Re: memory leak in gs_start_io

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Dec 01, 2020 at 11:45:20PM -0500, Ertza Warraich wrote:
> We report a memory leak bug (in linux-5.8.13) found by FuzzUSB (a modified
> version of syzkaller).
> 
> The bug report is as follows:
> ==================================================================
> BUG: memory leak
> unreferenced object 0xffff888069c12000 (size 128):
>  comm "c4_fuzz", pid 2628, jiffies 4294945547 (age 774.450s)
>  hex dump (first 32 bytes):
>   b8 80 48 65 80 88 ff ff 00 7c f9 5b 80 88 ff ff ..He.....|.[....
>   00 7c af 64 80 88 ff ff 00 02 00 00 00 00 00 00 .|.d............
>  backtrace:
>   [<000000008f105b01>] kmemleak_alloc_recursive include/linux/kmemleak.h:43
> [inline]
>   [<000000008f105b01>] slab_post_alloc_hook mm/slab.h:588 [inline]
>   [<000000008f105b01>] slab_alloc_node mm/slub.c:2824 [inline]
>   [<000000008f105b01>] slab_alloc mm/slub.c:2832 [inline]
>   [<000000008f105b01>] kmem_cache_alloc_trace+0xfe/0x330 mm/slub.c:2849
>   [<0000000081072efc>] kmalloc include/linux/slab.h:555 [inline]
>   [<0000000081072efc>] kzalloc include/linux/slab.h:669 [inline]
>   [<0000000081072efc>] dummy_alloc_request+0xa0/0x190
> drivers/usb/gadget/udc/dummy_hcd.c:663
>   [<00000000b14438ed>] usb_ep_alloc_request+0x65/0x2c0
> drivers/usb/gadget/udc/core.c:178
>   [<000000006b6ab221>] gs_alloc_req+0x28/0xd0
> drivers/usb/gadget/function/u_serial.c:166
>   [<00000000999f9b54>] gs_alloc_requests+0x207/0x2f0
> drivers/usb/gadget/function/u_serial.c:517
>   [<00000000eae934b0>] gs_start_io+0x134/0x2a0
> drivers/usb/gadget/function/u_serial.c:555
>   [<00000000eec10774>] gs_open+0x323/0x440
> drivers/usb/gadget/function/u_serial.c:640
>   [<00000000c27493c6>] tty_open+0x23c/0x870 drivers/tty/tty_io.c:2048
>   [<0000000001954030>] chrdev_open+0x1e9/0x5b0 fs/char_dev.c:414
>   [<000000002321ec1f>] do_dentry_open+0x434/0xf40 fs/open.c:828
>   [<000000000de9bc50>] vfs_open+0x9a/0xc0 fs/open.c:942
>   [<00000000b1e25f2d>] do_open fs/namei.c:3243 [inline]
>   [<00000000b1e25f2d>] path_openat+0x1658/0x2570 fs/namei.c:3360
>   [<00000000b7cea3b5>] do_filp_open+0x15e/0x210 fs/namei.c:3387
>   [<00000000793cea2f>] do_sys_openat2+0x2e0/0x570 fs/open.c:1179
>   [<0000000067f289f1>] do_sys_open+0x88/0xc0 fs/open.c:1195
>   [<00000000937c31df>] ksys_open include/linux/syscalls.h:1388 [inline]
>   [<00000000937c31df>] __do_sys_open fs/open.c:1201 [inline]
>   [<00000000937c31df>] __se_sys_open fs/open.c:1199 [inline]
>   [<00000000937c31df>] __x64_sys_open+0x79/0xb0 fs/open.c:1199
> ==================================================================

Nice, care to make up a fix for this now that you have a reproducer?

thanks,

greg k-h



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux