From nobody Mon Feb 9 16:51:06 2026 Received: from mail-dl1-f52.google.com (mail-dl1-f52.google.com [74.125.82.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 907E23A89CB for ; Tue, 20 Jan 2026 20:10:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768939856; cv=none; b=QD3RsZqf89LuFnk8yRopXe5L1PjRaiWGXlJQQFQJ/WRtfvWDF6NAOkqDfMfwF4kE/Gom2DUBVCuV7aXUJlSKp6JO4MxUrcagYrXHrXRxftPbARE3n3iCPvtPZrkZ+AECdAPgggWavCbbEA2Xbo5AkYObUbIlG8K3D9YVPxe0GSQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768939856; c=relaxed/simple; bh=2+HHCsL4CHpvAxtcpZ+oNfJ91XAAY5ApArx/L+V3+Ww=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FIj6QUoGsCjOFiVYslGTGq13JoYFm5aCuigo6B/Z6LxLpzhdWAHFVbMrcNmGEeQl3m0Xhr6UbTTY5a1bKhv0y48zVD+xVZR2v+U4pW7gojCYmOGXHZtprYjrWo2jOKoQP7CT2FHUhyzVnD7a8kN7V5qYcualPXu1wwnd6KTE/ss= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zacbowling.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=nkNM8VRv; arc=none smtp.client-ip=74.125.82.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zacbowling.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nkNM8VRv" Received: by mail-dl1-f52.google.com with SMTP id a92af1059eb24-1233bb90317so194131c88.1 for ; Tue, 20 Jan 2026 12:10:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768939853; x=1769544653; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=hZqhvQUqHyPjd5YwFiryR+es7m9UdWSAqM9hdcVMAYY=; b=nkNM8VRv7TyVBBJeLBeJ3/a/PIaCRvf23tD6jTX0exvKijTX20GI3fPZL1z2MkpgCJ Bj1zxv8N5695jVuUms6JIt8UEgGyj5dTZwSQDieQd3EWTKrj56RP3uXnQKp0Rmym9CLW BgIu1zDnPGj3kUrNh8+SRH2cOHrUjaLvflsZYPd0d8aL2AM8RC/k68Cz70Mxy0W4qf/v BXtVAcIXT4rCB1Xddz+IH/jFJAVderEXHuni973bbqQRcRGydd9RH0GZPuH/vr9kpeu5 YAMZBe/q86rNKJI9aLlSh33sislN2zzemUTUAbkQbqdeK/T3EEluOgy7bP07cyX57KLh MZdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768939853; x=1769544653; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hZqhvQUqHyPjd5YwFiryR+es7m9UdWSAqM9hdcVMAYY=; b=ctrQrrKaRGwUpbXtUd3u1jp5uif8e1S86hpVG5yLw5soZOBJv2C8rMQh5arlRD77jo HZV7US5Qbr9MGiaoJ/cACbhS9vG2Bp4eIJeltpA/3U0JQtm9OcU68Y8dDd/kTjvJqmeO YDcCmFV56zECFn5S/L+044KeSRtN7GTG52PCaE1gPwTHn7iQPFHNn07uWDP6ZJRztLgM xHuK1lEsKz4eoMVMyUYxDAVRozBw32gmgWM6YmwgpCAqLsFMgNGiCbRA83Qsa/oJNEu4 TP/Fm3DMNFJjqSUk/MHrWLUgGUK5MZKHLNk46Qj6r+ZztvpcegC1ZbyzOkt002ydnntf ZtBg== X-Forwarded-Encrypted: i=1; AJvYcCXJ48jnsmvN/hU0Yx1Ypc6dNpdxVh+QlJrh8jT7/Rl/Ra8p4QjtLtAzXW6vEFxLdFHR6pAOJreC87hBdSQ=@vger.kernel.org X-Gm-Message-State: AOJu0YyxNMXX7VXMgp3E/UuXe65eVjd2jS3f1P+cGXZ0ARbSkrLv+2aI G+LV1jF7EhOS1pIKT2KXapwbaOwZRpqSPnMGNpiYpdPsd+dFba62SAb0 X-Gm-Gg: AY/fxX54FOVVEN6Fv2zjDTYm3FPmut0MuEYC+djcz+EfDaQvzya/JUkpYMRBIavB2UA KBOKGcUjrv9zUsExXdAAqIyiCUTTfPvggWlMl5MKdPDSFRPhaYrUSsLz+ftx6uBOoHR4+o+B1NA WSb9zi5okVtNpcRgSuaaOginUUMQuIl7vahHgjdvOb261tvK9pTK/1eUDLMuf1YcmPs1G197EYB tEHih2WZEHp/VBF33i6fB35b0MkfnquVpNJXQFq90wzD8nCGVU3vbP+HeEZv4fJK/yZuYOhc3Fq