Received: by 2002:a05:7412:1e0b:b0:fc:a2b0:25d7 with SMTP id kr11csp805868rdb;
        Thu, 15 Feb 2024 16:43:47 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCV+WQBrcC8YEPYny5ar/lPM6BHkyHnRzf+0BjPi794kRtXmk3vTpWzs+yeKZt2rB2xHZRfMqnkIzxe8jDNtMGl/YjINIXt+/Au7iAx/QA==
X-Google-Smtp-Source: AGHT+IG5Y1lq5jpD2lpIRimPSBQKyeWF/gJytdyrrxtuSP6BIACisQaU1tV+dv4rnfIgHTGchCfx
X-Received: by 2002:a05:6a20:2ca9:b0:19e:4a98:ba84 with SMTP id g41-20020a056a202ca900b0019e4a98ba84mr2683628pzj.22.1708044227438;
        Thu, 15 Feb 2024 16:43:47 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708044227; cv=pass;
        d=google.com; s=arc-20160816;
        b=WPkT3dmsPb6TXXcivHmI2GDsK5IyNlI3SqtS8wDiHDk1G4+pEHqKcQ8RVUdsRvboEO
         iCZgNa/yQRzNBhMjzMnFVQi5uPgs+xEtUFfecBhr4rYMz/UX/rz347F6wBWX0HAvw/Cj
         F88gIbrrSYxgKNIXXeDzvZDgcd/mh12XM7ZHjnNt9938OSB8qGJQ+lkAwDirQVafORZP
         pfdZ9EwXkZQ8mOxHEUFk1lVvEwLUuEms3vR7cuiP/6cjk12tNCITqNOVFKjEqH/hrFBL
         EhUNgBN8ozswqUbqgRwKtYGLPL8zDLae8i8kGBe7S8/xrzxfziork4CAmxKwYjrLTj+G
         ED5A==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=OtJl4aniynuNCYoCS/MoneLTIS9BZrRo8W3pzsWnFI8=;
        fh=mP/NHC7I7vr0CMUQAsixDqgaUm3Svf0K/M+2FfgquF0=;
        b=sXD3VdWZed9DE7CyFQ5HEGC48UpKWdoco8662GTm5QnJhI2nZjBhV1ub2S0hzM0t5x
         zxtXPNpQ4TM1+P9pMl76yAucVT3OFQW/Cc2e/BOrVBcetGnoNsHug4o/WaO8mo1aTtOK
         VZEGM67dFBOV2HrFPbC5K61lEdZ/yfmuktwUltEAOl0TEyLohXsaUwx6/zJM5d3CLFPC
         kgk7jDFC7byYgL5OmeXAebsRzh9rPSkfZqqmg8xX+UhZYnCOREVzWwG3/82r/PKKLrXz
         wSaVDmJ56H8BPcB/HoepV/wrJTVpTCX5IvV+YUa7KWpQayU2VGQ8055niiNEmUvbP4WS
         e4ZA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=sina.com);
       spf=pass (google.com: domain of linux-kernel+bounces-67901-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-67901-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-67901-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id s187-20020a635ec4000000b005cecb6a1027si1973636pgb.702.2024.02.15.16.43.47
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Feb 2024 16:43:47 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-67901-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=sina.com);
       spf=pass (google.com: domain of linux-kernel+bounces-67901-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-67901-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id EC7C9B21FC2
	for <linux.lists.archive@gmail.com>; Fri, 16 Feb 2024 00:43:26 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id D04A4610B;
	Fri, 16 Feb 2024 00:43:16 +0000 (UTC)
Received: from r3-18.sinamail.sina.com.cn (r3-18.sinamail.sina.com.cn [202.108.3.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 65DA93FC2
	for <linux-kernel@vger.kernel.org>; Fri, 16 Feb 2024 00:43:10 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.108.3.18
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708044196; cv=none; b=C47KMnuJEkbbsTLJsuifF3MsEytQSBaV9uUakgG4CdnH56YvmgrkHI22E6ZZ8IGMEdRFSstTd+Bk2IidKEiDHgEUoL/gNHEMF/afrZd0Iv7PxYRhik5GbPRSHPBYq4HGMJ2I3ZEp1GCedMBoRQDweE0UkHKVuAYYDfpkrqwer8o=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708044196; c=relaxed/simple;
	bh=wSbxXqIKJT7TaCDvgURgoe+5TOEp8hHL2YDsmXjPoDI=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=Hht0hbfiCY4uMeyB7QyrWDICyTkWKOdhtEurakVoNV1xvJlcrKkC1lTQxNLbGEHIaufQOc5tr3Hfe9My6dXXYsoXg/SQ0qrIQCknf7lOjY6TasIPUUjRA0rxhjsxzRggQbEizns4Do+ZGjKP1esM9VvONlDhonDi5H6phUUvFhQ=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com; spf=pass smtp.mailfrom=sina.com; arc=none smtp.client-ip=202.108.3.18
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sina.com
X-SMAIL-HELO: localhost.localdomain
Received: from unknown (HELO localhost.localdomain)([114.249.59.61])
	by sina.com (10.182.253.24) with ESMTP
	id 65CEAF94000064BC; Fri, 16 Feb 2024 08:43:02 +0800 (CST)
X-Sender: hdanton@sina.com
X-Auth-ID: hdanton@sina.com
Authentication-Results: sina.com;
	 spf=none smtp.mailfrom=hdanton@sina.com;
	 dkim=none header.i=none;
	 dmarc=none action=none header.from=hdanton@sina.com
X-SMAIL-MID: 7824531048585
X-SMAIL-UIID: A00B892547194C9EA311F605BD03F386-20240216-084302-1
From: Hillf Danton <hdanton@sina.com>
To: syzbot <syzbot+ce750e124675d4599449@syzkaller.appspotmail.com>
Cc: linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [pvrusb2?] KASAN: slab-use-after-free Read in pvr2_context_set_notify (2)
Date: Fri, 16 Feb 2024 08:42:48 +0800
Message-ID: <20240216004250.1196-1-hdanton@sina.com>
In-Reply-To: <00000000000028b68806103b4266@google.com>
References: 
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

On Wed, 31 Jan 2024 02:22:39 -0800
> HEAD commit:    f1a27f081c1f usb: typec: qcom-pmic-typec: allow different ..
> git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1429ed40180000

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git  master

--- x/drivers/media/usb/pvrusb2/pvrusb2-context.c
+++ y/drivers/media/usb/pvrusb2/pvrusb2-context.c
@@ -267,9 +267,9 @@ static void pvr2_context_exit(struct pvr
 void pvr2_context_disconnect(struct pvr2_context *mp)
 {
 	pvr2_hdw_disconnect(mp->hdw);
-	mp->disconnect_flag = !0;
 	if (!pvr2_context_shutok())
 		pvr2_context_notify(mp);
+	pvr2_context_destroy(mp);
 }
 
 
--