On Fri, 24 Apr 2020, syzbot wrote: > Hello, > > syzbot has tested the proposed patch and the reproducer did not trigger crash: Let's try a slightly different fix. This feels a little better; it reflects the fact that ep0 always exists, even when a device is unconfigured. Also, it's a smaller change. Alan Stern #syz test: https://github.com/google/kasan.git 0fa84af8 Index: usb-devel/drivers/usb/core/message.c =================================================================== --- usb-devel.orig/drivers/usb/core/message.c +++ usb-devel/drivers/usb/core/message.c @@ -1143,11 +1143,11 @@ void usb_disable_endpoint(struct usb_dev if (usb_endpoint_out(epaddr)) { ep = dev->ep_out[epnum]; - if (reset_hardware) + if (reset_hardware && epnum != 0) dev->ep_out[epnum] = NULL; } else { ep = dev->ep_in[epnum]; - if (reset_hardware) + if (reset_hardware && epnum != 0) dev->ep_in[epnum] = NULL; } if (ep) {
