Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp13331142rwl; Wed, 4 Jan 2023 06:49:08 -0800 (PST) X-Google-Smtp-Source: AMrXdXvXqDZLMi7Wx4llp35roplJh4PapjM506UiLce0225q3s/J3senbe8TKiVtgepPuNaZokfD X-Received: by 2002:a17:903:2647:b0:192:c6ad:4c41 with SMTP id je7-20020a170903264700b00192c6ad4c41mr11847234plb.3.1672843747681; Wed, 04 Jan 2023 06:49:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672843747; cv=none; d=google.com; s=arc-20160816; b=rq8sQI5M9Hub9l5LURr56ewIT2jAcLT2NOIYdTRx0xpIESNInQoPOo6hrK1S2vKyi4 RA1gNvgKqrS90jz2ZewFeyn3ws7pqKazJumB9u4EClxlFMxta/jSFlfaglfZDBm7WTkd xDzdzCZjhh4r189gjZsux4xp34FT4OA/5gW891gNrsYBe42W3PfKtt17HT3GUBqwijKz qJjetB29NMefN9Z1uwaoOq5pzkwuosPJOJ6B7i9dAE+kN47UZY+D0eOMQk/RSkVqk+iO ElPG6QbQkv63j5C+764/gTkWp37NS8fpNEGTLaQxsD2heWStPpBBPLYvORs9CO/VyZOH anpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:references:in-reply-to:subject:cc:to:dkim-signature :from; bh=Yvt1N4qdMcKgEPhpZnAvSN+ob9zNyUULJ3ZU+8ssutY=; b=h9IVyiLER8n0vwR5u2JjCqFPchFhR7lvYi2zcQJq9BcZ0vWzVGELsC2EjvHJpSEF9R rTZWY0FjC4DbZ5mFgWeKDmn9jxPowljsNkjlSHIJEvv06hasTuLmduG+r8hycIN+So9S FozCQp0fjtB8qTrgOGQAxds0eMiNTf5kqg21elh2dY3deK28HjrnuCbiRmXCrb2NEHuw i3A4TLKImMMUSMf7IqAS7d9+7MncfnwXOjkRLIH1iLVsKAs8GrNRpNMdkEIWRRgQsCSd 8NRp9g7MDY2KwoEPN1a9ptrJs0d4cUm3RCQMRh523F/IVpPXmdINoxTQnmEuMxPts8nI xqCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@toke.dk header.s=20161023 header.b=jfgrGv6Y; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=toke.dk Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z20-20020a1709028f9400b00183243c7a2dsi32975212plo.406.2023.01.04.06.48.59; Wed, 04 Jan 2023 06:49:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@toke.dk header.s=20161023 header.b=jfgrGv6Y; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=toke.dk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235039AbjADOrb (ORCPT + 67 others); Wed, 4 Jan 2023 09:47:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38196 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229449AbjADOr3 (ORCPT ); Wed, 4 Jan 2023 09:47:29 -0500 Received: from mail.toke.dk (mail.toke.dk [45.145.95.4]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A7C730B; Wed, 4 Jan 2023 06:47:28 -0800 (PST) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1672843646; bh=Yvt1N4qdMcKgEPhpZnAvSN+ob9zNyUULJ3ZU+8ssutY=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=jfgrGv6YvJKDIfleebuLMKJuOgKX5H72/VQQEqEAptK2uLmZsduynHIX+VV4E8daa Ja3I0pb3yMQiZMSoP8EncvWY/p89evzlZe4RYu5bkGOs//VD6UlJzUlVt24ofaMrSV 54VSNKjleKdXLLAYl4Hia07+o2kP5sQxV0MEe2/Z37KGXzYs+/vgyQiRkkj1b3MeDT Bm/7kGQJ4NoHL328VSWBvOHxV8oMbtweKDxclXJ3G6gOO8b1tWQaG9E5XRRx5L8nO0 NGjvQStIoShpsK1q79/73ItmhrFGh0AnBdw9Egxktk2rIzbPCGESmYcdLDXWN2QpzW ytdxu1GZT73nw== To: Fedor Pchelkin , Kalle Valo Cc: Fedor Pchelkin , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Sujith , "John W. Linville" , Vasanthakumar Thiagarajan , Senthil Balasubramanian , linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Alexey Khoroshilov , lvc-project@linuxtesting.org, syzbot+e008dccab31bd3647609@syzkaller.appspotmail.com, syzbot+6692c72009680f7c4eb2@syzkaller.appspotmail.com Subject: Re: [PATCH v4] wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function In-Reply-To: <20230104123546.51427-1-pchelkin@ispras.ru> References: <20230104123546.51427-1-pchelkin@ispras.ru> Date: Wed, 04 Jan 2023 15:47:26 +0100 X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <87wn621hmp.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Fedor Pchelkin writes: > It is stated that ath9k_htc_rx_msg() either frees the provided skb or > passes its management to another callback function. However, the skb is > not freed in case there is no another callback function, and Syzkaller was > able to cause a memory leak. Also minor comment fix. > > Found by Linux Verification Center (linuxtesting.org) with Syzkaller. > > Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.") > Reported-by: syzbot+e008dccab31bd3647609@syzkaller.appspotmail.com > Reported-by: syzbot+6692c72009680f7c4eb2@syzkaller.appspotmail.com > Signed-off-by: Fedor Pchelkin > Signed-off-by: Alexey Khoroshilov Acked-by: Toke H=C3=B8iland-J=C3=B8rgensen