May be my previous version was free of this problem ? https://lore.kernel.org/linux-bluetooth/a1db0c90-1803-e01c-3e23-d18e4343a4eb@xxxxxxxxxxxxxxxxx/ Thanks On 11.02.2025 17:16, Arseniy Krasnov wrote: > Hi, I guess problem here is that, if hci_uart_tty_close() will be called between > setting HCI_UART_PROTO_READY and skb_queue_head_init(), in that case mrvl_close() > will access uninitialized data. > > hci_uart_set_proto() { > ... > set_bit(HCI_UART_PROTO_READY, &hu->flags); > > err = hci_uart_register_dev(hu); > mrvl_open() > skb_queue_head_init(); > > if (err) { > return err; > } > ... > } > > Thanks > > On 10.02.2025 14:26, syzbot wrote: >> syzbot has bisected this issue to: >> >> commit c411c62cc13319533b1861e00cedc4883c3bc1bb >> Author: Arseniy Krasnov <avkrasnov@xxxxxxxxxxxxxxxxx> >> Date: Thu Jan 30 18:43:26 2025 +0000 >> >> Bluetooth: hci_uart: fix race during initialization >> >> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=116cebdf980000 >> start commit: 40b8e93e17bf Add linux-next specific files for 20250204 >> git tree: linux-next >> final oops: https://syzkaller.appspot.com/x/report.txt?x=136cebdf980000 >> console output: https://syzkaller.appspot.com/x/log.txt?x=156cebdf980000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=ec880188a87c6aad >> dashboard link: https://syzkaller.appspot.com/bug?extid=683f8cb11b94b1824c77 >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10b7eeb0580000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f74f64580000 >> >> Reported-by: syzbot+683f8cb11b94b1824c77@xxxxxxxxxxxxxxxxxxxxxxxxx >> Fixes: c411c62cc133 ("Bluetooth: hci_uart: fix race during initialization") >> >> For information about bisection process see: https://goo.gl/tpsmEJ#bisection
