| Message ID | 20210401044624.19017-1-paskripkin@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | drivers: net: fix memory leak in atusb_probe | expand |
Hello: This patch was applied to netdev/net.git (refs/heads/master): On Thu, 1 Apr 2021 07:46:24 +0300 you wrote: > syzbot reported memory leak in atusb_probe()[1]. > The problem was in atusb_alloc_urbs(). > Since urb is anchored, we need to release the reference > to correctly free the urb > > backtrace: > [<ffffffff82ba0466>] kmalloc include/linux/slab.h:559 [inline] > [<ffffffff82ba0466>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74 > [<ffffffff82ad3888>] atusb_alloc_urbs drivers/net/ieee802154/atusb.c:362 [inline][2] > [<ffffffff82ad3888>] atusb_probe+0x158/0x820 drivers/net/ieee802154/atusb.c:1038 [1] > > [...] Here is the summary with links: - drivers: net: fix memory leak in atusb_probe https://git.kernel.org/netdev/net/c/6b9fbe169551 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
diff --git a/drivers/net/ieee802154/atusb.c b/drivers/net/ieee802154/atusb.c index 0dd0ba915ab9..23ee0b14cbfa 100644 --- a/drivers/net/ieee802154/atusb.c +++ b/drivers/net/ieee802154/atusb.c @@ -365,6 +365,7 @@ static int atusb_alloc_urbs(struct atusb *atusb, int n) return -ENOMEM; } usb_anchor_urb(urb, &atusb->idle_urbs); + usb_free_urb(urb); n--; } return 0;
syzbot reported memory leak in atusb_probe()[1]. The problem was in atusb_alloc_urbs(). Since urb is anchored, we need to release the reference to correctly free the urb backtrace: [<ffffffff82ba0466>] kmalloc include/linux/slab.h:559 [inline] [<ffffffff82ba0466>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74 [<ffffffff82ad3888>] atusb_alloc_urbs drivers/net/ieee802154/atusb.c:362 [inline][2] [<ffffffff82ad3888>] atusb_probe+0x158/0x820 drivers/net/ieee802154/atusb.c:1038 [1] Reported-by: syzbot+28a246747e0a465127f3@syzkaller.appspotmail.com Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> --- drivers/net/ieee802154/atusb.c | 1 + 1 file changed, 1 insertion(+)