* [PATCH] Bluetooth: set bcsp to NULL after purging
@ 2025-06-30 3:23 Ivan Pravdin
2025-06-30 4:26 ` bluez.test.bot
0 siblings, 1 reply; 2+ messages in thread
From: Ivan Pravdin @ 2025-06-30 3:23 UTC (permalink / raw)
To: marcel, luiz.dentz, linux-bluetooth, linux-kernel
Cc: Ivan Pravdin, syzbot+4ed6852d4da4606c93da
Set hu->priv to NULL after skb purging in bcsp_close to prevent NULL
pointer dereference in bcsp_recv.
Reported-by: syzbot+4ed6852d4da4606c93da@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/67b0cc5b.050a0220.6f0b7.0014.GAE@google.com/T/
Signed-off-by: Ivan Pravdin <ipravdin.official@gmail.com>
---
drivers/bluetooth/hci_bcsp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/bluetooth/hci_bcsp.c b/drivers/bluetooth/hci_bcsp.c
index 610d0e3c36d4..de9a6ed3a8aa 100644
--- a/drivers/bluetooth/hci_bcsp.c
+++ b/drivers/bluetooth/hci_bcsp.c
@@ -739,8 +739,6 @@ static int bcsp_close(struct hci_uart *hu)
timer_shutdown_sync(&bcsp->tbcsp);
- hu->priv = NULL;
-
BT_DBG("hu %p", hu);
skb_queue_purge(&bcsp->unack);
@@ -753,6 +751,8 @@ static int bcsp_close(struct hci_uart *hu)
}
kfree(bcsp);
+ hu->priv = NULL;
+
return 0;
}
--
2.45.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* RE: Bluetooth: set bcsp to NULL after purging
2025-06-30 3:23 [PATCH] Bluetooth: set bcsp to NULL after purging Ivan Pravdin
@ 2025-06-30 4:26 ` bluez.test.bot
0 siblings, 0 replies; 2+ messages in thread
From: bluez.test.bot @ 2025-06-30 4:26 UTC (permalink / raw)
To: linux-bluetooth, ipravdin.official
[-- Attachment #1: Type: text/plain, Size: 2376 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=977142
---Test result---
Test Summary:
CheckPatch PENDING 0.27 seconds
GitLint PENDING 0.23 seconds
SubjectPrefix PASS 0.10 seconds
BuildKernel PASS 24.10 seconds
CheckAllWarning PASS 26.64 seconds
CheckSparse PASS 30.14 seconds
BuildKernel32 PASS 23.91 seconds
TestRunnerSetup PASS 468.10 seconds
TestRunner_l2cap-tester PASS 27.10 seconds
TestRunner_iso-tester PASS 37.95 seconds
TestRunner_bnep-tester PASS 5.98 seconds
TestRunner_mgmt-tester FAIL 131.50 seconds
TestRunner_rfcomm-tester PASS 9.26 seconds
TestRunner_sco-tester PASS 14.69 seconds
TestRunner_ioctl-tester PASS 10.05 seconds
TestRunner_mesh-tester FAIL 11.40 seconds
TestRunner_smp-tester PASS 8.55 seconds
TestRunner_userchan-tester PASS 6.22 seconds
IncrementalBuild PENDING 0.44 seconds
Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:
##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Total: 490, Passed: 484 (98.8%), Failed: 2, Not Run: 4
Failed Test Cases
LL Privacy - Add Device 3 (AL is full) Failed 0.214 seconds
LL Privacy - Set Flags 2 (Enable RL) Failed 0.171 seconds
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
Failed Test Cases
Mesh - Send cancel - 1 Timed out 2.115 seconds
Mesh - Send cancel - 2 Timed out 1.997 seconds
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-06-30 4:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-30 3:23 [PATCH] Bluetooth: set bcsp to NULL after purging Ivan Pravdin
2025-06-30 4:26 ` bluez.test.bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox