* [syzbot] Test on mainline
@ 2023-11-16 14:03 syzbot
2023-11-17 1:01 ` [syzbot] [PATCH] test uaf in sco_sock_timeout syzbot
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: syzbot @ 2023-11-16 14:03 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject: Test on mainline
Author: yuran.pereira@hotmail.com
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] [PATCH] test uaf in sco_sock_timeout
2023-11-16 14:03 [syzbot] Test on mainline syzbot
@ 2023-11-17 1:01 ` syzbot
2023-11-18 3:25 ` [syzbot] [PATCH] Test " syzbot
2023-12-06 3:58 ` [syzbot] [bluetooth?] KASAN: slab-use-after-free Write " syzbot
2 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2023-11-17 1:01 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: [PATCH] test uaf in sco_sock_timeout
Author: lizhi.xu@windriver.com
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git 8de1e7afcc1c
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index c736186aba26..515b52e14b5f 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -415,6 +415,8 @@ static void sco_sock_cleanup_listen(struct sock *parent)
*/
static void sco_sock_kill(struct sock *sk)
{
+ struct sco_conn *conn = container_of(sk, struct sco_conn, sk);
+
if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
return;
@@ -423,6 +425,9 @@ static void sco_sock_kill(struct sock *sk)
/* Kill poor orphan */
bt_sock_unlink(&sco_sk_list, sk);
sock_set_flag(sk, SOCK_DEAD);
+ sco_conn_lock(conn);
+ conn->sk = NULL;
+ sco_conn_unlock(conn);
sock_put(sk);
}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [syzbot] [PATCH] Test uaf in sco_sock_timeout
2023-11-16 14:03 [syzbot] Test on mainline syzbot
2023-11-17 1:01 ` [syzbot] [PATCH] test uaf in sco_sock_timeout syzbot
@ 2023-11-18 3:25 ` syzbot
2023-12-06 3:58 ` [syzbot] [bluetooth?] KASAN: slab-use-after-free Write " syzbot
2 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2023-11-18 3:25 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: [PATCH] Test uaf in sco_sock_timeout
Author: eadavis@qq.com
please test 8de1e7afcc1c
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git 8de1e7afcc1c
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index c736186aba26..c05fb9d41a63 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -300,7 +300,8 @@ static int sco_connect(struct sock *sk)
unlock:
hci_dev_unlock(hdev);
- hci_dev_put(hdev);
+ if (err)
+ hci_dev_put(hdev);
return err;
}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Write in sco_sock_timeout
2023-11-16 14:03 [syzbot] Test on mainline syzbot
2023-11-17 1:01 ` [syzbot] [PATCH] test uaf in sco_sock_timeout syzbot
2023-11-18 3:25 ` [syzbot] [PATCH] Test " syzbot
@ 2023-12-06 3:58 ` syzbot
2 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2023-12-06 3:58 UTC (permalink / raw)
To: davem, eadavis, edumazet, hdanton, johan.hedberg, kuba,
linux-bluetooth, linux-kernel, lizhi.xu, luiz.dentz,
luiz.von.dentz, marcel, netdev, pabeni, syzkaller-bugs,
yuran.pereira
syzbot has bisected this issue to:
commit 9a8ec9e8ebb5a7c0cfbce2d6b4a6b67b2b78e8f3
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Thu Mar 30 21:15:50 2023 +0000
Bluetooth: SCO: Fix possible circular locking dependency on sco_connect_cfm
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=179a65d2e80000
start commit: bee0e7762ad2 Merge tag 'for-linus-iommufd' of git://git.ke..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=145a65d2e80000
console output: https://syzkaller.appspot.com/x/log.txt?x=105a65d2e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=b50bd31249191be8
dashboard link: https://syzkaller.appspot.com/bug?extid=4c0d0c4cde787116d465
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1504504ae80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14685f54e80000
Reported-by: syzbot+4c0d0c4cde787116d465@syzkaller.appspotmail.com
Fixes: 9a8ec9e8ebb5 ("Bluetooth: SCO: Fix possible circular locking dependency on sco_connect_cfm")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-12-06 3:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-16 14:03 [syzbot] Test on mainline syzbot
2023-11-17 1:01 ` [syzbot] [PATCH] test uaf in sco_sock_timeout syzbot
2023-11-18 3:25 ` [syzbot] [PATCH] Test " syzbot
2023-12-06 3:58 ` [syzbot] [bluetooth?] KASAN: slab-use-after-free Write " syzbot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.