Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:
On Thu, 2 May 2024 20:57:36 +0800 you wrote:
> There is a race condition between l2cap_chan_timeout() and
> l2cap_chan_del(). When we use l2cap_chan_del() to delete the
> channel, the chan->conn will be set to null. But the conn could
> be dereferenced again in the mutex_lock() of l2cap_chan_timeout().
> As a result the null pointer dereference bug will happen. The
> KASAN report triggered by POC is shown below:
>
> [...]
Here is the summary with links:
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
https://git.kernel.org/bluetooth/bluetooth-next/c/8192cea84c6c
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
