Re: WARNING: ODEBUG bug in input_ff_destroy
From: Oliver Neukum
Date: Thu Nov 14 2019 - 05:08:47 EST
Am Mittwoch, den 13.11.2019, 04:35 -0800 schrieb syzbot:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: 3183c037 usb: gadget: add raw-gadget interface
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=17cf5e72e00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=79de80330003b5f7
> dashboard link: https://syzkaller.appspot.com/bug?extid=b6c55daa701fc389e286
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10b4e53ae00000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1173fe72e00000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+b6c55daa701fc389e286@xxxxxxxxxxxxxxxxxxxxxxxxx
#syz test: https://github.com/google/kasan.git 3183c037
asix: fix information leak on short answersFrom b72ba3305d1e0405bfff5b6fc936d3769cd46c42 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@xxxxxxxx>
Date: Thu, 14 Nov 2019 11:03:45 +0100
Subject: [PATCH] ff-memless: kill timer in destroy()
No timer must be left running when the device goes away.
Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx>
---
drivers/input/ff-memless.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/input/ff-memless.c b/drivers/input/ff-memless.c
index 1cb40c7475af..e72543d831cd 100644
--- a/drivers/input/ff-memless.c
+++ b/drivers/input/ff-memless.c
@@ -489,6 +489,7 @@ static void ml_ff_destroy(struct ff_device *ff)
{
struct ml_device *ml = ff->private;
+ del_timer_sync(&ml->timer);
kfree(ml->private);
}
--
2.16.4