Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6088273rwb; Mon, 14 Nov 2022 14:11:59 -0800 (PST) X-Google-Smtp-Source: AA0mqf5t0AXbimcOkZoqn3j8f4Ro+F3DwhhJFvZ5Bu6Mb8SnVIknzmzwP6jyfsBJ4ShK5qTbgeUb X-Received: by 2002:a17:902:820e:b0:186:880c:167a with SMTP id x14-20020a170902820e00b00186880c167amr1059648pln.165.1668463918792; Mon, 14 Nov 2022 14:11:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668463918; cv=none; d=google.com; s=arc-20160816; b=0kuF8sHH+roVY0WQ7JhWtlHL+t+0SSA+hiS/DkVvJDY+F31NtoP85qSTyYQrG8TVQe ThGv99KuvW7fQsO/Bwhh6NuXAOv4mCitGzPQYECzh2BHwUVOLQZlyqWeWncWopJMBbTJ 7lWVl3bqouPbbUj/uTV1c5lm5LI27lUGjDBRSrql4N20b98t6uNjLa+yX6xqQREisimQ dTmF3FG603MDx3QO/ZgN2q4HXyAhODtCNQbAtQfsxKbl82lkOVgrGuNOirpr9jmveVad shu2WbXHCyk2ddoqaftKeHBS/utk1PsYSfByG8wasEjQBeHZmheterHFqlco6BRa93Uj a68A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=OvIKu8xYhgEpbqXECsNQ5zYgFCSscSAylV2o5sVbq4A=; b=lJaXOdxw5SSrbIdLD/PAQEIxllc9ezQU37+NeoOxeX/Ny69GcjSFui8s0xD1jW8eVq N1ZzlpaLCLfG19vETQ2RHwWMpW/F0hmp2efYmdyPDyFVZTY6EY9XHtCYa1cSf7TwTnVq bvsFLlN4o6t8F0la8KqzPocAHDwY4rXBhhLsnUT69QgjjOlku2P/Q0pUQRnB2IsVK1lV BxOpWNDfCWGp8Z9A3FQSzKIUBLD/HVVO0+3uMrtqSd/44rjUTTYd+AcS19Zo/VVNK59d Yvf3kza2vm66vK+zs7+G+K36IxGrXwFH1M1zgm3PVU03zu2eKMg17dSBJoATmpyZmhJl Rv0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=XvZTor6K; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x8-20020a63cc08000000b00476a8625497si771506pgf.149.2022.11.14.14.11.29; Mon, 14 Nov 2022 14:11:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=XvZTor6K; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236735AbiKNWFj (ORCPT + 99 others); Mon, 14 Nov 2022 17:05:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47712 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236124AbiKNWFi (ORCPT ); Mon, 14 Nov 2022 17:05:38 -0500 Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D828645E; Mon, 14 Nov 2022 14:05:37 -0800 (PST) Received: by mail-lf1-x136.google.com with SMTP id p8so21601316lfu.11; Mon, 14 Nov 2022 14:05:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=OvIKu8xYhgEpbqXECsNQ5zYgFCSscSAylV2o5sVbq4A=; b=XvZTor6KuexX5oMvV2vFohasI4/uU0LLUW82V/FUBd+vNsfEJGTDkwTViSioQX3e22 vWYwRW1pT5ZOUy1hhvLEu2hudOt3JR12XKgwa8OVyVgAZriz2r6jmFs+75ZAqdJ90dhB aWXYkg7DzAaU7PS/ENvmag5ep/GVEdDNFeFDTF1ADH1NFQuuhB1cd6iOaMYJWIGWKnjo X9HGmHWoEYqOkQdDFZR2IFmVrxaPBQ5PAZKNVCvswtVoqWWHU9aLtZo2qnqrRHWgwuJ3 1c1jifWgtzM0pDP2rK9ws/RRkH51Yu45pJtynUG4Zn7O6rppoUkcYKiUMZbtNz8YUyOK YHQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OvIKu8xYhgEpbqXECsNQ5zYgFCSscSAylV2o5sVbq4A=; b=IcYVWUjfRipe2/1d0VIbK+CHP90wC3Mr8hce6tfX1+kTbZbNxYHceHr5W92dVUae/Y dcG9gqzc8KZ32CczZaFt6RVdepLmwBV+qyuQywJlSsfYmg+Dqf2LpuDDMaAdKxKLpaw1 ufeD7PylI9Lt6E7+xHn1x0yrfe8N7MNae/AZZtztMzUz1KCQ7vPOBjwnWWvdp00MQlD8 7QQH2EyaoYd7lFYWYZr+GO9PvwbTcu7kqpTdDX/oOvIXpD4F66QHScP9QKMGcUjP6rEP 0Sj6AGlLD5bN95Dbh5d5UCrRCzevgk7VfIRdux28LB0ebo9V+FzPFjRu0IeNmBllESyW hA8A== X-Gm-Message-State: ANoB5pmT+Hi0k2anbJNZ+RlE3EASrta52c3Eb2W8xW5aYoYD7+8+3bkm noOVlmzCtzi6k8GIF+1hYBaxP/XSSMWZCFwd7FE= X-Received: by 2002:a19:2d48:0:b0:4a2:2d7b:838 with SMTP id t8-20020a192d48000000b004a22d7b0838mr4410510lft.251.1668463535758; Mon, 14 Nov 2022 14:05:35 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Luiz Augusto von Dentz Date: Mon, 14 Nov 2022 14:05:24 -0800 Message-ID: Subject: Re: L2CAP: Spec violation To: Sungwoo Kim Cc: marcel@holtmann.org, johan.hedberg@gmail.com, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Kim, On Fri, Nov 4, 2022 at 9:13 AM Sungwoo Kim wrote: > > Hello, > > Our fuzzer found a BT spec violation, illegal state transition on L2cap. > Specifically, l2cap_chan::state is transitioned from BT_CONFIG to > BT_DISCONN by CONFIG_RSP by following trace: > > l2cap_config_rsp l2cap_core.c:4498 > l2cap_send_disconn_req l2cap_core.c:4585 > l2cap_state_change l2cap_core.c:1618 > > According to the spec 5.3 vol.3 part A 6.1.4, CONFIG_RSP cannot cause > that transition, i.e., CONFIG -> DISCONN by CONFIG_RSP is illegal. > It'd be great if we could discuss. Can you include some btmon traces? -- Luiz Augusto von Dentz