syzbot


memory leak in v4l2_ctrl_handler_init_class

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+efe9aefc31ae1e6f7675@syzkaller.appspotmail.com
Fix commit: 9c39be40c015 media: drivers/media/usb: fix memory leak in zr364xx_probe
First crash: 577d, last: 523d
Patch testing requests:
Created Duration User Patch Repo Result
2021/03/01 21:24 17m paskripkin@gmail.com https://linux.googlesource.com/linux/kernel/git/torvalds/linux refs/changes/36/8736/3 OK
2021/03/01 20:18 4m paskripkin@gmail.com https://linux.googlesource.com/linux/kernel/git/torvalds/linux refs/changes/36/8736/1 error

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888103dfac60 (size 32):
  comm "kworker/0:3", pid 3865, jiffies 4294943211 (age 13.720s)
  hex dump (first 32 bytes):
    c0 a4 28 0e 81 88 ff ff 00 00 00 00 00 00 00 00  ..(.............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81465751>] kmalloc_node include/linux/slab.h:577 [inline]
    [<ffffffff81465751>] kvmalloc_node+0x61/0xf0 mm/util.c:587
    [<ffffffff82eadcd6>] kvmalloc include/linux/mm.h:785 [inline]
    [<ffffffff82eadcd6>] kvmalloc_array include/linux/mm.h:803 [inline]
    [<ffffffff82eadcd6>] v4l2_ctrl_handler_init_class+0x86/0xb0 drivers/media/v4l2-core/v4l2-ctrls.c:2525
    [<ffffffff8423ecc0>] zr364xx_probe+0x110/0x851 drivers/media/usb/zr364xx/zr364xx.c:1427
    [<ffffffff82ba99a7>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
    [<ffffffff825f6f09>] really_probe+0x159/0x4a0 drivers/base/dd.c:559
    [<ffffffff825f72d4>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745
    [<ffffffff825f79ee>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:851
    [<ffffffff825f3e57>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
    [<ffffffff825f7582>] __device_attach+0x122/0x250 drivers/base/dd.c:919
    [<ffffffff825f5af6>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
    [<ffffffff825f2045>] device_add+0x5d5/0xc40 drivers/base/core.c:3242
    [<ffffffff82ba6f49>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
    [<ffffffff82bb73ac>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
    [<ffffffff82ba910c>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
    [<ffffffff825f6f09>] really_probe+0x159/0x4a0 drivers/base/dd.c:559
    [<ffffffff825f72d4>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745

BUG: memory leak
unreferenced object 0xffff8881108a6dc0 (size 32):
  comm "kworker/1:3", pid 8047, jiffies 4294943838 (age 7.450s)
  hex dump (first 32 bytes):
    40 72 d9 11 81 88 ff ff 00 00 00 00 00 00 00 00  @r..............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81465751>] kmalloc_node include/linux/slab.h:577 [inline]
    [<ffffffff81465751>] kvmalloc_node+0x61/0xf0 mm/util.c:587
    [<ffffffff82eadcd6>] kvmalloc include/linux/mm.h:785 [inline]
    [<ffffffff82eadcd6>] kvmalloc_array include/linux/mm.h:803 [inline]
    [<ffffffff82eadcd6>] v4l2_ctrl_handler_init_class+0x86/0xb0 drivers/media/v4l2-core/v4l2-ctrls.c:2525
    [<ffffffff8423ecc0>] zr364xx_probe+0x110/0x851 drivers/media/usb/zr364xx/zr364xx.c:1427
    [<ffffffff82ba99a7>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
    [<ffffffff825f6f09>] really_probe+0x159/0x4a0 drivers/base/dd.c:559
    [<ffffffff825f72d4>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745
    [<ffffffff825f79ee>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:851
    [<ffffffff825f3e57>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
    [<ffffffff825f7582>] __device_attach+0x122/0x250 drivers/base/dd.c:919
    [<ffffffff825f5af6>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
    [<ffffffff825f2045>] device_add+0x5d5/0xc40 drivers/base/core.c:3242
    [<ffffffff82ba6f49>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
    [<ffffffff82bb73ac>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
    [<ffffffff82ba910c>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
    [<ffffffff825f6f09>] really_probe+0x159/0x4a0 drivers/base/dd.c:559
    [<ffffffff825f72d4>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745


Crashes (12):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2021/04/19 03:53 upstream c98ff1d013d2 7e2b734b .config log report syz C memory leak in v4l2_ctrl_handler_init_class
ci-upstream-gce-leak 2021/04/11 19:40 upstream 52e44129fba5 bfeda1b1 .config log report syz C memory leak in v4l2_ctrl_handler_init_class
ci-upstream-gce-leak 2021/04/11 08:41 upstream 52e44129fba5 bfeda1b1 .config log report syz C memory leak in v4l2_ctrl_handler_init_class
ci-upstream-gce-leak 2021/04/06 13:54 upstream 0a50438c8436 6a81331a .config log report syz C memory leak in v4l2_ctrl_handler_init_class
ci-upstream-gce-leak 2021/04/06 10:57 upstream 0a50438c8436 6a81331a .config log report syz C memory leak in v4l2_ctrl_handler_init_class
ci-upstream-gce-leak 2021/04/04 02:14 upstream 57fbdb15ec42 6a81331a .config log report syz C memory leak in v4l2_ctrl_handler_init_class
ci-upstream-gce-leak 2021/04/03 01:05 upstream 1678e493d530 6a81331a .config log report syz C memory leak in v4l2_ctrl_handler_init_class
ci-upstream-gce-leak 2021/04/01 01:58 upstream 5e46d1b78a03 6a81331a .config log report syz C memory leak in v4l2_ctrl_handler_init_class
ci-upstream-gce-leak 2021/03/08 20:28 upstream 144c79ef3353 09fbf400 .config log report syz C memory leak in v4l2_ctrl_handler_init_class
ci-upstream-gce-leak 2021/02/25 17:15 upstream 29c395c77a9a 76f7fc95 .config log report syz C memory leak in v4l2_ctrl_handler_init_class
ci-upstream-gce-leak 2021/02/24 17:44 upstream c03c21ba6f4e fcc6d71b .config log report syz C memory leak in v4l2_ctrl_handler_init_class
ci-upstream-gce-leak 2021/02/24 13:50 upstream c03c21ba6f4e fcc6d71b .config log report syz C memory leak in v4l2_ctrl_handler_init_class
* Struck through repros no longer work on HEAD.