Re: [v1] bluetooth: hci_core: Fix use-after-free in vhci_flush().

public inbox for linux-bluetooth@vger.kernel.org
 help / color / mirror / Atom feed

From: Kuniyuki Iwashima <kuni1840@gmail.com>
To: bluez.test.bot@gmail.com
Cc: kuni1840@gmail.com, linux-bluetooth@vger.kernel.org
Subject: Re: [v1] bluetooth: hci_core: Fix use-after-free in vhci_flush().
Date: Fri, 13 Jun 2025 19:20:43 -0700	[thread overview]
Message-ID: <20250614022107.1368823-1-kuni1840@gmail.com> (raw)
In-Reply-To: <684cb56a.c80a0220.7fb1f.b9e7@mx.google.com>

Date: Fri, 13 Jun 2025 16:34:02 -0700 (PDT)
From: bluez.test.bot@gmail.com
> This is automated email and please do not reply to this email!
> 
> Dear submitter,
> 
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=972027
> 
> ---Test result---
> 
> Test Summary:
> CheckPatch                    PENDING   0.28 seconds
> GitLint                       PENDING   0.32 seconds
> SubjectPrefix                 FAIL      0.30 seconds
> BuildKernel                   PASS      24.78 seconds
> CheckAllWarning               PASS      27.17 seconds
> CheckSparse                   WARNING   30.51 seconds
> BuildKernel32                 PASS      24.54 seconds
> TestRunnerSetup               PASS      461.88 seconds
> TestRunner_l2cap-tester       PASS      24.94 seconds
> TestRunner_iso-tester         FAIL      7.68 seconds
> TestRunner_bnep-tester        PASS      5.92 seconds
> TestRunner_mgmt-tester        PASS      131.78 seconds
> TestRunner_rfcomm-tester      PASS      9.27 seconds
> TestRunner_sco-tester         PASS      14.67 seconds
> TestRunner_ioctl-tester       PASS      11.73 seconds
> TestRunner_mesh-tester        FAIL      7.37 seconds
> TestRunner_smp-tester         PASS      8.45 seconds
> TestRunner_userchan-tester    PASS      6.08 seconds
> IncrementalBuild              PENDING   0.78 seconds
> 
> Details
> ##############################
> Test: CheckPatch - PENDING
> Desc: Run checkpatch.pl script
> Output:
> 
> ##############################
> Test: GitLint - PENDING
> Desc: Run gitlint
> Output:
> 
> ##############################
> Test: SubjectPrefix - FAIL
> Desc: Check subject contains "Bluetooth" prefix
> Output:
> "Bluetooth: " prefix is not specified in the subject

Will use it in v2.


> ##############################
> Test: CheckSparse - WARNING
> Desc: Run sparse tool with linux kernel
> Output:
> net/bluetooth/hci_core.c:85:9: warning: context imbalance in '__hci_dev_get' - different lock contexts for basic blocknet/bluetooth/hci_core.c: note: in included file (through include/linux/notifier.h, include/linux/memory_hotplug.h, include/linux/mmzone.h, include/linux/gfp.h, include/linux/xarray.h, include/linux/radix-tree.h, ...):

Do we want to silence sparse by putting acquire()/release()
or is this warning acceptable like netdev tree ?

IMHO, sparse doesn't help much and I prefer lockdep.


> ##############################
> Test: TestRunner_iso-tester - FAIL
> Desc: Run iso-tester with test-runner
> Output:
> No test result found
> ##############################
> Test: TestRunner_mesh-tester - FAIL
> Desc: Run mesh-tester with test-runner
> Output:
> BUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0
> WARNING: CPU: 0 PID: 68 at kernel/workqueue.c:2257 __queue_work+0x93e/0xba0
> Total: 10, Passed: 9 (90.0%), Failed: 1, Not Run: 0

It seems the same splat can be seen on other patches.
https://lore.kernel.org/linux-bluetooth/?q=KASAN+run_timer_softirq

Is this a known issue, or are we all making the same mistake ?

If latter, can I get the full splat and some guidance to run
the same test locally (if it's easy to set up) ?

Thanks

> 
> Failed Test Cases
> Mesh - Send cancel - 1                               Failed       0.148 seconds
> ##############################
> Test: IncrementalBuild - PENDING
> Desc: Incremental build with the patches in the series
> Output:
> 
> 
> 
> ---
> Regards,
> Linux Bluetooth

next prev parent reply	other threads:[~2025-06-14  2:21 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-13 23:02 [PATCH v1] bluetooth: hci_core: Fix use-after-free in vhci_flush() Kuniyuki Iwashima
2025-06-13 23:34 ` [v1] " bluez.test.bot
2025-06-14  2:20   ` Kuniyuki Iwashima [this message]
2025-06-14 11:30     ` Pauli Virtanen
2025-06-15  0:26       ` Kuniyuki Iwashima
2025-06-14  5:38 ` [PATCH v1] " Paul Menzel
2025-06-15  0:01   ` Kuniyuki Iwashima

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250614022107.1368823-1-kuni1840@gmail.com \
    --to=kuni1840@gmail.com \
    --cc=bluez.test.bot@gmail.com \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox