[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <e04eabb6-fa5f-9eb2-c2a6-812f6a310bc0@outbound.gmail.com>
Date: Tue, 13 Aug 2024 09:15:23 +0300
From: Eli Billauer <eli.billauer@...il.com>
To: Sabyrzhan Tasbolatov <snovitoll@...il.com>, arnd@...db.de,
gregkh@...uxfoundation.org
Cc: linux-kernel@...r.kernel.org,
syzbot+e528c9aad0fb5383ec83@...kaller.appspotmail.com
Subject: Re: [PATCH] drivers/xillybus: fix deadlock upon cleanup_dev
Hello,
I should have sent a response to this syzbot alert, indicating that
there is already ongoing work to fix this issue:
https://lore.kernel.org/lkml/20240801121126.60183-1-eli.billauer@gmail.com/
My apologies for not doing that.
On 13/08/2024 7:04, Sabyrzhan Tasbolatov wrote:
> syzbot found an issue [1] when cleanup_dev() is called twice,
> causing deadlock.
How is cleanup_dev() called twice? I only see it once in the stack trace.
It is called in xillyusb_probe()
> in the end of wakeup_all():
>
> INIT_WORK(&xdev->wakeup_workitem, wakeup_all);
INIT_WORK merely initializes the work item, it doesn't cause its execution.
> @@ -2174,7 +2175,6 @@ static int xillyusb_probe(struct usb_interface *interface,
>
> fail:
> usb_set_intfdata(interface, NULL);
> - kref_put(&xdev->kref, cleanup_dev);
> return rc;
> }
>
This edit causes a memory leak, because the reference count needs to be
decremented in other failure scenarios.
Thanks,
Eli
Powered by blists - more mailing lists