Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2311886rwd; Fri, 26 May 2023 05:04:55 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6+v1xBRoUunApPS0ipYFJeUVLib0F3/AAMJwEgdrVAEndHpI+jDMqDddk49AcLMjD/PVuC X-Received: by 2002:a17:903:230f:b0:1af:bb27:f55f with SMTP id d15-20020a170903230f00b001afbb27f55fmr2436704plh.55.1685102694798; Fri, 26 May 2023 05:04:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685102694; cv=none; d=google.com; s=arc-20160816; b=0WEV/Wpaxh/56ZgYQqLMmDkx3VeBTWTOWGPhsysF4V+//VnnFEGxDYrKHIMWB5hFFh hpmAAMLCfk91PorPeEzWYud974N8IqOyng8AKEd8F7BXEn6O/ISegDcIbXLeA+RiEkRV LqrvVR+IIYMa/CLf7sM5mhtq0BMaR9Pe6HLxmA/4TKuw4shSEE/wIxfEfsz5/Yj6hlzg CmpuhWvgDhONbh08O1XaTBEYKoUKb2uoRhpqRS9Qz9LZlc+p2H1HjIUYlQQZYsMlFIx1 7wleHrHZnZBvOwqNnqjljofyUupDoYh+46QAWa9SquYGPSNE+D4E1FXJZ3YE6zh539DJ S7+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=FIbOh9wsNUV2akImozUKQIq9qAhlbBug6VU05F5bqO4=; b=KqCnaE/CT1KF5GDGEjl7tTWKsqU1RRiFRKtVHmpleZhjDdoMsDgPOyL2ilCtTBquEo KZ3r+l7NTYw0VOeHWlV8Vom+Gr+NDRK4XlDq7v3oM8+XkcEOURdRH/I2Paii8M75T2kD 3afr7lMeu4sojYoEQg7CZ8ht6TEqE3RzF40bOwr8TwJWpI4Su2Vk3KB4cmY250KfFYTP aYaQShTRW3PWCE7UA2ncvwkHmtp/gMCAHtWGFHUR6MD6WPk/JITFHh+8ReH1Y8zkuG03 2XTCWcujuHUoVqA5gRGMzYPDv0JuJpqpyQE5vz09fhVtvczJXXPfRUnamqHyC2p0OYm9 TrjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="C7R/2Oc+"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t15-20020a170902e84f00b001a64b603189si4233555plg.100.2023.05.26.05.04.31; Fri, 26 May 2023 05:04:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="C7R/2Oc+"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242803AbjEZMCy (ORCPT + 99 others); Fri, 26 May 2023 08:02:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231881AbjEZMCp (ORCPT ); Fri, 26 May 2023 08:02:45 -0400 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27AFA116; Fri, 26 May 2023 05:02:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685102564; x=1716638564; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=niAd+MYPww6pzAj+PuY1sjn6jmYsE0NCxyfY/H+h0AI=; b=C7R/2Oc+GfZKEmusvzmq4fwUCtsz0VO+Rr9VSxUoEe+qYqRhIPRibkCd +0ngHSmb2Yu8LQ/xeCgxQ1le12iKgs/pv8hprcudnkhy9eiwv37hznlXP Gistf6jJwSuwJqyd7PKZlK4vGchZlQz6mYApNKOKQtShQXR511CBE/Fqc LrkzLhklQsnM/otGeZfA3Ecg1qXnXFSF7gFoHrWE2sUkN/3vmKtchjl2U +86m0hfBLNxpowZLZn0u7sLO1XXt3RK4+Z/KMG97ckdvAjuTqeZxRySYz 3Dgq0KBRVoUz5Re55lb+4QEJI/6/ooRrZjea6x1aD9TlexHYclMpARlKe A==; X-IronPort-AV: E=McAfee;i="6600,9927,10721"; a="333812773" X-IronPort-AV: E=Sophos;i="6.00,194,1681196400"; d="scan'208";a="333812773" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 May 2023 05:02:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10721"; a="738231141" X-IronPort-AV: E=Sophos;i="6.00,194,1681196400"; d="scan'208";a="738231141" Received: from lkp-server01.sh.intel.com (HELO dea6d5a4f140) ([10.239.97.150]) by orsmga001.jf.intel.com with ESMTP; 26 May 2023 05:02:30 -0700 Received: from kbuild by dea6d5a4f140 with local (Exim 4.96) (envelope-from ) id 1q2W9N-000JJC-1f; Fri, 26 May 2023 12:02:29 +0000 Date: Fri, 26 May 2023 20:01:48 +0800 From: kernel test robot To: Sungwoo Kim Cc: oe-kbuild-all@lists.linux.dev, wuruoyu@me.com, benquike@gmail.com, daveti@purdue.edu, Sungwoo Kim , Marcel Holtmann , Johan Hedberg , Luiz Augusto von Dentz , linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb Message-ID: <202305261912.mKLcy6Fw-lkp@intel.com> References: <20230526084038.2199788-1-iam@sung-woo.kim> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230526084038.2199788-1-iam@sung-woo.kim> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Sungwoo, kernel test robot noticed the following build errors: [auto build test ERROR on bluetooth/master] [also build test ERROR on bluetooth-next/master linus/master v6.4-rc3 