Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in mgmt_remove_adv_monitor_sync
From: Mazin Alhaddad
Date: Thu Dec 05 2024 - 08:52:02 EST
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
From 71da462865a032476d87b5bf21ce61968502ad36 Mon Sep 17 00:00:00 2001
From: Mazin AlHaddad <mazin@xxxxxxxxxxxx>
Date: Thu, 5 Dec 2024 16:00:03 +0300
Subject: [PATCH] TEST
---
net/bluetooth/hci_sync.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index c86f4e42e..f2a437636 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -5197,6 +5197,10 @@ int hci_dev_close_sync(struct hci_dev *hdev)
*/
drain_workqueue(hdev->workqueue);
+ /* flush cmd work */
+ flush_work(&hdev->cmd_work);
+ hci_cmd_sync_clear(hdev);
+
hci_dev_lock(hdev);
hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
@@ -5234,8 +5238,6 @@ int hci_dev_close_sync(struct hci_dev *hdev)
clear_bit(HCI_INIT, &hdev->flags);
}
- /* flush cmd work */
- flush_work(&hdev->cmd_work);
/* Drop queues */
skb_queue_purge(&hdev->rx_q);
--
2.46.0