Syzkaller hit 'memory leak in cfg80211_inform_single_bss_frame_data' bug. BUG: memory leak unreferenced object 0xffff88800e383700 (size 96): comm "kworker/u4:0", pid 7, jiffies 4295558786 (age 98.944s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 28 00 00 00 00 00 06 10 ........(....... backtrace: [<000000008ddaabc0>] cfg80211_inform_single_bss_frame_data+0x32d/0xef0 [<00000000fc752dd7>] cfg80211_inform_bss_frame_data+0xa6/0xb90 [<00000000ed210816>] __ieee80211_sta_join_ibss+0xc33/0x1770 [<0000000082b5db8a>] ieee80211_sta_create_ibss.cold+0xd0/0x118 [<0000000026f8090b>] ieee80211_ibss_work.cold+0x30b/0x60a [<00000000ab03e774>] ieee80211_iface_work+0x770/0xcd0 [<00000000f520bb4b>] process_one_work+0xa1c/0x16a0 [<00000000e5240379>] worker_thread+0x637/0x1260 [<00000000c1ae9692>] kthread+0x2f0/0x3a0 [<00000000cc28ca4a>] ret_from_fork+0x22/0x30 BUG: memory leak unreferenced object 0xffff88800de2e000 (size 512): comm "kworker/u4:0", pid 7, jiffies 4295558786 (age 98.945s) hex dump (first 32 bytes): 00 e0 e2 0d 80 88 ff ff 00 e0 e2 0d 80 88 ff ff ................ 10 e0 e2 0d 80 88 ff ff 10 e0 e2 0d 80 88 ff ff ................ backtrace: [<0000000029661b20>] cfg80211_bss_update+0x309/0x1f50 [<00000000333cc2cb>] cfg80211_inform_single_bss_frame_data+0x712/0xef0 [<00000000fc752dd7>] cfg80211_inform_bss_frame_data+0xa6/0xb90 [<00000000ed210816>] __ieee80211_sta_join_ibss+0xc33/0x1770 [<0000000082b5db8a>] ieee80211_sta_create_ibss.cold+0xd0/0x118 [<0000000026f8090b>] ieee80211_ibss_work.cold+0x30b/0x60a [<00000000ab03e774>] ieee80211_iface_work+0x770/0xcd0 [<00000000f520bb4b>] process_one_work+0xa1c/0x16a0 [<00000000e5240379>] worker_thread+0x637/0x1260 [<00000000c1ae9692>] kthread+0x2f0/0x3a0 [<00000000cc28ca4a>] ret_from_fork+0x22/0x30 BUG: memory leak unreferenced object 0xffff888060450700 (size 96): comm "kworker/u4:6", pid 352, jiffies 4295641256 (age 16.479s) hex dump (first 32 bytes): 20 4b 98 23 3b d7 05 00 00 00 00 00 00 00 00 00 K.#;........... 00 00 00 00 00 00 00 00 28 00 00 00 01 00 06 10 ........(....... backtrace: [<000000008ddaabc0>] cfg80211_inform_single_bss_frame_data+0x32d/0xef0 [<00000000fc752dd7>] cfg80211_inform_bss_frame_data+0xa6/0xb90 [<000000001245dd80>] ieee80211_bss_info_update+0x35b/0xb00 [<0000000072045217>] ieee80211_ibss_rx_queued_mgmt+0x19ba/0x3230 [<00000000cd8017db>] ieee80211_iface_work+0xa5b/0xcd0 [<00000000f520bb4b>] process_one_work+0xa1c/0x16a0 [<00000000e5240379>] worker_thread+0x637/0x1260 [<00000000c1ae9692>] kthread+0x2f0/0x3a0 [<00000000cc28ca4a>] ret_from_fork+0x22/0x30 Syzkaller reproducer: # {Threaded:true Collide:true Repeat:true RepeatTimes:0 Procs:8 Slowdown:1 Sandbox:none Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true UseTmpDir:true HandleSegv:true Repro:false Trace:false LegacyOptions:{Fault:false FaultCall:0 FaultNth:0}} r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$sock_ifreq(r1, 0x8922, &(0x7f0000000040)={'veth1_macvtap\x00', @ifru_data=&(0x7f0000000000)="473a72cfbe3fb6693567da627173146ba6687ee650984744419dc72b647cc381"}) setsockopt$packet_rx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req={0x3b280000, 0x81, 0x400, 0x773ca00}, 0x10)