patch 46/47 causes NULL pointer deref on mt7921
Bert Karwatzki
spasswolf at web.de
Thu Jul 18 03:43:43 PDT 2024
I looked more close at the call trace of the warning and it seems that the
problems
occur when shutting down the interface:
[ T847] Call Trace:
[ T847] <TASK>
[ T847] ? __warn+0x6a/0xc0
[ T847] ? mt7921_ipv6_addr_change+0x1d0/0x1f0 [mt7921_common]
[ T847] ? report_bug+0x142/0x180
[ T847] ? handle_bug+0x3a/0x70
[ T847] ? exc_invalid_op+0x17/0x70
[ T847] ? asm_exc_invalid_op+0x1a/0x20
[ T847] ? mt7921_ipv6_addr_change+0x1d0/0x1f0 [mt7921_common]
[ T847] ? srso_alias_return_thunk+0x5/0xfbef5
[ T847] ? __ipv6_ifa_notify+0x16f/0x4d0
[ T847] ? ieee80211_ifa6_changed+0x5e/0x70 [mac80211]
[ T847] ? atomic_notifier_call_chain+0x51/0x80
[ T847] ? addrconf_ifdown.isra.0+0x43f/0x810
[ T847] ? srso_alias_return_thunk+0x5/0xfbef5
[ T847] ? addrconf_notify+0x15d/0x760
[ T847] ? __timer_delete_sync+0x70/0xd0
[ T847] ? raw_notifier_call_chain+0x43/0x60
[ T847] ? dev_close_many+0xea/0x160
[ T847] ? dev_close+0x65/0x80
[ T847] ? cfg80211_shutdown_all_interfaces+0x48/0xe0 [cfg80211]
[ T847] ? cfg80211_rfkill_set_block+0x25/0x40 [cfg80211]
[ T847] ? rfkill_set_block+0x8f/0x160 [rfkill]
[ T847] ? rfkill_fop_write+0x14e/0x1e0 [rfkill]
[ T847] ? vfs_write+0xf3/0x420
[ T847] ? srso_alias_return_thunk+0x5/0xfbef5
[ T847] ? ksys_write+0xae/0xe0
[ T847] ? do_syscall_64+0x5f/0x170
[ T847] ? entry_SYSCALL_64_after_hwframe+0x55/0x5d
[ T847] </TASK>
[ T847] ---[ end trace 0000000000000000 ]---
I think there's a race happening on shutdown between ipv6_addr_change (which
uses mvif->phy)
and ieee80211_do_stop (which zeros the private data including mvif->phy).
Resend with fixed formatting.
Bert Karwatzki
More information about the Linux-mediatek
mailing list