Re: [syzbot] Re: [syzbot] [wpan?] [usb?] BUG: corrupted list in ieee802154_if_remove

From: syzbot
Date: Tue Nov 12 2024 - 07:36:10 EST

Next message: Jan Kara: "Re: [syzbot] [fs?] WARNING in fanotify_handle_event (2)"
Previous message: Karol P: "Re: [PATCH] mfd: omap-usb-tll: handle clk_prepare return code in usbtll_omap_probe"
In reply to: syzbot: "Re: [syzbot] Re: [syzbot] [wpan?] [usb?] BUG: corrupted list in ieee802154_if_remove"
Next in thread: syzbot: "Re: [syzbot] Re: [syzbot] [wpan?] [usb?] BUG: corrupted list in ieee802154_if_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.

***

Subject: Re: [syzbot] [wpan?] [usb?] BUG: corrupted list in ieee802154_if_remove
Author: lizhi.xu@xxxxxxxxxxxxx

net device has been unregistered, since the rcu grace period it must be run before ieee802154_if_remove

#syz test

diff --git a/net/mac802154/iface.c b/net/mac802154/iface.c
index c0e2da5072be..6f24f1760969 100644
--- a/net/mac802154/iface.c
+++ b/net/mac802154/iface.c
@@ -684,7 +684,8 @@ void ieee802154_if_remove(struct ieee802154_sub_if_data *sdata)
ASSERT_RTNL();

mutex_lock(&sdata->local->iflist_mtx);
- list_del_rcu(&sdata->list);
+ if (!list_empty(&sdata->local->interfaces))
+ list_del_rcu(&sdata->list);
mutex_unlock(&sdata->local->iflist_mtx);

synchronize_rcu();

Next message: Jan Kara: "Re: [syzbot] [fs?] WARNING in fanotify_handle_event (2)"
Previous message: Karol P: "Re: [PATCH] mfd: omap-usb-tll: handle clk_prepare return code in usbtll_omap_probe"
In reply to: syzbot: "Re: [syzbot] Re: [syzbot] [wpan?] [usb?] BUG: corrupted list in ieee802154_if_remove"
Next in thread: syzbot: "Re: [syzbot] Re: [syzbot] [wpan?] [usb?] BUG: corrupted list in ieee802154_if_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]