syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1331]
Subsystems
🐞 Fixed [7147]
🐞 Invalid [18900]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

memory leak in hub_event (4)

Status: fixed on 2026/05/22 04:12
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+2afd7e71155c7e241560@syzkaller.appspotmail.com
Fix commit: 7a5f1cd22d47 ALSA: caiaq: fix usb_dev refcount leak on probe failure
First crash: 46d, last: 46d
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
70f83146-4b4d-4173-8178-aa613f97e641 assessment-security 💥 memory leak in hub_event (4) 2026/05/15 05:58 2026/05/15 05:58 2026/05/15 06:00 6ccb967e465e832a7bfd7a116ad00d52a0923a5d failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/9f5ebc66493be4031dd6fd8e8666f7b5079c2248" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: error: unable to open output file 'security/landlock/setup.o': 'No such file or directory' * * Restart config... * * * General architecture-dependent options * SMT (Hyperthreading) scheduler support (SCHED_SMT) [Y/?] y Cluster scheduler support (SCHED_CLUSTER) [Y/n/?] y Multi-Core Cache (MC) scheduler support (SCHED_MC) [Y/n/?] y Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Stack Protector buffer overflow detection (STACKPROTECTOR) [Y/n/?] y Strong Stack Protector (STACKPROTECTOR_STRONG) [Y/n/?] y Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Enable Clang's AutoFDO build (EXPERIMENTAL) (AUTOFDO_CLANG) [N/y/?] (NEW) Error in reading or end of file. Enable Clang's Propeller build (PROPELLER_CLANG) [N/y/?] (NEW) Error in reading or end of file. Use Kernel Control Flow Integrity (kCFI) (CFI) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 MMU page size > 1. 4KiB pages (PAGE_SIZE_4KB) choice[1]: 1 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Memory initialization * Initialize kernel stack variables at function entry 1. no automatic stack variable initialization (weakest) (INIT_STACK_NONE) 2. pattern-init everything (strongest) (INIT_STACK_ALL_PATTERN) > 3. zero-init everything (strongest and safest) (INIT_STACK_ALL_ZERO) choice[1-3?]: 3 Poison kernel stack before returning from syscalls (KSTACK_ERASE) [N/y/?] (NEW) Error in reading or end of file. Enable heap memory zeroing on allocation by default (INIT_ON_ALLOC_DEFAULT_ON) [Y/n/?] y Enable heap memory zeroing on free by default (INIT_ON_FREE_DEFAULT_ON) [N/y/?] n Enable register zeroing on function exit (ZERO_CALL_USED_REGS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Memory Debugging * Extend memmap on extra space for more information on page (PAGE_EXTENSION) [N/y/?] n Debug page memory allocations (DEBUG_PAGEALLOC) [N/y/?] n Enable SLUB debugging support (SLUB_DEBUG) [Y/n/?] y SLUB debugging on by default (SLUB_DEBUG_ON) [N/y/?] n Track page owner (PAGE_OWNER) [N/y/?] n Check for invalid mappings in user page tables (PAGE_TABLE_CHECK) [N/y/?] n Poison pages after freeing (PAGE_POISONING) [N/y/?] n Enable tracepoint to track down page reference manipulation (DEBUG_PAGE_REF) [N/y/?] n Testcase for the marking rodata read-only (DEBUG_RODATA_TEST) [N/y/?] n Warn on W+X mappings at boot (DEBUG_WX) [Y/n/?] y Export kernel pagetable layout to userspace via debugfs (PTDUMP_DEBUGFS) [N/y/?] n Kernel memory leak detector (DEBUG_KMEMLEAK) [Y/n/?] y Kmemleak memory pool size (DEBUG_KMEMLEAK_MEM_POOL_SIZE) [16000] 16000 Default kmemleak to off (DEBUG_KMEMLEAK_DEFAULT_OFF) [N/y/?] n Enable kmemleak auto scan thread on boot up (DEBUG_KMEMLEAK_AUTO_SCAN) [N/y/?] n Statistics for per-vma locks (PER_VMA_LOCK_STATS)
Discussions (4)
Title Replies (including bot) Last reply
[PATCH] sound: usb: caiaq: fix reference leak in probe error 6 (6) 2026/04/30 11:02
[PATCH] usb: core: hcd: fix possible deadlock in rh control transfers 2 (2) 2026/04/29 19:04
[syzbot] [usb?] memory leak in hub_event (4) 5 (13) 2026/04/28 15:12
[PATCH] ALSA: caiaq: fix usb_dev refcount leak on probe failure 2 (2) 2026/04/27 12:33
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in hub_event usb 3 C 7 1939d 2028d 19/29 fixed on 2021/03/10 01:48
upstream memory leak in hub_event (2) usb 3 C 2 1910d 1913d 20/29 fixed on 2021/11/10 00:50
upstream memory leak in hub_event (3) usb 3 C 1 1583d 1579d 0/29 auto-obsoleted due to no activity on 2022/11/04 19:09
Last patch testing requests (7)
Created Duration User Patch Repo Result
2026/04/27 11:40 1m oneukum@suse.com patch git://repo/address.git dd6c438c3e64 error
2026/04/25 14:43 39m kartikey406@gmail.com patch upstream OK log
2026/04/25 12:54 8m kartikey406@gmail.com patch upstream error
2026/04/25 09:36 20m souradiptodas6@gmail.com patch upstream report log
2026/04/25 08:58 24m souradiptodas6@gmail.com patch upstream error
2026/04/25 07:52 44m kartikey406@gmail.com patch upstream error
2026/04/25 06:36 36m kartikey406@gmail.com patch upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff8881277dc000 (size 2048):
  comm "kworker/0:2", pid 1783, jiffies 4294946784
  hex dump (first 32 bytes):
    ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00  ....1...........
    00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00  ................
  backtrace (crc 20105372):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
    kmalloc_noprof include/linux/slab.h:950 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    usb_alloc_dev+0x36/0x4e0 drivers/usb/core/usb.c:651
    hub_port_connect drivers/usb/core/hub.c:5470 [inline]
    hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
    port_event drivers/usb/core/hub.c:5871 [inline]
    hub_event+0x14d0/0x2180 drivers/usb/core/hub.c:5953
    process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
    process_scheduled_works kernel/workqueue.c:3385 [inline]
    worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
    kthread+0x14e/0x1a0 kernel/kthread.c:436
    ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

BUG: memory leak
unreferenced object 0xffff888128b06c00 (size 1024):
  comm "kworker/0:2", pid 1783, jiffies 4294946815
  hex dump (first 32 bytes):
    09 02 49 00 02 01 00 10 40 00 00 00 00 00 00 00  ..I.....@.......
    00 00 00 00 00 00 00 00 89 b8 69 09 81 88 ff ff  ..........i.....
  backtrace (crc b43c3ef8):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    usb_get_configuration+0xeb/0x2110 drivers/usb/core/config.c:940
    usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
    usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
    hub_port_connect drivers/usb/core/hub.c:5567 [inline]
    hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
    port_event drivers/usb/core/hub.c:5871 [inline]
    hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
    process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
    process_scheduled_works kernel/workqueue.c:3385 [inline]
    worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
    kthread+0x14e/0x1a0 kernel/kthread.c:436
    ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

BUG: memory leak
unreferenced object 0xffff88810c3d5a50 (size 8):
  comm "kworker/0:2", pid 1783, jiffies 4294946815
  hex dump (first 8 bytes):
    80 b8 69 09 81 88 ff ff                          ..i.....
  backtrace (crc 66af3167):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    usb_get_configuration+0x11d/0x2110 drivers/usb/core/config.c:945
    usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
    usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
    hub_port_connect drivers/usb/core/hub.c:5567 [inline]
    hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
    port_event drivers/usb/core/hub.c:5871 [inline]
    hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
    process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
    process_scheduled_works kernel/workqueue.c:3385 [inline]
    worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
    kthread+0x14e/0x1a0 kernel/kthread.c:436
    ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

BUG: memory leak
unreferenced object 0xffff888113c25840 (size 64):
  comm "kworker/0:2", pid 1783, jiffies 4294946817
  hex dump (first 32 bytes):
    01 00 00 00 01 00 00 00 09 04 00 00 00 01 01 30  ...............0
    00 00 00 00 0a 00 00 00 9a b8 69 09 81 88 ff ff  ..........i.....
  backtrace (crc a90fa323):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    usb_parse_configuration drivers/usb/core/config.c:826 [inline]
    usb_get_configuration+0x88f/0x2110 drivers/usb/core/config.c:1002
    usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
    usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
    hub_port_connect drivers/usb/core/hub.c:5567 [inline]
    hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
    port_event drivers/usb/core/hub.c:5871 [inline]
    hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
    process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
    process_scheduled_works kernel/workqueue.c:3385 [inline]
    worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
    kthread+0x14e/0x1a0 kernel/kthread.c:436
    ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

BUG: memory leak
unreferenced object 0xffff88811d54a500 (size 256):
  comm "kworker/0:2", pid 1783, jiffies 4294946821
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 08 a5 54 1d 81 88 ff ff  ..........T.....
    08 a5 54 1d 81 88 ff ff 20 e7 41 83 ff ff ff ff  ..T..... .A.....
  backtrace (crc 85d09f91):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
    kmalloc_noprof include/linux/slab.h:950 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    device_private_init drivers/base/core.c:3536 [inline]
    device_add+0x73c/0xc70 drivers/base/core.c:3587
    usb_new_device.cold+0x115/0x626 drivers/usb/core/hub.c:2695
    hub_port_connect drivers/usb/core/hub.c:5567 [inline]
    hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
    port_event drivers/usb/core/hub.c:5871 [inline]
    hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
    process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
    process_scheduled_works kernel/workqueue.c:3385 [inline]
    worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
    kthread+0x14e/0x1a0 kernel/kthread.c:436
    ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/24 22:25 upstream dd6c438c3e64 1c2b9291 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in hub_event
* Struck through repros no longer work on HEAD.