Alexis,
On Wed, 2024-01-24 at 10:01 +0100, Alexis Lothoré wrote:
> ==================================================================
> BUG: KASAN: slab-use-after-free in wilc_netdev_cleanup+0x294/0x2c0
> Read of size 4 at addr c3c91ce8 by task swapper/1
OK, I think I see what's going on: it's the list traversal. Here is what
wilc_netdev_cleanup() does:
list_for_each_entry_rcu(vif, &wilc->vif_list, list) {
if (vif->ndev)
unregister_netdev(vif->ndev);
}
The problem is that "vif" is the private part of the netdev, so when the netdev
is freed, the vif structure is no longer valid and list_for_each_entry_rcu()
ends up dereferencing a dangling pointer.
Ajay or Alexis, could you propose a fix for this - this is not something I'm
familiar with.
Thanks!
--david
