linux/slab.h:559 [inline] > [] hwsim_new_radio_nl+0x43b/0x660 drivers/net/wireless/virtual/mac80211_hwsim.c:5962 > [] genl_family_rcv_msg_doit.isra.0+0xee/0x150 net/netlink/genetlink.c:968 > [] genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] > [] genl_rcv_msg+0x2d7/0x430 net/netlink/genetlink.c:1065 > [] netlink_rcv_skb+0x91/0x1e0 net/netlink/af_netlink.c:2546 > [] genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 > [] netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] > [] netlink_unicast+0x39b/0x4d0 net/netlink/af_netlink.c:1365 > [] netlink_sendmsg+0x39a/0x720 net/netlink/af_netlink.c:1913 > [] sock_sendmsg_nosec net/socket.c:724 [inline] > [] sock_sendmsg+0x58/0xb0 net/socket.c:747 > [] ____sys_sendmsg+0x397/0x430 net/socket.c:2503 > [] ___sys_sendmsg+0xa8/0x110 net/socket.c:2557 > [] __sys_sendmsg+0x8c/0x100 net/socket.c:2586 > [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > [] entry_SYSCALL_64_after_hwframe+0x63/0xcd > > BUG: memory leak > unreferenced object 0xffff88810e2ac800 (size 32): > comm "syz-executor238", pid 4984, jiffies 4294944700 (age 8.200s) > hex dump (first 32 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [] kmalloc_trace+0x24/0x90 mm/slab_common.c:1057 > [] kmalloc include/linux/slab.h:559 [inline] > [] hwsim_new_radio_nl+0x43b/0x660 drivers/net/wireless/virtual/mac80211_hwsim.c:5962 > [] genl_family_rcv_msg_doit.isra.0+0xee/0x150 net/netlink/genetlink.c:968 > [] genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] > [] genl_rcv_msg+0x2d7/0x430 net/netlink/genetlink.c:1065 > [] netlink_rcv_skb+0x91/0x1e0 net/netlink/af_netlink.c:2546 > [] genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 > [] netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] > [] netlink_unicast+0x39b/0x4d0 net/netlink/af_netlink.c:1365 > [] netlink_sendmsg+0x39a/0x720 net/netlink/af_netlink.c:1913 > [] sock_sendmsg_nosec net/socket.c:724 [inline] > [] sock_sendmsg+0x58/0xb0 net/socket.c:747 > [] ____sys_sendmsg+0x397/0x430 net/socket.c:2503 > [] ___sys_sendmsg+0xa8/0x110 net/socket.c:2557 > [] __sys_sendmsg+0x8c/0x100 net/socket.c:2586 > [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > [] entry_SYSCALL_64_after_hwframe+0x63/0xcd > > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the bug is already fixed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want syzbot to run the reproducer, reply with: > #syz test: git://repo/address.git branch-or-commit-hash > If you attach or paste a git patch, syzbot will apply it before testing. > > If you want to change bug's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the bug is a duplicate of another bug, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup > > This issue is introduced by 92d13386ec55 ("mac80211_hwsim: add PMSR capability support") When parse_pmsr_capa failed in hwsim_new_radio_nl, the memory resources applied for by pmsr_capa are not released. It should replace param.pmsr_capa with pmsr_capa to release memory. I will fix it today. Zhengchao Shao