Re: WARNING in usbhid_raw_request/usb_submit

linux-input.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: WARNING in usbhid_raw_request/usb_submit_urb
       [not found] ` <20190813042649.888-1-hdanton@sina.com>
@ 2019-08-13  8:14   ` Oliver Neukum
  0 siblings, 0 replies; only message in thread
From: Oliver Neukum @ 2019-08-13  8:14 UTC (permalink / raw)
  To: Hillf Danton, syzbot
  Cc: gustavo, Jiri Slaby, andreyknvl, syzkaller-bugs, gregkh, stern,
	Jiri Kosina, linux-input, linux-kernel, linux-usb

Am Dienstag, den 13.08.2019, 12:26 +0800 schrieb Hillf Danton:
> [respin with the mess in Cc list cleaned up]

> Followup of commit e3e14de50dff ("HID: fix start/stop cycle in usbhid driver")
> 
> --- a/drivers/hid/usbhid/hid-core.c
> +++ b/drivers/hid/usbhid/hid-core.c
> @@ -1214,6 +1214,8 @@ static void usbhid_stop(struct hid_devic
>  
>  	hid->claimed = 0;
>  
> +	if (!usbhid->urbin) /* freeing buffers only once */
> +		return;
>  	usb_free_urb(usbhid->urbin);
>  	usb_free_urb(usbhid->urbctrl);
>  	usb_free_urb(usbhid->urbout);

This looks rather suspicious. Why is stop() called multiple times?
Do we have a refcounting issue? If not, what controls locking?

	Regards
		Oliver

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2019-08-13  8:14 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <CAAeHK+z-uCr-bWu9uVDynU2S=wCrtxRbuA-Cut=h5zYuYcS-Cw@mail.gmail.com>
     [not found] ` <20190813042649.888-1-hdanton@sina.com>
2019-08-13  8:14   ` WARNING in usbhid_raw_request/usb_submit_urb Oliver Neukum

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).