[syzbot] [usb?] memory leak in hub_event (4)
0 views
Skip to first unread message
syzbot
Apr 24, 2026, 10:12:44 PM (13 hours ago) Apr 24
to gre...@linuxfoundation.org, linux-...@vger.kernel.org, linu...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: dd6c438c3e64 Merge tag 'vfs-7.1-rc1.fixes' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15cf7702580000
kernel config: https://syzkaller.appspot.com/x/.config?x=ac5083db84233db3
dashboard link: https://syzkaller.appspot.com/bug?extid=2afd7e71155c7e241560
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13cf7702580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17941c36580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/dea6ab846ab3/disk-dd6c438c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/acebe380aa03/vmlinux-dd6c438c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2cdbd012d0d3/bzImage-dd6c438c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2afd7e...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff8881277dc000 (size 2048):
comm "kworker/0:2", pid 1783, jiffies 4294946784
hex dump (first 32 bytes):
ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1...........
00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 ................
backtrace (crc 20105372):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_alloc_dev+0x36/0x4e0 drivers/usb/core/usb.c:651
hub_port_connect drivers/usb/core/hub.c:5470 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x14d0/0x2180 drivers/usb/core/hub.c:5953
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
unreferenced object 0xffff888128b06c00 (size 1024):
comm "kworker/0:2", pid 1783, jiffies 4294946815
hex dump (first 32 bytes):
09 02 49 00 02 01 00 10 40 00 00 00 00 00 00 00 ..I.....@.......
00 00 00 00 00 00 00 00 89 b8 69 09 81 88 ff ff ..........i.....
backtrace (crc b43c3ef8):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_get_configuration+0xeb/0x2110 drivers/usb/core/config.c:940
usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
unreferenced object 0xffff88810c3d5a50 (size 8):
comm "kworker/0:2", pid 1783, jiffies 4294946815
hex dump (first 8 bytes):
80 b8 69 09 81 88 ff ff ..i.....
backtrace (crc 66af3167):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_get_configuration+0x11d/0x2110 drivers/usb/core/config.c:945
usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
unreferenced object 0xffff888113c25840 (size 64):
comm "kworker/0:2", pid 1783, jiffies 4294946817
hex dump (first 32 bytes):
01 00 00 00 01 00 00 00 09 04 00 00 00 01 01 30 ...............0
00 00 00 00 0a 00 00 00 9a b8 69 09 81 88 ff ff ..........i.....
backtrace (crc a90fa323):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_parse_configuration drivers/usb/core/config.c:826 [inline]
usb_get_configuration+0x88f/0x2110 drivers/usb/core/config.c:1002
usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
unreferenced object 0xffff88811d54a500 (size 256):
comm "kworker/0:2", pid 1783, jiffies 4294946821
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 08 a5 54 1d 81 88 ff ff ..........T.....
08 a5 54 1d 81 88 ff ff 20 e7 41 83 ff ff ff ff ..T..... .A.....
backtrace (crc 85d09f91):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
device_private_init drivers/base/core.c:3536 [inline]
device_add+0x73c/0xc70 drivers/base/core.c:3587
usb_new_device.cold+0x115/0x626 drivers/usb/core/hub.c:2695
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: dd6c438c3e64 Merge tag 'vfs-7.1-rc1.fixes' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15cf7702580000
kernel config: https://syzkaller.appspot.com/x/.config?x=ac5083db84233db3
dashboard link: https://syzkaller.appspot.com/bug?extid=2afd7e71155c7e241560
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13cf7702580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17941c36580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/dea6ab846ab3/disk-dd6c438c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/acebe380aa03/vmlinux-dd6c438c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2cdbd012d0d3/bzImage-dd6c438c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2afd7e...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff8881277dc000 (size 2048):
comm "kworker/0:2", pid 1783, jiffies 4294946784
hex dump (first 32 bytes):
ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1...........
