Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > syzbot is reporting lockdep warning followed by kernel panic at > ath9k_htc_rxep() [1], for ath9k_htc_rxep() depends on ath9k_rx_init() > being already completed. > > Since ath9k_htc_rxep() is set by ath9k_htc_connect_svc(WMI_BEACON_SVC) > from ath9k_init_htc_services(), it is possible that ath9k_htc_rxep() is > called via timer interrupt before ath9k_rx_init() from ath9k_init_device() > is called. > > Since we can't call ath9k_init_device() before ath9k_init_htc_services(), > let's hold ath9k_htc_rxep() no-op until ath9k_rx_init() completes. > > Link: https://syzkaller.appspot.com/bug?extid=4d2d56175b934b9a7bf9 [1] > Reported-by: syzbot <syzbot+4d2d56175b934b9a7bf9@xxxxxxxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > Tested-by: syzbot <syzbot+4d2d56175b934b9a7bf9@xxxxxxxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Kalle Valo <quic_kvalo@xxxxxxxxxxx> 2 patches applied to ath-next branch of ath.git, thanks. b0ec7e55fce6 ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep() 8b3046abc99e ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet() -- https://patchwork.kernel.org/project/linux-wireless/patch/2b88f416-b2cb-7a18-d688-951e6dc3fe92@xxxxxxxxxxxxxxxxxxx/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
