For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: [PATCH] usb: core: hub: fix memory leak in hub_port_connect
Author: souradiptodas6@gmail.com

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
master
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 24960ba9caa9..2924ce770066 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5405,6 +5405,7 @@ static void hub_port_connect(struct usb_hub *hub, int
port1, u16 portstatus,
                if (hcd->usb_phy && !hdev->parent)
                        usb_phy_notify_disconnect(hcd->usb_phy,
udev->speed);
                usb_disconnect(&port_dev->child);
+               udev = NULL;
        }

        /* We can forget about a "removed" device when there's a physical
@@ -5582,6 +5583,7 @@ static void hub_port_connect(struct usb_hub *hub, int
port1, u16 portstatus,
                        goto loop_disable;

                status = hub_power_remaining(hub);
+               udev = NULL;
                if (status)
                        dev_dbg(hub->intfdev, "%dmA power budget left\n",
status);

@@ -5624,6 +5626,8 @@ static void hub_port_connect(struct usb_hub *hub, int
port1, u16 portstatus,
                if (status != -ENOTCONN && status != -ENODEV)
                        hcd->driver->relinquish_port(hcd, port1);
        }
+       if (udev)
+               usb_put_dev(udev);
 }

 /* Handle physical or logical connection change events.