Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp1417086pxb; Fri, 20 Nov 2020 08:59:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJwfq+xrOc1BTINh1oFdj9TIKkXIbG9MmmkZRAbJUAxIhQQldTdrJCfO0atddpG0e9dsLnDX X-Received: by 2002:a17:906:4a02:: with SMTP id w2mr15778024eju.267.1605891591774; Fri, 20 Nov 2020 08:59:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605891591; cv=none; d=google.com; s=arc-20160816; b=hn2V1HRZ+ORUxk2OOsaBnM/xSQjh8CpXCeHZqMgFENUg004KOz16mC1XFeq7AJknrI 2zzLFAQRi7/L6RDsGv0WbODdMFQUrp4x2ADA0VkDrvshP66vba/EGdtzSUgVD47gLcEy KvvIYIigojBQ+3Q6Bark/AY/z6RyzhiOJDZVOt2gBk7lFcPjYpQDl8OKGIiol+ldghfs 1OLhcQR63FulbbmL3FJzXzzsFHmayT8jY6q7iY1mrWohocC1rWPMmUA5t2fLkdwlzhr0 PKAG6lCziTMf+jyITJ/yRmJahZz9zhf4kN/Lr+bo5MFPr8j+j36tgB77z9x6RwCG3RUa qsrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:in-reply-to:date :mime-version; bh=oI2HelN6479IMKjrMrMI0tmXG34A5v3EmyEuvpZIjqU=; b=eToMzl5wV5h1LRIR7SRmYUoDs1W6YryQYGbC/jlHqar3JlcHONF/DVsWAngsHpUVl2 qEgtLCcJRwSSNJJEXbICyu8YxfFTlBgoJnaW7u55NlOmyITosH2uwrSPdKMBDknLoi5j POelOxdDidM1H6n64nZRrNtZhPqwrHU6Nl4Bk2US+/65rCQ/q0Yfp0Y9rP5pVbVSJBO8 HIx9sxsNFwb2Bflhb5rj9EM/yotRXlGsPTNkLU920YHMRC8jLOYItERogtAIgNw0gROo 4JyNANDSZH+Rl68B/Ix7LdpbV4wyR+rSHzJaRJFVrig8EcnKyn4j6gyQrk6RdH0wkDxE qADA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bi10si2241682edb.483.2020.11.20.08.59.28; Fri, 20 Nov 2020 08:59:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730197AbgKTQ4N (ORCPT + 99 others); Fri, 20 Nov 2020 11:56:13 -0500 Received: from mail-il1-f199.google.com ([209.85.166.199]:34777 "EHLO mail-il1-f199.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730139AbgKTQ4M (ORCPT ); Fri, 20 Nov 2020 11:56:12 -0500 Received: by mail-il1-f199.google.com with SMTP id q10so3980049ile.1 for ; Fri, 20 Nov 2020 08:56:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:in-reply-to:message-id:subject :from:to:cc; bh=oI2HelN6479IMKjrMrMI0tmXG34A5v3EmyEuvpZIjqU=; b=AJJ2uHQzAaHSYw3IjsiU/ezipKfjagi3RibAlMnUwsgTAhhE5lJbp0a9ywOzvANI2b kj4l/cbAqirv+Y/0upm3lN/RmI/Jstto/uap7oSEiVvB3vhnXMz7RWmCV28QwfSdkB0X OQA8vJFvHHttc3XtRfeKryv4PlLXQobOQRM3xNvMTqF7pStTyuJjQtAlLa5m3ws9OuRt I4ow2EXXorgzP45ImjiYm8z84kFj0TMQt2Dh4DuA7ilkfgiLZcvR3b9ghx79K3RsK6pt dfkpxi3vcXNERDzaiFBcD46vT5BsI7JSfYIUSHLBINF6KF0Z9IN61LJjdc9nK2xrnDL2 Cm8Q== X-Gm-Message-State: AOAM532ohnIxThXByFHa8K1vaPn06J+jj/j89t+3ay5jujOJ3XmpgJTv hZXp2zatamG4s0C9CTJKRa3nTS5djTkCkp92LzPAQEaCoxiC MIME-Version: 1.0 X-Received: by 2002:a05:6e02:deb:: with SMTP id m11mr26236341ilj.8.1605891371865; Fri, 20 Nov 2020 08:56:11 -0800 (PST) Date: Fri, 20 Nov 2020 08:56:11 -0800 In-Reply-To: <20201120165609.GE619708@rowland.harvard.edu> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <000000000000c49c8b05b48cb833@google.com> Subject: Re: Re: memory leak in hub_event From: syzbot To: Alan Stern Cc: balbi@kernel.org, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, stern@rowland.harvard.edu, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Fri, Nov 20, 2020 at 07:15:20AM -0800, syzbot wrote: >> Hello, >> >> syzbot found the following issue on: >> >> HEAD commit: 4d02da97 Merge tag 'net-5.10-rc5' of git://git.kernel.org/.. >> git tree: upstream >> console output: https://syzkaller.appspot.com/x/log.txt?x=13a7d2b6500000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=c5353ac514ca5a43 >> dashboard link: https://syzkaller.appspot.com/bug?extid=44e64397bd81d5e84cba >> compiler: gcc (GCC) 10.1.0-syz 20200507 >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14925089500000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16810051500000 >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit: >> Reported-by: syzbot+44e64397bd81d5e84cba@syzkaller.appspotmail.com >> >> BUG: memory leak >> unreferenced object 0xffff88810d5ff800 (size 2048): >> comm "kworker/1:0", pid 17, jiffies 4294949188 (age 14.280s) >> hex dump (first 32 bytes): >> ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... >> 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................ >> backtrace: >> [<00000000f0428224>] kmalloc include/linux/slab.h:552 [inline] >> [<00000000f0428224>] kzalloc include/linux/slab.h:664 [inline] >> [<00000000f0428224>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 >> [<000000001802b3dd>] hub_port_connect drivers/usb/core/hub.c:5128 [inline] >> [<000000001802b3dd>] hub_port_connect_change drivers/usb/core/hub.c:5362 [inline] >> [<000000001802b3dd>] port_event drivers/usb/core/hub.c:5508 [inline] >> [<000000001802b3dd>] hub_event+0x118d/0x20d0 drivers/usb/core/hub.c:5590 >> [<0000000092d3650d>] process_one_work+0x27d/0x590 kernel/workqueue.c:2272 >> [<00000000d4629ab0>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2418 >> [<000000003c358b45>] kthread+0x178/0x1b0 kernel/kthread.c:292 >> [<000000003689dbb0>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 > > This looks like a reference is being taken but not released. Hard to > tell where it's happening, though. Let's try to narrow it down. > > Alan Stern > > #syz test: upstream 4d02da97 "upstream" does not look like a valid git repo address. > > Index: usb-devel/drivers/media/usb/gspca/gspca.c > =================================================================== > --- usb-devel.orig/drivers/media/usb/gspca/gspca.c > +++ usb-devel/drivers/media/usb/gspca/gspca.c > @@ -1489,6 +1489,8 @@ int gspca_dev_probe2(struct usb_interfac > } > > gspca_dev->v4l2_dev.release = gspca_release; > + ret = -EIO; > + goto out; > ret = v4l2_device_register(&intf->dev, &gspca_dev->v4l2_dev); > if (ret) > goto out;