syzbot


memory leak in hub_event

Status: fixed on 2021/03/10 01:48
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+44e64397bd81d5e84cba@syzkaller.appspotmail.com
Fix commit: e469d0b09a19 media: gspca: Fix memory leak in probe
First crash: 1284d, last: 1194d
Duplicate bugs (1)
duplicates (1):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
memory leak in usb_set_configuration usb C 56 1207d 1292d 0/26 closed as dup on 2020/12/02 20:32
Discussions (8)
Title Replies (including bot) Last reply
[PATCH 4.14 000/242] 4.14.213-rc1 review 245 (245) 2021/01/13 01:20
[PATCH 5.10 000/717] 5.10.4-rc1 review 747 (747) 2021/01/05 16:41
[PATCH 4.19 000/346] 4.19.164-rc1 review 356 (356) 2021/01/02 11:29
[PATCH 4.4 000/132] 4.4.249-rc1 review 136 (136) 2020/12/30 09:37
[PATCH 5.4 000/453] 5.4.86-rc1 review 465 (465) 2020/12/30 09:22
[PATCH 4.9 000/175] 4.9.249-rc1 review 178 (178) 2020/12/29 09:28
[PATCH] media: gspca: Fix memory leak in probe 3 (3) 2020/12/02 17:20
memory leak in hub_event 10 (18) 2020/12/02 16:37
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in hub_event (2) usb C 2 1165d 1168d 20/26 fixed on 2021/11/10 00:50
upstream memory leak in hub_event (3) usb C 1 839d 835d 0/26 auto-obsoleted due to no activity on 2022/11/04 19:09
Last patch testing requests (6)
Created Duration User Patch Repo Result
2020/12/02 16:22 14m stern@rowland.harvard.edu patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4d02da97 report log
2020/11/23 21:53 14m stern@rowland.harvard.edu patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4d02da97 report log
2020/11/23 20:38 8m stern@rowland.harvard.edu patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4d02da97 report log
2020/11/23 19:53 7m stern@rowland.harvard.edu patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4d02da97 report log
2020/11/23 19:32 7m stern@rowland.harvard.edu patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4d02da97 report log
2020/11/23 18:29 14m andreyknvl@google.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4d02da97 report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88810c197800 (size 2048):
  comm "kworker/1:0", pid 19, jiffies 4294956862 (age 16.230s)
  hex dump (first 32 bytes):
    ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00  ....1...........
    00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00  ................
  backtrace:
    [<0000000076033c0f>] kmalloc include/linux/slab.h:552 [inline]
    [<0000000076033c0f>] kzalloc include/linux/slab.h:682 [inline]
    [<0000000076033c0f>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582
    [<000000008ffffbb6>] hub_port_connect drivers/usb/core/hub.c:5129 [inline]
    [<000000008ffffbb6>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
    [<000000008ffffbb6>] port_event drivers/usb/core/hub.c:5509 [inline]
    [<000000008ffffbb6>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591
    [<00000000454c3013>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<00000000a28034b2>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<00000000651e0b85>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000d43e0e7e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff888111fc4940 (size 32):
  comm "kworker/1:0", pid 19, jiffies 4294956862 (age 16.230s)
  hex dump (first 32 bytes):
    31 2d 31 00 00 00 00 00 00 00 00 00 00 00 00 00  1-1.............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000a6fee880>] kvasprintf+0x6c/0xf0 lib/kasprintf.c:25
    [<00000000dcb9f856>] kvasprintf_const+0x58/0x110 lib/kasprintf.c:49
    [<00000000297e54a9>] kobject_set_name_vargs+0x3b/0xe0 lib/kobject.c:289
    [<000000004cc2d93b>] dev_set_name+0x63/0x90 drivers/base/core.c:2895
    [<00000000bcb3d176>] usb_alloc_dev+0x1ee/0x450 drivers/usb/core/usb.c:650
    [<000000008ffffbb6>] hub_port_connect drivers/usb/core/hub.c:5129 [inline]
    [<000000008ffffbb6>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
    [<000000008ffffbb6>] port_event drivers/usb/core/hub.c:5509 [inline]
    [<000000008ffffbb6>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591
    [<00000000454c3013>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<00000000a28034b2>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<00000000651e0b85>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000d43e0e7e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff88810ae46800 (size 1024):
