Greg KH
unread,May 17, 2020, 2:26:57 AM5/17/20Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Kyungtae Kim, Felipe Balbi, USB list, LKML, syzkaller, Dave Tian
On Sun, May 17, 2020 at 01:02:40AM +0000, Kyungtae Kim wrote:
> We report a bug (in linux-5.6.11) found by FuzzUSB (a modified version
> of syzkaller)
>
> kernel config:
https://kt0755.github.io/etc/config_v5.6.11
>
> This bug happened when accessing a f_hidg instance deallocated.
> Specifically, f_hidg_poll() tries to access hidg (at line 424),
> but memory error occurs because hidg has been freed
> by configfs_unlink() in another thread (PID: 3190).
>
> To fix, we check if either hidg is still in use when deallocating
> or it is still vaild after poll_wait() in f_hidg_poll().
Great, can you send a patch for this to resolve the issue?
thanks,
gre gk-h