Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp380716ybi; Thu, 13 Jun 2019 18:19:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqw4KCHZZTpkSXGe6B2OQvXmuVGtjmSVsbosV0/HKjdazzN4kFVXVaBAAvcTLuVMPt5ocqJj X-Received: by 2002:a62:5214:: with SMTP id g20mr42022401pfb.187.1560475199762; Thu, 13 Jun 2019 18:19:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560475199; cv=none; d=google.com; s=arc-20160816; b=EiRQAXym+UrTO7/rYElgU8nwQxThON/NQj9HxhO9t7vPVpaT9yzIlyZZIydmuCGLUM dGYHI05tNuV4KI7KKdkmrkxfNme4b0sEspTbJASSmQ5ef1PMpuAcaRusJXA0Lxxh0B5i Bxti46i6lhc+kv4NDa1BbExx9+YLZysafV/PSJcjhr4aVlInUhKyysAgg/374vLgt4in Fm4QU3hHcROViaqGc2YSGRU+ljOC6ZPCe3LobY6wegfniUNSTyBc0i9+JSLqssOQDf9d /ccJZhVLGVhb1gZCLJG1Dd2twb41KN7GVZGMaZFZpDF3cFQ26170NLr5rqD1HGGJq5Cv cujA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=vZViEBYZeL/z5EPk8qxP1sfyjHKjqDUy0obWXo7P9+g=; b=d3Nda+L/1ECITywZVWcycqEDiJM9D1RskTyXXJOeYmYCGjPpD5uOn0AcCF8TpEizOk C1mf8mxOBPfXvIHQGFDJy+4cWDCyjus2Tjvrg5OvkckXcrRoy6ZRA0rt4EguQnBgqchP 3/IrMvGxHUELYpr+Bivn/3TrosdJtP60OatqzgjekXlOZ2Mgxr4I7JUCpfGhuFj7NaYD m0ug3S5CqZN0SBbIvNvesfIMO+Gr13vbToqMfiXXrbL1vfXM6IkvzN6f0G0vypFZ617S J2C7Gzjw4pf06jzKUXnP+UGjj9jxMtot3RZQ1BtWn9302tgEDaXoI+MTmkRsXpzzSS0P T/RQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=W73u1rm7; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e8si858064plb.420.2019.06.13.18.19.27; Thu, 13 Jun 2019 18:19:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=W73u1rm7; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726370AbfFNBQz (ORCPT + 99 others); Thu, 13 Jun 2019 21:16:55 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:33717 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725616AbfFNBQz (ORCPT ); Thu, 13 Jun 2019 21:16:55 -0400 Received: by mail-pf1-f196.google.com with SMTP id x15so348612pfq.0 for ; Thu, 13 Jun 2019 18:16:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=vZViEBYZeL/z5EPk8qxP1sfyjHKjqDUy0obWXo7P9+g=; b=W73u1rm7pEPUZ0dWGqzBGbZRpb62vvQkquRyfx5YrGwT1851/HQV3tRqiHxzHCiILU Sunl4+rtfrmOtmkRHvqvxgnoydNDK+4Kfn6PMhG1eWe42Lt5mJ30K2HGH8ecJZPtFVUU M7kAUOnqYgcRSOZxDFRx9OG9bwNXJ0gWELOeY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=vZViEBYZeL/z5EPk8qxP1sfyjHKjqDUy0obWXo7P9+g=; b=jSLPA/mtn1jAOfvGpei9t8MMgDjhC82DmJzkuf1G/ht5uaZG57gx9LMMMM1W6zYbkA XxQq3mQlE6VZglnuC+g0gPSlU4yiZVHMS3xoEd3iXdYGyOX+SMvhBoxfBtpodkRuLZUS pYBsDkqlweobRSccxjs9AjRNuKo3q1V9iv1wWlMMBxkBNEB/FnJT6zRKJCOxSg+ip/OM /DZd7+q2o0fjXbMVEWwhlyJSscurKyQLSDqU6bi3AO2FQrVjOUL58ZAyVO2DAmJc4PJX 9d2+BbfE9olE2XibvC7/dCDU1Wj2EXvS20TCc6OGrtRFnKeF0UnTpXRm8Ye0IDD0kFoQ 1E8w== X-Gm-Message-State: APjAAAVlGBg/DAqydt8ZpzYWeMj8mLlO8Jeu1Lok7MCihNS9n8X3GVDW QaW2zTuEd9M04Y1v9ODE2+3ByQ== X-Received: by 2002:a65:60c2:: with SMTP id r2mr32683960pgv.156.1560475014292; Thu, 13 Jun 2019 18:16:54 -0700 (PDT) Received: from google.com ([2620:15c:202:1:534:b7c0:a63c:460c]) by smtp.gmail.com with ESMTPSA id r4sm919657pjd.28.2019.06.13.18.16.52 