On 5/6/26 8:14 AM, Balaji Selvanathan wrote:
The dwc3_free_one_event_buffer() function incorrectly called free()
on event buffer structures allocated with devm_kzalloc(). This
caused heap corruption and a synchronous abort when exiting
fastboot mode via "fastboot continue".
Device-managed memory is automatically freed when the device is
removed, so manual deallocation causes the heap allocator to access
corrupted metadata.
Signed-off-by: Balaji Selvanathan <[email protected]>
---
drivers/usb/dwc3/core.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
index 0dee14c8b59..be198041f08 100644
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -208,7 +208,6 @@ static void dwc3_free_one_event_buffer(struct dwc3 *dwc,
struct dwc3_event_buffer *evt)
{
dma_free_coherent(evt->buf);
- free(evt);
}
/**
Does this need:
Fixes: 884b10e86a05 ("usb: dwc3: core: fix memory leaks in event buffer
cleanup")
?
