[PW_SID:1070558] [v1] Bluetooth: hci_release_dev: disable delayed devcoredump work by BluezTestBot · Pull Request #3389 · BluezTestBot/bluetooth-next

BluezTestBot · 2026-03-22T21:23:42Z

It is not necessary that the pending delayed hci devcoredump timeout
work, hdev->dump.dump_timeout, submitted to the hdev->workqueue by the
bluetooth devcoredump state machine,
hci_devcd_rx()
hci_devcd_handle_pkt_init()
will be reset by it or by the timeout func hci_devcd_timeout(), using
hci_devcd_reset(), before destroying the workqueue or before the hci
device is freed up in hci_release_dev().

In this bug the active delayed devcoredump timeout work's timer object
is active when the memory associated with the hci device is freed up in
hci_release_dev() causing the ODEBUG WARNING.

Make sure that the delayed devcoredump timeout work is disabled before
the hdev->workqueue is destroyed and before the hdev memory is freed in
hci_release_dev().

Tested the change with the syzbot reproducer that uses vhci device
locally on x86_64 and on syzbot portal as well. Ran kselftest with net
target.

Fixes: `9695ef8` ("Bluetooth: Add support for hci devcoredump")
Reported-by: syzbot+b170dbf55520ebf5969a@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b170dbf55520ebf5969a
Tested-by: syzbot+b170dbf55520ebf5969a@syzkaller.appspotmail.com
Signed-off-by: Aby Sam Ross abysamross@gmail.com

net/bluetooth/hci_core.c | 3 +++
1 file changed, 3 insertions(+)

This patch adds workflow files for ci: [sync.yml] - The workflow file for scheduled work - Sync the repo with upstream repo and rebase the workflow branch - Review the patches in the patchwork and creates the PR if needed [ci.yml] - The workflow file for CI tasks - Run CI tests when PR is created Signed-off-by: Tedd Ho-Jeong An <tedd.an@intel.com>

It is not necessary that the pending delayed hci devcoredump timeout work, hdev->dump.dump_timeout, submitted to the hdev->workqueue by the bluetooth devcoredump state machine, hci_devcd_rx() hci_devcd_handle_pkt_init() will be reset by it or by the timeout func hci_devcd_timeout(), using hci_devcd_reset(), before destroying the workqueue or before the hci device is freed up in hci_release_dev(). In this bug the active delayed devcoredump timeout work's timer object is active when the memory associated with the hci device is freed up in hci_release_dev() causing the ODEBUG WARNING. Make sure that the delayed devcoredump timeout work is disabled before the hdev->workqueue is destroyed and before the hdev memory is freed in hci_release_dev(). Tested the change with the syzbot reproducer that uses vhci device locally on x86_64 and on syzbot portal as well. Ran kselftest with net target. Fixes: 9695ef8 ("Bluetooth: Add support for hci devcoredump") Reported-by: syzbot+b170dbf55520ebf5969a@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=b170dbf55520ebf5969a Tested-by: syzbot+b170dbf55520ebf5969a@syzkaller.appspotmail.com Signed-off-by: Aby Sam Ross <abysamross@gmail.com>

github-actions · 2026-03-22T21:27:09Z

CheckPatch
Desc: Run checkpatch.pl script
Duration: 0.39 seconds
Result: PENDING

github-actions · 2026-03-22T21:27:10Z

GitLint
Desc: Run gitlint
Duration: 0.25 seconds
Result: PENDING

github-actions · 2026-03-22T21:27:11Z

SubjectPrefix
Desc: Check subject contains "Bluetooth" prefix
Duration: 0.12 seconds
Result: PASS

github-actions · 2026-03-22T21:27:42Z

BuildKernel
Desc: Build Kernel for Bluetooth
Duration: 26.40 seconds
Result: PASS

github-actions · 2026-03-22T21:28:15Z

CheckAllWarning
Desc: Run linux kernel with all warning enabled
Duration: 28.76 seconds
Result: PASS

github-actions · 2026-03-22T21:28:50Z

CheckSparse
Desc: Run sparse tool with linux kernel
Duration: 30.08 seconds
Result: PASS

github-actions · 2026-03-22T21:29:20Z

BuildKernel32
Desc: Build 32bit Kernel for Bluetooth
Duration: 25.51 seconds
Result: PASS

github-actions · 2026-03-22T21:38:50Z

TestRunnerSetup
Desc: Setup kernel and bluez for test-runner
Duration: 569.23 seconds
Result: PASS

github-actions · 2026-03-22T21:39:19Z

TestRunner_l2cap-tester
Desc: Run l2cap-tester with test-runner
Duration: 28.00 seconds
Result: PASS

github-actions · 2026-03-22T21:39:52Z

TestRunner_iso-tester
Desc: Run iso-tester with test-runner
Duration: 32.58 seconds
Result: FAIL
Output:

BUG: KASAN: slab-use-after-free in le_read_features_complete+0x7e/0x2b0
Total: 141, Passed: 141 (100.0%), Failed: 0, Not Run: 0

github-actions · 2026-03-22T21:39:59Z

TestRunner_bnep-tester
Desc: Run bnep-tester with test-runner
Duration: 6.38 seconds
Result: PASS

github-actions · 2026-03-22T21:41:55Z

TestRunner_mgmt-tester
Desc: Run mgmt-tester with test-runner
Duration: 115.69 seconds
Result: FAIL
Output:

Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4

Failed Test Cases
Read Exp Feature - Success                           Failed       0.107 seconds

github-actions · 2026-03-22T21:42:05Z

TestRunner_rfcomm-tester
Desc: Run rfcomm-tester with test-runner
Duration: 9.48 seconds
Result: PASS

github-actions · 2026-03-22T21:42:20Z

TestRunner_sco-tester
Desc: Run sco-tester with test-runner
Duration: 14.16 seconds
Result: FAIL
Output:

WARNING: possible circular locking dependency detected
BUG: sleeping function called from invalid context at net/core/sock.c:3782
Total: 30, Passed: 30 (100.0%), Failed: 0, Not Run: 0

github-actions · 2026-03-22T21:42:31Z

TestRunner_ioctl-tester
Desc: Run ioctl-tester with test-runner
Duration: 10.13 seconds
Result: PASS

github-actions · 2026-03-22T21:42:44Z

TestRunner_mesh-tester
Desc: Run mesh-tester with test-runner
Duration: 12.48 seconds
Result: FAIL
Output:

Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0

Failed Test Cases
Mesh - Send cancel - 1                               Timed out    2.773 seconds
Mesh - Send cancel - 2                               Timed out    1.993 seconds

github-actions · 2026-03-22T21:42:53Z

TestRunner_smp-tester
Desc: Run smp-tester with test-runner
Duration: 8.47 seconds
Result: PASS

github-actions · 2026-03-22T21:43:00Z

TestRunner_userchan-tester
Desc: Run userchan-tester with test-runner
Duration: 6.71 seconds
Result: PASS

github-actions · 2026-03-22T21:43:01Z

IncrementalBuild
Desc: Incremental build with the patches in the series
Duration: 0.48 seconds
Result: PENDING

tedd-an and others added 2 commits March 19, 2026 19:41

github-actions bot force-pushed the workflow branch 5 times, most recently from 9f31ee4 to 19dcf1f Compare March 27, 2026 19:51

Conversation

BluezTestBot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

github-actions bot commented Mar 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants