| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68b06558.050a0220.3db4df.0022.GAE@google.com>
Date: Thu, 28 Aug 2025 07:19:04 -0700
From: syzbot <syzbot+e5e64cdf8e92046dd3e1@...kaller.appspotmail.com>
To: qianqiang.liu@....com
Cc: qianqiang.liu@....com, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in
release_sock (2)
> #syz test
This crash does not have a reproducer. I cannot test it.
>
> --- a/net/bluetooth/af_bluetooth.c 2025-08-28 22:02:06
> +++ b/net/bluetooth/af_bluetooth.c 2025-08-28 22:13:46
> @@ -292,14 +292,12 @@
> */
> goto restart;
> }
> -
> - /* sk is safely in the parent list so reduce reference count */
> - sock_put(sk);
>
> /* FIXME: Is this check still needed */
> if (sk->sk_state == BT_CLOSED) {
> bt_accept_unlink(sk);
> release_sock(sk);
> + sock_put(sk);
> continue;
> }
>
> @@ -310,10 +308,12 @@
> sock_graft(sk, newsock);
>
> release_sock(sk);
> + sock_put(sk);
> return sk;
> }
>
> release_sock(sk);
> + sock_put(sk);
> }
>
> return NULL;
>
> --
> Best,
> Qianqiang Liu
>
Powered by blists - more mailing lists