memory leak in ath9k_hif_usb_firmware

memory leak in ath9k_hif_usb_firmware_cb
Status: upstream: reported C repro on 2020/11/10 18:25
Reported-by: syzbot+6692c72009680f7c4eb2@syzkaller.appspotmail.com
First crash: 162d, last: 1d03h

Sample crash report:

BUG: memory leak
unreferenced object 0xffff88810e07e900 (size 192):
  comm "kworker/0:2", pid 3568, jiffies 4294942696 (age 14.930s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 18 e9 07 0e 81 88 ff ff  ................
  backtrace:
    [<ffffffff82ba2296>] kmalloc include/linux/slab.h:559 [inline]
    [<ffffffff82ba2296>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff829e8428>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff829e8428>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff829e8d98>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff829e8d98>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff8261a917>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1079
    [<ffffffff81259619>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<ffffffff81259f09>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<ffffffff81261638>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff88810b2896c0 (size 192):
  comm "kworker/0:2", pid 3568, jiffies 4294942696 (age 14.930s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 d8 96 28 0b 81 88 ff ff  ..........(.....
  backtrace:
    [<ffffffff82ba2296>] kmalloc include/linux/slab.h:559 [inline]
    [<ffffffff82ba2296>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff829e8428>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff829e8428>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff829e8d98>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff829e8d98>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff8261a917>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1079
    [<ffffffff81259619>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<ffffffff81259f09>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<ffffffff81261638>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff88810e984540 (size 192):
  comm "kworker/0:2", pid 3568, jiffies 4294942696 (age 14.930s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 58 45 98 0e 81 88 ff ff  ........XE......
  backtrace:
    [<ffffffff82ba2296>] kmalloc include/linux/slab.h:559 [inline]
    [<ffffffff82ba2296>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff829e8428>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff829e8428>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff829e8d98>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff829e8d98>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff8261a917>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1079
    [<ffffffff81259619>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<ffffffff81259f09>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<ffffffff81261638>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff88810e9849c0 (size 192):
  comm "kworker/0:2", pid 3568, jiffies 4294942696 (age 14.930s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 d8 49 98 0e 81 88 ff ff  .........I......
  backtrace:
    [<ffffffff82ba2296>] kmalloc include/linux/slab.h:559 [inline]
    [<ffffffff82ba2296>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff829e8428>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff829e8428>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff829e8d98>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff829e8d98>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff8261a917>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1079
    [<ffffffff81259619>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<ffffffff81259f09>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<ffffffff81261638>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff88810e984300 (size 192):
  comm "kworker/0:2", pid 3568, jiffies 4294942696 (age 14.930s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 18 43 98 0e 81 88 ff ff  .........C......
  backtrace:
    [<ffffffff82ba2296>] kmalloc include/linux/slab.h:559 [inline]
    [<ffffffff82ba2296>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff829e8428>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff829e8428>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff829e8d98>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff829e8d98>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff8261a917>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1079
    [<ffffffff81259619>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<ffffffff81259f09>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<ffffffff81261638>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Crashes (369):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Title
ci-upstream-gce-leak	2021/04/20 05:24	upstream	7af08140	4285c989	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/19 17:52	upstream	bf05bf16	50f523d7	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/19 16:24	upstream	bf05bf16	50f523d7	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/19 00:52	upstream	c98ff1d0	7e2b734b	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/18 04:12	upstream	194cf482	7e2b734b	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/17 15:32	upstream	9cdbf646	7e2b734b	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/17 05:11	upstream	2f7b98d1	7e2b734b	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/16 02:20	upstream	7e25f40e	c59079a6	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/15 08:20	upstream	7f75285c	fcdb12ba	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/14 17:33	upstream	50987bec	3134b37f	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/13 10:14	upstream	89698bec	bfeda1b1	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/13 00:25	upstream	d434405a	bfeda1b1	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/12 00:53	upstream	7d900724	bfeda1b1	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/10 16:25	upstream	d4961772	bfeda1b1	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/10 01:43	upstream	17e7124a	6a81331a	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/08 19:43	upstream	454859c5	6a81331a	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/08 19:18	upstream	454859c5	6a81331a	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/08 04:21	upstream	3a229812	6a81331a	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/05 21:28	upstream	0a50438c	6a81331a	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/01 23:11	upstream	ffd9fb54	6a81331a	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/01 09:16	upstream	d19cc4bf	6a81331a	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/03/31 02:42	upstream	2bb25b3a	6a81331a	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/03/29 22:31	upstream	1e43c377	6a81331a	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/03/28 06:50	upstream	0f4498ce	a8529b82	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/03/27 10:19	upstream	0f4498ce	a8529b82	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/01/11 08:37	upstream	0653161f	2c1f2513	.config	log	report	syz	C
ci-upstream-gce-leak	2020/11/10 11:22	upstream	407ab579	cca87986	.config	log	report	syz	C
ci-upstream-gce-leak	2020/11/09 19:06	upstream	f8394f23	64069d48	.config	log	report	syz	C
ci-upstream-gce-leak	2021/04/19 02:58	upstream	c98ff1d0	7e2b734b	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/17 06:20	upstream	2f7b98d1	7e2b734b	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/17 02:41	upstream	2f7b98d1	7e2b734b	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/14 20:38	upstream	50987bec	3134b37f	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/14 19:44	upstream	50987bec	3134b37f	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/14 08:04	upstream	eebe426d	a184b83e	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/11 15:10	upstream	52e44129	bfeda1b1	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/11 07:37	upstream	52e44129	bfeda1b1	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/09 22:40	upstream	17e7124a	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/09 15:26	upstream	4fa56ad0	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/09 08:33	upstream	4fa56ad0	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/09 07:25	upstream	4fa56ad0	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/09 02:03	upstream	454859c5	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/08 08:25	upstream	3a229812	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/07 17:23	upstream	2d743660	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/07 08:44	upstream	2d743660	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/06 23:45	upstream	0a50438c	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/06 05:02	upstream	0a50438c	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/04 13:20	upstream	2023a53b	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/03 11:20	upstream	d93a0d43	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/02 23:44	upstream	1678e493	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/02 22:56	upstream	1678e493	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/02 19:49	upstream	1678e493	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/02 07:48	upstream	ffd9fb54	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/03/30 11:20	upstream	1e43c377	6a81331a	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb