Return-Path: Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) Subject: Re: Memory leak in btusb From: Marcel Holtmann In-Reply-To: <55638D99.5000704@lwfinger.net> Date: Sat, 6 Jun 2015 08:23:17 +0200 Cc: "Gustavo F. Padovan" , Johan Hedberg , Linux Bluetooth mailing list Message-Id: References: <55638D99.5000704@lwfinger.net> To: Larry Finger Sender: linux-bluetooth-owner@vger.kernel.org List-ID: Hi Larry, > While using kmemleak to check for memory leaks in a wireless driver, I noticed the following stack traceback for a leak in btusb: > > ] __alloc_skb+0x7e/0x2b0 > [] btusb_recv_intr+0x136/0x180 [btusb] > [] btusb_intr_complete+0xb8/0x150 [btusb] > [] __usb_hcd_giveback_urb+0x72/0x120 > > To eliminate a false positive, I unloaded the driver and got the following for the virtual address: > > [] __alloc_skb+0x7e/0x2b0 > [] 0xffffffffa06029d6 > [] 0xffffffffa0602ad8 > [] __usb_hcd_giveback_urb+0x72/0x120 > > The source is from wireless-drivers-next.git with pulls from bluetooth-next.git and Torvalds mainline git repo that were done on May 25. The source includes commit 04b8c8143d46453a443ac32bfcd76ec952605765 with the subject "Bluetooth: btusb: fix Realtek suspend/resume". > > The Bluetooth device in use is made by Intel with USB ID 8087:07dc. actually if this is only this device causing it, this might fix it: diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 94c6c048130f..e6815c678898 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -1614,6 +1614,8 @@ static int btusb_setup_intel(struct hci_dev *hdev) } fw_ptr = fw->data; + kfree_skb(skb); + /* This Intel specific command enables the manufacturer mode of the * controller. * Totally untested, but it seems we forget to free that SKB and it would explain if you only see this on Intel Wilkens Peak and Stone Peak controllers. Regards Marcel