Re: general protection fault in __dev_printk

From: Alan Stern
Date: Mon Apr 22 2019 - 12:07:26 EST


On Mon, 22 Apr 2019, syzbot wrote:

> Hello,
>
> syzbot tried to test the proposed patch but build/boot failed:

Typo in the patch (missing comma). Let's try again.

Alan Stern


#syz test: https://github.com/google/kasan.git usb-fuzzer

--- a/drivers/usb/misc/yurex.c
+++ b/drivers/usb/misc/yurex.c
@@ -178,6 +178,10 @@ static void yurex_interrupt(struct urb *
}

exit:
+ if (!usb_get_intfdata(dev->interface)) {
+ dev_info(&dev->interface->dev, "%s unbound\n", __func__);
+ return;
+ }
retval = usb_submit_urb(dev->urb, GFP_ATOMIC);
if (retval) {
dev_err(&dev->interface->dev, "%s - usb_submit_urb failed: %d\n",
@@ -309,11 +313,15 @@ static void yurex_disconnect(struct usb_

dev = usb_get_intfdata(interface);
usb_set_intfdata(interface, NULL);
+ dev_info(&interface->dev, "%s\n", __func__);

/* give back our minor */
usb_deregister_dev(interface, &yurex_class);

/* prevent more I/O from starting */
+ dev_info(&interface->dev, "Before poison\n");
+ usb_poison_urb(dev->urb);
+ dev_info(&interface->dev, "After poison\n");
mutex_lock(&dev->io_mutex);
dev->interface = NULL;
mutex_unlock(&dev->io_mutex);