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 13 Jun 2019 18:16:52 -0700 (PDT) Date: Thu, 13 Jun 2019 18:16:50 -0700 From: Brian Norris To: Ganapathi Bhat Cc: linux-wireless@vger.kernel.org, Cathy Luo , Zhiyuan Yang , James Cao , Rakesh Parmar , Dmitry Vyukov Subject: Re: [PATCH] mwifiex: avoid deleting uninitialized timer during USB cleanup Message-ID: <20190614011648.GA121099@google.com> References: <1560354873-17182-1-git-send-email-gbhat@marvell.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1560354873-17182-1-git-send-email-gbhat@marvell.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Hi Ganapathi, This looks kinda wrong, but I'm not totally sure, as I'm not very familiar with your USB driver. On Wed, Jun 12, 2019 at 09:24:33PM +0530, Ganapathi Bhat wrote: > Driver calls del_timer_sync(hold_timer), in unregister_dev(), but > there exists is a case when the timer is yet to be initialized. A > restructure of init and cleanup is needed to synchronize timer > creation and delee. Make use of init_if() / cleanup_if() handlers s/delee/delete/ > to get this done. > > Reported-by: syzbot+373e6719b49912399d21@syzkaller.appspotmail.com > Signed-off-by: Ganapathi Bhat > --- > drivers/net/wireless/marvell/mwifiex/usb.c | 32 +++++++++++++++++++++++------- > 1 file changed, 25 insertions(+), 7 deletions(-) > > diff --git a/drivers/net/wireless/marvell/mwifiex/usb.c b/drivers/net/wireless/marvell/mwifiex/usb.c > index c2365ee..939f1e9 100644 > --- a/drivers/net/wireless/marvell/mwifiex/usb.c > +++ b/drivers/net/wireless/marvell/mwifiex/usb.c > @@ -1348,6 +1348,8 @@ static void mwifiex_usb_cleanup_tx_aggr(struct mwifiex_adapter *adapter) > > for (idx = 0; idx < MWIFIEX_TX_DATA_PORT; idx++) { > port = &card->port[idx]; > + if (!port->tx_data_ep) > + continue; It's not clear to me what this is about. Are you sure you're not just cleaning stuff up in the wrong order? > if (adapter->bus_aggr.enable) > while ((skb_tmp = > skb_dequeue(&port->tx_aggr.aggr_list))) ... > @@ -1584,7 +1580,29 @@ static void mwifiex_usb_submit_rem_rx_urbs(struct mwifiex_adapter *adapter) > return 0; > } > > +static int mwifiex_init_usb(struct mwifiex_adapter *adapter) > +{ > + struct usb_card_rec *card = (struct usb_card_rec *)adapter->card; > + int ret = 0; > + > + if (card->usb_boot_state == USB8XXX_FW_DNLD) > + return 0; This looks wrong. You don't want to skip your basic initialization just because firmware isn't loaded yet. In fact, init_if() always gets called before FW init, so haven't you basically stubbed out this function most of the time? I guess the question is: is this step supposed to go before, or after firmware initilization? Based on that answer, we can make an appropriate patch. (The original code does this after FW initialization, and now you're only sort of moving it before.) > + > + ret = mwifiex_usb_rx_init(adapter); > + if (!ret) > + ret = mwifiex_usb_tx_init(adapter); > + > + return ret; > +} Brian