next-20230525] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Sungwoo-Kim/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_ready_cb/20230526-164241 base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git master patch link: https://lore.kernel.org/r/20230526084038.2199788-1-iam%40sung-woo.kim patch subject: [PATCH] Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb config: powerpc-allmodconfig (https://download.01.org/0day-ci/archive/20230526/202305261912.mKLcy6Fw-lkp@intel.com/config) compiler: powerpc-linux-gcc (GCC) 12.1.0 reproduce (this is a W=1 build): mkdir -p ~/bin wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/intel-lab-lkp/linux/commit/c0c02b1afbe2667fe21aed47375c4e0d45713f38 git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Sungwoo-Kim/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_ready_cb/20230526-164241 git checkout c0c02b1afbe2667fe21aed47375c4e0d45713f38 # save the config file mkdir build_dir && cp config build_dir/.config COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 ~/bin/make.cross W=1 O=build_dir ARCH=powerpc olddefconfig COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 ~/bin/make.cross W=1 O=build_dir ARCH=powerpc SHELL=/bin/bash net/bluetooth/ If you fix the issue, kindly add following tag where applicable | Reported-by: kernel test robot | Closes: https://lore.kernel.org/oe-kbuild-all/202305261912.mKLcy6Fw-lkp@intel.com/ All error/warnings (new ones prefixed by >>): net/bluetooth/l2cap_sock.c: In function 'l2cap_sock_release': >> net/bluetooth/l2cap_sock.c:1418:9: error: implicit declaration of function 'l2cap_sock_cleanup_listen'; did you mean 'l2cap_sock_listen'? [-Werror=implicit-function-declaration] 1418 | l2cap_sock_cleanup_listen(sk); | ^~~~~~~~~~~~~~~~~~~~~~~~~ | l2cap_sock_listen net/bluetooth/l2cap_sock.c: At top level: >> net/bluetooth/l2cap_sock.c:1436:13: warning: conflicting types for 'l2cap_sock_cleanup_listen'; have 'void(struct sock *)' 1436 | static void l2cap_sock_cleanup_listen(struct sock *parent) | ^~~~~~~~~~~~~~~~~~~~~~~~~ >> net/bluetooth/l2cap_sock.c:1436:13: error: static declaration of 'l2cap_sock_cleanup_listen' follows non-static declaration net/bluetooth/l2cap_sock.c:1418:9: note: previous implicit declaration of 'l2cap_sock_cleanup_listen' with type 'void(struct sock *)' 1418 | l2cap_sock_cleanup_listen(sk); | ^~~~~~~~~~~~~~~~~~~~~~~~~ cc1: some warnings being treated as errors vim +1418 net/bluetooth/l2cap_sock.c 1406 1407 static int l2cap_sock_release(struct socket *sock) 1408 { 1409 struct sock *sk = sock->sk; 1410 int err; 1411 struct l2cap_chan *chan; 1412 1413 BT_DBG("sock %p, sk %p", sock, sk); 1414 1415 if (!sk) 1416 return 0; 1417 > 1418 l2cap_sock_cleanup_listen(sk); 1419 bt_sock_unlink(&l2cap_sk_list, sk); 1420 1421 err = l2cap_sock_shutdown(sock, SHUT_RDWR); 1422 chan = l2cap_pi(sk)->chan; 1423 1424 l2cap_chan_hold(chan); 1425 l2cap_chan_lock(chan); 1426 1427 sock_orphan(sk); 1428 l2cap_sock_kill(sk); 1429 1430 l2cap_chan_unlock(chan); 1431 l2cap_chan_put(chan); 1432 1433 return err; 1434 } 1435 > 1436 static void l2cap_sock_cleanup_listen(struct sock *parent) 1437 { 1438 struct sock *sk; 1439 1440 BT_DBG("parent %p state %s", parent, 1441 state_to_string(parent->sk_state)); 1442 1443 /* Close not yet accepted channels */ 1444 while ((sk = bt_accept_dequeue(parent, NULL))) { 1445 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1446 1447 BT_DBG("child chan %p state %s", chan, 1448 state_to_string(chan->state)); 1449 1450 l2cap_chan_hold(chan); 1451 l2cap_chan_lock(chan); 1452 1453 __clear_chan_timer(chan); 1454 l2cap_chan_close(chan, ECONNRESET); 1455 l2cap_sock_kill(sk); 1456 1457 l2cap_chan_unlock(chan); 1458 l2cap_chan_put(chan); 1459 } 1460 } 1461 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki