Re: [syzbot] [sound?] [usb?] general protection fault in snd_usbmidi_do_output

Next message: Ywe C&#xE6;rlyn: "Bit-Lut Icon + (was Unification in Bitstreams OS, Fair Pay Philosophy, Low Jitter)"
Previous message: Takashi Iwai: "Re: [syzbot] [sound?] [usb?] general protection fault in snd_usbmidi_do_output"
In reply to: syzbot: "Re: [syzbot] [sound?] [usb?] general protection fault in snd_usbmidi_do_output"
Next in thread: syzbot: "Re: [syzbot] [sound?] [usb?] general protection fault in snd_usbmidi_do_output"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Takashi Iwai

Date: Sat Sep 27 2025 - 07:53:41 EST

On Sat, 27 Sep 2025 12:55:01 +0200,
syzbot wrote:
>
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> KASAN: slab-use-after-free Read in snd_usbmidi_in_urb_complete

Another try.

#syz test upstream master

--- a/sound/usb/midi.c
+++ b/sound/usb/midi.c
@@ -1522,6 +1522,9 @@ static void snd_usbmidi_free(struct snd_usb_midi *umidi)
{
int i;

+ if (!umidi->disconnected)
+ snd_usbmidi_disconnect(&umidi->list);
+
for (i = 0; i < MIDI_MAX_ENDPOINTS; ++i) {
struct snd_usb_midi_endpoint *ep = &umidi->endpoints[i];
if (ep->out)