Received: by 2002:ab2:69cc:0:b0:1fd:c486:4f03 with SMTP id n12csp67747lqp; Mon, 10 Jun 2024 18:54:11 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVn39BCblm1xPfAG15vVUnB35dLc+8vmLhBxA6HeDeGJloAf6vBH8gKtB2EnCE1WJcX/JUY6FOcp1AjiFhpqQjchov5LDxOJYBh+fiPpg== X-Google-Smtp-Source: AGHT+IHqcbS+m963jZ2VSKGd7CDFJj9Z2mOHzfFOcR0RUU+7KtIkiwRcTNW1czyTVBaoDCmH1uSR X-Received: by 2002:a17:90b:2310:b0:2c2:d813:bffa with SMTP id 98e67ed59e1d1-2c2d813c09cmr6985930a91.43.1718070851593; Mon, 10 Jun 2024 18:54:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718070851; cv=pass; d=google.com; s=arc-20160816; b=Fe47C/noQjvobxdKbqdNqli8CannZps3B+r2AGN+JTaND/eadn8+u1O/RUZLVNvEi5 oTuiJxQqZm2hyyO93wl6tQG/5BN5eKxUHaWLbCWomgStWzFN1Yyr8dsrZilsN7LRK8Mj WJA6Soeqnca7nPyxyv7EsyFjCGRMiJj2De+bjBVYEAQRKOWXsXHYim07vcFG0uPDBVQK QRZ4WNmgPWF9oBEdwWQdiqxZhvEIv8747ikkd40i3Snm4Zt2XN35umjePkCiNMexeEMf m0PSGEh8+L97c7bEIiUvj/PWfXT6Mr/EwGd8qzuq0QQxrhEakBlm2dQFbaCAhy7v1hBV gi3w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=ZRrGuQhe88/DLxfIY3t6CcASDCJaj4Bk8hzkccUEo8w=; fh=Vhtjlf9qW+b+keliPC7rP87WA/m6ovz35r9ZgOf2G0s=; b=RTMYqp8QSoR4cvnFPeUOmKp5ocEm3syrHl3MDnSBrtpcvUClGyiMj5nYdnypVpZZn/ YMcZmSyUHF1sS5NZbBj1+9gLmOtrHjB4nZ7yFpuX0CG2Tu8tTqfAFoCwP24OJV4OfBZG fiv/wdqLF4YTfwJQpmACqTsGlyU023VmKuwFYSjjS4BfEaS1V1X+q+HOjE7QEGoBV8dz cV6xlZ8ctuzAnBSIdqZCXI2x1SjtW2afxzCGFc38Q6oM9ujqyZFIFAvOFvoMFohA6hxW S4j4GwqX/gpTSe+LA+IFz9XSXQeGDM0WlbKl7q2SRYT9fwA/m2RKiQX/1FSlsDk0ZAQa t6UQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=XJ+EAXeo; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-209164-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-209164-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2c2d0e582a2si5860884a91.54.2024.06.10.18.54.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Jun 2024 18:54:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-209164-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=XJ+EAXeo; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-209164-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-209164-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 0F432284E3C for ; Tue, 11 Jun 2024 01:54:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D0A9EA94B; Tue, 11 Jun 2024 01:54:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="XJ+EAXeo" Received: from out162-62-57-252.mail.qq.com (out162-62-57-252.mail.qq.com [162.62.57.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2022D1FA3 for ; Tue, 11 Jun 2024 01:54:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=162.62.57.252 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718070844; cv=none; b=UkCq8ctL2sREG/XzljKBl8UJk3sxYoWS0UsP+PjzduLEysuUyV9wCRR+dPtBoC3DCoxSRea2F6IcQ27JZAnkkhpcZgHk9VU+r6T3pH4yON2ReiDjMLZ9WbtL78Vkk5YVXgizA/WpWVshD4f3Ei2g9Z1I5ED9ONydwJ9GP682xkc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718070844; c=relaxed/simple; bh=k4Y7kkz0aoKWT82c3g+PFok6O4oS9oOG5rUGQKeerPY=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=MPu+qfbovCbQ8BEDJWGk6JDuyR+PROmdOwVEormYccOL2qkik17jAiJrSTkVKVYXqsoKuOwSZ+nO+QWCJFiK8Du3t2CdVk0rDVw3Ro1aJzVxeF4zcNmSsG2ydPW2awkky90BigetP8CJ1ACEA2HZ+5y9pGkYipTEngDTpbgMRro= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=XJ+EAXeo; arc=none