On Fri, 9 Dec 2016, Andrey Konovalov wrote: > On Wed, Dec 7, 2016 at 8:15 PM, Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote: > > On Wed, 7 Dec 2016, Andrey Konovalov wrote: > > > >> > And in any case, is there any way you can post the series of system > >> > calls that syzkaller makes so we can tell what went wrong? > >> > >> I've attached a reproducer for a use-after-free in gadgetfs_setup(). > >> You need to enable KASAN to see the reports. > > > > Okay, that helps. I see the problem: dev->hs_config ends up containing > > a stale pointer in dev_config(). The patch below ought to fix that; > > please verify that it really does. > > Hi Alan, > > Have been fuzzing with your patch, haven't seen any more reports. > > Thanks! Okay, good. I'll submit the two patches. Can you also provide reproducers for the "GPF in usb_gadget_unregister_driver" and the "warning in dummy_free_request" tests? Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
