On Fri, May 14, 2021 at 7:52 PM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > On Fri, May 14, 2021 at 07:48:57PM +0800, 慕冬亮 wrote: > > On Fri, May 14, 2021 at 7:14 PM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > On Fri, May 14, 2021 at 07:03:17PM +0800, Dongliang Mu wrote: > > > > uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. > > > > Fix this by decreasing the refcount of usbdev by usb_put_dev. > > > > > > > > BUG: memory leak > > > > unreferenced object 0xffff888101113800 (size 2048): > > > > comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) > > > > hex dump (first 32 bytes): > > > > ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... > > > > 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................ > > > > backtrace: > > > > [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline] > > > > [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline] > > > > [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 > > > > [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline] > > > > [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] > > > > [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline] > > > > [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 > > > > [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 > > > > [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 > > > > [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292 > > > > [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 > > > > > > > > Reported-by: syzbot+636c58f40a86b4a879e7@xxxxxxxxxxxxxxxxxxxxxxxxx > > > > Signed-off-by: Dongliang Mu <mudongliangabcd@xxxxxxxxx> > > > > --- > > > > drivers/usb/misc/uss720.c | 1 + > > > > 1 file changed, 1 insertion(+) > > > > > > > > diff --git a/drivers/usb/misc/uss720.c b/drivers/usb/misc/uss720.c > > > > index b5d661644263..748139d26263 100644 > > > > --- a/drivers/usb/misc/uss720.c > > > > +++ b/drivers/usb/misc/uss720.c > > > > @@ -736,6 +736,7 @@ static int uss720_probe(struct usb_interface *intf, > > > > parport_announce_port(pp); > > > > > > > > usb_set_intfdata(intf, pp); > > > > + usb_put_dev(usbdev); > > > > return 0; > > > > > > > > probe_abort: > > > > -- > > > > 2.25.1 > > > > > > > > > > Nice catch! > > > > Thanks. > > > > This should be a bug fix. From the document, "Fixes" tag is needed for > > bug fixes. > > It would be good, yes, please resend with that added. Sure. I will resend the patch. > > > How do I quickly get this bug-inducing commit? Any > > suggestion here? > > look at the log for this one file to find where the offending change > happend. Try `git log -p drivers/usb/misc/uss720.c` 0f36163d3abefbda1b21a330b3fdf3c2dc076d94 [PATCH] usb: fix uss720 schedule with interrupts off @@ -536,93 +682,91 @@ static struct parport_operations parport_uss720_ops = static int uss720_probe(struct usb_interface *intf, const struct usb_device_id *id) { - struct usb_device *usbdev = interface_to_usbdev(intf); + struct usb_device *usbdev = usb_get_dev(interface_to_usbdev(intf)); Then only the code only decreases the refcount at failure sites. > > thanks, > > greg k-h