Linux driver of vt6656 from staging area causes system to freeze.

Philipp Hortmann philipp.g.hortmann at gmail.com
Wed Feb 2 19:41:11 EST 2022 

I managed to get a device vt6656 (USB WiFi adapter). The device works OK 
when the computer is started and driver loaded. When the WLAN is 
disabled the system freezes often.

I am using ubuntu 20.04 with kernel 5.17.0-rc1 x86_64
branch: staging-testing

After some tries I found out that it is a function in vnt_stop() 
main_usb.c with the following line that is causing this. 
usb_kill_urb(priv→interrupt_urb);
But this memory is after this line still in use.

Digging deeper I found that the usb_submit_urb() function (in usbpipe.c 
vnt_start_interrupt_urb_complete) is called after the usb_kill_urb() is 
executed.

So I tied the execution of the usb_submit_urb() to a flag called 
DEVICE_FLAGS_DISCONNECTED. After that no crashes were observed.

So here my questions:
- Is this the right place to fix?
- Do I need to log a bug report before a patch?

Here a patch proposal:
 From d403ed1a1c2483a3a8b44e96c12edbfa2a53d356 Mon Sep 17 00:00:00 2001
From: Philipp Hortmann <philipp.g.hortmann at gmail.com>
Date: Wed, 2 Feb 2022 20:15:04 +0100
Subject: [PATCH] staging: vt6656: Fix crash when WLAN is turned off
To: Forest Bond <forest at alittletooquiet.net>,Greg Kroah-Hartman 
<gregkh at linuxfoundation.org>,linux-staging at lists.linux.dev,linux-kernel at vger.kernel.org

Stop submitting urbs before calling usb_kill_urb() and usb_free_urb().

Signed-off-by: Philipp Hortmann <philipp.g.hortmann at gmail.com>
---
  drivers/staging/vt6656/usbpipe.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/vt6656/usbpipe.c 
b/drivers/staging/vt6656/usbpipe.c
index 7f45734390f6..d505b4b69ba4 100644
--- a/drivers/staging/vt6656/usbpipe.c
+++ b/drivers/staging/vt6656/usbpipe.c
@@ -230,7 +230,9 @@ static void vnt_start_interrupt_urb_complete(struct 
urb *urb)
  	else
  		vnt_int_process_data(priv);

-	status = usb_submit_urb(priv->interrupt_urb, GFP_ATOMIC);
+	if (!test_bit(DEVICE_FLAGS_DISCONNECTED, &priv->flags))
+		status = usb_submit_urb(priv->interrupt_urb, GFP_ATOMIC);
+
  	if (status)
  		dev_dbg(&priv->usb->dev, "Submit int URB failed %d\n", status);
  }
-- 
2.25.1

More information about the Kernelnewbies mailing list