>> The following kernel panic happens due to the io_data buffer gets
>> deallocated before the async io is completed. Add a check for the case
>> where io_data buffer should be deallocated by ffs_user_copy_worker.
>>
>> [ 41.663334] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
>>
>> Fixes: 772a7a724f6 ("usb: gadget: f_fs: Allow scatter-gather buffers")
>> Signed-off-by: Fei Yang <fei.yang@xxxxxxxxx>
>> Reviewed-by: Manu Gautam <mgautam@xxxxxxxxxxxxxx>
>> Tested-by: John Stultz <john.stultz@xxxxxxxxxx>
>> ---
>> v2: add tag: "Fixes: 772a7a724f6 ......", Reviewed-by and Tested-by.
>> v3: check data for NULL instead of "ret == -EIOCBQUEUED", which would be safer
>> and keep the original logic intact.
>
> If it "fixes" a problem in 5.0, we should add a:
> Cc: stable <stable@xxxxxxxxxxxxxxx>
> to it as well.
Sent [PATCH v4] with Cc: stable
> thanks,
>
> greg k-h
