| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250626003001.1826-1-hdanton@sina.com>
Date: Thu, 26 Jun 2025 08:29:59 +0800
From: Hillf Danton <hdanton@...a.com>
To: syzbot <syzbot+01fdb2cc3f0b4ddcfcf1@...kaller.appspotmail.com>
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [bluetooth?] BUG: corrupted list in _hci_cmd_sync_cancel_entry
> Date: Wed, 25 Jun 2025 10:14:27 -0700
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 7595b66ae9de Merge tag 'selinux-pr-20250624' of git://git...
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=10ed4f0c580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=641bc01f4fbdccd4
> dashboard link: https://syzkaller.appspot.com/bug?extid=01fdb2cc3f0b4ddcfcf1
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14bc9b70580000
#syz test
--- x/net/bluetooth/hci_sync.c
+++ y/net/bluetooth/hci_sync.c
@@ -862,14 +862,17 @@ bool hci_cmd_sync_dequeue_once(struct hc
void *data, hci_cmd_sync_work_destroy_t destroy)
{
struct hci_cmd_sync_work_entry *entry;
+ bool ret = false;
- entry = hci_cmd_sync_lookup_entry(hdev, func, data, destroy);
- if (!entry)
- return false;
+ mutex_lock(&hdev->cmd_sync_work_lock);
+ entry = _hci_cmd_sync_lookup_entry(hdev, func, data, destroy);
+ if (entry) {
+ _hci_cmd_sync_cancel_entry(hdev, entry, -ECANCELED);
+ ret = true;
+ }
+ mutex_unlock(&hdev->cmd_sync_work_lock);
- hci_cmd_sync_cancel_entry(hdev, entry);
-
- return true;
+ return ret;
}
EXPORT_SYMBOL(hci_cmd_sync_dequeue_once);
--
Powered by blists - more mailing lists