memory leak in r8712_init_recv_priv
36 views
Skip to first unread message
syzbot
Dec 20, 2020, 10:34:11 PM12/20/20
to Larry....@lwfinger.net, de...@driverdev.osuosl.org, florian.c....@googlemail.com, gre...@linuxfoundation.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 467f8165 Merge tag 'close-range-cloexec-unshare-v5.11' of ..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=142b5745500000
kernel config: https://syzkaller.appspot.com/x/.config?x=37c889fb8b2761af
dashboard link: https://syzkaller.appspot.com/bug?extid=1c46f3771695bccbdb3a
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1265cb37500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1763527b500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1c46f3...@syzkaller.appspotmail.com
executing program
BUG: memory leak
unreferenced object 0xffff88810ecc26c0 (size 192):
comm "kworker/1:1", pid 35, jiffies 4294942461 (age 18.010s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 d8 26 cc 0e 81 88 ff ff .........&......
backtrace:
[<000000005aecb941>] kmalloc include/linux/slab.h:557 [inline]
[<000000005aecb941>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
[<000000007c4331ea>] r8712_os_recvbuf_resource_alloc+0x1b/0x80 drivers/staging/rtl8712/recv_linux.c:46
[<0000000026fac6b7>] r8712_init_recv_priv+0x96/0x210 drivers/staging/rtl8712/rtl8712_recv.c:54
[<000000004dbac0de>] _r8712_init_recv_priv+0x134/0x150 drivers/staging/rtl8712/rtl871x_recv.c:78
[<000000009f37c02e>] r8712_init_drv_sw+0xa0/0x1d0 drivers/staging/rtl8712/os_intfs.c:312
[<00000000439d06d7>] r871xu_drv_init.cold+0x104/0x7d1 drivers/staging/rtl8712/usb_intf.c:391
[<00000000a5c43c27>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<00000000106f93f1>] really_probe+0x159/0x480 drivers/base/dd.c:561
[<00000000856556bd>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745
[<00000000789974b2>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:851
[<000000003b6b23b1>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<00000000d916cd73>] __device_attach+0x122/0x250 drivers/base/dd.c:919
[<000000000aa7621e>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<00000000c2fd5fd8>] device_add+0x5be/0xc30 drivers/base/core.c:3091
[<00000000d7a5749a>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<00000000197a0613>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
BUG: memory leak
unreferenced object 0xffff88810ecc2600 (size 192):
comm "kworker/1:1", pid 35, jiffies 4294942461 (age 18.010s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 18 26 cc 0e 81 88 ff ff .........&......
backtrace:
[<000000005aecb941>] kmalloc include/linux/slab.h:557 [inline]
[<000000005aecb941>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
[<000000007c4331ea>] r8712_os_recvbuf_resource_alloc+0x1b/0x80 drivers/staging/rtl8712/recv_linux.c:46
[<0000000026fac6b7>] r8712_init_recv_priv+0x96/0x210 drivers/staging/rtl8712/rtl8712_recv.c:54
[<000000004dbac0de>] _r8712_init_recv_priv+0x134/0x150 drivers/staging/rtl8712/rtl871x_recv.c:78
[<000000009f37c02e>] r8712_init_drv_sw+0xa0/0x1d0 drivers/staging/rtl8712/os_intfs.c:312
[<00000000439d06d7>] r871xu_drv_init.cold+0x104/0x7d1 drivers/staging/rtl8712/usb_intf.c:391
[<00000000a5c43c27>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<00000000106f93f1>] really_probe+0x159/0x480 drivers/base/dd.c:561
[<00000000856556bd>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745
[<00000000789974b2>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:851
[<000000003b6b23b1>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<00000000d916cd73>] __device_attach+0x122/0x250 drivers/base/dd.c:919
[<000000000aa7621e>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<00000000c2fd5fd8>] device_add+0x5be/0xc30 drivers/base/core.c:3091
[<00000000d7a5749a>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<00000000197a0613>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
BUG: memory leak
unreferenced object 0xffff88810ecc2540 (size 192):
comm "kworker/1:1", pid 35, jiffies 4294942461 (age 18.010s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 58 25 cc 0e 81 88 ff ff ........X%......
backtrace:
[<000000005aecb941>] kmalloc include/linux/slab.h:557 [inline]
[<000000005aecb941>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
[<000000007c4331ea>] r8712_os_recvbuf_resource_alloc+0x1b/0x80 drivers/staging/rtl8712/recv_linux.c:46
[<0000000026fac6b7>] r8712_init_recv_priv+0x96/0x210 drivers/staging/rtl8712/rtl8712_recv.c:54
[<000000004dbac0de>] _r8712_init_recv_priv+0x134/0x150 drivers/staging/rtl8712/rtl871x_recv.c:78
[<000000009f37c02e>] r8712_init_drv_sw+0xa0/0x1d0 drivers/staging/rtl8712/os_intfs.c:312
[<00000000439d06d7>] r871xu_drv_init.cold+0x104/0x7d1 drivers/staging/rtl8712/usb_intf.c:391
[<00000000a5c43c27>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<00000000106f93f1>] really_probe+0x159/0x480 drivers/base/dd.c:561
[<00000000856556bd>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745
[<00000000789974b2>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:851
[<000000003b6b23b1>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<00000000d916cd73>] __device_attach+0x122/0x250 drivers/base/dd.c:919
[<000000000aa7621e>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<00000000c2fd5fd8>] device_add+0x5be/0xc30 drivers/base/core.c:3091
[<00000000d7a5749a>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<00000000197a0613>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 467f8165 Merge tag 'close-range-cloexec-unshare-v5.11' of ..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=142b5745500000
kernel config: https://syzkaller.appspot.com/x/.config?x=37c889fb8b2761af
dashboard link: https://syzkaller.appspot.com/bug?extid=1c46f3771695bccbdb3a
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1265cb37500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1763527b500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1c46f3...@syzkaller.appspotmail.com
executing program
BUG: memory leak
unreferenced object 0xffff88810ecc26c0 (size 192):
comm "kworker/1:1", pid 35, jiffies 4294942461 (age 18.010s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 d8 26 cc 0e 81 88 ff ff .........&......
backtrace:
[<000000005aecb941>] kmalloc include/linux/slab.h:557 [inline]
[<000000005aecb941>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
[<000000007c4331ea>] r8712_os_recvbuf_resource_alloc+0x1b/0x80 drivers/staging/rtl8712/recv_linux.c:46
[<0000000026fac6b7>] r8712_init_recv_priv+0x96/0x210 drivers/staging/rtl8712/rtl8712_recv.c:54
[<000000004dbac0de>] _r8712_init_recv_priv+0x134/0x150 drivers/staging/rtl8712/rtl871x_recv.c:78
[<000000009f37c02e>] r8712_init_drv_sw+0xa0/0x1d0 drivers/staging/rtl8712/os_intfs.c:312
[<00000000439d06d7>] r871xu_drv_init.cold+0x104/0x7d1 drivers/staging/rtl8712/usb_intf.c:391
[<00000000a5c43c27>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<00000000106f93f1>] really_probe+0x159/0x480 drivers/base/dd.c:561
[<00000000856556bd>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745
[<00000000789974b2>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:851
[<000000003b6b23b1>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<00000000d916cd73>] __device_attach+0x122/0x250 drivers/base/dd.c:919
[<000000000aa7621e>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<00000000c2fd5fd8>] device_add+0x5be/0xc30 drivers/base/core.c:3091
[<00000000d7a5749a>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<00000000197a0613>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
BUG: memory leak
unreferenced object 0xffff88810ecc2600 (size 192):
comm "kworker/1:1", pid 35, jiffies 4294942461 (age 18.010s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 18 26 cc 0e 81 88 ff ff .........&......
