From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-12.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=unavailable
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 49A3DC63777
	for <linux-kernel@archiver.kernel.org>; Tue, 24 Nov 2020 08:44:42 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id DE7582075A
	for <linux-kernel@archiver.kernel.org>; Tue, 24 Nov 2020 08:44:41 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="xCx8wNC6"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730813AbgKXIoV (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 24 Nov 2020 03:44:21 -0500
Received: from mail.kernel.org ([198.145.29.99]:57142 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730492AbgKXIoU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 24 Nov 2020 03:44:20 -0500
Received: from pobox.suse.cz (nat1.prg.suse.com [195.250.132.148])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 2B74E2073C;
        Tue, 24 Nov 2020 08:44:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1606207459;
        bh=vNc3YIGGUMRA9IF+1LR1huhZMMWXo1F/YeriOtzJC5w=;
        h=Date:From:To:cc:Subject:In-Reply-To:References:From;
        b=xCx8wNC6LO95FsYxR27wKMfRl+lbaGjfTbWlyNxGG2srOaAKJyoFa/RNOg8xkfyN0
         gCg6HcF1UGNZ2Ygo3POVytCfJ/MZ7cTLluvj+MXNv7hvN4vdcu3Lay372uERTncSvq
         dDyl/N3i/TgvoISNQxzQ0aYjmIEkH7WrJxglBg+g=
Date:   Tue, 24 Nov 2020 09:44:15 +0100 (CET)
From:   Jiri Kosina <jikos@kernel.org>
To:     syzbot <syzbot+5b49c9695968d7250a26@syzkaller.appspotmail.com>
cc:     benjamin.tissoires@redhat.com, linux-input@vger.kernel.org,
        linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
        Jason Gerecke <jason.gerecke@wacom.com>,
        Ping Cheng <ping.cheng@wacom.com>
Subject: Re: memory leak in wacom_probe
In-Reply-To: <00000000000099d90905b3ea44b4@google.com>
Message-ID: <nycvar.YFH.7.76.2011240943530.6877@cbobk.fhfr.pm>
References: <00000000000099d90905b3ea44b4@google.com>
User-Agent: Alpine 2.21 (LSU 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 12 Nov 2020, syzbot wrote:

> Hello,
> 
> syzbot found the following issue on:

CCing Jason and Ping, the maintainers of hid-wacom.

> 
> HEAD commit:    eccc8767 Merge branch 'fixes' of git://git.kernel.org/pub/..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=145055aa500000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=a3f13716fa0212fd
> dashboard link: https://syzkaller.appspot.com/bug?extid=5b49c9695968d7250a26
> compiler:       gcc (GCC) 10.1.0-syz 20200507
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=16339ad6500000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1409f511500000
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+5b49c9695968d7250a26@syzkaller.appspotmail.com
> 
> BUG: memory leak
> unreferenced object 0xffff88810dc44a00 (size 512):
>   comm "kworker/1:2", pid 3674, jiffies 4294943617 (age 14.100s)
>   hex dump (first 32 bytes):
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>   backtrace:
>     [<0000000023e1afac>] kmalloc_array include/linux/slab.h:592 [inline]
>     [<0000000023e1afac>] __kfifo_alloc+0xad/0x100 lib/kfifo.c:43
>     [<00000000c477f737>] wacom_probe+0x1a1/0x3b0 drivers/hid/wacom_sys.c:2727
>     [<00000000b3109aca>] hid_device_probe+0x16b/0x210 drivers/hid/hid-core.c:2281
>     [<00000000aff7c640>] really_probe+0x159/0x480 drivers/base/dd.c:554
>     [<00000000778d0bc3>] driver_probe_device+0x84/0x100 drivers/base/dd.c:738
>     [<000000005108dbb5>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:844
>     [<00000000efb7c59e>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
>     [<0000000024ab1590>] __device_attach+0x122/0x250 drivers/base/dd.c:912
>     [<000000004c7ac048>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
>     [<00000000b93050a3>] device_add+0x5ac/0xc30 drivers/base/core.c:2936
>     [<00000000e5b46ea5>] hid_add_device+0x151/0x390 drivers/hid/hid-core.c:2437
>     [<00000000c6add147>] usbhid_probe+0x412/0x560 drivers/hid/usbhid/hid-core.c:1407
>     [<00000000c33acdb4>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
>     [<00000000aff7c640>] really_probe+0x159/0x480 drivers/base/dd.c:554
>     [<00000000778d0bc3>] driver_probe_device+0x84/0x100 drivers/base/dd.c:738
>     [<000000005108dbb5>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:844
> 
> 
> 
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
> 
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this issue, for details see:
> https://goo.gl/tpsmEJ#testing-patches
> 

-- 
Jiri Kosina
SUSE Labs