On 31.10.22 04:30, Chen Zhongjin wrote:
In can_init(), dev_add_pack(&canxl_packet) is added but not removed in
can_exit(). It break the packet handler list and can make kernel panic
when can_init() for the second time.
modprobe can && rmmod can
rmmod xxx && modprobe can
BUG: unable to handle page fault for address: fffffbfff807d7f4
RIP: 0010:dev_add_pack+0x133/0x1f0
Call Trace:
<TASK>
can_init+0xaa/0x1000 [can]
do_one_initcall+0xd3/0x4e0
...
Fixes: fb08cba12b52 ("can: canxl: update CAN infrastructure for CAN XL frames")
Signed-off-by: Chen Zhongjin <chenzhongjin@xxxxxxxxxx>
Acked-by: Oliver Hartkopp <socketcan@xxxxxxxxxxxx>
Thanks for the finding!
Best regards,
Oliver
---
net/can/af_can.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/can/af_can.c b/net/can/af_can.c
index 9503ab10f9b8..5e9e3e1e9825 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -902,6 +902,7 @@ static __init int can_init(void)
static __exit void can_exit(void)
{
/* protocol unregister */
+ dev_remove_pack(&canxl_packet);
dev_remove_pack(&canfd_packet);
dev_remove_pack(&can_packet);
sock_unregister(PF_CAN);
