| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <67a56dfc.050a0220.2b1e6.0006.GAE@google.com> Date: Thu, 06 Feb 2025 18:20:44 -0800 From: syzbot <syzbot+10bd8fe6741eedd2be2e@...kaller.appspotmail.com> To: linux-kernel@...r.kernel.org Subject: Re: [syzbot] Re: [syzbot] [bluetooth?] BUG: corrupted list in hci_chan_del (2) For archival purposes, forwarding an incoming command email to linux-kernel@...r.kernel.org. *** Subject: Re: [syzbot] [bluetooth?] BUG: corrupted list in hci_chan_del (2) Author: lizhi.xu@...driver.com old logical will make get/put unbalance in l2cap_recv_acldata. so remote get/put conn. #syz test diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index adb8c33ac595..503626f70be5 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -7497,8 +7497,6 @@ void l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) if (!conn) conn = l2cap_conn_add(hcon); - conn = l2cap_conn_hold_unless_zero(conn); - hci_dev_unlock(hcon->hdev); if (!conn) @@ -7592,8 +7590,6 @@ void l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) break; } - l2cap_conn_put(conn); - drop: kfree_skb(skb); }
Powered by blists - more mailing lists