lcqC2GjR6O0UsiFewiQ7cR+ZKSDR5QmlMNy2YH9kfnuB1AohRyAxfa+jg7cJEIb1zRfH/CsF581 1NYNaO/y9S4jUa2FSs493JuP1zsVDR4K/92GxQw6CF35gDwWiJv02rzWD9H1RV5B9uObO3jaL3R WucDH+jjcuXbRGNmvpFbtEQQuKL5J+RHTRiy/pTvA9b9wy4CglJdRUwDRI2YJQBA== X-Received: by 2002:a05:7022:ea30:b0:124:5760:1e18 with SMTP id a92af1059eb24-12457602302mr7361158c88.14.1768939852393; Tue, 20 Jan 2026 12:10:52 -0800 (PST) Received: from zcache.home.zacbowling.com ([2001:5a8:60d:bc9:4a3c:9f7c:8037:90c1]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-1244ad7201fsm21982990c88.7.2026.01.20.12.10.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 12:10:50 -0800 (PST) Sender: Zac Bowling From: Zac To: sean.wang@kernel.org Cc: deren.wu@mediatek.com, kvalo@kernel.org, linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-wireless@vger.kernel.org, linux@frame.work, lorenzo@kernel.org, nbd@nbd.name, ryder.lee@mediatek.com, sean.wang@mediatek.com, zac@zacbowling.com, zbowling@gmail.com Subject: [PATCH 02/13] wifi: mt76: fix list corruption in mt76_wcid_cleanup Date: Tue, 20 Jan 2026 12:10:32 -0800 Message-ID: <20260120201043.38225-3-zac@zacbowling.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120201043.38225-1-zac@zacbowling.com> References: <20260120201043.38225-1-zac@zacbowling.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Zac Bowling mt76_wcid_cleanup() was not removing wcid entries from sta_poll_list before mt76_reset_device() reinitializes the master list. This leaves stale pointers in wcid->poll_list, causing list corruption when mt76_wcid_add_poll() later checks list_empty() and tries to add the entry back. The fix adds proper cleanup of poll_list in mt76_wcid_cleanup(), matching how tx_list is already handled. This is similar to what mt7996_mac_sta_deinit_link() already does correctly. Fixes list corruption warnings like: list_add corruption. prev->next should be next (ffffffff...) Signed-off-by: Zac Bowling --- drivers/net/wireless/mediatek/mt76/mac80211.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mac80211.c b/drivers/net/wi= reless/mediatek/mt76/mac80211.c index 75772979f438..d0c522909e98 100644 --- a/drivers/net/wireless/mediatek/mt76/mac80211.c +++ b/drivers/net/wireless/mediatek/mt76/mac80211.c @@ -1716,6 +1716,16 @@ void mt76_wcid_cleanup(struct mt76_dev *dev, struct = mt76_wcid *wcid) =20 idr_destroy(&wcid->pktid); =20 + /* Remove from sta_poll_list to prevent list corruption after reset. + * Without this, mt76_reset_device() reinitializes sta_poll_list but + * leaves wcid->poll_list with stale pointers, causing list corruption + * when mt76_wcid_add_poll() checks list_empty(). + */ + spin_lock_bh(&dev->sta_poll_lock); + if (!list_empty(&wcid->poll_list)) + list_del_init(&wcid->poll_list); + spin_unlock_bh(&dev->sta_poll_lock); + spin_lock_bh(&phy->tx_lock); =20 if (!list_empty(&wcid->tx_list)) --=20 2.52.0