On 11.02.2025 19:51, Luiz Augusto von Dentz wrote: > Hi Arseniy, > > On Tue, Feb 11, 2025 at 11:22 AM Arseniy Krasnov > <avkrasnov@xxxxxxxxxxxxxxxxx> wrote: >> >> May be my previous version was free of this problem ? >> >> https://lore.kernel.org/linux-bluetooth/a1db0c90-1803-e01c-3e23-d18e4343a4eb@xxxxxxxxxxxxxxxxx/ > > You can try sending it to > syzbot+683f8cb11b94b1824c77@xxxxxxxxxxxxxxxxxxxxxxxxx to check if that > works. Ok, I'll send it. I think that even this logic is deprecated, it is better to keep it without bugs (even if fix is not elegant). Thanks > >> Thanks >> >> On 11.02.2025 17:16, Arseniy Krasnov wrote: >>> Hi, I guess problem here is that, if hci_uart_tty_close() will be called between >>> setting HCI_UART_PROTO_READY and skb_queue_head_init(), in that case mrvl_close() >>> will access uninitialized data. >>> >>> hci_uart_set_proto() { >>> ... >>> set_bit(HCI_UART_PROTO_READY, &hu->flags); >>> >>> err = hci_uart_register_dev(hu); >>> mrvl_open() >>> skb_queue_head_init(); > > Or we follow what the likes of hci_uart_register_device_priv, in fact > we may want to take the time to clean this up, afaik the ldisc is > deprecated and serdev shall be used instead, in any case if we can't > just remove ldisc version then at very least they shall be using the > same flow when it comes to hci_register_dev since the share the same > struct hci_uart. > >>> if (err) { >>> return err; >>> } >>> ... >>> } >>> >>> Thanks >>> >>> On 10.02.2025 14:26, syzbot wrote: >>>> syzbot has bisected this issue to: >>>> >>>> commit c411c62cc13319533b1861e00cedc4883c3bc1bb >>>> Author: Arseniy Krasnov <avkrasnov@xxxxxxxxxxxxxxxxx> >>>> Date: Thu Jan 30 18:43:26 2025 +0000 >>>> >>>> Bluetooth: hci_uart: fix race during initialization >>>> >>>> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=116cebdf980000 >>>> start commit: 40b8e93e17bf Add linux-next specific files for 20250204 >>>> git tree: linux-next >>>> final oops: https://syzkaller.appspot.com/x/report.txt?x=136cebdf980000 >>>> console output: https://syzkaller.appspot.com/x/log.txt?x=156cebdf980000 >>>> kernel config: https://syzkaller.appspot.com/x/.config?x=ec880188a87c6aad >>>> dashboard link: https://syzkaller.appspot.com/bug?extid=683f8cb11b94b1824c77 >>>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10b7eeb0580000 >>>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f74f64580000 >>>> >>>> Reported-by: syzbot+683f8cb11b94b1824c77@xxxxxxxxxxxxxxxxxxxxxxxxx >>>> Fixes: c411c62cc133 ("Bluetooth: hci_uart: fix race during initialization") >>>> >>>> For information about bisection process see: https://goo.gl/tpsmEJ#bisection > > >