00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 ................
backtrace (crc 20105372):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_alloc_dev+0x36/0x4e0 drivers/usb/core/usb.c:651
hub_port_connect drivers/usb/core/hub.c:5470 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x14d0/0x2180 drivers/usb/core/hub.c:5953
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
unreferenced object 0xffff888128b06c00 (size 1024):
comm "kworker/0:2", pid 1783, jiffies 4294946815
hex dump (first 32 bytes):
09 02 49 00 02 01 00 10 40 00 00 00 00 00 00 00 ..I.....@.......
00 00 00 00 00 00 00 00 89 b8 69 09 81 88 ff ff ..........i.....
backtrace (crc b43c3ef8):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_get_configuration+0xeb/0x2110 drivers/usb/core/config.c:940
usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
unreferenced object 0xffff88810c3d5a50 (size 8):
comm "kworker/0:2", pid 1783, jiffies 4294946815
hex dump (first 8 bytes):
80 b8 69 09 81 88 ff ff ..i.....
backtrace (crc 66af3167):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_get_configuration+0x11d/0x2110 drivers/usb/core/config.c:945
usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
unreferenced object 0xffff888113c25840 (size 64):
comm "kworker/0:2", pid 1783, jiffies 4294946817
hex dump (first 32 bytes):
01 00 00 00 01 00 00 00 09 04 00 00 00 01 01 30 ...............0
00 00 00 00 0a 00 00 00 9a b8 69 09 81 88 ff ff ..........i.....
backtrace (crc a90fa323):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_parse_configuration drivers/usb/core/config.c:826 [inline]
usb_get_configuration+0x88f/0x2110 drivers/usb/core/config.c:1002
usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
unreferenced object 0xffff88811d54a500 (size 256):
comm "kworker/0:2", pid 1783, jiffies 4294946821
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 08 a5 54 1d 81 88 ff ff ..........T.....
08 a5 54 1d 81 88 ff ff 20 e7 41 83 ff ff ff ff ..T..... .A.....
backtrace (crc 85d09f91):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
device_private_init drivers/base/core.c:3536 [inline]
device_add+0x73c/0xc70 drivers/base/core.c:3587
usb_new_device.cold+0x115/0x626 drivers/usb/core/hub.c:2695
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5953
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
2:36 AM (8 hours ago) 2:36 AM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] usb: core: fix memory leak in usb_new_device() error path
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
When usb_new_device() fails, it jumps to the 'fail' label which calls
pm_runtime_disable() but never balances the earlier
pm_runtime_get_noresume() call made at the top of the function.
This leaves the PM runtime usage count elevated, preventing
usb_put_dev() in hub_port_connect() from dropping the refcount to zero.
As a result, usb_release_dev() never fires and usb_destroy_configuration()
is never called, leaking all memory allocated during enumeration:
- struct usb_device (2048 bytes) via usb_alloc_dev()
- raw config descriptor (1024 bytes) via usb_get_configuration()
- config metadata ( 8 bytes) via usb_get_configuration()
- interface descriptor ( 64 bytes) via usb_parse_configuration()
- struct device_private ( 256 bytes) via device_private_init()
Fix this by adding pm_runtime_put_noidle() on the fail path to balance
the pm_runtime_get_noresume() at the top of the function.
pm_runtime_put_noidle() is correct here rather than pm_runtime_put()
because we are in a teardown path and must not trigger autosuspend
scheduling.
Reported-by: syzbot+2afd7e...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=2afd7e71155c7e241560
Signed-off-by: Deepanshu kartikey <karti...@gmail.com>
---
drivers/usb/core/hub.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 24960ba9caa9..148fadfbc30b 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -2733,6 +2733,7 @@ int usb_new_device(struct usb_device *udev)
usb_set_device_state(udev, USB_STATE_NOTATTACHED);
pm_runtime_disable(&udev->dev);
pm_runtime_set_suspended(&udev->dev);
+ pm_runtime_put_noidle(&udev->dev);
return err;
}
--
2.43.0
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] usb: core: fix memory leak in usb_new_device() error path
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
When usb_new_device() fails, it jumps to the 'fail' label which calls
pm_runtime_disable() but never balances the earlier
pm_runtime_get_noresume() call made at the top of the function.
