[syzbot] memory leak in hdcs_probe_1020

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit: 0f4498ce Merge tag 'for-5.12/dm-fixes-2' of git://git.kern..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17e1514ad00000
kernel config: https://syzkaller.appspot.com/x/.config?x=49f2683f4e7a4347
dashboard link: https://syzkaller.appspot.com/bug?extid=990626a4ef6f043ed4cd
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16fb3d9ed00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=117539aad00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+990626...@syzkaller.appspotmail.com

BUG: memory leak
unreferenced object 0xffff888110dd9f00 (size 64):
comm "kworker/0:0", pid 5, jiffies 4294944081 (age 15.000s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 ................
04 00 00 00 60 01 00 00 30 01 00 00 04 00 00 00 ....`...0.......
backtrace:
[<ffffffff8424c055>] kmalloc include/linux/slab.h:554 [inline]
[<ffffffff8424c055>] hdcs_probe_1020 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c:428 [inline]
[<ffffffff8424c055>] hdcs_probe_1020.cold+0x39/0x96 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c:413
[<ffffffff82fe2db7>] stv06xx_config+0x107/0x190 drivers/media/usb/gspca/stv06xx/stv06xx.c:575
[<ffffffff842427ca>] gspca_dev_probe2+0x359/0x6c5 drivers/media/usb/gspca/gspca.c:1529
[<ffffffff84242b78>] gspca_dev_probe.cold+0x42/0x4a drivers/media/usb/gspca/gspca.c:1606
[<ffffffff82ba7c87>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff825f6079>] really_probe+0x159/0x4a0 drivers/base/dd.c:554
[<ffffffff825f6444>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740
[<ffffffff825f6b5e>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846
[<ffffffff825f2ff7>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<ffffffff825f66f2>] __device_attach+0x122/0x250 drivers/base/dd.c:914
[<ffffffff825f4c96>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<ffffffff825f11e5>] device_add+0x5d5/0xc40 drivers/base/core.c:3242
[<ffffffff82ba5229>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<ffffffff82bb568c>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
[<ffffffff82ba73ec>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
[<ffffffff825f6079>] really_probe+0x159/0x4a0 drivers/base/dd.c:554



---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

[Павел Скрипкин]

Hi!

This bug is smth similar to this https://syzkaller.appspot.com/bug?id=99918fe700d266edc49a32933eb61bd3abea9893.

I send patch for aforementioned bug, but Mauro Carvalho declined it. Maybe, it will be helpful for someone trying to fix current bug :)

Lore: https://lore.kernel.org/linux-media/988f3fa172458cd1f24366d...@gmail.com/T/#maa821b20fb6ae78216896f8249e15c6527194029 

среда, 31 марта 2021 г. в 22:18:15 UTC+3, syzbot:

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in hdcs_probe_1020

BUG: memory leak
unreferenced object 0xffff88812482e4c0 (size 64):
comm "kworker/1:6", pid 10485, jiffies 4294945532 (age 14.460s)

hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 ................
04 00 00 00 60 01 00 00 30 01 00 00 04 00 00 00 ....`...0.......
backtrace:

[<ffffffff8424ba92>] kmalloc include/linux/slab.h:554 [inline]
[<ffffffff8424ba92>] hdcs_probe_1020 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c:428 [inline]
[<ffffffff8424ba92>] hdcs_probe_1020.cold+0x39/0x96 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c:413
[<ffffffff82fe2a27>] stv06xx_config+0x107/0x190 drivers/media/usb/gspca/stv06xx/stv06xx.c:575
[<ffffffff84242207>] gspca_dev_probe2+0x359/0x6c5 drivers/media/usb/gspca/gspca.c:1529
[<ffffffff842425b5>] gspca_dev_probe.cold+0x42/0x4a drivers/media/usb/gspca/gspca.c:1606
[<ffffffff82ba73e7>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff825f5879>] really_probe+0x159/0x4a0 drivers/base/dd.c:557
[<ffffffff825f5c44>] driver_probe_device+0x84/0x100 drivers/base/dd.c:743
[<ffffffff825f635e>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:849
[<ffffffff825f27d7>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<ffffffff825f5ef2>] __device_attach+0x122/0x250 drivers/base/dd.c:917
[<ffffffff825f4476>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<ffffffff825f09c5>] device_add+0x5d5/0xc40 drivers/base/core.c:3242
[<ffffffff82ba4989>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<ffffffff82bb4dec>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
[<ffffffff82ba6b4c>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
[<ffffffff825f5879>] really_probe+0x159/0x4a0 drivers/base/dd.c:557

