syzbot


memory leak in nfcmrvl_nci_register_dev

Status: fixed on 2021/11/10 00:50
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+19bcfc64a8df1318d1c3@syzkaller.appspotmail.com
Fix commit: e0652f8bb44d NFC: nci: fix memory leak in nci_allocate_device
First crash: 1261d, last: 1212d
Discussions (10)
Title Replies (including bot) Last reply
[PATCH 4.19 000/116] 4.19.193-rc1 review 122 (122) 2021/06/02 02:23
[PATCH 4.14 00/79] 4.14.235-rc1 review 83 (83) 2021/06/02 01:46
[PATCH 4.9 00/66] 4.9.271-rc1 review 69 (69) 2021/06/01 02:13
[PATCH 4.4 00/54] 4.4.271-rc1 review 59 (59) 2021/05/31 21:43
[PATCH 5.10 0/9] 5.10.41-rc1 review 18 (18) 2021/05/29 00:42
[PATCH 5.4 0/7] 5.4.123-rc1 review 14 (14) 2021/05/28 16:52
[PATCH 5.12 0/7] 5.12.8-rc1 review 15 (15) 2021/05/28 13:53
[PATCH v2] NFC: nci: fix memory leak in nci_allocate_device 2 (2) 2021/05/17 21:10
[PATCH] NFC: nci: fix memory leak in nci_allocate_device 3 (3) 2021/05/14 23:27
memory leak in nfcmrvl_nci_register_dev 0 (1) 2021/01/02 08:09

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888111ea6800 (size 1024):
  comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff  .........`......
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline]
    [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline]
    [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784
    [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline]
    [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132
    [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153
    [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345
    [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
    [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554
    [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740
    [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846
    [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
    [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914
    [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
    [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109
    [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
    [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
    [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
    [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554

BUG: memory leak
unreferenced object 0xffff88810f1ee400 (size 1024):
  comm "kworker/1:0", pid 19, jiffies 4294942926 (age 7.400s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 90 63 08 81 88 ff ff  ..........c.....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline]
    [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline]
    [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784
    [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline]
    [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132
    [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153
    [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345
    [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
    [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554
    [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740
    [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846
    [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
    [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914
    [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
    [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109
    [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
    [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
    [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
    [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554


Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/16 09:46 upstream f40ddce88593 98682e5e .config console log report syz C ci-upstream-gce-leak memory leak in nfcmrvl_nci_register_dev
2021/02/10 07:56 upstream e0756cfc7d7c 2bd9619f .config console log report syz C ci-upstream-gce-leak memory leak in nfcmrvl_nci_register_dev
2021/02/07 23:41 upstream b75dba7f472c 2ce644fc .config console log report syz C ci-upstream-gce-leak memory leak in nfcmrvl_nci_register_dev
2021/02/06 01:13 upstream dd86e7fa07a3 23a562df .config console log report syz C ci-upstream-gce-leak memory leak in nfcmrvl_nci_register_dev
2021/01/31 23:47 upstream 6642d600b541 fc9fd31e .config console log report syz C ci-upstream-gce-leak memory leak in nfcmrvl_nci_register_dev
2021/01/30 19:33 upstream 0e9bcda5d286 fc9fd31e .config console log report syz C ci-upstream-gce-leak memory leak in nfcmrvl_nci_register_dev
2021/01/05 22:24 upstream 36bbbd0e234d a0234d98 .config console log report syz C ci-upstream-gce-leak
2021/01/03 14:40 upstream 3516bd729358 79264ae3 .config console log report syz C ci-upstream-gce-leak
2020/12/29 08:05 upstream dea8dcf2a9fa 8259d56c .config console log report syz C ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.