From patchwork Tue Jan 5 04:50:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Zhang, Qiang" X-Patchwork-Id: 11998125 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.6 required=3.0 tests=BAYES_00, CHARSET_FARAWAY_HEADER,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92EAEC433E6 for ; Tue, 5 Jan 2021 04:51:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 63ADF2251F for ; Tue, 5 Jan 2021 04:51:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726391AbhAEEvg (ORCPT ); Mon, 4 Jan 2021 23:51:36 -0500 Received: from mail-bn8nam12on2062.outbound.protection.outlook.com ([40.107.237.62]:12897 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726064AbhAEEvf (ORCPT ); Mon, 4 Jan 2021 23:51:35 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ibkdcVcx8rGtdWWRkV5ykRUmue5uk5wMdOVSYKckZXDsRpHD0awpkq+QWX/hBOQbWTg0NO8NMD1pxZE1NhGtxf2f9tRPcPw9JSp9d72FLanQnMZ7v2kn+XQT9x5nEMRLdQIO8tMs11NkVQrEFt3kwrbJEh6VPrW5DLH6nW0Zywq7F+oWYCK01yXzo6hKw2xUoEvv/QwpmbIi9/wr6ojbSS5Bj5ZZE7PkFpVuXJ1McSJ7yFYh5yWSq3ziCPDEqL4Zg8CgKd/kPiLULChBkugWJeX6HYeavMp+ECRi8D7SFmXZdLey/1MIXBY2FbVRVnYTUWmqBcrZMVOBvRfiAGbjhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zzi0bMvur0/+hs4McuB5HZYOutwneLn9AAmGT75CMgU=; b=K0ZbLKliL3bH2YAi3ruZmr/hGgNSrhUE8M5gsIicKXn5iKA1s8xnXJbGwgQ6ibwcZgxZtab8B9LnvTuc2R3SehKXmMc7PI8GFWrefIMBFpo53mDEdCqa0cUHkxPbsCWjuk+JPGWcjs1BrP09WVzABh7L8Paqi/YYFYVpL6IyWbnKWRA1ZMPxu/5fuUWCF8lYTwgbLB/Q2e9Y/MBEwmGRF9YVsWhHBzUNYwDiU6dXJ9lSYxgRryW5URF05oBfWjekue/MGCLTkGIBtx0YXCFa+Myu+MCsWww8Kvl1IKuI36aM8VbsEkBW16qRAjic+7xxzF6vUBcZonZjKnWgW1cFww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriversystems.onmicrosoft.com; s=selector2-windriversystems-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zzi0bMvur0/+hs4McuB5HZYOutwneLn9AAmGT75CMgU=; b=ReP3izxQdJu2LkyJhWdAvxko7oM/u+dhbtzETnZc2+mUO+sUdWbwio/Ce0wm+cCp8CAHI1mTkCpJzw2e0OIQ/EkZXnMk/S2Uqig2JgDTnM6OivmQgsNAyXjmHYfNzOgysVM3wdFYrryqzV+UckVJfz+XAe4E+ey+fXLBX1fcZpk= Received: from BYAPR11MB2632.namprd11.prod.outlook.com (2603:10b6:a02:c4::17) by BYAPR11MB3719.namprd11.prod.outlook.com (2603:10b6:a03:fa::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.21; Tue, 5 Jan 2021 04:50:45 +0000 Received: from BYAPR11MB2632.namprd11.prod.outlook.com ([fe80::94a4:4e15:ab64:5006]) by BYAPR11MB2632.namprd11.prod.outlook.com ([fe80::94a4:4e15:ab64:5006%5]) with mapi id 15.20.3700.031; Tue, 5 Jan 2021 04:50:45 +0000 From: "Zhang, Qiang" To: Oliver Neukum , syzbot , "andreyknvl@google.com" , "gregkh@linuxfoundation.org" , "gustavoars@kernel.org" , "ingrassia@epigenesys.com" , "lee.jones@linaro.org" , "linux-kernel@vger.kernel.org" , "linux-usb@vger.kernel.org" , "penguin-kernel@I-love.SAKURA.ne.jp" , "syzkaller-bugs@googlegroups.com" Subject: =?eucgb2312_cn?b?u9i4tDogS0FTQU46IHVzZS1hZnRlci1mcmVlIFJlYWQgaW4gc2Vydmlj?