On 19.09.22 10:21, syzbot wrote:
Hello,
syzbot found the following issue on:
HEAD commit: ce8056d1f79e wip: changed copy_from_user where instrumented
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=16a02941900000
kernel config: https://syzkaller.appspot.com/x/.config?x=3afe005fb99591f
dashboard link: https://syzkaller.appspot.com/bug?extid=79832d33eb89fb3cd092
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=165e850e900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=123a8c96900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+79832d33eb89fb3cd092@xxxxxxxxxxxxxxxxxxxxxxxxx
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/greg/usb.git
ce8056d1f79eFrom f9078591da8586d203212b57079c4a086403580c Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@xxxxxxxx>
Date: Thu, 29 Sep 2022 10:08:00 +0200
Subject: [PATCH] usb: idmouse: fix memory leak
Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx>
---
drivers/usb/misc/idmouse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/misc/idmouse.c b/drivers/usb/misc/idmouse.c
index e9437a176518..6c19e5d2b4d8 100644
--- a/drivers/usb/misc/idmouse.c
+++ b/drivers/usb/misc/idmouse.c
@@ -349,7 +349,7 @@ static int idmouse_probe(struct usb_interface *interface,
dev->orig_bi_size = usb_endpoint_maxp(endpoint);
dev->bulk_in_size = 0x200; /* works _much_ faster */
dev->bulk_in_endpointAddr = endpoint->bEndpointAddress;
- dev->bulk_in_buffer = kmalloc(IMGSIZE + dev->bulk_in_size, GFP_KERNEL);
+ dev->bulk_in_buffer = kzalloc(IMGSIZE + dev->bulk_in_size, GFP_KERNEL);
if (!dev->bulk_in_buffer) {
idmouse_delete(dev);
return -ENOMEM;
--
2.35.3