syzbot


memory leak in hub_event (2)

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+636c58f40a86b4a879e7@syzkaller.appspotmail.com
Fix commit: dcb4b8ad6a44 misc/uss720: fix memory leak in uss720_probe
First crash: 689d, last: 682d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in hub_event C 7 711d 800d 21/24 fixed on 2021/03/10 01:48
upstream memory leak in hub_event (3) C 1 356d 352d 0/24 auto-obsoleted due to no activity on 2022/11/04 19:09
Last patch testing requests:
Created Duration User Patch Repo Result
2021/04/11 18:23 8m alaaemadhossney.ae@gmail.com linux-next report log
2021/03/25 21:31 8m alaaemadhossney.ae@gmail.com upstream report log
2021/03/22 12:21 8m alaaemadhossney.ae@gmail.com upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888101113800 (size 2048):
  comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s)
  hex dump (first 32 bytes):
    ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00  ....1...........
    00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00  ................
  backtrace:
    [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline]
    [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline]
    [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582
    [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline]
    [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
    [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline]
    [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591
    [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff888111bc3980 (size 32):
  comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s)
  hex dump (first 32 bytes):
    31 2d 31 00 00 00 00 00 00 00 00 00 00 00 00 00  1-1.............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff82231dcc>] kvasprintf+0x6c/0xf0 lib/kasprintf.c:25
    [<ffffffff82231ea8>] kvasprintf_const+0x58/0x110 lib/kasprintf.c:49
    [<ffffffff822f1cdb>] kobject_set_name_vargs+0x3b/0xe0 lib/kobject.c:289
    [<ffffffff825e9fe3>] dev_set_name+0x63/0x90 drivers/base/core.c:3028
    [<ffffffff82b8e9de>] usb_alloc_dev+0x1ee/0x450 drivers/usb/core/usb.c:650
    [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline]
    [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
    [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline]
    [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591
    [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff88810dc6aa20 (size 32):
  comm "kworker/0:1", pid 7, jiffies 4294956824 (age 28.400s)
  hex dump (first 32 bytes):
    80 de de 01 81 88 ff ff 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff82ba754e>] kmalloc include/linux/slab.h:559 [inline]
    [<ffffffff82ba754e>] kzalloc include/linux/slab.h:684 [inline]
    [<ffffffff82ba754e>] usb_get_configuration+0xce/0x1dd0 drivers/usb/core/config.c:887
    [<ffffffff82b95c89>] usb_enumerate_device drivers/usb/core/hub.c:2388 [inline]
    [<ffffffff82b95c89>] usb_new_device+0x1a9/0x2e0 drivers/usb/core/hub.c:2524
    [<ffffffff82b986fe>] hub_port_connect drivers/usb/core/hub.c:5223 [inline]
    [<ffffffff82b986fe>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
    [<ffffffff82b986fe>] port_event drivers/usb/core/hub.c:5509 [inline]
    [<ffffffff82b986fe>] hub_event+0x142e/0x20c0 drivers/usb/core/hub.c:5591
    [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff888110bd3c20 (size 32):
  comm "kworker/0:1", pid 7, jiffies 4294956849 (age 28.150s)
  hex dump (first 32 bytes):
    73 79 7a 00 00 00 00 00 00 00 00 00 00 00 00 00  syz.............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff82ba1daa>] kmalloc include/linux/slab.h:559 [inline]
    [<ffffffff82ba1daa>] usb_cache_string+0x8a/0xf0 drivers/usb/core/message.c:1025
    [<ffffffff82b95b78>] usb_enumerate_device drivers/usb/core/hub.c:2398 [inline]
    [<ffffffff82b95b78>] usb_new_device+0x98/0x2e0 drivers/usb/core/hub.c:2524
    [<ffffffff82b986fe>] hub_port_connect drivers/usb/core/hub.c:5223 [inline]
    [<ffffffff82b986fe>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
    [<ffffffff82b986fe>] port_event drivers/usb/core/hub.c:5509 [inline]
    [<ffffffff82b986fe>] hub_event+0x142e/0x20c0 drivers/usb/core/hub.c:5591
    [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

BUG: memory leak
unreferenced object 0xffff88810d01c700 (size 256):
  comm "kworker/0:1", pid 7, jiffies 4294956860 (age 28.040s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 08 c7 01 0d 81 88 ff ff  ................
    08 c7 01 0d 81 88 ff ff 80 a0 5e 82 ff ff ff ff  ..........^.....
  backtrace:
    [<ffffffff825ef741>] kmalloc include/linux/slab.h:554 [inline]
    [<ffffffff825ef741>] kzalloc include/linux/slab.h:684 [inline]
    [<ffffffff825ef741>] device_private_init drivers/base/core.c:3084 [inline]
    [<ffffffff825ef741>] device_add+0x811/0xc40 drivers/base/core.c:3134
    [<ffffffff841f3b4a>] usb_new_device.cold+0x16a/0x582 drivers/usb/core/hub.c:2555
    [<ffffffff82b986fe>] hub_port_connect drivers/usb/core/hub.c:5223 [inline]
    [<ffffffff82b986fe>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
    [<ffffffff82b986fe>] port_event drivers/usb/core/hub.c:5509 [inline]
    [<ffffffff82b986fe>] hub_event+0x142e/0x20c0 drivers/usb/core/hub.c:5591
    [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
    [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
    [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292
    [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294


Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-leak 2021/03/18 02:08 upstream 6417f03132a6 fdb2bb2c .config console log report syz C memory leak in hub_event
ci-upstream-gce-leak 2021/03/11 04:33 upstream 05a59d79793d 764067f3 .config console log report syz C memory leak in hub_event
* Struck through repros no longer work on HEAD.