= =?eucgb2312_cn?b?ZV9vdXRzdGFuZGluZ19pbnRlcnJ1cHQ=?= Thread-Topic: KASAN: use-after-free Read in service_outstanding_interrupt Thread-Index: AQHW1O05bsNShK3ed0y2i+cMjepvWqoXw2CAgADMJXo= Date: Tue, 5 Jan 2021 04:50:45 +0000 Message-ID: References: <000000000000994d2a05b6b49959@google.com>,<6a56df508f597d38746878e80e1f159a556d3152.camel@suse.com> In-Reply-To: <6a56df508f597d38746878e80e1f159a556d3152.camel@suse.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: suse.com; dkim=none (message not signed) header.d=none;suse.com; dmarc=none action=none header.from=windriver.com; x-originating-ip: [106.39.151.37] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 09175cfa-bc7e-40c7-8470-08d8b135767b x-ms-traffictypediagnostic: BYAPR11MB3719: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5516; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: CIarIZuQHsWMm9eUDle7uX5f/edtCXCz3ZUo0ZH3TuNfkq8EcH1xfUxRMWchdgYxSzTKlPvrQZCI398NcFXRFVDPnok5x5SBTX+/Tp0vpG74VNJd6zqeq4NqC8Z+r+FaSGMELX4B4oBzykxkcnD34raiw5j1Wzvk6lhJ+tpz7J5sBHB6A7CjGv+xwMTKsojnnTFfbm8xYogodRZUl1C7tLhHi9P5dDrzzYsb6eVk13j5OzMUDMtRT3Xe6XUKwqpATLp8Y63h7ogcaaNs70jYb3RY7fmpfcUzjDl4hv38k8vUQswTCUFRqy7fCPeyM3ECcKc54HW6uUBUNFjBYzWEwo0vvpn7eoLj293VsdcSEReGJFgXa6BeIPQJtXsczC7F1VqvIofpcSE1whvckamwjU9S0GCdKIBf9M5ja9gjttRJ8Cd4rYH3t+uR+sp16gVYIckMCBmFov8b2A7ARQiVODUkA58QkOHK1is+B0wXvZl5EiKjZxejPi8Elvv7KJsyKKINo12TzAPffvE6Dpjek7YsNlOojmi/LxYsTAs/sRqnFVtv9D9XCjG1qI1RBI9H x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR11MB2632.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(366004)(396003)(39850400004)(346002)(376002)(66556008)(83380400001)(64756008)(8936002)(966005)(76116006)(5660300002)(478600001)(71200400001)(66446008)(66946007)(7416002)(86362001)(91956017)(66476007)(316002)(33656002)(186003)(6506007)(26005)(110136005)(2906002)(224303003)(55016002)(9686003)(52536014)(7696005)(921005)(87944003)(99710200001);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata: =?eucgb2312_cn?b?bExqRmo1NGc3eGxPT0paeCt6Vkdq?= =?eucgb2312_cn?b?Qmt0NENIOTdzNXRyWGF0OFRMbDk4dE0zSmhDNVNhaWxOVkVEcnBlS0FUd1M2d3VS?= =?eucgb2312_cn?b?cGVDYmJENjZOcFJMMmwwK3dSUDZOKytBMm5uV2VwcVB1ejdSWDV5eU04dG5TTCtO?= =?eucgb2312_cn?b?R2E1SmZNdkxLVHZLTXYvdDNVNDhSZjdpcUhCZ2ZxUGtwZnV1dVRjU01pemtDdmxo?= =?eucgb2312_cn?b?QWFXclJ2T3BEb3pkVXN3VkwzWEx5ZnFxTDUzWTVMa0RrVU9vNXhsQmkrUm5QdTlG?= =?eucgb2312_cn?b?TzdQSmRYSFRxb0tvUGMxWFZvTSsvOFFnWU53NEpYYzVoQktyOGZhd1VNREhXT1M2?