[RFC PATCH RESEND] timerqueue: Complete rb_node initialization within timerqueue_init
From: I Hsin Cheng
Date: Sat Apr 05 2025 - 04:05:47 EST
The children of "node" within "struct timerqueue_node" may be uninit
status after the initialization. Initialize them as NULL under
timerqueue_init to prevent the problem.
However, syzbot doesn't have any corresponding reproducer yet, please
let me know if it makes sense or not, or any test can help to further
validate it, thanks!
Fixes: '1f5a24794a545 ("timers: Rename timerlist infrastructure to
timerqueue")'
Reported-by: syzbot+d5e61dcfda08821a226d@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: I Hsin Cheng <richard120310@xxxxxxxxx>
---
include/linux/timerqueue.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/timerqueue.h b/include/linux/timerqueue.h
index d306d9dd2207..a42fdc83f694 100644
--- a/include/linux/timerqueue.h
+++ b/include/linux/timerqueue.h
@@ -30,6 +30,8 @@ struct timerqueue_node *timerqueue_getnext(struct timerqueue_head *head)
static inline void timerqueue_init(struct timerqueue_node *node)
{
RB_CLEAR_NODE(&node->node);
+ node->node.rb_right = NULL;
+ node->node.rb_left = NULL;
}
static inline bool timerqueue_node_queued(struct timerqueue_node *node)
--
2.43.0