memory leak in ath9k_hif_usb_firmware

memory leak in ath9k_hif_usb_firmware_cb
Status: upstream: reported C repro on 2020/11/10 18:25
Reported-by: syzbot+6692c72009680f7c4eb2@syzkaller.appspotmail.com
First crash: 343d, last: 5h42m

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/07/09 05:45	15m	mudongliangabcd@gmail.com	patch	upstream	error
2021/04/27 06:23	16m	dvyukov@google.com	patch	git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4a0225c3	OK
2021/04/27 05:38	7m	dvyukov@google.com	patch	git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4a0225c3	error
2021/04/27 04:50	7m	atulgopinathan@gmail.com	patch	upstream	error
2021/04/27 04:46	7m	atulgopinathan@gmail.com	patch	upstream	error

Sample crash report:

BUG: memory leak
unreferenced object 0xffff88810bed6300 (size 192):
  comm "kworker/0:2", pid 2670, jiffies 4294942489 (age 14.140s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 18 63 ed 0b 81 88 ff ff  .........c......
  backtrace:
    [<ffffffff82c32656>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff82c32656>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff82a69308>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff82a69308>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff82a69c78>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff82a69c78>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff82688f37>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1081
    [<ffffffff81265d4f>] process_one_work+0x2cf/0x620 kernel/workqueue.c:2297
    [<ffffffff81266659>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2444
    [<ffffffff8126fbd8>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

BUG: memory leak
unreferenced object 0xffff88810afa6180 (size 192):
  comm "kworker/0:2", pid 2670, jiffies 4294942489 (age 14.140s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 98 61 fa 0a 81 88 ff ff  .........a......
  backtrace:
    [<ffffffff82c32656>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff82c32656>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff82a69308>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff82a69308>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff82a69c78>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff82a69c78>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff82688f37>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1081
    [<ffffffff81265d4f>] process_one_work+0x2cf/0x620 kernel/workqueue.c:2297
    [<ffffffff81266659>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2444
    [<ffffffff8126fbd8>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

BUG: memory leak
unreferenced object 0xffff88810bf81e40 (size 192):
  comm "kworker/0:2", pid 2670, jiffies 4294942489 (age 14.140s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 58 1e f8 0b 81 88 ff ff  ........X.......
  backtrace:
    [<ffffffff82c32656>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff82c32656>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff82a69308>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff82a69308>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff82a69c78>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff82a69c78>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff82688f37>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1081
    [<ffffffff81265d4f>] process_one_work+0x2cf/0x620 kernel/workqueue.c:2297
    [<ffffffff81266659>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2444
    [<ffffffff8126fbd8>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

BUG: memory leak
unreferenced object 0xffff88810e1a10c0 (size 192):
  comm "kworker/0:2", pid 2670, jiffies 4294942489 (age 14.140s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 d8 10 1a 0e 81 88 ff ff  ................
  backtrace:
    [<ffffffff82c32656>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff82c32656>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff82a69308>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff82a69308>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff82a69c78>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff82a69c78>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff82688f37>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1081
    [<ffffffff81265d4f>] process_one_work+0x2cf/0x620 kernel/workqueue.c:2297
    [<ffffffff81266659>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2444
    [<ffffffff8126fbd8>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

BUG: memory leak
unreferenced object 0xffff88810bed6cc0 (size 192):
  comm "kworker/0:2", pid 2670, jiffies 4294942489 (age 14.140s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 d8 6c ed 0b 81 88 ff ff  .........l......
  backtrace:
    [<ffffffff82c32656>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff82c32656>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff82a69308>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff82a69308>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff82a69c78>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff82a69c78>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff82688f37>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1081
    [<ffffffff81265d4f>] process_one_work+0x2cf/0x620 kernel/workqueue.c:2297
    [<ffffffff81266659>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2444
    [<ffffffff8126fbd8>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Crashes (953):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Title
ci-upstream-gce-leak	2021/10/17 16:34	upstream	d999ade1cc86	0c5d9412	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/15 17:16	upstream	ec681c53f8d2	0c5d9412	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/15 16:50	upstream	ec681c53f8d2	0c5d9412	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/12 12:41	upstream	fa5878760579	838e7e2c	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/12 09:09	upstream	fa5878760579	838e7e2c	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/10 04:44	upstream	7fd2bf83d59a	838e7e2c	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/09 15:13	upstream	5d6ab0bb408f	838e7e2c	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/08 00:40	upstream	4a16df549d23	efe0f24d	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/06 18:32	upstream	60a9483534ed	0a63fd36	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/05 09:48	upstream	84b3e42564ac	ce697b49	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/04 22:31	upstream	84b3e42564ac	ce697b49	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/04 03:10	upstream	9e1ff307c779	db0f5787	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/02 14:32	upstream	53d5fc89d66a	db0f5787	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/02 08:50	upstream	53d5fc89d66a	db0f5787	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/01 21:41	upstream	24f67d82c43c	cc80db95	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/01 13:24	upstream	4de593fb965f	1d849ab4	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/29 19:53	upstream	02d5e016800d	be530f6c	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/28 07:57	upstream	0513e464f900	78494d16	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/24 05:47	upstream	f9e36107ec70	8cac236e	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/23 20:09	upstream	58e2cf5d7946	8cac236e	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/21 17:04	upstream	d9fb678414c0	169724fe	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/20 19:37	upstream	e4e737bb5c17	af796c18	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/19 09:18	upstream	d4d016caa4b8	70b76c1d	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/19 03:38	upstream	d4d016caa4b8	70b76c1d	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/17 16:09	upstream	bdb575f87217	5b989942	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/15 14:03	upstream	3ca706c189db	07e953c1	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/08 21:51	upstream	3dbdb38e2869	1b20171a	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/27 02:52	upstream	9f4ad9e425a1	805b5003	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/01/11 08:37	upstream	0653161f0fac	2c1f2513	.config	log	report	syz	C
ci-upstream-gce-leak	2020/11/10 11:22	upstream	407ab579637c	cca87986	.config	log	report	syz	C
ci-upstream-gce-leak	2020/11/09 19:06	upstream	f8394f232b1e	64069d48	.config	log	report	syz	C
ci-upstream-gce-leak	2021/10/18 18:25	upstream	cf52ad5ff16c	0c5d9412	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/18 03:17	upstream	d999ade1cc86	0c5d9412	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/17 19:07	upstream	d999ade1cc86	0c5d9412	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/17 17:43	upstream	d999ade1cc86	0c5d9412	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/16 14:06	upstream	8fe31e0995f0	0c5d9412	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/16 10:15	upstream	8fe31e0995f0	0c5d9412	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/11 22:39	upstream	64570fbc14f8	838e7e2c	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/11 19:09	upstream	64570fbc14f8	838e7e2c	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/11 01:27	upstream	efb52a7d9511	838e7e2c	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/10 06:58	upstream	7fd2bf83d59a	838e7e2c	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/09 00:59	upstream	741668ef7832	efe0f24d	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/08 06:33	upstream	4a16df549d23	efe0f24d	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/08 00:56	upstream	4a16df549d23	efe0f24d	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/10/05 18:31	upstream	f6274b06e326	0a63fd36	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/30 01:54	upstream	02d5e016800d	be530f6c	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/21 18:36	upstream	d9fb678414c0	169724fe	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/21 07:34	upstream	e4e737bb5c17	af796c18	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/09/17 16:55	upstream	bdb575f87217	5b989942	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb