Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4754050imu; Tue, 8 Jan 2019 05:51:48 -0800 (PST) X-Google-Smtp-Source: ALg8bN6H1uTNuaB5f5S61gGmdt4A2py8cBc1skBL1+gmQDMpG5Hh52sP4rX/fjJlzq5pPTd3mTcJ X-Received: by 2002:a63:3e05:: with SMTP id l5mr1507252pga.96.1546955507994; Tue, 08 Jan 2019 05:51:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546955507; cv=none; d=google.com; s=arc-20160816; b=CgDqTkvl7iCtV9bD3peA66uY17YAgnNJ+PC7Irbh4kyMDUuQ9A+LD+BSltKN8F9Xqt kU5ajJrby1aTUIhZJRlG8Ei6jq+Y0ETni9TgH2LUj5uhOlS5hI2IUNpltUP+3ulWTk+j M2jBar45oDLC7eu9GugY4mQzenCEeglBbmEdRkCLJZlm+qFcE88Da5vsnXJ66MljzosS vzF/POSqbcTPF7AEGj7P1kQXhmuhoS3hMcSlXRHkuNjWFM7eIijuF+Kv5rzbrPrZV73J STelH+P+2lLNLqWLLIajn70Sd/xQ4+9q8CIYuTHTlePDDkM0Bw358ZD4Sa3LxSedgP0Y 0MpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=dBijBceKNGFscQASNpa3BGbh6WTziv3pFxCS1ifCO3M=; b=k9qCBM048qSQnConyNPZuMOrx1EFOtJgnNWwFF/t1uO7GMe/WefoeIi1zvZMR2rq4F fFOePfh9GY14+3Lo6spsWDJY7hQ3t7jZQBSDfI9Tg+lUhOuMasJpgPKMUTwDreWxtaYc SsgwsCAesatwyf+FNMZvwxbaRzQULhJZM9otSGimhxZLEHBP9ZKgqpdyDaU43xxjLN7E e9l9FMXEb/qA2ybv0RnQprE9iSoGkqSWiW7FzYlpkhaYr1CsS7vVBy1bStpUhClU2FBL 9vyj4pT84QF8PCOG9AXAwXLh403oLrbvahPJxmHXHsUNmL2eRVX6Or5ypKwcWVbfrEjS hqcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Wd66UOWH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j28si27783406pgm.160.2019.01.08.05.51.32; Tue, 08 Jan 2019 05:51:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Wd66UOWH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728456AbfAHNuX (ORCPT + 99 others); Tue, 8 Jan 2019 08:50:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:41684 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728212AbfAHNuX (ORCPT ); Tue, 8 Jan 2019 08:50:23 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 51BDC206BB; Tue, 8 Jan 2019 13:50:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1546955422; bh=35yoXLMJlxhAzXFrmdpn9DDgAlLDniGkmEqLPnbN19c=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Wd66UOWHtuDEVFGJZGaOAWaLOywbwDe3GAdWc+GGHX/fdlnsYLJz0VdkWbPE5ET0f CGAKVu/KV34V8y+u2ol+hFn+EsIeocUVacTmKWAl/pAM+6E9AaFBgrHM8kRhZJJ9Ng bm1uPRFA25DMt60cLtRYDHP7cXp0Dyzvdt8wsYG4= Date: Tue, 8 Jan 2019 14:50:20 +0100 From: Greg KH To: Kyungtae Kim Cc: w.d.hubbs@gmail.com, chris@the-brannons.com, kirk@reisers.ca, samuel.thibault@ens-lyon.org, Byoungyoung Lee , DaeRyong Jeong , speakup@linux-speakup.org, devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, syzkaller@googlegroups.com Subject: Re: general protection fault in spk_ttyio_ldisc_close Message-ID: <20190108135020.GA10504@kroah.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.1 (2018-12-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 08, 2019 at 08:37:37AM -0500, Kyungtae Kim wrote: > We report a bug in linux-4.20: "general protection fault in > spk_ttyio_ldisc_close" > > kernel config: https://kt0755.github.io/etc/config_v4.20_stable > repro: https://kt0755.github.io/etc/repro.a670e.c > > This occurs when the function kfree is about to execute > (driver/staging/speakup/spk_ttyio.c:68). > Particularly, kfree takes the argument like speakup_tty->disc_data. > But speakup_tty is invalid, so the pointer dereference causes GPF. > At a glance, it seems that speakup_tty was deallocated somewhere ahead of kfree. How did you trigger this? Did you shut down and close the device already somehow? Do you have a real tty device that is driven by the device? thanks, greg k-h