  comm "kworker/1:0", pid 19, jiffies 4294956912 (age 15.730s)
  hex dump (first 32 bytes):
    09 02 48 00 01 00 00 00 00 00 00 00 00 00 00 00  ..H.............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000091b6819d>] kmalloc include/linux/slab.h:557 [inline]
    [<0000000091b6819d>] kzalloc include/linux/slab.h:682 [inline]
    [<0000000091b6819d>] usb_get_configuration+0x9c/0x1dd0 drivers/usb/core/config.c:882
    [<00000000dea76cf0>] usb_enumerate_device drivers/usb/core/hub.c:2388 [inline]
    [<00000000dea76cf0>] usb_new_device+0x1a9/0x2e0 drivers/usb/core/hub.c:2524
    [<00000000a04b5326>] hub_port_connect drivers/usb/core/hub.c:5223 [inline]
    [<00000000a04b5326>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
    [<00000000a04b5326>] port_event drivers/usb/core/hub.c:5509 [inline]
    [<00000000a04b5326>] hub_event+0x142e/0x20c0 drivers/usb/core/hub.c:5591
    [<00000000454c3013>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<00000000a28034b2>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<00000000651e0b85>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000d43e0e7e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff888111fc4160 (size 32):
  comm "kworker/1:0", pid 19, jiffies 4294956953 (age 15.320s)
  hex dump (first 32 bytes):
    73 79 7a 00 00 00 00 00 00 00 00 00 00 00 00 00  syz.............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000005ecb292a>] kmalloc include/linux/slab.h:557 [inline]
    [<000000005ecb292a>] usb_cache_string+0x8a/0xf0 drivers/usb/core/message.c:1025
    [<00000000154b2130>] usb_enumerate_device drivers/usb/core/hub.c:2401 [inline]
    [<00000000154b2130>] usb_new_device+0xc4/0x2e0 drivers/usb/core/hub.c:2524
    [<00000000a04b5326>] hub_port_connect drivers/usb/core/hub.c:5223 [inline]
    [<00000000a04b5326>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
    [<00000000a04b5326>] port_event drivers/usb/core/hub.c:5509 [inline]
    [<00000000a04b5326>] hub_event+0x142e/0x20c0 drivers/usb/core/hub.c:5591
    [<00000000454c3013>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<00000000a28034b2>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<00000000651e0b85>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000d43e0e7e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff88810e50c900 (size 256):
  comm "kworker/1:0", pid 19, jiffies 4294956956 (age 15.290s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 08 c9 50 0e 81 88 ff ff  ..........P.....
    08 c9 50 0e 81 88 ff ff f0 6b 5a 82 ff ff ff ff  ..P......kZ.....
  backtrace:
    [<00000000b769e6dc>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000b769e6dc>] kzalloc include/linux/slab.h:682 [inline]
    [<00000000b769e6dc>] device_private_init drivers/base/core.c:2951 [inline]
    [<00000000b769e6dc>] device_add+0x7fa/0xc30 drivers/base/core.c:3001
    [<00000000afb16e94>] usb_new_device.cold+0x16a/0x582 drivers/usb/core/hub.c:2555
    [<00000000a04b5326>] hub_port_connect drivers/usb/core/hub.c:5223 [inline]
    [<00000000a04b5326>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
    [<00000000a04b5326>] port_event drivers/usb/core/hub.c:5509 [inline]
    [<00000000a04b5326>] hub_event+0x142e/0x20c0 drivers/usb/core/hub.c:5591
    [<00000000454c3013>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<00000000a28034b2>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<00000000651e0b85>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<00000000d43e0e7e>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296


Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/17 10:41 upstream f40ddce88593 052f8d9f .config console log report syz C ci-upstream-gce-leak memory leak in hub_event
2021/02/05 08:25 upstream 5c279c4cf206 23a562df .config console log report syz C ci-upstream-gce-leak memory leak in hub_event
2021/02/01 04:12 upstream 6642d600b541 fc9fd31e .config console log report syz C ci-upstream-gce-leak memory leak in hub_event
2020/12/15 11:48 upstream 148842c98a24 97183ed7 .config console log report syz C ci-upstream-gce-leak
2020/11/24 05:46 upstream d5beb3140f91 1ab681a4 .config console log report syz C ci-upstream-gce-leak
2020/11/20 11:54 upstream 4d02da974ea8 0767f13f .config console log report syz C ci-upstream-gce-leak
2020/11/19 03:34 upstream c2e7554e1b85 0767f13f .config console log report syz C ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.