memory leak in ath9k_hif_usb_firmware

memory leak in ath9k_hif_usb_firmware_cb
Status: upstream: reported C repro on 2020/11/10 18:25
Reported-by: syzbot+6692c72009680f7c4eb2@syzkaller.appspotmail.com
First crash: 260d, last: 3h55m

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/07/09 05:45	15m	mudongliangabcd@gmail.com	patch	upstream	error
2021/04/27 06:23	16m	dvyukov@google.com	patch	git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4a0225c3	OK
2021/04/27 05:38	7m	dvyukov@google.com	patch	git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4a0225c3	error
2021/04/27 04:50	7m	atulgopinathan@gmail.com	patch	upstream	error
2021/04/27 04:46	7m	atulgopinathan@gmail.com	patch	upstream	error

Sample crash report:

BUG: memory leak
unreferenced object 0xffff88810f326600 (size 192):
  comm "kworker/1:2", pid 3234, jiffies 4294942241 (age 14.870s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 18 66 32 0f 81 88 ff ff  .........f2.....
  backtrace:
    [<ffffffff82c0fc56>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff82c0fc56>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff82a47cc8>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff82a47cc8>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff82a48638>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff82a48638>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff8266d1b7>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1081
    [<ffffffff812626b9>] process_one_work+0x2c9/0x610 kernel/workqueue.c:2276
    [<ffffffff81262fa9>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2422
    [<ffffffff8126c408>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

BUG: memory leak
unreferenced object 0xffff8881133680c0 (size 192):
  comm "kworker/1:2", pid 3234, jiffies 4294942241 (age 14.870s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 d8 80 36 13 81 88 ff ff  ..........6.....
  backtrace:
    [<ffffffff82c0fc56>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff82c0fc56>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff82a47cc8>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff82a47cc8>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff82a48638>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff82a48638>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff8266d1b7>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1081
    [<ffffffff812626b9>] process_one_work+0x2c9/0x610 kernel/workqueue.c:2276
    [<ffffffff81262fa9>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2422
    [<ffffffff8126c408>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

BUG: memory leak
unreferenced object 0xffff888113368180 (size 192):
  comm "kworker/1:2", pid 3234, jiffies 4294942241 (age 14.870s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 98 81 36 13 81 88 ff ff  ..........6.....
  backtrace:
    [<ffffffff82c0fc56>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff82c0fc56>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff82a47cc8>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff82a47cc8>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff82a48638>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff82a48638>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff8266d1b7>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1081
    [<ffffffff812626b9>] process_one_work+0x2c9/0x610 kernel/workqueue.c:2276
    [<ffffffff81262fa9>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2422
    [<ffffffff8126c408>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

BUG: memory leak
unreferenced object 0xffff888113368240 (size 192):
  comm "kworker/1:2", pid 3234, jiffies 4294942241 (age 14.870s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 58 82 36 13 81 88 ff ff  ........X.6.....
  backtrace:
    [<ffffffff82c0fc56>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff82c0fc56>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff82a47cc8>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff82a47cc8>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff82a48638>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff82a48638>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff8266d1b7>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1081
    [<ffffffff812626b9>] process_one_work+0x2c9/0x610 kernel/workqueue.c:2276
    [<ffffffff81262fa9>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2422
    [<ffffffff8126c408>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