This leaves the PM runtime usage count elevated, preventing
usb_put_dev() in hub_port_connect() from dropping the refcount to zero.
As a result, usb_release_dev() never fires and usb_destroy_configuration()
is never called, leaking all memory allocated during enumeration:
- struct usb_device (2048 bytes) via usb_alloc_dev()
- raw config descriptor (1024 bytes) via usb_get_configuration()
- config metadata ( 8 bytes) via usb_get_configuration()
- interface descriptor ( 64 bytes) via usb_parse_configuration()
- struct device_private ( 256 bytes) via device_private_init()
Fix this by adding pm_runtime_put_noidle() on the fail path to balance
the pm_runtime_get_noresume() at the top of the function.
pm_runtime_put_noidle() is correct here rather than pm_runtime_put()
because we are in a teardown path and must not trigger autosuspend
scheduling.
Reported-by: syzbot+2afd7e...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=2afd7e71155c7e241560
Signed-off-by: Deepanshu kartikey <karti...@gmail.com>
---
drivers/usb/core/hub.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 24960ba9caa9..148fadfbc30b 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -2733,6 +2733,7 @@ int usb_new_device(struct usb_device *udev)
usb_set_device_state(udev, USB_STATE_NOTATTACHED);
pm_runtime_disable(&udev->dev);
pm_runtime_set_suspended(&udev->dev);
+ pm_runtime_put_noidle(&udev->dev);
return err;
}
--
2.43.0
syzbot
3:13 AM (8 hours ago) 3:13 AM
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in hub_event
BUG: memory leak
unreferenced object 0xffff8881149d6000 (size 2048):
comm "kworker/0:2", pid 807, jiffies 4294949998
hub_port_connect_change drivers/usb/core/hub.c:5708 [inline]
port_event drivers/usb/core/hub.c:5872 [inline]
hub_event+0x14d0/0x2180 drivers/usb/core/hub.c:5954
comm "kworker/0:2", pid 807, jiffies 4294950032
08 a8 f4 29 81 88 ff ff b0 7d 41 83 ff ff ff ff ...).....}A.....
backtrace (crc c705f08):
hub_port_connect drivers/usb/core/hub.c:5568 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5708 [inline]
port_event drivers/usb/core/hub.c:5872 [inline]
hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5954
commit: 27d128c1 Merge tag 'trace-ring-buffer-v7.1-3' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17a91c36580000
kernel config: https://syzkaller.appspot.com/x/.config?x=9645c21cfd1d3e8f
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in hub_event
BUG: memory leak
unreferenced object 0xffff8881149d6000 (size 2048):
comm "kworker/0:2", pid 807, jiffies 4294949998
hex dump (first 32 bytes):
ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1...........
00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 ................
backtrace (crc 6a8f68af):
ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1...........
00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 ................
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_alloc_dev+0x36/0x4e0 drivers/usb/core/usb.c:651
hub_port_connect drivers/usb/core/hub.c:5471 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_alloc_dev+0x36/0x4e0 drivers/usb/core/usb.c:651
hub_port_connect_change drivers/usb/core/hub.c:5708 [inline]
port_event drivers/usb/core/hub.c:5872 [inline]
hub_event+0x14d0/0x2180 drivers/usb/core/hub.c:5954
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
unreferenced object 0xffff888129f4a800 (size 256):
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
comm "kworker/0:2", pid 807, jiffies 4294950032
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 08 a8 f4 29 81 88 ff ff ...........)....
08 a8 f4 29 81 88 ff ff b0 7d 41 83 ff ff ff ff ...).....}A.....
backtrace (crc c705f08):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
device_private_init drivers/base/core.c:3536 [inline]
device_add+0x73c/0xc70 drivers/base/core.c:3587
usb_new_device.cold+0x115/0x633 drivers/usb/core/hub.c:2695
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
device_private_init drivers/base/core.c:3536 [inline]
device_add+0x73c/0xc70 drivers/base/core.c:3587
hub_port_connect drivers/usb/core/hub.c:5568 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5708 [inline]
port_event drivers/usb/core/hub.c:5872 [inline]
hub_event+0x1723/0x2180 drivers/usb/core/hub.c:5954
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
Tested on:
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
commit: 27d128c1 Merge tag 'trace-ring-buffer-v7.1-3' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17a91c36580000
kernel config: https://syzkaller.appspot.com/x/.config?x=9645c21cfd1d3e8f
dashboard link: https://syzkaller.appspot.com/bug?extid=2afd7e71155c7e241560
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch: https://syzkaller.appspot.com/x/patch.diff?x=1027e2ce580000
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
syzbot
3:52 AM (7 hours ago) 3:52 AM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] ALSA: caiaq: fix usb_dev refcount leak on probe failure
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
create_card() takes a reference on the USB device with usb_get_dev()
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
and stores the matching usb_put_dev() in card_free(), which is
installed as the snd_card's ->private_free destructor.
However, ->private_free is only assigned near the end of init_card(),
after several failure points (usb_set_interface(), EP type checks,
usb_submit_urb(), the EP1_CMD_GET_DEVICE_INFO exchange, and its
timeout). When any of those fail, init_card() returns an error to
snd_probe(), which calls snd_card_free(card). Because ->private_free
is still NULL, card_free() never runs, the usb_get_dev() reference
is not dropped, and the struct usb_device leaks along with its
descriptor allocations and device_private.
syzbot reproduces this with a malformed UAC3 device whose only valid
altsetting is 0; init_card()'s usb_set_interface(usb_dev, 0, 1) call
fails with -EIO and triggers the leak.
Move the ->private_free assignment into create_card(), immediately
after usb_get_dev(), so that every error path reaching snd_card_free()
balances the reference. card_free()'s callees (snd_usb_caiaq_input_free,
free_urbs, kfree) already tolerate the partially-initialized state
because the chip private area is zero-initialized by snd_card_new().
Reported-by: syzbot+2afd7e...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=2afd7e71155c7e241560
---
sound/usb/caiaq/device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/usb/caiaq/device.c b/sound/usb/caiaq/device.c
index 51177ebfb8c6..f084a0f782ad 100644
--- a/sound/usb/caiaq/device.c
+++ b/sound/usb/caiaq/device.c
@@ -411,6 +411,7 @@ static int create_card(struct usb_device *usb_dev,
cdev = caiaqdev(card);
cdev->chip.dev = usb_get_dev(usb_dev);
+ card->private_free = card_free;
cdev->chip.card = card;
cdev->chip.usb_id = USB_ID(le16_to_cpu(usb_dev->descriptor.idVendor),
le16_to_cpu(usb_dev->descriptor.idProduct));
@@ -500,7 +501,6 @@ static int init_card(struct snd_usb_caiaqdev *cdev)
cdev->vendor_name, cdev->product_name, usbpath);
setup_card(cdev);
- card->private_free = card_free;
return 0;
err_kill_urb:
--
2.43.0
syzbot
4:41 AM (6 hours ago) 4:41 AM
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file sound/usb/caiaq/device.c
Hunk #1 succeeded at 423 (offset 12 lines).
Hunk #2 FAILED at 501.
1 out of 2 hunks FAILED
Tested on:
commit: 27d128c1 Merge tag 'trace-ring-buffer-v7.1-3' of git:/..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=ac5083db84233db3
patch: https://syzkaller.appspot.com/x/patch.diff?x=118fe82a580000
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file sound/usb/caiaq/device.c
Hunk #1 succeeded at 423 (offset 12 lines).
Hunk #2 FAILED at 501.
1 out of 2 hunks FAILED
Tested on:
commit: 27d128c1 Merge tag 'trace-ring-buffer-v7.1-3' of git:/..
git tree: upstream
patch: https://syzkaller.appspot.com/x/patch.diff?x=118fe82a580000
syzbot
4:58 AM (6 hours ago) 4:58 AM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] usb: core: hub: fix memory leak in hub_port_connect
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Author: souradi...@gmail.com
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 24960ba9caa9..2924ce770066 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5405,6 +5405,7 @@ static void hub_port_connect(struct usb_hub *hub, int
port1, u16 portstatus,
if (hcd->usb_phy && !hdev->parent)
usb_phy_notify_disconnect(hcd->usb_phy,
udev->speed);
usb_disconnect(&port_dev->child);
+ udev = NULL;
}
/* We can forget about a "removed" device when there's a physical
@@ -5582,6 +5583,7 @@ static void hub_port_connect(struct usb_hub *hub, int
port1, u16 portstatus,
goto loop_disable;
status = hub_power_remaining(hub);
+ udev = NULL;
if (status)
dev_dbg(hub->intfdev, "%dmA power budget left\n",
status);
@@ -5624,6 +5626,8 @@ static void hub_port_connect(struct usb_hub *hub, int
port1, u16 portstatus,
if (status != -ENOTCONN && status != -ENODEV)
hcd->driver->relinquish_port(hcd, port1);
}
+ if (udev)
+ usb_put_dev(udev);
}
/* Handle physical or logical connection change events.
syzbot
5:36 AM (5 hours ago) 5:36 AM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] usb: core: hub: fix memory leak in hub_port_connect
Author: souradi...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
---
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] usb: core: hub: fix memory leak in hub_port_connect
Author: souradi...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
drivers/usb/core/hub.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 24960ba9caa9..2924ce770066 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5405,6 +5405,7 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
if (hcd->usb_phy && !hdev->parent)
usb_phy_notify_disconnect(hcd->usb_phy, udev->speed);
usb_disconnect(&port_dev->child);
+ udev = NULL;
}
/* We can forget about a "removed" device when there's a physical
@@ -5582,6 +5583,7 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
goto loop_disable;
status = hub_power_remaining(hub);
+ udev = NULL;
if (status)
dev_dbg(hub->intfdev, "%dmA power budget left\n", status);
@@ -5624,6 +5626,8 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
if (status != -ENOTCONN && status != -ENODEV)
hcd->driver->relinquish_port(hcd, port1);
}
+ if (udev)
+ usb_put_dev(udev);
}
/* Handle physical or logical connection change events.
2.52.0
syzbot
5:51 AM (5 hours ago) 5:51 AM
to linux-...@vger.kernel.org, souradi...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file drivers/usb/core/hub.c
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
patch: **** unexpected end of file in patch
Tested on:
commit: 27d128c1 Merge tag 'trace-ring-buffer-v7.1-3' of git:/..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=ac5083db84233db3
dashboard link: https://syzkaller.appspot.com/bug?extid=2afd7e71155c7e241560
compiler:
syzbot
6:11 AM (5 hours ago) 6:11 AM
to linux-...@vger.kernel.org, souradi...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in hub_event
BUG: memory leak
unreferenced object 0xffff88811451c000 (size 2048):
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in hub_event
BUG: memory leak
comm "kworker/0:2", pid 4940, jiffies 4294947134
hex dump (first 32 bytes):
ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1...........
00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 ................
backtrace (crc be863add):
ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1...........
00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 ................
