Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in mgmt_remove_adv_monitor_sync
From: Mazin Alhaddad
Date: Thu Dec 05 2024 - 09:27:15 EST
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
From 329bfdbb4f096961730dfc1e76df79beee19f8f8 Mon Sep 17 00:00:00 2001
From: Mazin AlHaddad <mazin@xxxxxxxxxxxx>
Date: Thu, 5 Dec 2024 16:00:03 +0300
Subject: [PATCH] TEST
---
net/bluetooth/hci_sync.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index c86f4e42e..aa5aa3fed 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -5197,6 +5197,9 @@ int hci_dev_close_sync(struct hci_dev *hdev)
*/
drain_workqueue(hdev->workqueue);
+ /* flush cmd work */
+ flush_work(&hdev->cmd_work);
+
hci_dev_lock(hdev);
hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
@@ -5234,8 +5237,6 @@ int hci_dev_close_sync(struct hci_dev *hdev)
clear_bit(HCI_INIT, &hdev->flags);
}
- /* flush cmd work */
- flush_work(&hdev->cmd_work);
/* Drop queues */
skb_queue_purge(&hdev->rx_q);
--
2.46.0