On Tue, Dec 01, 2020 at 11:45:20PM -0500, Ertza Warraich wrote: > We report a memory leak bug (in linux-5.8.13) found by FuzzUSB (a modified > version of syzkaller). > > The bug report is as follows: > ================================================================== > BUG: memory leak > unreferenced object 0xffff888069c12000 (size 128): > comm "c4_fuzz", pid 2628, jiffies 4294945547 (age 774.450s) > hex dump (first 32 bytes): > b8 80 48 65 80 88 ff ff 00 7c f9 5b 80 88 ff ff ..He.....|.[.... > 00 7c af 64 80 88 ff ff 00 02 00 00 00 00 00 00 .|.d............ > backtrace: > [<000000008f105b01>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 > [inline] > [<000000008f105b01>] slab_post_alloc_hook mm/slab.h:588 [inline] > [<000000008f105b01>] slab_alloc_node mm/slub.c:2824 [inline] > [<000000008f105b01>] slab_alloc mm/slub.c:2832 [inline] > [<000000008f105b01>] kmem_cache_alloc_trace+0xfe/0x330 mm/slub.c:2849 > [<0000000081072efc>] kmalloc include/linux/slab.h:555 [inline] > [<0000000081072efc>] kzalloc include/linux/slab.h:669 [inline] > [<0000000081072efc>] dummy_alloc_request+0xa0/0x190 > drivers/usb/gadget/udc/dummy_hcd.c:663 > [<00000000b14438ed>] usb_ep_alloc_request+0x65/0x2c0 > drivers/usb/gadget/udc/core.c:178 > [<000000006b6ab221>] gs_alloc_req+0x28/0xd0 > drivers/usb/gadget/function/u_serial.c:166 > [<00000000999f9b54>] gs_alloc_requests+0x207/0x2f0 > drivers/usb/gadget/function/u_serial.c:517 > [<00000000eae934b0>] gs_start_io+0x134/0x2a0 > drivers/usb/gadget/function/u_serial.c:555 > [<00000000eec10774>] gs_open+0x323/0x440 > drivers/usb/gadget/function/u_serial.c:640 > [<00000000c27493c6>] tty_open+0x23c/0x870 drivers/tty/tty_io.c:2048 > [<0000000001954030>] chrdev_open+0x1e9/0x5b0 fs/char_dev.c:414 > [<000000002321ec1f>] do_dentry_open+0x434/0xf40 fs/open.c:828 > [<000000000de9bc50>] vfs_open+0x9a/0xc0 fs/open.c:942 > [<00000000b1e25f2d>] do_open fs/namei.c:3243 [inline] > [<00000000b1e25f2d>] path_openat+0x1658/0x2570 fs/namei.c:3360 > [<00000000b7cea3b5>] do_filp_open+0x15e/0x210 fs/namei.c:3387 > [<00000000793cea2f>] do_sys_openat2+0x2e0/0x570 fs/open.c:1179 > [<0000000067f289f1>] do_sys_open+0x88/0xc0 fs/open.c:1195 > [<00000000937c31df>] ksys_open include/linux/syscalls.h:1388 [inline] > [<00000000937c31df>] __do_sys_open fs/open.c:1201 [inline] > [<00000000937c31df>] __se_sys_open fs/open.c:1199 [inline] > [<00000000937c31df>] __x64_sys_open+0x79/0xb0 fs/open.c:1199 > ================================================================== Nice, care to make up a fix for this now that you have a reproducer? thanks, greg k-h
