Re: [PATCH] phy: mdio: fix memory leak

[Pavel Skripkin]

On 9/27/21 14:20, Pavel Skripkin wrote:
> Syzbot reported memory leak in MDIO bus interface, the problem was in
> wrong state logic.
>
> MDIOBUS_ALLOCATED indicates 2 states:
> 	1. Bus is only allocated
> 	2. Bus allocated and __mdiobus_register() fails, but
> 	   device_register() was called
>
> In case of device_register() has been called we should call put_device()
> to correctly free the memory allocated for this device, but mdiobus_free()
> was just calling kfree(dev) in case of MDIOBUS_ALLOCATED state
>
> To avoid this behaviour we can add new intermediate state, which means,
> that we have called device_regiter(), but failed on any of the next steps.
> Clean up process for this state is the same as for MDIOBUS_UNREGISTERED,
> but MDIOBUS_UNREGISTERED name does not fit to the logic described above.
>
> Fixes: 46abc02175b3 ("phylib: give mdio buses a device tree presence")
> Reported-and-tested-by: syzbot+398e7dc692ddbbb4cfec@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx>


I've just found, that this syzkaller bug has been closed by Yanfei's 
patch [1], but Yanfei's Reported-by: is wrong, IMO.

Yanfei's patch fixed other memory leak and it's not related to bug 
reported by syzkaller. If you take a look at log [2] you won't find 
error message about mii_bus registration failure, i.e the error happened 
a bit latter (more precisely in mdiobus_scan()).

Since, Yanfei's patch is already applied, we cannot remove this tag, so 
I am informing you about this situation to break possible confusions 
about 2 different patches with same Reported-by: tag :)


Thanks


[1] 
https://lore.kernel.org/netdev/20210926045313.2267655-1-yanfei.xu@xxxxxxxxxxxxx/

[2] https://syzkaller.appspot.com/text?tag=CrashLog&x=131c754b300000


With regards,
Pavel Skripkin