From: Kalle Valo <kvalo@codeaurora.org>
To: Lorenzo Bianconi <lorenzo@kernel.org>
Cc: linux-wireless@vger.kernel.org, lorenzo.bianconi@redhat.com,
kuba@kernel.org, matthias_berndt@gmx.de, mozlima@gmail.com
Subject: Re: [wireless-drivers] mt7601u: fix kernel crash unplugging the device
Date: Mon, 25 Jan 2021 14:03:13 +0000 (UTC) [thread overview]
Message-ID: <20210125140313.10BECC43461@smtp.codeaurora.org> (raw)
In-Reply-To: <3b85219f669a63a8ced1f43686de05915a580489.1610919247.git.lorenzo@kernel.org>
Lorenzo Bianconi <lorenzo@kernel.org> wrote:
> The following crash log can occur unplugging the usb dongle since,
> after the urb poison in mt7601u_free_tx_queue(), usb_submit_urb() will
> always fail resulting in a skb kfree while the skb has been already
> queued.
>
> Fix the issue enqueuing the skb only if usb_submit_urb() succeed.
>
> Hardware name: Hewlett-Packard 500-539ng/2B2C, BIOS 80.06 04/01/2015
> Workqueue: usb_hub_wq hub_event
> RIP: 0010:skb_trim+0x2c/0x30
> RSP: 0000:ffffb4c88005bba8 EFLAGS: 00010206
> RAX: 000000004ad483ee RBX: ffff9a236625dee0 RCX: 000000000000662f
> RDX: 000000000000000c RSI: 0000000000000000 RDI: ffff9a2343179300
> RBP: ffff9a2343179300 R08: 0000000000000001 R09: 0000000000000000
> R10: ffff9a23748f7840 R11: 0000000000000001 R12: ffff9a236625e4d4
> R13: ffff9a236625dee0 R14: 0000000000001080 R15: 0000000000000008
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007fd410a34ef8 CR3: 00000001416ee001 CR4: 00000000001706f0
> Call Trace:
> mt7601u_tx_status+0x3e/0xa0 [mt7601u]
> mt7601u_dma_cleanup+0xca/0x110 [mt7601u]
> mt7601u_cleanup+0x22/0x30 [mt7601u]
> mt7601u_disconnect+0x22/0x60 [mt7601u]
> usb_unbind_interface+0x8a/0x270
> ? kernfs_find_ns+0x35/0xd0
> __device_release_driver+0x17a/0x230
> device_release_driver+0x24/0x30
> bus_remove_device+0xdb/0x140
> device_del+0x18b/0x430
> ? kobject_put+0x98/0x1d0
> usb_disable_device+0xc6/0x1f0
> usb_disconnect.cold+0x7e/0x20a
> hub_event+0xbf3/0x1870
> process_one_work+0x1b6/0x350
> worker_thread+0x53/0x3e0
> ? process_one_work+0x350/0x350
> kthread+0x11b/0x140
> ? __kthread_bind_mask+0x60/0x60
> ret_from_fork+0x22/0x30
>
> Fixes: 23377c200b2eb ("mt7601u: fix possible memory leak when the device is disconnected")
> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
> Acked-by: Jakub Kicinski <kubakici@wp.pl>
Patch applied to wireless-drivers.git, thanks.
0acb20a5438c mt7601u: fix kernel crash unplugging the device
--
https://patchwork.kernel.org/project/linux-wireless/patch/3b85219f669a63a8ced1f43686de05915a580489.1610919247.git.lorenzo@kernel.org/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
prev parent reply other threads:[~2021-01-26 2:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-17 21:46 [PATCH wireless-drivers] mt7601u: fix kernel crash unplugging the device Lorenzo Bianconi
2021-01-18 16:54 ` Jakub Kicinski
2021-01-18 23:30 ` Lorenzo Bianconi
2021-01-19 7:59 ` Kalle Valo
2021-01-25 14:03 ` Kalle Valo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210125140313.10BECC43461@smtp.codeaurora.org \
--to=kvalo@codeaurora.org \
--cc=kuba@kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=lorenzo.bianconi@redhat.com \
--cc=lorenzo@kernel.org \
--cc=matthias_berndt@gmx.de \
--cc=mozlima@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.