[PW_SID:1117563] Bluetooth: bnep: pin L2CAP connection during netdev registration by BluezTestBot · Pull Request #360 · bluez/bluetooth-next

BluezTestBot · 2026-06-28T01:56:52Z

bnep_add_connection() reads the L2CAP connection without holding the
channel lock, then passes its HCI device to register_netdev(). Controller
teardown can clear and release that connection concurrently, leaving the
network device registration path to dereference a freed parent device.

Take a reference to the L2CAP connection while holding the channel lock.
Retain it until register_netdev() has taken the parent device reference.

Fixes: `65f53e9` ("Bluetooth: Access BNEP session addresses through L2CAP channel")
Reported-by: syzbot+fed5dce4553262f3b35c@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=fed5dce4553262f3b35c
Cc: stable@vger.kernel.org
Signed-off-by: Yousef Alhouseen alhouseenyousef@gmail.com

net/bluetooth/bnep/core.c | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)

bnep_add_connection() reads the L2CAP connection without holding the channel lock, then passes its HCI device to register_netdev(). Controller teardown can clear and release that connection concurrently, leaving the network device registration path to dereference a freed parent device. Take a reference to the L2CAP connection while holding the channel lock. Retain it until register_netdev() has taken the parent device reference. Fixes: 65f53e9 ("Bluetooth: Access BNEP session addresses through L2CAP channel") Reported-by: syzbot+fed5dce4553262f3b35c@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fed5dce4553262f3b35c Cc: stable@vger.kernel.org Signed-off-by: Yousef Alhouseen <alhouseenyousef@gmail.com>

github-actions · 2026-06-28T02:09:44Z

CheckPatch
Desc: Run checkpatch.pl script
Duration: 1.08 seconds
Result: PASS

github-actions · 2026-06-28T02:09:46Z

VerifyFixes
Desc: Verify Fixes tag format and validity
Duration: 0.23 seconds
Result: PASS

github-actions · 2026-06-28T02:09:48Z

VerifySignedoff
Desc: Verify Signed-off-by chain
Duration: 0.33 seconds
Result: PASS

github-actions · 2026-06-28T02:09:51Z

GitLint
Desc: Run gitlint
Duration: 0.68 seconds
Result: PASS

github-actions · 2026-06-28T02:09:53Z

SubjectPrefix
Desc: Check subject contains "Bluetooth" prefix
Duration: 0.37 seconds
Result: PASS

github-actions · 2026-06-28T02:10:23Z

BuildKernel
Desc: Build Kernel for Bluetooth
Duration: 25.59 seconds
Result: PASS

github-actions · 2026-06-28T02:10:55Z

CheckAllWarning
Desc: Run linux kernel with all warning enabled
Duration: 28.16 seconds
Result: PASS

github-actions · 2026-06-28T02:11:28Z

CheckSparse
Desc: Run sparse tool with linux kernel
Duration: 27.81 seconds
Result: PASS

github-actions · 2026-06-28T02:11:57Z

BuildKernel32
Desc: Build 32bit Kernel for Bluetooth
Duration: 25.08 seconds
Result: PASS

github-actions · 2026-06-28T02:12:02Z

CheckKernelLLVM
Desc: Build kernel with LLVM + context analysis
Duration: 0.00 seconds
Result: SKIP
Output:

Clang not found

github-actions · 2026-06-28T02:19:45Z

TestRunnerSetup
Desc: Setup kernel and bluez for test-runner
Duration: 461.27 seconds
Result: PASS

github-actions · 2026-06-28T02:20:05Z

TestRunner_bnep-tester
Desc: Run bnep-tester with test-runner
Duration: 19.16 seconds
Result: PASS

github-actions · 2026-06-28T02:20:34Z

IncrementalBuild
Desc: Incremental build with the patches in the series
Duration: 24.14 seconds
Result: PASS

github-actions Bot added the area:bnep label Jun 28, 2026

Uh oh!

Conversation

BluezTestBot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

github-actions Bot commented Jun 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants