On Thu, Oct 01, 2020 at 09:06:42AM +0200, Marcel Holtmann wrote:
> Hi Anmol,
>
> > AMP_MGR is getting derefernced in hci_phy_link_complete_evt(), when called
> > from hci_event_packet() and there is a possibility, that hcon->amp_mgr may
> > not be found when accessing after initialization of hco
Hi Anmol,
> AMP_MGR is getting derefernced in hci_phy_link_complete_evt(), when called
> from hci_event_packet() and there is a possibility, that hcon->amp_mgr may
> not be found when accessing after initialization of hcon.
>
> - net/bluetooth/hci_event.c:4945
> The bug seems to get triggered i
On Wed, Sep 09, 2020 at 10:06:59PM -0700, Eric Biggers wrote:
> On Thu, Sep 10, 2020 at 10:04:24AM +0530, Anmol Karn wrote:
> > Prevent hci_phy_link_complete_evt() from dereferencing 'hcon->amp_mgr'
> > as NULL. Fix it by adding pointer check for it.
> >
> > Reported-and-tested-by:
> > syzbot+0be
On Thu, Sep 10, 2020 at 10:04:24AM +0530, Anmol Karn wrote:
> Prevent hci_phy_link_complete_evt() from dereferencing 'hcon->amp_mgr'
> as NULL. Fix it by adding pointer check for it.
>
> Reported-and-tested-by: syzbot+0bef568258653cff2...@syzkaller.appspotmail.com
> Link: https://syzkaller.appspot
