I found a memory leak in gsm_activate_mux() from the syzbot dashboard.
I have analyzed the root cause and created a fix.
Please test the following patch.
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git tty-next
---
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index c13e050de83b..de3d30eac86e 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -2645,7 +2645,12 @@ static int gsm_dlci_config(struct gsm_dlci *dlci, struct gsm_dlci_config *dc, in
static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
{
- struct gsm_dlci *dlci = kzalloc_obj(struct gsm_dlci, GFP_ATOMIC);
+ struct gsm_dlci *dlci;
+
+ if (gsm->dlci[addr])
+ return gsm->dlci[addr];
+
+ dlci = kzalloc_obj(struct gsm_dlci, GFP_ATOMIC);
if (dlci == NULL)
return NULL;
spin_lock_init(&dlci->lock);
@@ -3196,8 +3201,10 @@ static int gsm_activate_mux(struct gsm_mux *gsm)
gsm->receive = gsm1_receive;
ret = gsm_register_devices(gsm_tty_driver, gsm->num);
- if (ret)
+ if (ret) {
+ gsm_dlci_free(&dlci->port);
return ret;
+ }
gsm->has_devices = true;
gsm->dead = false; /* Tty opens are now permissible */Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-by: syzbot+b5d1f455d385b2c7da3c@syzkaller.appspotmail.com Tested-by: syzbot+b5d1f455d385b2c7da3c@syzkaller.appspotmail.com Tested on: commit: 6596a02b Merge tag 'drm-next-2026-04-22' of https://gi.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git tty-next console output: https://syzkaller.appspot.com/x/log.txt?x=17b574ce580000 kernel config: https://syzkaller.appspot.com/x/.config?x=943968b43250a7da dashboard link: https://syzkaller.appspot.com/bug?extid=b5d1f455d385b2c7da3c compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44 patch: https://syzkaller.appspot.com/x/patch.diff?x=1117ac36580000 Note: testing is done by a robot and is best-effort only.
© 2016 - 2026 Red Hat, Inc.