backtrace:
[<000000005aecb941>] kmalloc include/linux/slab.h:557 [inline]
[<000000005aecb941>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
[<000000007c4331ea>] r8712_os_recvbuf_resource_alloc+0x1b/0x80 drivers/staging/rtl8712/recv_linux.c:46
[<0000000026fac6b7>] r8712_init_recv_priv+0x96/0x210 drivers/staging/rtl8712/rtl8712_recv.c:54
[<000000004dbac0de>] _r8712_init_recv_priv+0x134/0x150 drivers/staging/rtl8712/rtl871x_recv.c:78
[<000000009f37c02e>] r8712_init_drv_sw+0xa0/0x1d0 drivers/staging/rtl8712/os_intfs.c:312
[<00000000439d06d7>] r871xu_drv_init.cold+0x104/0x7d1 drivers/staging/rtl8712/usb_intf.c:391
[<00000000a5c43c27>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<00000000106f93f1>] really_probe+0x159/0x480 drivers/base/dd.c:561
[<00000000856556bd>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745
[<00000000789974b2>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:851
[<000000003b6b23b1>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<00000000d916cd73>] __device_attach+0x122/0x250 drivers/base/dd.c:919
[<000000000aa7621e>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<00000000c2fd5fd8>] device_add+0x5be/0xc30 drivers/base/core.c:3091
[<00000000d7a5749a>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<00000000197a0613>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
BUG: memory leak
unreferenced object 0xffff88810ecc2540 (size 192):
comm "kworker/1:1", pid 35, jiffies 4294942461 (age 18.010s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 58 25 cc 0e 81 88 ff ff ........X%......
backtrace:
[<000000005aecb941>] kmalloc include/linux/slab.h:557 [inline]
[<000000005aecb941>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
[<000000007c4331ea>] r8712_os_recvbuf_resource_alloc+0x1b/0x80 drivers/staging/rtl8712/recv_linux.c:46
[<0000000026fac6b7>] r8712_init_recv_priv+0x96/0x210 drivers/staging/rtl8712/rtl8712_recv.c:54
[<000000004dbac0de>] _r8712_init_recv_priv+0x134/0x150 drivers/staging/rtl8712/rtl871x_recv.c:78
[<000000009f37c02e>] r8712_init_drv_sw+0xa0/0x1d0 drivers/staging/rtl8712/os_intfs.c:312
[<00000000439d06d7>] r871xu_drv_init.cold+0x104/0x7d1 drivers/staging/rtl8712/usb_intf.c:391
[<00000000a5c43c27>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<00000000106f93f1>] really_probe+0x159/0x480 drivers/base/dd.c:561
[<00000000856556bd>] driver_probe_device+0x84/0x100 drivers/base/dd.c:745
[<00000000789974b2>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:851
[<000000003b6b23b1>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<00000000d916cd73>] __device_attach+0x122/0x250 drivers/base/dd.c:919
[<000000000aa7621e>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<00000000c2fd5fd8>] device_add+0x5be/0xc30 drivers/base/core.c:3091
[<00000000d7a5749a>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<00000000197a0613>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
bernard ZHAO
May 6, 2022, 8:49:00 AM5/6/22
to syzkaller-bugs
Hi
For this issue,I understand that the following call sequence causing some memory leaks:
usb_probe_interface
r871xu_drv_init
r8712_init_drv_sw
_r8712_init_recv_priv
r8712_init_recv_priv//void type function
for (i = 0; i < NR_RECVBUFF;
if (r8712_os_recvbuf_resource_alloc(padapter, precvbuf))
r8712_os_recvbuf_resource_alloc
precvbuf->purb = usb_alloc_urb
kmalloc
break;//There may be some memory leak, break directly after r8712_os_recvbuf_resource_alloc exception, and no cleanup operation is performed
if (status)//The exception branches are cleaned up here, and the memory requested by the underlying usb_alloc_urb can be clear, so theoretically, there will be no memory leaks here and up caller functions.
goto dvobj_deinit
r8712_free_drv_sw // this function do the detail cleanup job, and could clean usb_alloc_urb memory.
padapter->dvobj_deinit(padapter)
free_netdev(pnetdev)
usb_put_dev(udev)
usb_set_intfdata(pusb_intf, NULL)
But from the issue log I can't find any evidence that the code ran into break branch, is there any way to verify my confusion, any suggestions for verification are welcome, thank you!
For this issue,I understand that the following call sequence causing some memory leaks:
usb_probe_interface
r871xu_drv_init
r8712_init_drv_sw
_r8712_init_recv_priv
r8712_init_recv_priv//void type function
for (i = 0; i < NR_RECVBUFF;
if (r8712_os_recvbuf_resource_alloc(padapter, precvbuf))
r8712_os_recvbuf_resource_alloc
precvbuf->purb = usb_alloc_urb
kmalloc
break;//There may be some memory leak, break directly after r8712_os_recvbuf_resource_alloc exception, and no cleanup operation is performed
if (status)//The exception branches are cleaned up here, and the memory requested by the underlying usb_alloc_urb can be clear, so theoretically, there will be no memory leaks here and up caller functions.
goto dvobj_deinit
r8712_free_drv_sw // this function do the detail cleanup job, and could clean usb_alloc_urb memory.
padapter->dvobj_deinit(padapter)
free_netdev(pnetdev)
usb_put_dev(udev)
usb_set_intfdata(pusb_intf, NULL)
But from the issue log I can't find any evidence that the code ran into break branch, is there any way to verify my confusion, any suggestions for verification are welcome, thank you!
BR//Bernard
syzbot
May 10, 2022, 10:36:09 PM5/10/22
to syzkall...@googlegroups.com, zhaojun...@126.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in r8712_init_recv_priv
BUG: memory leak
unreferenced object 0xffff888113b5e540 (size 192):
comm "kworker/0:3", pid 3624, jiffies 4294945667 (age 9.400s)
backtrace:
[<00000000d863523d>] usb_alloc_urb+0xa5/0xb0
[<00000000da40da10>] r8712_os_recvbuf_resource_alloc+0x1b/0x80
[<000000006d5f6285>] r8712_init_recv_priv+0x97/0x210
[<000000006262c37d>] _r8712_init_recv_priv+0x134/0x150
[<0000000017cc4645>] r8712_init_drv_sw+0xa0/0x1d0
[<0000000039600cf5>] r871xu_drv_init.cold+0xbb/0x7a7
[<000000004f02f1e8>] usb_probe_interface+0x177/0x370
[<00000000dbbc8cb9>] really_probe.part.0+0xe7/0x310
[<000000007969c3ee>] __driver_probe_device+0x10c/0x1e0
[<00000000d5716348>] driver_probe_device+0x2a/0x120
[<0000000054cafab7>] __device_attach_driver+0xf6/0x140
[<000000007ce5dbab>] bus_for_each_drv+0xb7/0x100
[<000000002555454a>] __device_attach+0x122/0x260
[<0000000050fa8876>] bus_probe_device+0xc6/0xe0
[<00000000c3cff670>] device_add+0x5fb/0xdf0
[<00000000c0fc6b87>] usb_set_configuration+0x8f2/0xb80
BUG: memory leak
unreferenced object 0xffff888113b5e480 (size 192):
comm "kworker/0:3", pid 3624, jiffies 4294945667 (age 9.400s)
backtrace:
[<00000000d863523d>] usb_alloc_urb+0xa5/0xb0
[<00000000da40da10>] r8712_os_recvbuf_resource_alloc+0x1b/0x80
[<000000006d5f6285>] r8712_init_recv_priv+0x97/0x210
[<000000006262c37d>] _r8712_init_recv_priv+0x134/0x150
[<0000000017cc4645>] r8712_init_drv_sw+0xa0/0x1d0
[<0000000039600cf5>] r871xu_drv_init.cold+0xbb/0x7a7
[<000000004f02f1e8>] usb_probe_interface+0x177/0x370
[<00000000dbbc8cb9>] really_probe.part.0+0xe7/0x310
[<000000007969c3ee>] __driver_probe_device+0x10c/0x1e0
[<00000000d5716348>] driver_probe_device+0x2a/0x120
[<0000000054cafab7>] __device_attach_driver+0xf6/0x140
[<000000007ce5dbab>] bus_for_each_drv+0xb7/0x100
[<000000002555454a>] __device_attach+0x122/0x260
[<0000000050fa8876>] bus_probe_device+0xc6/0xe0
[<00000000c3cff670>] device_add+0x5fb/0xdf0
[<00000000c0fc6b87>] usb_set_configuration+0x8f2/0xb80
BUG: memory leak
unreferenced object 0xffff888113b5e3c0 (size 192):
comm "kworker/0:3", pid 3624, jiffies 4294945667 (age 9.400s)
backtrace:
[<00000000d863523d>] usb_alloc_urb+0xa5/0xb0
[<00000000da40da10>] r8712_os_recvbuf_resource_alloc+0x1b/0x80
[<000000006d5f6285>] r8712_init_recv_priv+0x97/0x210
