[syzbot] memory leak in __mdiobus_register
15 views
Skip to first unread message
syzbot
Sep 25, 2021, 9:28:23āÆPM9/25/21
to gre...@linuxfoundation.org, linux-...@vger.kernel.org, raf...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d9fb678414c0 Merge tag 'afs-fixes-20210913' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=131c754b300000
kernel config: https://syzkaller.appspot.com/x/.config?x=f0de362a1f17687e
dashboard link: https://syzkaller.appspot.com/bug?extid=398e7dc692ddbbb4cfec
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=145650d1300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=105ccde7300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+398e7d...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888114032e00 (size 256):
comm "kworker/1:3", pid 2960, jiffies 4294943572 (age 15.920s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 08 2e 03 14 81 88 ff ff ................
08 2e 03 14 81 88 ff ff 90 76 65 82 ff ff ff ff .........ve.....
backtrace:
[<ffffffff8265cfab>] kmalloc include/linux/slab.h:591 [inline]
[<ffffffff8265cfab>] kzalloc include/linux/slab.h:721 [inline]
[<ffffffff8265cfab>] device_private_init drivers/base/core.c:3203 [inline]
[<ffffffff8265cfab>] device_add+0x89b/0xdf0 drivers/base/core.c:3253
[<ffffffff828dd643>] __mdiobus_register+0xc3/0x450 drivers/net/phy/mdio_bus.c:537
[<ffffffff828cb835>] __devm_mdiobus_register+0x75/0xf0 drivers/net/phy/mdio_devres.c:87
[<ffffffff82b92a00>] ax88772_init_mdio drivers/net/usb/asix_devices.c:676 [inline]
[<ffffffff82b92a00>] ax88772_bind+0x330/0x480 drivers/net/usb/asix_devices.c:786
[<ffffffff82baa33f>] usbnet_probe+0x3ff/0xdf0 drivers/net/usb/usbnet.c:1745
[<ffffffff82c36e17>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82661d17>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82661d17>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff826620bc>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff826620bc>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff826621ba>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82662a26>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff8265eca7>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff826625a2>] __device_attach+0x122/0x260 drivers/base/dd.c:969
[<ffffffff82660916>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487
[<ffffffff8265cd0b>] device_add+0x5fb/0xdf0 drivers/base/core.c:3359
[<ffffffff82c343b9>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2170
[<ffffffff82c4473c>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
BUG: memory leak
unreferenced object 0xffff888116f06900 (size 32):
comm "kworker/0:2", pid 2670, jiffies 4294944448 (age 7.160s)
hex dump (first 32 bytes):
75 73 62 2d 30 30 31 3a 30 30 33 00 00 00 00 00 usb-001:003.....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff81484516>] kstrdup+0x36/0x70 mm/util.c:60
[<ffffffff814845a3>] kstrdup_const+0x53/0x80 mm/util.c:83
[<ffffffff82296ba2>] kvasprintf_const+0xc2/0x110 lib/kasprintf.c:48
[<ffffffff82358d4b>] kobject_set_name_vargs+0x3b/0xe0 lib/kobject.c:289
[<ffffffff826575f3>] dev_set_name+0x63/0x90 drivers/base/core.c:3147
[<ffffffff828dd63b>] __mdiobus_register+0xbb/0x450 drivers/net/phy/mdio_bus.c:535
[<ffffffff828cb835>] __devm_mdiobus_register+0x75/0xf0 drivers/net/phy/mdio_devres.c:87
[<ffffffff82b92a00>] ax88772_init_mdio drivers/net/usb/asix_devices.c:676 [inline]
[<ffffffff82b92a00>] ax88772_bind+0x330/0x480 drivers/net/usb/asix_devices.c:786
[<ffffffff82baa33f>] usbnet_probe+0x3ff/0xdf0 drivers/net/usb/usbnet.c:1745
[<ffffffff82c36e17>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82661d17>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82661d17>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff826620bc>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff826620bc>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff826621ba>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82662a26>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff8265eca7>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff826625a2>] __device_attach+0x122/0x260 drivers/base/dd.c:969
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: d9fb678414c0 Merge tag 'afs-fixes-20210913' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=131c754b300000
kernel config: https://syzkaller.appspot.com/x/.config?x=f0de362a1f17687e
dashboard link: https://syzkaller.appspot.com/bug?extid=398e7dc692ddbbb4cfec
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=145650d1300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=105ccde7300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+398e7d...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888114032e00 (size 256):
comm "kworker/1:3", pid 2960, jiffies 4294943572 (age 15.920s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 08 2e 03 14 81 88 ff ff ................
08 2e 03 14 81 88 ff ff 90 76 65 82 ff ff ff ff .........ve.....
backtrace:
[<ffffffff8265cfab>] kmalloc include/linux/slab.h:591 [inline]
[<ffffffff8265cfab>] kzalloc include/linux/slab.h:721 [inline]
[<ffffffff8265cfab>] device_private_init drivers/base/core.c:3203 [inline]
[<ffffffff8265cfab>] device_add+0x89b/0xdf0 drivers/base/core.c:3253
[<ffffffff828dd643>] __mdiobus_register+0xc3/0x450 drivers/net/phy/mdio_bus.c:537
[<ffffffff828cb835>] __devm_mdiobus_register+0x75/0xf0 drivers/net/phy/mdio_devres.c:87
[<ffffffff82b92a00>] ax88772_init_mdio drivers/net/usb/asix_devices.c:676 [inline]
[<ffffffff82b92a00>] ax88772_bind+0x330/0x480 drivers/net/usb/asix_devices.c:786
[<ffffffff82baa33f>] usbnet_probe+0x3ff/0xdf0 drivers/net/usb/usbnet.c:1745
[<ffffffff82c36e17>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82661d17>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82661d17>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff826620bc>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff826620bc>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff826621ba>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82662a26>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff8265eca7>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff826625a2>] __device_attach+0x122/0x260 drivers/base/dd.c:969
[<ffffffff82660916>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487
[<ffffffff8265cd0b>] device_add+0x5fb/0xdf0 drivers/base/core.c:3359
[<ffffffff82c343b9>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2170
[<ffffffff82c4473c>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
BUG: memory leak
unreferenced object 0xffff888116f06900 (size 32):
comm "kworker/0:2", pid 2670, jiffies 4294944448 (age 7.160s)
hex dump (first 32 bytes):
75 73 62 2d 30 30 31 3a 30 30 33 00 00 00 00 00 usb-001:003.....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff81484516>] kstrdup+0x36/0x70 mm/util.c:60
[<ffffffff814845a3>] kstrdup_const+0x53/0x80 mm/util.c:83
[<ffffffff82296ba2>] kvasprintf_const+0xc2/0x110 lib/kasprintf.c:48
[<ffffffff82358d4b>] kobject_set_name_vargs+0x3b/0xe0 lib/kobject.c:289
[<ffffffff826575f3>] dev_set_name+0x63/0x90 drivers/base/core.c:3147
[<ffffffff828dd63b>] __mdiobus_register+0xbb/0x450 drivers/net/phy/mdio_bus.c:535
[<ffffffff828cb835>] __devm_mdiobus_register+0x75/0xf0 drivers/net/phy/mdio_devres.c:87
[<ffffffff82b92a00>] ax88772_init_mdio drivers/net/usb/asix_devices.c:676 [inline]
[<ffffffff82b92a00>] ax88772_bind+0x330/0x480 drivers/net/usb/asix_devices.c:786
[<ffffffff82baa33f>] usbnet_probe+0x3ff/0xdf0 drivers/net/usb/usbnet.c:1745
[<ffffffff82c36e17>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82661d17>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82661d17>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff826620bc>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff826620bc>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff826621ba>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82662a26>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff8265eca7>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff826625a2>] __device_attach+0x122/0x260 drivers/base/dd.c:969
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Pavel Skripkin
Sep 26, 2021, 7:27:36āÆPM9/26/21
to syzbot, gre...@linuxfoundation.org, linux-...@vger.kernel.org, raf...@kernel.org, syzkall...@googlegroups.com
On 9/26/21 04:28, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: d9fb678414c0 Merge tag 'afs-fixes-20210913' of git://git.k..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=131c754b300000
> kernel config: https://syzkaller.appspot.com/x/.config?x=f0de362a1f17687e
> dashboard link: https://syzkaller.appspot.com/bug?extid=398e7dc692ddbbb4cfec
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=145650d1300000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=105ccde7300000
>
Looks like MDIOBUS_ALLOCATED indicated 2 states:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: d9fb678414c0 Merge tag 'afs-fixes-20210913' of git://git.k..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=131c754b300000
> kernel config: https://syzkaller.appspot.com/x/.config?x=f0de362a1f17687e
> dashboard link: https://syzkaller.appspot.com/bug?extid=398e7dc692ddbbb4cfec
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=145650d1300000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=105ccde7300000
>
1. Bus is only allocated
2. Bus allocated and __mdiobus_register() fails, but
device_register() was called
These 2 cases should be handled separately, i.e. we need to call
put_device() if device_register() was called.
To handle this situation we can add new state MDIOBUS_DEV_REGISTERED and
handle it properly
Just for thoughts and syzbot testing
#syz test
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
With regards,
Pavel Skripkin
syzbot
Sep 26, 2021, 7:44:06āÆPM9/26/21
to gre...@linuxfoundation.org, linux-...@vger.kernel.org, paskr...@gmail.com, raf...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+398e7d...@syzkaller.appspotmail.com
Tested on:
commit: 5816b3e6 Linux 5.15-rc3
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=41799858eb55f380
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+398e7d...@syzkaller.appspotmail.com
Tested on:
commit: 5816b3e6 Linux 5.15-rc3
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=41799858eb55f380
dashboard link: https://syzkaller.appspot.com/bug?extid=398e7dc692ddbbb4cfec
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1147b840b00000
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Note: testing is done by a robot and is best-effort only.
Dongliang Mu
Sep 28, 2021, 3:43:02āÆAM9/28/21
to syzbot, Greg KH, linux-kernel, Pavel Skripkin, raf...@kernel.org, syzkaller-bugs
Confirm the patch you posted [1] is the real fix of this bug report.
I tested the patch from Yanfei Xu [2] in my local workspace, and the
memory leak is still triggered. In addition, I have pushed a patch
request for that patch. The result would prove that patch is not
working for this bug.
BTW, there occur incorrect fix commits on the syzbot dashboard
sometimes. Maybe it should be cleaned in the future.
[1] https://lkml.org/lkml/2021/9/27/289
[2] https://www.spinics.net/lists/kernel/msg4089781.html
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000005252e105ccee8e1b%40google.com.
Pavel Skripkin
Sep 28, 2021, 4:15:28āÆAM9/28/21
to Dongliang Mu, syzbot, Greg KH, linux-kernel, raf...@kernel.org, syzkaller-bugs
On 9/28/21 10:42, Dongliang Mu wrote:
> On Mon, Sep 27, 2021 at 7:44 AM syzbot
> <syzbot+398e7d...@syzkaller.appspotmail.com> wrote:
>>
>> Hello,
>>
>> syzbot has tested the proposed patch and the reproducer did not trigger any issue:
>>
>> Reported-and-tested-by: syzbot+398e7d...@syzkaller.appspotmail.com
>>
>> Tested on:
>>
>> commit: 5816b3e6 Linux 5.15-rc3
>> git tree: upstream
>> kernel config: https://syzkaller.appspot.com/x/.config?x=41799858eb55f380
>> dashboard link: https://syzkaller.appspot.com/bug?extid=398e7dc692ddbbb4cfec
>> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
>> patch: https://syzkaller.appspot.com/x/patch.diff?x=1147b840b00000
>>
>> Note: testing is done by a robot and is best-effort only.
>
> Hi Pavel,
>
> Confirm the patch you posted [1] is the real fix of this bug report.
>
> I tested the patch from Yanfei Xu [2] in my local workspace, and the
> memory leak is still triggered. In addition, I have pushed a patch
> request for that patch. The result would prove that patch is not
> working for this bug.
>
> BTW, there occur incorrect fix commits on the syzbot dashboard
> sometimes. Maybe it should be cleaned in the future.
>
Hi, Dongliang,
> On Mon, Sep 27, 2021 at 7:44 AM syzbot
> <syzbot+398e7d...@syzkaller.appspotmail.com> wrote:
>>
>> Hello,
>>
>> syzbot has tested the proposed patch and the reproducer did not trigger any issue:
>>
>> Reported-and-tested-by: syzbot+398e7d...@syzkaller.appspotmail.com
>>
>> Tested on:
>>
>> commit: 5816b3e6 Linux 5.15-rc3
>> git tree: upstream
>> kernel config: https://syzkaller.appspot.com/x/.config?x=41799858eb55f380
>> dashboard link: https://syzkaller.appspot.com/bug?extid=398e7dc692ddbbb4cfec
>> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
>> patch: https://syzkaller.appspot.com/x/patch.diff?x=1147b840b00000
>>
>> Note: testing is done by a robot and is best-effort only.
>
> Hi Pavel,
>
> Confirm the patch you posted [1] is the real fix of this bug report.
>
> I tested the patch from Yanfei Xu [2] in my local workspace, and the
> memory leak is still triggered. In addition, I have pushed a patch
> request for that patch. The result would prove that patch is not
> working for this bug.
>
> BTW, there occur incorrect fix commits on the syzbot dashboard
> sometimes. Maybe it should be cleaned in the future.
>
thank you for confirmation. As I said in reply to [1] Yanfei's patch is
also correct, but it solves other memory leak in same function.
AFAIU, if my patch will be applied too there will be 2 fix patches on
syzkaller bug report page, so no need to remove Yanfei's patch from bug
report page :)
> [1] https://lkml.org/lkml/2021/9/27/289
> [2] https://www.spinics.net/lists/kernel/msg4089781.html
>
Pavel Skripkin
syzbot
Sep 28, 2021, 9:33:11āÆAM9/28/21
to mudongl...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in kobject_set_name_vargs
BUG: memory leak
unreferenced object 0xffff88812b283d40 (size 32):
comm "kworker/1:7", pid 9710, jiffies 4294944644 (age 14.810s)
[<ffffffff823593bb>] kobject_set_name_vargs+0x3b/0xe0 lib/kobject.c:289
[<ffffffff82657c63>] dev_set_name+0x63/0x90 drivers/base/core.c:3147
[<ffffffff828dddbb>] __mdiobus_register+0xbb/0x450 drivers/net/phy/mdio_bus.c:535
[<ffffffff828cbfb5>] __devm_mdiobus_register+0x75/0xf0 drivers/net/phy/mdio_devres.c:87
[<ffffffff82b93230>] ax88772_init_mdio drivers/net/usb/asix_devices.c:676 [inline]
[<ffffffff82b93230>] ax88772_bind+0x330/0x480 drivers/net/usb/asix_devices.c:786
[<ffffffff82baab6f>] usbnet_probe+0x3ff/0xdf0 drivers/net/usb/usbnet.c:1745
[<ffffffff82c37637>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82662387>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82662387>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8266272c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8266272c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff8266282a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82663096>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff8265f317>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff82662c12>] __device_attach+0x122/0x260 drivers/base/dd.c:969
BUG: memory leak
unreferenced object 0xffff88812b3f3100 (size 256):
comm "kworker/1:7", pid 9710, jiffies 4294944644 (age 14.810s)
08 31 3f 2b 81 88 ff ff 00 7d 65 82 ff ff ff ff .1?+.....}e.....
backtrace:
[<ffffffff8265d61b>] kmalloc include/linux/slab.h:591 [inline]
[<ffffffff8265d61b>] kzalloc include/linux/slab.h:721 [inline]
[<ffffffff8265d61b>] device_private_init drivers/base/core.c:3203 [inline]
[<ffffffff8265d61b>] device_add+0x89b/0xdf0 drivers/base/core.c:3253
[<ffffffff828dddc3>] __mdiobus_register+0xc3/0x450 drivers/net/phy/mdio_bus.c:537
[<ffffffff828cbfb5>] __devm_mdiobus_register+0x75/0xf0 drivers/net/phy/mdio_devres.c:87
[<ffffffff82b93230>] ax88772_init_mdio drivers/net/usb/asix_devices.c:676 [inline]
[<ffffffff82b93230>] ax88772_bind+0x330/0x480 drivers/net/usb/asix_devices.c:786
[<ffffffff82baab6f>] usbnet_probe+0x3ff/0xdf0 drivers/net/usb/usbnet.c:1745
[<ffffffff82c37637>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82662387>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82662387>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8266272c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8266272c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff8266282a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82663096>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff8265f317>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff82662c12>] __device_attach+0x122/0x260 drivers/base/dd.c:969
[<ffffffff82660f86>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487
[<ffffffff8265d37b>] device_add+0x5fb/0xdf0 drivers/base/core.c:3359
[<ffffffff82c34bd9>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2170
[<ffffffff82c44f5c>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
BUG: memory leak
unreferenced object 0xffff88812c36f2c0 (size 32):
comm "kworker/0:0", pid 5, jiffies 4294944704 (age 14.210s)
[<ffffffff823593bb>] kobject_set_name_vargs+0x3b/0xe0 lib/kobject.c:289
[<ffffffff82657c63>] dev_set_name+0x63/0x90 drivers/base/core.c:3147
[<ffffffff828dddbb>] __mdiobus_register+0xbb/0x450 drivers/net/phy/mdio_bus.c:535
[<ffffffff828cbfb5>] __devm_mdiobus_register+0x75/0xf0 drivers/net/phy/mdio_devres.c:87
[<ffffffff82b93230>] ax88772_init_mdio drivers/net/usb/asix_devices.c:676 [inline]
[<ffffffff82b93230>] ax88772_bind+0x330/0x480 drivers/net/usb/asix_devices.c:786
[<ffffffff82baab6f>] usbnet_probe+0x3ff/0xdf0 drivers/net/usb/usbnet.c:1745
[<ffffffff82c37637>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82662387>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82662387>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8266272c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8266272c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff8266282a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82663096>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff8265f317>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff82662c12>] __device_attach+0x122/0x260 drivers/base/dd.c:969
Tested on:
commit: 0513e464 Merge tag 'perf-tools-fixes-for-v5.15-2021-09..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13d62140b00000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in kobject_set_name_vargs
BUG: memory leak
unreferenced object 0xffff88812b283d40 (size 32):
comm "kworker/1:7", pid 9710, jiffies 4294944644 (age 14.810s)
hex dump (first 32 bytes):
75 73 62 2d 30 30 31 3a 30 30 32 00 00 00 00 00 usb-001:002.....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff81484516>] kstrdup+0x36/0x70 mm/util.c:60
[<ffffffff814845a3>] kstrdup_const+0x53/0x80 mm/util.c:83
[<ffffffff82297212>] kvasprintf_const+0xc2/0x110 lib/kasprintf.c:48
backtrace:
[<ffffffff81484516>] kstrdup+0x36/0x70 mm/util.c:60
[<ffffffff814845a3>] kstrdup_const+0x53/0x80 mm/util.c:83
[<ffffffff823593bb>] kobject_set_name_vargs+0x3b/0xe0 lib/kobject.c:289
[<ffffffff82657c63>] dev_set_name+0x63/0x90 drivers/base/core.c:3147
[<ffffffff828dddbb>] __mdiobus_register+0xbb/0x450 drivers/net/phy/mdio_bus.c:535
[<ffffffff828cbfb5>] __devm_mdiobus_register+0x75/0xf0 drivers/net/phy/mdio_devres.c:87
[<ffffffff82b93230>] ax88772_init_mdio drivers/net/usb/asix_devices.c:676 [inline]
[<ffffffff82b93230>] ax88772_bind+0x330/0x480 drivers/net/usb/asix_devices.c:786
[<ffffffff82baab6f>] usbnet_probe+0x3ff/0xdf0 drivers/net/usb/usbnet.c:1745
[<ffffffff82c37637>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82662387>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82662387>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8266272c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8266272c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff8266282a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82663096>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff8265f317>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff82662c12>] __device_attach+0x122/0x260 drivers/base/dd.c:969
BUG: memory leak
unreferenced object 0xffff88812b3f3100 (size 256):
comm "kworker/1:7", pid 9710, jiffies 4294944644 (age 14.810s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 08 31 3f 2b 81 88 ff ff .........1?+....
08 31 3f 2b 81 88 ff ff 00 7d 65 82 ff ff ff ff .1?+.....}e.....
backtrace:
[<ffffffff8265d61b>] kmalloc include/linux/slab.h:591 [inline]
[<ffffffff8265d61b>] kzalloc include/linux/slab.h:721 [inline]
[<ffffffff8265d61b>] device_private_init drivers/base/core.c:3203 [inline]
[<ffffffff8265d61b>] device_add+0x89b/0xdf0 drivers/base/core.c:3253
[<ffffffff828dddc3>] __mdiobus_register+0xc3/0x450 drivers/net/phy/mdio_bus.c:537
[<ffffffff828cbfb5>] __devm_mdiobus_register+0x75/0xf0 drivers/net/phy/mdio_devres.c:87
[<ffffffff82b93230>] ax88772_init_mdio drivers/net/usb/asix_devices.c:676 [inline]
[<ffffffff82b93230>] ax88772_bind+0x330/0x480 drivers/net/usb/asix_devices.c:786
[<ffffffff82baab6f>] usbnet_probe+0x3ff/0xdf0 drivers/net/usb/usbnet.c:1745
[<ffffffff82c37637>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82662387>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82662387>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8266272c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8266272c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff8266282a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82663096>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff8265f317>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff82662c12>] __device_attach+0x122/0x260 drivers/base/dd.c:969
[<ffffffff82660f86>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487
[<ffffffff8265d37b>] device_add+0x5fb/0xdf0 drivers/base/core.c:3359
[<ffffffff82c34bd9>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2170
[<ffffffff82c44f5c>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
BUG: memory leak
unreferenced object 0xffff88812c36f2c0 (size 32):
comm "kworker/0:0", pid 5, jiffies 4294944704 (age 14.210s)
hex dump (first 32 bytes):
75 73 62 2d 30 30 38 3a 30 30 32 00 00 00 00 00 usb-008:002.....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff81484516>] kstrdup+0x36/0x70 mm/util.c:60
[<ffffffff814845a3>] kstrdup_const+0x53/0x80 mm/util.c:83
[<ffffffff82297212>] kvasprintf_const+0xc2/0x110 lib/kasprintf.c:48
backtrace:
[<ffffffff81484516>] kstrdup+0x36/0x70 mm/util.c:60
[<ffffffff814845a3>] kstrdup_const+0x53/0x80 mm/util.c:83
[<ffffffff823593bb>] kobject_set_name_vargs+0x3b/0xe0 lib/kobject.c:289
[<ffffffff82657c63>] dev_set_name+0x63/0x90 drivers/base/core.c:3147
[<ffffffff828dddbb>] __mdiobus_register+0xbb/0x450 drivers/net/phy/mdio_bus.c:535
[<ffffffff828cbfb5>] __devm_mdiobus_register+0x75/0xf0 drivers/net/phy/mdio_devres.c:87
[<ffffffff82b93230>] ax88772_init_mdio drivers/net/usb/asix_devices.c:676 [inline]
[<ffffffff82b93230>] ax88772_bind+0x330/0x480 drivers/net/usb/asix_devices.c:786
[<ffffffff82baab6f>] usbnet_probe+0x3ff/0xdf0 drivers/net/usb/usbnet.c:1745
[<ffffffff82c37637>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82662387>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82662387>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8266272c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8266272c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:751
[<ffffffff8266282a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:781
[<ffffffff82663096>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:898
[<ffffffff8265f317>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff82662c12>] __device_attach+0x122/0x260 drivers/base/dd.c:969
Tested on:
commit: 0513e464 Merge tag 'perf-tools-fixes-for-v5.15-2021-09..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13d62140b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=41799858eb55f380
dashboard link: https://syzkaller.appspot.com/bug?extid=398e7dc692ddbbb4cfec
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=15c8726b300000
dashboard link: https://syzkaller.appspot.com/bug?extid=398e7dc692ddbbb4cfec
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Dongliang Mu
Sep 28, 2021, 11:41:10āÆAM9/28/21
to Pavel Skripkin, syzbot, Greg KH, linux-kernel, raf...@kernel.org, syzkaller-bugs
> AFAIU, if my patch will be applied too there will be 2 fix patches on
> syzkaller bug report page, so no need to remove Yanfei's patch from bug
> report page :)
also working in the bug report. The patch testing request already
shows the same memory leak still triggers. Really confused.
Reply all
Reply to author
Forward
0 new messages