Re: [syzbot] [usb?] memory leak in hub_event (4)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in hub_event

BUG: memory leak
unreferenced object 0xffff88811451c000 (size 2048):
  comm "kworker/0:2", pid 4940, jiffies 4294947134
  hex dump (first 32 bytes):
    ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00  ....1...........
    00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00  ................
  backtrace (crc be863add):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
    kmalloc_noprof include/linux/slab.h:950 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    usb_alloc_dev+0x36/0x4e0 drivers/usb/core/usb.c:651
    hub_port_connect drivers/usb/core/hub.c:5471 [inline]
    hub_port_connect_change drivers/usb/core/hub.c:5711 [inline]
    port_event drivers/usb/core/hub.c:5875 [inline]
    hub_event+0x153d/0x2220 drivers/usb/core/hub.c:5957
    process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
    process_scheduled_works kernel/workqueue.c:3385 [inline]
    worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
    kthread+0x14e/0x1a0 kernel/kthread.c:436
    ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

BUG: memory leak
unreferenced object 0xffff888128ed5a80 (size 8):
  comm "kworker/0:2", pid 4940, jiffies 4294947165
  hex dump (first 8 bytes):
    00 69 f1 28 81 88 ff ff                          .i.(....
  backtrace (crc 35b42ed6):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    usb_get_configuration+0x11d/0x2110 drivers/usb/core/config.c:945
    usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
    usb_new_device+0x1b4/0x300 drivers/usb/core/hub.c:2665
    hub_port_connect drivers/usb/core/hub.c:5568 [inline]
    hub_port_connect_change drivers/usb/core/hub.c:5711 [inline]
    port_event drivers/usb/core/hub.c:5875 [inline]
    hub_event+0x1790/0x2220 drivers/usb/core/hub.c:5957
    process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
    process_scheduled_works kernel/workqueue.c:3385 [inline]
    worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
    kthread+0x14e/0x1a0 kernel/kthread.c:436
    ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

BUG: memory leak
unreferenced object 0xffff88812a6de200 (size 256):
  comm "kworker/0:2", pid 4940, jiffies 4294947170
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 08 e2 6d 2a 81 88 ff ff  ..........m*....
    08 e2 6d 2a 81 88 ff ff b0 7d 41 83 ff ff ff ff  ..m*.....}A.....
  backtrace (crc f539164e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5410
    kmalloc_noprof include/linux/slab.h:950 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    device_private_init drivers/base/core.c:3536 [inline]
    device_add+0x73c/0xc70 drivers/base/core.c:3587
    usb_new_device.cold+0x115/0x626 drivers/usb/core/hub.c:2695
    hub_port_connect drivers/usb/core/hub.c:5568 [inline]
    hub_port_connect_change drivers/usb/core/hub.c:5711 [inline]
    port_event drivers/usb/core/hub.c:5875 [inline]
    hub_event+0x1790/0x2220 drivers/usb/core/hub.c:5957
    process_one_work+0x277/0x5b0 kernel/workqueue.c:3302
    process_scheduled_works kernel/workqueue.c:3385 [inline]
    worker_thread+0x255/0x4a0 kernel/workqueue.c:3466
    kthread+0x14e/0x1a0 kernel/kthread.c:436
    ret_from_fork+0x219/0x490 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF


Tested on:

commit:         27d128c1 Merge tag 'trace-ring-buffer-v7.1-3' of git:/..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1762f1ba580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=9645c21cfd1d3e8f
dashboard link: https://syzkaller.appspot.com/bug?extid=2afd7e71155c7e241560
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=159ef702580000