Re: [PATCH v2] Bluetooth: SCO: fix race conditions in sco_sock_connect()

Next message: patchwork-bot+bluetooth: "Re: [PATCH v6] Bluetooth: hci_event: move wake reason storage into validated event handlers"
Previous message: Joe Perches: "Re: [PATCH] checkpatch: allow correctly handle full files on stdin"
In reply to: Cen Zhang: "[PATCH v2] Bluetooth: SCO: fix race conditions in sco_sock_connect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: patchwork-bot+bluetooth

Date: Thu Mar 26 2026 - 17:40:33 EST

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:

On Thu, 26 Mar 2026 23:16:45 +0800 you wrote:
> sco_sock_connect() checks sk_state and sk_type without holding
> the socket lock. Two concurrent connect() syscalls on the same
> socket can both pass the check and enter sco_connect(), leading
> to use-after-free.
>
> The buggy scenario involves three participants and was confirmed
> with additional logging instrumentation:
>
> [...]

Here is the summary with links:
- [v2] Bluetooth: SCO: fix race conditions in sco_sock_connect()
https://git.kernel.org/bluetooth/bluetooth-next/c/401702ac8a51

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html