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_alloc_dev+0x36/0x4e0 drivers/usb/core/usb.c:651
hub_port_connect drivers/usb/core/hub.c:5471 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5711 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_alloc_dev+0x36/0x4e0 drivers/usb/core/usb.c:651
hub_port_connect drivers/usb/core/hub.c:5471 [inline]
port_event drivers/usb/core/hub.c:5875 [inline]
hub_event+0x153d/0x2220 drivers/usb/core/hub.c:5957
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
unreferenced object 0xffff888128ed5a80 (size 8):
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
comm "kworker/0:2", pid 4940, jiffies 4294947165
hex dump (first 8 bytes):
00 69 f1 28 81 88 ff ff .i.(....
backtrace (crc 35b42ed6):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kzalloc_noprof include/linux/slab.h:1188 [inline]
usb_get_configuration+0x11d/0x2110 drivers/usb/core/config.c:945
usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
hub_port_connect drivers/usb/core/hub.c:5568 [inline]
usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
hub_port_connect_change drivers/usb/core/hub.c:5711 [inline]
port_event drivers/usb/core/hub.c:5875 [inline]
hub_event+0x1790/0x2220 drivers/usb/core/hub.c:5957
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
unreferenced object 0xffff88812a6de200 (size 256):
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
BUG: memory leak
comm "kworker/0:2", pid 4940, jiffies 4294947170
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 08 e2 6d 2a 81 88 ff ff ..........m*....
08 e2 6d 2a 81 88 ff ff b0 7d 41 83 ff ff ff ff ..m*.....}A.....
backtrace (crc f539164e):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
device_private_init drivers/base/core.c:3536 [inline]
device_add+0x73c/0xc70 drivers/base/core.c:3587
usb_new_device.cold+0x115/0x626 drivers/usb/core/hub.c:2695
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
kmalloc_noprof include/linux/slab.h:950 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
device_private_init drivers/base/core.c:3536 [inline]
device_add+0x73c/0xc70 drivers/base/core.c:3587
hub_port_connect drivers/usb/core/hub.c:5568 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5711 [inline]
port_event drivers/usb/core/hub.c:5875 [inline]
hub_event+0x1790/0x2220 drivers/usb/core/hub.c:5957
process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
process_scheduled_works kernel/workqueue.c:3385 [inline]
worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
kthread+0x14e/0x1a0 kernel/kthread.c:436
ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
Tested on:
commit: 27d128c1 Merge tag 'trace-ring-buffer-v7.1-3' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1762f1ba580000
commit: 27d128c1 Merge tag 'trace-ring-buffer-v7.1-3' of git:/..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=9645c21cfd1d3e8f
dashboard link: https://syzkaller.appspot.com/bug?extid=2afd7e71155c7e241560
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch: https://syzkaller.appspot.com/x/patch.diff?x=159ef702580000
syzbot
8:55 AM (2 hours ago) 8:55 AM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
syzbot
10:09 AM (1 hour ago) 10:09 AM
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file sound/usb/caiaq/device.c
Hunk #1 succeeded at 423 (offset 12 lines).
Hunk #2 FAILED at 501.
1 out of 2 hunks FAILED
Hunk #1 succeeded at 423 (offset 12 lines).
Hunk #2 FAILED at 501.
1 out of 2 hunks FAILED
Tested on:
commit: 27d128c1 Merge tag 'trace-ring-buffer-v7.1-3' of git:/..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=ac5083db84233db3
commit: 27d128c1 Merge tag 'trace-ring-buffer-v7.1-3' of git:/..
git tree: upstream
patch: https://syzkaller.appspot.com/x/patch.diff?x=1296f1ba580000
syzbot
10:43 AM (1 minute ago) 10:43 AM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
--- a/sound/usb/caiaq/device.c
+++ b/sound/usb/caiaq/device.c
@@ -423,6 +423,7 @@ static int create_card(struct usb_device *usb_dev,
cdev = caiaqdev(card);
cdev->chip.dev = usb_get_dev(usb_dev);
+ card->private_free = card_free;
cdev->chip.card = card;
cdev->chip.usb_id = USB_ID(le16_to_cpu(usb_dev->descriptor.idVendor),
le16_to_cpu(usb_dev->descriptor.idProduct));
scnprintf(card->longname, sizeof(card->longname), "%s %s (%s)",
cdev->vendor_name, cdev->product_name, usbpath);
- card->private_free = card_free;
err = setup_card(cdev);
if (err < 0)
return err;
--
2.43.0
Reply all
Reply to author
Forward
0 new messages