| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000000000000bd6ee505db5cfec6@google.com>
Date: Tue, 29 Mar 2022 08:22:20 -0700
From: syzbot <syzbot+4d0ae90a195b269f102d@...kaller.appspotmail.com>
To: davem@...emloft.net, kuba@...nel.org, linux-can@...r.kernel.org,
linux-kernel@...r.kernel.org, mkl@...gutronix.de,
netdev@...r.kernel.org, pabeni@...hat.com, pfink@...ist-es.de,
syzkaller-bugs@...glegroups.com, wg@...ndegger.com
Subject: [syzbot] memory leak in gs_usb_probe
Hello,
syzbot found the following issue on:
HEAD commit: 52deda9551a0 Merge branch 'akpm' (patches from Andrew)
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12b472dd700000
kernel config: https://syzkaller.appspot.com/x/.config?x=9ca2a67ddb20027f
dashboard link: https://syzkaller.appspot.com/bug?extid=4d0ae90a195b269f102d
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12e96e1d700000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f8b513700000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4d0ae90a195b269f102d@...kaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88810e4fc300 (size 96):
comm "kworker/1:1", pid 25, jiffies 4294948102 (age 15.080s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff843fcc08>] kmalloc include/linux/slab.h:581 [inline]
[<ffffffff843fcc08>] gs_make_candev drivers/net/can/usb/gs_usb.c:1065 [inline]
[<ffffffff843fcc08>] gs_usb_probe.cold+0x69e/0x8b8 drivers/net/can/usb/gs_usb.c:1191
[<ffffffff82d0a687>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82712d87>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82712d87>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8271312c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8271312c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:755
[<ffffffff8271322a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:785
[<ffffffff82713a96>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:902
[<ffffffff8270fcf7>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff82713612>] __device_attach+0x122/0x260 drivers/base/dd.c:973
[<ffffffff82711966>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487
[<ffffffff8270dd4b>] device_add+0x5fb/0xdf0 drivers/base/core.c:3405
[<ffffffff82d07ac2>] usb_set_configuration+0x8f2/0xb80 drivers/usb/core/message.c:2170
[<ffffffff82d181ac>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
[<ffffffff82d09d5c>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
[<ffffffff82712d87>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82712d87>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8271312c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8271312c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:755
[<ffffffff8271322a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:785
BUG: memory leak
unreferenced object 0xffff88810e4fc280 (size 96):
comm "kworker/1:1", pid 25, jiffies 4294948819 (age 7.910s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff843fcc08>] kmalloc include/linux/slab.h:581 [inline]
[<ffffffff843fcc08>] gs_make_candev drivers/net/can/usb/gs_usb.c:1065 [inline]
[<ffffffff843fcc08>] gs_usb_probe.cold+0x69e/0x8b8 drivers/net/can/usb/gs_usb.c:1191
[<ffffffff82d0a687>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<ffffffff82712d87>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82712d87>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8271312c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8271312c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:755
[<ffffffff8271322a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:785
[<ffffffff82713a96>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:902
[<ffffffff8270fcf7>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
[<ffffffff82713612>] __device_attach+0x122/0x260 drivers/base/dd.c:973
[<ffffffff82711966>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487
[<ffffffff8270dd4b>] device_add+0x5fb/0xdf0 drivers/base/core.c:3405
[<ffffffff82d07ac2>] usb_set_configuration+0x8f2/0xb80 drivers/usb/core/message.c:2170
[<ffffffff82d181ac>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
[<ffffffff82d09d5c>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
[<ffffffff82712d87>] call_driver_probe drivers/base/dd.c:517 [inline]
[<ffffffff82712d87>] really_probe.part.0+0xe7/0x380 drivers/base/dd.c:596
[<ffffffff8271312c>] really_probe drivers/base/dd.c:558 [inline]
[<ffffffff8271312c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:755
[<ffffffff8271322a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:785
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Powered by blists - more mailing lists