BUG: memory leak
unreferenced object 0xffff888125fe9f40 (size 64):
comm "kworker/1:7", pid 10507, jiffies 4294945586 (age 13.930s)

hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 ................
04 00 00 00 60 01 00 00 30 01 00 00 04 00 00 00 ....`...0.......
backtrace:

[<ffffffff8424ba92>] kmalloc include/linux/slab.h:554 [inline]
[<ffffffff8424ba92>] hdcs_probe_1020 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c:428 [inline]
[<ffffffff8424ba92>] hdcs_probe_1020.cold+0x39/0x96 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c:413
[<ffffffff82fe2a27>] stv06xx_config+0x107/0x190 drivers/media/usb/gspca/stv06xx/stv06xx.c:575
[<ffffffff84242207>] gspca_dev_probe2+0x359/0x6c5 drivers/media/usb/gspca/gspca.c:1529
[<ffffffff842425b5>] gspca_dev_probe.cold+0x42/0x4a drivers/media/usb/gspca/gspca.c:1606
[<ffffffff82ba73e7>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff825f5879>] really_probe+0x159/0x4a0 drivers/base/dd.c:557
[<ffffffff825f5c44>] driver_probe_device+0x84/0x100 drivers/base/dd.c:743
[<ffffffff825f635e>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:849
[<ffffffff825f27d7>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<ffffffff825f5ef2>] __device_attach+0x122/0x250 drivers/base/dd.c:917
[<ffffffff825f4476>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<ffffffff825f09c5>] device_add+0x5d5/0xc40 drivers/base/core.c:3242
[<ffffffff82ba4989>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<ffffffff82bb4dec>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
[<ffffffff82ba6b4c>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
[<ffffffff825f5879>] really_probe+0x159/0x4a0 drivers/base/dd.c:557

BUG: memory leak
unreferenced object 0xffff888127068240 (size 64):
comm "kworker/1:2", pid 3129, jiffies 4294945634 (age 13.450s)

hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 ................
04 00 00 00 60 01 00 00 30 01 00 00 04 00 00 00 ....`...0.......
backtrace:

[<ffffffff8424ba92>] kmalloc include/linux/slab.h:554 [inline]
[<ffffffff8424ba92>] hdcs_probe_1020 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c:428 [inline]
[<ffffffff8424ba92>] hdcs_probe_1020.cold+0x39/0x96 drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c:413
[<ffffffff82fe2a27>] stv06xx_config+0x107/0x190 drivers/media/usb/gspca/stv06xx/stv06xx.c:575
[<ffffffff84242207>] gspca_dev_probe2+0x359/0x6c5 drivers/media/usb/gspca/gspca.c:1529
[<ffffffff842425b5>] gspca_dev_probe.cold+0x42/0x4a drivers/media/usb/gspca/gspca.c:1606
[<ffffffff82ba73e7>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff825f5879>] really_probe+0x159/0x4a0 drivers/base/dd.c:557
[<ffffffff825f5c44>] driver_probe_device+0x84/0x100 drivers/base/dd.c:743
[<ffffffff825f635e>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:849
[<ffffffff825f27d7>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<ffffffff825f5ef2>] __device_attach+0x122/0x250 drivers/base/dd.c:917
[<ffffffff825f4476>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<ffffffff825f09c5>] device_add+0x5d5/0xc40 drivers/base/core.c:3242
[<ffffffff82ba4989>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<ffffffff82bb4dec>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
[<ffffffff82ba6b4c>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
[<ffffffff825f5879>] really_probe+0x159/0x4a0 drivers/base/dd.c:557



Tested on:

commit: 454859c5 Merge tag 'arc-5.12-rc7' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1257eb11d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bea6e63822ded373
dashboard link: https://syzkaller.appspot.com/bug?extid=990626a4ef6f043ed4cd
compiler:

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+990626...@syzkaller.appspotmail.com

Tested on:

commit: 454859c5 Merge tag 'arc-5.12-rc7' of git://git.kernel.org/..
git tree: upstream

kernel config: https://syzkaller.appspot.com/x/.config?x=bea6e63822ded373
dashboard link: https://syzkaller.appspot.com/bug?extid=990626a4ef6f043ed4cd
compiler:

patch: https://syzkaller.appspot.com/x/patch.diff?x=151eaafcd00000

Note: testing is done by a robot and is best-effort only.

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+990626...@syzkaller.appspotmail.com

Tested on:

commit: 3fb4f979 Merge tag 's390-5.12-6' of git://git.kernel.org/p..

git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=bea6e63822ded373
dashboard link: https://syzkaller.appspot.com/bug?extid=990626a4ef6f043ed4cd
compiler:

patch: https://syzkaller.appspot.com/x/patch.diff?x=177880e2d00000