Re: [syzbot] [bluetooth?] general protection fault in l2cap_sock_recv_cb

From: Edward Adam Davis
Date: Mon Jun 10 2024 - 21:54:10 EST

Next message: Yi Wang: "Re: [v5 2/3] KVM: x86: don't setup empty irq routing when KVM_CAP_SPLIT_IRQCHIP"
Previous message: Sean Christopherson: "[PATCH] KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes"
Next in thread: syzbot: "Re: [syzbot] [bluetooth?] general protection fault in l2cap_sock_recv_cb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

please test null ptr defref in l2cap_sock_recv_cb

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git cc8ed4d0a848

diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 6db60946c627..68b57ef01c7d 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -1506,7 +1506,9 @@ static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)

err = __sock_queue_rcv_skb(sk, skb);

+ sock_hold(sk);
l2cap_publish_rx_avail(chan);
+ sock_put(sk);

/* For ERTM and LE, handle a skb that doesn't fit into the recv
* buffer. This is important to do because the data frames

Next message: Yi Wang: "Re: [v5 2/3] KVM: x86: don't setup empty irq routing when KVM_CAP_SPLIT_IRQCHIP"
Previous message: Sean Christopherson: "[PATCH] KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes"
Next in thread: syzbot: "Re: [syzbot] [bluetooth?] general protection fault in l2cap_sock_recv_cb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]