= =?eucgb2312_cn?b?SkdQclF2SUdWaXFGUmJmanFGOElXaG5Ya2RGTEpPTFFJa3o4K09KU3Zud3pvT0dp?= =?eucgb2312_cn?b?WVJ6WWl3c2hvNW40cWpoSTd4aDY4ellSd1c3NjZuOVpsZWRlNWtpdlRwdnlIZTlL?= =?eucgb2312_cn?b?VERyd0dVbDEvOHRYRUNwekV1amZzVkx1ZktkeFIwYmRZQlRTaVRUTGRSQXErWWty?= =?eucgb2312_cn?b?aTZremdsRjFoWVQ3ZVIyK2dUR3BNNktuVE5PeTI1WVZDTDN2OU5sNXF1clJIN0tp?= =?eucgb2312_cn?b?QTZKR1ZkOUVCSFRKSXZVQmk2R210dFRyVUtEMi9TNXE4dnBPRVkwOXVNc0lCZ1l6?= =?eucgb2312_cn?b?M3RMUjIveGJ3Rld1bFhLRlk4UmQxTWJCd2VWNVZBY29CVUlsTld6NzhsNDBoSHJX?= =?eucgb2312_cn?b?THBPUnB3ZTZwbzZhQlRBZGVZU2RYNFBua2hUT2hnTE91cjhBcnBobGZUOStISzFX?= =?eucgb2312_cn?b?Ry9HYVpqU0tVTnM4UWlhbi80NFJIQjV1bFArZGo5T0FVOU8wOXVORlh2QklIU3JF?= =?eucgb2312_cn?b?bjVHMjlWN2dGb2hRQzNscEVvNzlQaUZQdjNvWWg1T24vVDlEOExOVnBnd2ZNVkJ2?= =?eucgb2312_cn?b?VGREU3BDNUV3QzNHWFdQRjFHVllVUWJna1FKMFFQdEIwbXR2VDJvekJ3Z2F5NXpp?= =?eucgb2312_cn?b?NFBrRFRpTlJXNmZjOGc4VEcwR2ROWDlLY0UxdDkwSEJtY3RtK1ZGWW1YWGRCOUZI?= =?eucgb2312_cn?b?Y0dYM0tqb0tyQ0d6OGgvWEpBa2w2VlliMC9YdzRCYlI3ay9uN285cWVoMGIzRDAr?= =?eucgb2312_cn?b?QjN1M1RBb1BKSE5sVXpiZzlMOStKdkVXN2hMdnFveGcvcW13ekg1MitldzBrT3Yr?= =?eucgb2312_cn?b?QlhkanZjK0xXMElwcU93VDg5RkFRcDg4RzM4dzdSaGxSbE9aZ0MvK0kwZnFod0VX?= =?eucgb2312_cn?b?Z2pVNjN1eWJ6Qit0djFIb09ldzNxc01STWNZRG1FdHNpMnZDa0JxV1AvOWsreWtJ?= =?eucgb2312_cn?b?YTgyeStoRDhJdGFvSHljKzlxSGhPND0=?= x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2632.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 09175cfa-bc7e-40c7-8470-08d8b135767b X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jan 2021 04:50:45.1464 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: cjHYOU7o8UJVAbBy4NTcUu+kRtTHATcqfqKIOtwAkylBD45LPjyLHZ1bxYr7LzvFRLV3HDC7fNqZeispm+pPDa8xIlxgbU0PNJuydkE+ApM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3719 Precedence: bulk List-ID: X-Mailing-List: linux-usb@vger.kernel.org --- a/drivers/usb/class/cdc-wdm.c +++ b/drivers/usb/class/cdc-wdm.c @@ -106,6 +106,7 @@ struct wdm_device { struct list_head device_list; int (*manage_power)(struct usb_interface *, int); + struct usb_device *usb_dev; }; static struct usb_driver wdm_driver; @@ -338,6 +339,7 @@ static void free_urbs(struct wdm_device *desc) static void cleanup(struct wdm_device *desc) { + usb_put_dev(desc->usb_dev); kfree(desc->sbuf); kfree(desc->inbuf); kfree(desc->orq); @@ -855,6 +857,7 @@ static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descripto r desc->intf = intf; INIT_WORK(&desc->rxwork, wdm_rxwork); INIT_WORK(&desc->service_outs_intr, service_interrupt_work); + desc->usb_dev = usb_get_dev(interface_to_usbdev(intf)); rv = -EINVAL;