Re: [syzbot] Re: [syzbot] [wpan?] [usb?] BUG: corrupted list in ieee802154_if_remove

From: syzbot
Date: Tue Nov 12 2024 - 08:11:57 EST

Next message: Christian Brauner: "Re: [PATCH v3 0/2] fs: allow statmount to fetch the subtype and devname"
Previous message: Yi Liu: "Re: [PATCH v7 13/13] Documentation: userspace-api: iommufd: Update vIOMMU"
In reply to: syzbot: "Re: [syzbot] Re: [syzbot] [wpan?] [usb?] BUG: corrupted list in ieee802154_if_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.

***

Subject: Re: [syzbot] [wpan?] [usb?] BUG: corrupted list in ieee802154_if_remove
Author: lizhi.xu@xxxxxxxxxxxxx

net device has been unregistered, since the rcu grace period it must be run before ieee802154_if_remove

#syz test

diff --git a/net/mac802154/iface.c b/net/mac802154/iface.c
index c0e2da5072be..9e4631fade90 100644
--- a/net/mac802154/iface.c
+++ b/net/mac802154/iface.c
@@ -684,6 +684,10 @@ void ieee802154_if_remove(struct ieee802154_sub_if_data *sdata)
ASSERT_RTNL();

mutex_lock(&sdata->local->iflist_mtx);
+ if (list_empty(&sdata->local->interfaces)) {
+ mutex_unlock(&sdata->local->iflist_mtx);
+ return;
+ }
list_del_rcu(&sdata->list);
mutex_unlock(&sdata->local->iflist_mtx);

Next message: Christian Brauner: "Re: [PATCH v3 0/2] fs: allow statmount to fetch the subtype and devname"
Previous message: Yi Liu: "Re: [PATCH v7 13/13] Documentation: userspace-api: iommufd: Update vIOMMU"
In reply to: syzbot: "Re: [syzbot] Re: [syzbot] [wpan?] [usb?] BUG: corrupted list in ieee802154_if_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]