smtp.client-ip=162.62.57.252 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1718070831; bh=ZRrGuQhe88/DLxfIY3t6CcASDCJaj4Bk8hzkccUEo8w=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=XJ+EAXeoawQUP1uSdU3iJHVFB0SjDY+WQ4UnzUXWHV82am6D7px3QLPTM5EMOK71l KcPkTsEIbUFRoJTs1lc4yrh+Jw0UG586Bov4Zi4AW/Oc8pUPzJdDREeiDaotb4Q18P 2mHnlJzGs8P0zCBkjgLtjzV4DPlWKGP6wFCPBgPM= Received: from pek-lxu-l1.wrs.com ([111.198.228.153]) by newxmesmtplogicsvrsza29-0.qq.com (NewEsmtp) with SMTP id BEF9F2AF; Tue, 11 Jun 2024 09:47:47 +0800 X-QQ-mid: xmsmtpt1718070467t2kj68biw Message-ID: X-QQ-XMAILINFO: MmCmH9jyqHC2dpe6Ni381Gyl9I1nBf5k8smlKi6yBD4PvRNvsIUW/zOTWhdGDM 7KGrlTiowHdwQi07I/eIm4Irt1oJeKNh4wXDTQG1jrMF+lTuip/fJ+QR779u0BJkxuLrpOXwt/wM H+nlbfZWVNFKOQLGGYe6Q/o1PBSNPz5Ll16POtUTUKGNPYkJQiwfOMLmlFZFGdBsq2x/RaeFuFEU nqPUx2gklJ2UurSe98xu5gHNj3GUmeW5hJi0/1TFrMOsNY2B6ywfUWL+Gp+s5JTo/fe2SRu6LUBu lN+EL8iMN/siRn4RX9geqoeNKobrVF2hzt9fdsvRDjvxv12+gN2px6Shf3RrFiPGfrscc9WBP6l1 QAlgKIAeD+trxToASye5HCU5A3QVv+vTmCyDj6LUFmEx3yvfWCSZsMVTx8TnsU9liddl6WPGmopG U0i5HYdEf1fUH/TAXXt8D0CPAREsXn+HknekPdnLc1dgVxx7X9I8jVEM71prqvIgHnOnpzIHxyMm iCE+7qy0SVymGg+MwtgQvejm3jov0M3l+iU4zB6M/dhtVVKJFtKXzeIkDcd6SXAWeIjqDOBvjmDa +y91gsRNQJWztJDhnk/TFPb5euKDwjUwxqy/YFllgaiewhnKsNBzKgfhuSetJGH2OfkhajZTMzO9 PvPtokKClkKmq6ZIvrbRoEPU1d3odzTGMYvyI5qdv3D/hZO5e9eb3EVP8up25YVvRT1N0u6YyDDw AFKZWdWt9CI4q8k/LB9evvPVrsQdzBpUMRDmqWxk3T+ksqDgOno02zQ8UpPsAPiC2dgZh6G62GsK 3BRsbCw4n+qyT+BSwTe9udKw2Esw/8Ln+W12NVUrWfKP2F29zAmEHLzJjs6420HOI0bJHyjODMbz fsxpWVbxPMt6Fogk6cOED4vRpoJPvve40AxjWE2ne7HMv+0+XoxPfxf3WMyNFEpQ== X-QQ-XMRINFO: Nq+8W0+stu50PRdwbJxPCL0= From: Edward Adam Davis To: syzbot+b7f6f8c9303466e16c8a@syzkaller.appspotmail.com Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [bluetooth?] general protection fault in l2cap_sock_recv_cb Date: Tue, 11 Jun 2024 09:47:48 +0800 X-OQ-MSGID: <20240611014747.1389085-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <000000000000b0906d061a468b93@google.com> References: <000000000000b0906d061a468b93@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit please test null ptr defref in l2cap_sock_recv_cb #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git cc8ed4d0a848 diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 6db60946c627..68b57ef01c7d 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -1506,7 +1506,9 @@ static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) err = __sock_queue_rcv_skb(sk, skb); + sock_hold(sk); l2cap_publish_rx_avail(chan); + sock_put(sk); /* For ERTM and LE, handle a skb that doesn't fit into the recv * buffer. This is important to do because the data frames