--- /dev/null
+From d0f038104fa37380e2a725e669508e43d0c503e9 Mon Sep 17 00:00:00 2001
+From: Qu Wenruo <wqu@suse.com>
+Date: Tue, 10 Dec 2024 15:23:06 +1030
+Subject: btrfs: output the reason for open_ctree() failure
+
+From: Qu Wenruo <wqu@suse.com>
+
+commit d0f038104fa37380e2a725e669508e43d0c503e9 upstream.
+
+There is a recent ML report that mounting a large fs backed by hardware
+RAID56 controller (with one device missing) took too much time, and
+systemd seems to kill the mount attempt.
+
+In that case, the only error message is:
+
+ BTRFS error (device sdj): open_ctree failed
+
+There is no reason on why the failure happened, making it very hard to
+understand the reason.
+
+At least output the error number (in the particular case it should be
+-EINTR) to provide some clue.
+
+Link: https://lore.kernel.org/linux-btrfs/9b9c4d2810abcca2f9f76e32220ed9a90febb235.camel@scientia.org/
+Reported-by: Christoph Anton Mitterer <calestyo@scientia.org>
+Cc: stable@vger.kernel.org
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/super.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/btrfs/super.c
++++ b/fs/btrfs/super.c
+@@ -1340,7 +1340,7 @@ static int btrfs_fill_super(struct super
+
+ err = open_ctree(sb, fs_devices, (char *)data);
+ if (err) {
+- btrfs_err(fs_info, "open_ctree failed");
++ btrfs_err(fs_info, "open_ctree failed: %d", err);
+ return err;
+ }
+
--- /dev/null
+From c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac Mon Sep 17 00:00:00 2001
+From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+Date: Fri, 8 Nov 2024 01:51:30 +0200
+Subject: media: uvcvideo: Fix double free in error path
+
+From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+
+commit c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac upstream.
+
+If the uvc_status_init() function fails to allocate the int_urb, it will
+free the dev->status pointer but doesn't reset the pointer to NULL. This
+results in the kfree() call in uvc_status_cleanup() trying to
+double-free the memory. Fix it by resetting the dev->status pointer to
+NULL after freeing it.
+
+Fixes: a31a4055473b ("V4L/DVB:usbvideo:don't use part of buffer for USB transfer #4")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20241107235130.31372-1-laurent.pinchart@ideasonboard.com
+Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+Reviewed by: Ricardo Ribalda <ribalda@chromium.org>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/media/usb/uvc/uvc_status.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/media/usb/uvc/uvc_status.c
++++ b/drivers/media/usb/uvc/uvc_status.c
+@@ -269,6 +269,7 @@ int uvc_status_init(struct uvc_device *d
+ dev->int_urb = usb_alloc_urb(0, GFP_KERNEL);
+ if (dev->int_urb == NULL) {
+ kfree(dev->status);
++ dev->status = NULL;
+ return -ENOMEM;
+ }
+
usb-gadget-f_tcm-fix-get-setinterface-return-value.patch
usb-typec-tcpm-set-src_send_capabilities-timeout-to-pd_t_sender_response.patch
hid-core-fix-assumption-that-resolution-multipliers-must-be-in-logical-collections.patch
+media-uvcvideo-fix-double-free-in-error-path.patch
+usb-gadget-f_tcm-don-t-free-command-immediately.patch
+btrfs-output-the-reason-for-open_ctree-failure.patch
--- /dev/null
+From c225d006a31949d673e646d585d9569bc28feeb9 Mon Sep 17 00:00:00 2001
+From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
+Date: Wed, 11 Dec 2024 00:31:36 +0000
+Subject: usb: gadget: f_tcm: Don't free command immediately
+
+From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
+
+commit c225d006a31949d673e646d585d9569bc28feeb9 upstream.
+
+Don't prematurely free the command. Wait for the status completion of
+the sense status. It can be freed then. Otherwise we will double-free
+the command.
+
+Fixes: cff834c16d23 ("usb-gadget/tcm: Convert to TARGET_SCF_ACK_KREF I/O krefs")
+Cc: stable@vger.kernel.org
+Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
+Link: https://lore.kernel.org/r/ae919ac431f16275e05ec819bdffb3ac5f44cbe1.1733876548.git.Thinh.Nguyen@synopsys.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/gadget/function/f_tcm.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/drivers/usb/gadget/function/f_tcm.c
++++ b/drivers/usb/gadget/function/f_tcm.c
+@@ -1068,7 +1068,6 @@ static void usbg_cmd_work(struct work_st
+ out:
+ transport_send_check_condition_and_sense(se_cmd,
+ TCM_UNSUPPORTED_SCSI_OPCODE, 1);
+- transport_generic_free_cmd(&cmd->se_cmd, 0);
+ }
+
+ static struct usbg_cmd *usbg_get_cmd(struct f_uas *fu,
+@@ -1199,7 +1198,6 @@ static void bot_cmd_work(struct work_str
+ out:
+ transport_send_check_condition_and_sense(se_cmd,
+ TCM_UNSUPPORTED_SCSI_OPCODE, 1);
+- transport_generic_free_cmd(&cmd->se_cmd, 0);
+ }
+
+ static int bot_submit_command(struct f_uas *fu,
projects / thirdparty / kernel / stable-queue.git / commitdiff
