| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260201021556.2474-1-hdanton@sina.com>
Date: Sun, 1 Feb 2026 10:15:55 +0800
From: Hillf Danton <hdanton@...a.com>
To: syzbot <syzbot+5897b3c764f5989ea942@...kaller.appspotmail.com>
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [bluetooth?] WARNING in hci_connect_sco
> Date: Sat, 31 Jan 2026 05:50:28 -0800
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: ad9a728a3388 Merge tag 'for-linus-iommufd' of git://git.ke..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=15513c5a580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=f1fac0919970b671
> dashboard link: https://syzkaller.appspot.com/bug?extid=5897b3c764f5989ea942
> compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17b45322580000
#syz test
--- x/include/net/bluetooth/hci_core.h
+++ y/include/net/bluetooth/hci_core.h
@@ -1687,6 +1687,7 @@ static inline void hci_conn_drop(struct
if (atomic_dec_and_test(&conn->refcnt)) {
unsigned long timeo;
+ struct hci_dev *hdev;
switch (conn->type) {
case ACL_LINK:
@@ -1707,8 +1708,14 @@ static inline void hci_conn_drop(struct
}
cancel_delayed_work(&conn->disc_work);
- queue_delayed_work(conn->hdev->workqueue,
- &conn->disc_work, timeo);
+ hdev = conn->hdev;
+ rcu_read_lock();
+ if (test_bit(HCI_RESET, &hdev->flags) ||
+ hci_dev_test_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE))
+ ;
+ else
+ queue_delayed_work(hdev->workqueue, &conn->disc_work, timeo);
+ rcu_read_unlock();
}
}
--
Powered by blists - more mailing lists