[<000000006262c37d>] _r8712_init_recv_priv+0x134/0x150
[<0000000017cc4645>] r8712_init_drv_sw+0xa0/0x1d0
[<0000000039600cf5>] r871xu_drv_init.cold+0xbb/0x7a7
[<000000004f02f1e8>] usb_probe_interface+0x177/0x370
[<00000000dbbc8cb9>] really_probe.part.0+0xe7/0x310
[<000000007969c3ee>] __driver_probe_device+0x10c/0x1e0
[<00000000d5716348>] driver_probe_device+0x2a/0x120
[<0000000054cafab7>] __device_attach_driver+0xf6/0x140
[<000000007ce5dbab>] bus_for_each_drv+0xb7/0x100
[<000000002555454a>] __device_attach+0x122/0x260
[<0000000050fa8876>] bus_probe_device+0xc6/0xe0
[<00000000c3cff670>] device_add+0x5fb/0xdf0
[<00000000c0fc6b87>] usb_set_configuration+0x8f2/0xb80
Tested on:
commit: feb9c5e1 Merge tag 'for_linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10427376f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=628fbdd8471abed6
dashboard link: https://syzkaller.appspot.com/bug?extid=1c46f3771695bccbdb3a
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Note: no patches were applied.
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in r8712_init_recv_priv
BUG: memory leak
unreferenced object 0xffff888113b5e540 (size 192):
comm "kworker/0:3", pid 3624, jiffies 4294945667 (age 9.400s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 58 e5 b5 13 81 88 ff ff ........X.......
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d863523d>] usb_alloc_urb+0xa5/0xb0
[<00000000da40da10>] r8712_os_recvbuf_resource_alloc+0x1b/0x80
[<000000006d5f6285>] r8712_init_recv_priv+0x97/0x210
[<000000006262c37d>] _r8712_init_recv_priv+0x134/0x150
[<0000000017cc4645>] r8712_init_drv_sw+0xa0/0x1d0
[<0000000039600cf5>] r871xu_drv_init.cold+0xbb/0x7a7
[<000000004f02f1e8>] usb_probe_interface+0x177/0x370
[<00000000dbbc8cb9>] really_probe.part.0+0xe7/0x310
[<000000007969c3ee>] __driver_probe_device+0x10c/0x1e0
[<00000000d5716348>] driver_probe_device+0x2a/0x120
[<0000000054cafab7>] __device_attach_driver+0xf6/0x140
[<000000007ce5dbab>] bus_for_each_drv+0xb7/0x100
[<000000002555454a>] __device_attach+0x122/0x260
[<0000000050fa8876>] bus_probe_device+0xc6/0xe0
[<00000000c3cff670>] device_add+0x5fb/0xdf0
[<00000000c0fc6b87>] usb_set_configuration+0x8f2/0xb80
BUG: memory leak
unreferenced object 0xffff888113b5e480 (size 192):
comm "kworker/0:3", pid 3624, jiffies 4294945667 (age 9.400s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 98 e4 b5 13 81 88 ff ff ................
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d863523d>] usb_alloc_urb+0xa5/0xb0
[<00000000da40da10>] r8712_os_recvbuf_resource_alloc+0x1b/0x80
[<000000006d5f6285>] r8712_init_recv_priv+0x97/0x210
[<000000006262c37d>] _r8712_init_recv_priv+0x134/0x150
[<0000000017cc4645>] r8712_init_drv_sw+0xa0/0x1d0
[<0000000039600cf5>] r871xu_drv_init.cold+0xbb/0x7a7
[<000000004f02f1e8>] usb_probe_interface+0x177/0x370
[<00000000dbbc8cb9>] really_probe.part.0+0xe7/0x310
[<000000007969c3ee>] __driver_probe_device+0x10c/0x1e0
[<00000000d5716348>] driver_probe_device+0x2a/0x120
[<0000000054cafab7>] __device_attach_driver+0xf6/0x140
[<000000007ce5dbab>] bus_for_each_drv+0xb7/0x100
[<000000002555454a>] __device_attach+0x122/0x260
[<0000000050fa8876>] bus_probe_device+0xc6/0xe0
[<00000000c3cff670>] device_add+0x5fb/0xdf0
[<00000000c0fc6b87>] usb_set_configuration+0x8f2/0xb80
BUG: memory leak
unreferenced object 0xffff888113b5e3c0 (size 192):
comm "kworker/0:3", pid 3624, jiffies 4294945667 (age 9.400s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 d8 e3 b5 13 81 88 ff ff ................
