Re: KASAN: use-after-free Read in usb_kill_urb

[Alan Stern]

On Fri, 9 Aug 2019, Prashant Malani wrote:

> Hi,
> 
> I'm trying to get up to speed on USB kernel code. Sounds like
> dev->intf should have been set to NULL for the error path in
> ld_usb_probe() ?

Why should it?

After all, dev gets deallocated at the end of ld_usb_probe(), where 
ld_usb_delete() is called.  Who cares what value is stored in 
deallocated memory?

Alan Stern