Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in mgmt_pending_remove

From: Edward Adam Davis
Date: Sun Nov 16 2025 - 03:33:30 EST

Next message: David Heidelberg: "Re: [PATCH] ASoC: codecs: wcd937x: Fix error handling in wcd937x codec driver"
Previous message: Dave Chinner: "Re: [PATCH 14/14] xfs: enable non-blocking timestamp updates"
In reply to: syzbot: "Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in mgmt_pending_remove"
Next in thread: syzbot: "Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in mgmt_pending_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

#syz test

diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index fc866759910d..ad19022ae127 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -1311,7 +1311,9 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
goto done;
}

+ hci_dev_lock(hdev);
mgmt_index_removed(hdev);
+ hci_dev_unlock(hdev);

err = hci_dev_open(hdev->id);
if (err) {

Next message: David Heidelberg: "Re: [PATCH] ASoC: codecs: wcd937x: Fix error handling in wcd937x codec driver"
Previous message: Dave Chinner: "Re: [PATCH 14/14] xfs: enable non-blocking timestamp updates"
In reply to: syzbot: "Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in mgmt_pending_remove"
Next in thread: syzbot: "Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in mgmt_pending_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]