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d863523d>] usb_alloc_urb+0xa5/0xb0
[<00000000da40da10>] r8712_os_recvbuf_resource_alloc+0x1b/0x80
[<000000006d5f6285>] r8712_init_recv_priv+0x97/0x210
[<000000006262c37d>] _r8712_init_recv_priv+0x134/0x150
[<0000000017cc4645>] r8712_init_drv_sw+0xa0/0x1d0
[<0000000039600cf5>] r871xu_drv_init.cold+0xbb/0x7a7
[<000000004f02f1e8>] usb_probe_interface+0x177/0x370
[<00000000dbbc8cb9>] really_probe.part.0+0xe7/0x310
[<000000007969c3ee>] __driver_probe_device+0x10c/0x1e0
[<00000000d5716348>] driver_probe_device+0x2a/0x120
[<0000000054cafab7>] __device_attach_driver+0xf6/0x140
[<000000007ce5dbab>] bus_for_each_drv+0xb7/0x100
[<000000002555454a>] __device_attach+0x122/0x260
[<0000000050fa8876>] bus_probe_device+0xc6/0xe0
[<00000000c3cff670>] device_add+0x5fb/0xdf0
[<00000000c0fc6b87>] usb_set_configuration+0x8f2/0xb80
Tested on:
commit: feb9c5e1 Merge tag 'for_linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10427376f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=628fbdd8471abed6
dashboard link: https://syzkaller.appspot.com/bug?extid=1c46f3771695bccbdb3a
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Note: no patches were applied.
syzbot
May 10, 2022, 10:43:08 PM5/10/22
to syzkall...@googlegroups.com, zhaojun...@126.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in r8712_init_recv_priv
2022/05/11 02:41:40 executed programs: 1
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in r8712_init_recv_priv
BUG: memory leak
unreferenced object 0xffff8881160fe300 (size 192):
comm "kworker/0:3", pid 3621, jiffies 4294943657 (age 20.380s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 18 e3 0f 16 81 88 ff ff ................
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<0000000099646ce9>] usb_alloc_urb+0xa5/0xb0
[<000000005ffc45a9>] r8712_os_recvbuf_resource_alloc+0x1b/0x80
[<00000000670d9118>] r8712_init_recv_priv+0x97/0x260
[<00000000be8d80b6>] _r8712_init_recv_priv+0x134/0x150
[<00000000b562f377>] r8712_init_drv_sw+0xa0/0x1d0
[<00000000a688229e>] r871xu_drv_init.cold+0xbb/0x7a7
[<00000000431ce473>] usb_probe_interface+0x177/0x370
[<00000000c6429fbc>] really_probe.part.0+0xe7/0x310
[<000000006f0fa2fe>] __driver_probe_device+0x10c/0x1e0
[<00000000917106ce>] driver_probe_device+0x2a/0x120
[<00000000f7011b51>] __device_attach_driver+0xf6/0x140
[<00000000f25343a0>] bus_for_each_drv+0xb7/0x100
[<000000000eab3c05>] __device_attach+0x122/0x260
[<00000000d8af68e9>] bus_probe_device+0xc6/0xe0
[<000000002b47aa14>] device_add+0x5fb/0xdf0
[<0000000006979118>] usb_set_configuration+0x8f2/0xb80
BUG: memory leak
unreferenced object 0xffff8881160fe240 (size 192):
comm "kworker/0:3", pid 3621, jiffies 4294943657 (age 20.380s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 58 e2 0f 16 81 88 ff ff ........X.......