BUG: memory leak
unreferenced object 0xffff888113368300 (size 192):
  comm "kworker/1:2", pid 3234, jiffies 4294942241 (age 14.870s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 18 83 36 13 81 88 ff ff  ..........6.....
  backtrace:
    [<ffffffff82c0fc56>] kmalloc include/linux/slab.h:596 [inline]
    [<ffffffff82c0fc56>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff82a47cc8>] ath9k_hif_usb_alloc_tx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:829 [inline]
    [<ffffffff82a47cc8>] ath9k_hif_usb_alloc_urbs+0x148/0x640 drivers/net/wireless/ath/ath9k/hif_usb.c:1008
    [<ffffffff82a48638>] ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1102 [inline]
    [<ffffffff82a48638>] ath9k_hif_usb_firmware_cb+0x88/0x1f0 drivers/net/wireless/ath/ath9k/hif_usb.c:1235
    [<ffffffff8266d1b7>] request_firmware_work_func+0x47/0x90 drivers/base/firmware_loader/main.c:1081
    [<ffffffff812626b9>] process_one_work+0x2c9/0x610 kernel/workqueue.c:2276
    [<ffffffff81262fa9>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2422
    [<ffffffff8126c408>] kthread+0x188/0x1d0 kernel/kthread.c:319
    [<ffffffff810022cf>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Crashes (717):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Title
ci-upstream-gce-leak	2021/07/28 01:39	upstream	7d549995d4e0	17d6ab15	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/28 00:18	upstream	7d549995d4e0	17d6ab15	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/27 13:18	upstream	ff1176468d36	fd511809	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/27 06:32	upstream	ff1176468d36	fd511809	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/26 12:07	upstream	ff1176468d36	fd511809	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/26 10:44	upstream	ff1176468d36	fd511809	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/26 10:06	upstream	ff1176468d36	fd511809	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/26 09:00	upstream	ff1176468d36	fd511809	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/26 01:51	upstream	d8079fac1681	4d1b57d4	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/25 06:05	upstream	6498f6151825	4d1b57d4	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/25 05:22	upstream	6498f6151825	4d1b57d4	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/24 12:44	upstream	f0fddcec6b62	4d1b57d4	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/24 11:50	upstream	f0fddcec6b62	4d1b57d4	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/24 06:49	upstream	8baef6386baa	bc5f1d88	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/23 10:18	upstream	9bead1b58c4c	bc5f1d88	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/23 04:26	upstream	9bead1b58c4c	bc5f1d88	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/22 15:58	upstream	3d5895cd3517	302e51de	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/22 14:57	upstream	3d5895cd3517	302e51de	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/22 10:02	upstream	7b6ae471e541	29c3f20f	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/22 05:35	upstream	7b6ae471e541	29c3f20f	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/22 01:31	upstream	8cae8cd89f05	29c3f20f	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/21 21:37	upstream	8cae8cd89f05	29c3f20f	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/20 18:43	upstream	8cae8cd89f05	1b201b48	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/20 17:14	upstream	8cae8cd89f05	1b201b48	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/20 04:35	upstream	2734d6c1b1a0	bc48c9ab	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/20 00:50	upstream	2734d6c1b1a0	bc48c9ab	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/20 00:14	upstream	2734d6c1b1a0	bc48c9ab	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/19 06:28	upstream	2734d6c1b1a0	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/18 21:41	upstream	1d67c8d993ba	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/18 05:19	upstream	d980cc0620ae	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/18 04:47	upstream	d980cc0620ae	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/17 10:48	upstream	872f8edeb6bd	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/17 09:36	upstream	872f8edeb6bd	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/17 07:57	upstream	872f8edeb6bd	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/16 22:54	upstream	d936eb238744	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/16 17:46	upstream	d936eb238744	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/16 03:34	upstream	dd9c7df94c1b	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/16 02:36	upstream	dd9c7df94c1b	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/16 02:08	upstream	dd9c7df94c1b	f115ae98	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/14 22:50	upstream	8096acd7442e	94e0b707	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/08 21:51	upstream	3dbdb38e2869	1b20171a	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/04/27 02:52	upstream	9f4ad9e425a1	805b5003	.config	log	report	syz	C	memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/01/11 08:37	upstream	0653161f0fac	2c1f2513	.config	log	report	syz	C
ci-upstream-gce-leak	2020/11/10 11:22	upstream	407ab579637c	cca87986	.config	log	report	syz	C
ci-upstream-gce-leak	2020/11/09 19:06	upstream	f8394f232b1e	64069d48	.config	log	report	syz	C
ci-upstream-gce-leak	2021/07/28 10:43	upstream	7d549995d4e0	17d6ab15	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/28 07:10	upstream	7d549995d4e0	17d6ab15	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/27 20:27	upstream	ff1176468d36	fd511809	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/25 09:14	upstream	6498f6151825	4d1b57d4	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/24 18:42	upstream	f0fddcec6b62	4d1b57d4	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/15 16:35	upstream	8096acd7442e	b9a2f64e	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/15 15:07	upstream	8096acd7442e	b9a2f64e	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb
ci-upstream-gce-leak	2021/07/15 06:24	upstream	8096acd7442e	b9a2f64e	.config	log	report	syz		memory leak in ath9k_hif_usb_firmware_cb