From 39045d90bd43fffe5e2e88e8166237ae5f447f53 Mon Sep 17 00:00:00 2001
From: jdolecek <jdolecek@NetBSD.org>
Date: Sun, 31 May 2020 18:20:23 +0000
Subject: [PATCH] also set ifc->ui_endpoints to NULL in usbd_free_iface_data()
 when the value is freed, to make it impossible to re-enter this by mistake

very likely has no effect for the syzbot problem, but good to do nevetheless

Reported-by: syzbot+c555801d6bc0d768f402@syzkaller.appspotmail.com
---
 sys/dev/usb/usb_subr.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sys/dev/usb/usb_subr.c b/sys/dev/usb/usb_subr.c
index 63842ec9b608..680cf146f528 100644
--- a/sys/dev/usb/usb_subr.c
+++ b/sys/dev/usb/usb_subr.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: usb_subr.c,v 1.245 2020/05/31 17:52:58 maxv Exp $	*/
+/*	$NetBSD: usb_subr.c,v 1.246 2020/05/31 18:20:23 jdolecek Exp $	*/
 /*	$FreeBSD: src/sys/dev/usb/usb_subr.c,v 1.18 1999/11/17 22:33:47 n_hibma Exp $	*/
 
 /*
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: usb_subr.c,v 1.245 2020/05/31 17:52:58 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: usb_subr.c,v 1.246 2020/05/31 18:20:23 jdolecek Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_compat_netbsd.h"
@@ -507,6 +507,7 @@ usbd_free_iface_data(struct usbd_device *dev, int ifcno)
 		int nendpt = ifc->ui_idesc->bNumEndpoints;
 		size_t sz = nendpt * sizeof(struct usbd_endpoint);
 		kmem_free(ifc->ui_endpoints, sz);
+		ifc->ui_endpoints = NULL;
 	}
 }