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<0000000099646ce9>] usb_alloc_urb+0xa5/0xb0
[<000000005ffc45a9>] r8712_os_recvbuf_resource_alloc+0x1b/0x80
[<00000000670d9118>] r8712_init_recv_priv+0x97/0x260
[<00000000be8d80b6>] _r8712_init_recv_priv+0x134/0x150
[<00000000b562f377>] r8712_init_drv_sw+0xa0/0x1d0
[<00000000a688229e>] r871xu_drv_init.cold+0xbb/0x7a7
[<00000000431ce473>] usb_probe_interface+0x177/0x370
[<00000000c6429fbc>] really_probe.part.0+0xe7/0x310
[<000000006f0fa2fe>] __driver_probe_device+0x10c/0x1e0
[<00000000917106ce>] driver_probe_device+0x2a/0x120
[<00000000f7011b51>] __device_attach_driver+0xf6/0x140
[<00000000f25343a0>] bus_for_each_drv+0xb7/0x100
[<000000000eab3c05>] __device_attach+0x122/0x260
[<00000000d8af68e9>] bus_probe_device+0xc6/0xe0
[<000000002b47aa14>] device_add+0x5fb/0xdf0
[<0000000006979118>] usb_set_configuration+0x8f2/0xb80
BUG: memory leak
unreferenced object 0xffff8881160fe180 (size 192):
comm "kworker/0:3", pid 3621, jiffies 4294943657 (age 20.380s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 98 e1 0f 16 81 88 ff ff ................
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<0000000099646ce9>] usb_alloc_urb+0xa5/0xb0
[<000000005ffc45a9>] r8712_os_recvbuf_resource_alloc+0x1b/0x80
[<00000000670d9118>] r8712_init_recv_priv+0x97/0x260
[<00000000be8d80b6>] _r8712_init_recv_priv+0x134/0x150
[<00000000b562f377>] r8712_init_drv_sw+0xa0/0x1d0
[<00000000a688229e>] r871xu_drv_init.cold+0xbb/0x7a7
[<00000000431ce473>] usb_probe_interface+0x177/0x370
[<00000000c6429fbc>] really_probe.part.0+0xe7/0x310
[<000000006f0fa2fe>] __driver_probe_device+0x10c/0x1e0
[<00000000917106ce>] driver_probe_device+0x2a/0x120
[<00000000f7011b51>] __device_attach_driver+0xf6/0x140
[<00000000f25343a0>] bus_for_each_drv+0xb7/0x100
[<000000000eab3c05>] __device_attach+0x122/0x260
[<00000000d8af68e9>] bus_probe_device+0xc6/0xe0
[<000000002b47aa14>] device_add+0x5fb/0xdf0
[<0000000006979118>] usb_set_configuration+0x8f2/0xb80
console output: https://syzkaller.appspot.com/x/log.txt?x=121cd6c6f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=628fbdd8471abed6
dashboard link: https://syzkaller.appspot.com/bug?extid=1c46f3771695bccbdb3a
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1368f0f1f00000
dashboard link: https://syzkaller.appspot.com/bug?extid=1c46f3771695bccbdb3a
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syzbot
May 10, 2022, 11:48:10 PM5/10/22
to syzkall...@googlegroups.com, zhaojun...@126.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
drivers/staging/rtl8712/rtl8712_recv.c:67:3: error: implicit declaration of function 'kmemleak_not_leak' [-Werror=implicit-function-declaration]
syzbot tried to test the proposed patch but the build/boot failed:
drivers/staging/rtl8712/rtl8712_recv.c:67:3: error: implicit declaration of function 'kmemleak_not_leak' [-Werror=implicit-function-declaration]
dashboard link: https://syzkaller.appspot.com/bug?extid=1c46f3771695bccbdb3a
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=15b322f1f00000
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syzbot
May 11, 2022, 5:41:15 AM5/11/22
to syzkall...@googlegroups.com, zhaojun...@126.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+1c46f3...@syzkaller.appspotmail.com
kernel config: https://syzkaller.appspot.com/x/.config?x=628fbdd8471abed6
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+1c46f3...@syzkaller.appspotmail.com
kernel config: https://syzkaller.appspot.com/x/.config?x=628fbdd8471abed6
dashboard link: https://syzkaller.appspot.com/bug?extid=1c46f3771695bccbdb3a
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=122eca69f00000
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Note: testing is done by a robot and is best-effort only.
Reply all
Reply to author
Forward
0 new messages