* [PATCH v4 0/2] Bluetooth: mgmt: Fix heap overflow and race condition
@ 2026-02-08 8:15 Maiquel Paiva
2026-02-08 8:15 ` [PATCH v4 1/2] Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add Maiquel Paiva
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Maiquel Paiva @ 2026-02-08 8:15 UTC (permalink / raw)
To: linux-bluetooth; +Cc: luiz.dentz, gregkh, marcel, Maiquel Paiva
This series fixes two vulnerabilities found in net/bluetooth/mgmt_util.c related to mesh handling.
Patch 1 addresses a heap buffer overflow in mgmt_mesh_add by validating the user-provided length.
Patch 2 resolves race conditions in mgmt_mesh_add and mgmt_mesh_find by protecting the list operations.
Changes in v4:
- Replaced guard(mutex) with guard(spinlock) using hdev->lock in Patch 2.
- This fixes the "sleeping function called from invalid context" and circular locking warnings reported by the CI robot in v3.
Changes in v3:
- Added Fixes and Cc: stable tags as requested by maintainers.
- No code changes from v2.
Maiquel Paiva (2):
Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add
Bluetooth: mgmt: Fix race conditions in mesh handling
net/bluetooth/mgmt_util.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--
2.43.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v4 1/2] Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add
2026-02-08 8:15 [PATCH v4 0/2] Bluetooth: mgmt: Fix heap overflow and race condition Maiquel Paiva
@ 2026-02-08 8:15 ` Maiquel Paiva
2026-02-08 8:43 ` Bluetooth: mgmt: Fix heap overflow and race condition bluez.test.bot
2026-02-08 8:15 ` [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling Maiquel Paiva
2026-02-09 20:00 ` [PATCH v4 0/2] Bluetooth: mgmt: Fix heap overflow and race condition patchwork-bot+bluetooth
2 siblings, 1 reply; 8+ messages in thread
From: Maiquel Paiva @ 2026-02-08 8:15 UTC (permalink / raw)
To: linux-bluetooth; +Cc: luiz.dentz, gregkh, marcel, Maiquel Paiva, stable
Add a check for the user-provided length in mgmt_mesh_add() against
the size of the param buffer. This prevents a heap buffer overflow
if the user provides a length larger than the destination buffer.
Fixes: b338d91703fa ("Bluetooth: Implement support for Mesh")
Cc: stable@vger.kernel.org
Signed-off-by: Maiquel Paiva <maiquelpaiva@gmail.com>
---
net/bluetooth/mgmt_util.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/bluetooth/mgmt_util.c b/net/bluetooth/mgmt_util.c
index aa7b5585cb26..bdce52363332 100644
--- a/net/bluetooth/mgmt_util.c
+++ b/net/bluetooth/mgmt_util.c
@@ -413,6 +413,9 @@ struct mgmt_mesh_tx *mgmt_mesh_add(struct sock *sk, struct hci_dev *hdev,
{
struct mgmt_mesh_tx *mesh_tx;
+ if (len > sizeof(mesh_tx->param))
+ return NULL;
+
mesh_tx = kzalloc(sizeof(*mesh_tx), GFP_KERNEL);
if (!mesh_tx)
return NULL;
--
2.43.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling
2026-02-08 8:15 [PATCH v4 0/2] Bluetooth: mgmt: Fix heap overflow and race condition Maiquel Paiva
2026-02-08 8:15 ` [PATCH v4 1/2] Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add Maiquel Paiva
@ 2026-02-08 8:15 ` Maiquel Paiva
2026-02-08 12:57 ` kernel test robot
` (2 more replies)
2026-02-09 20:00 ` [PATCH v4 0/2] Bluetooth: mgmt: Fix heap overflow and race condition patchwork-bot+bluetooth
2 siblings, 3 replies; 8+ messages in thread
From: Maiquel Paiva @ 2026-02-08 8:15 UTC (permalink / raw)
To: linux-bluetooth; +Cc: luiz.dentz, gregkh, marcel, Maiquel Paiva, stable
The functions mgmt_mesh_add and mgmt_mesh_find modify or traverse the
mesh_pending list without locking, leading to potential race conditions
and list corruption.
Use guard(spinlock) with hdev->lock to protect the critical sections.
This ensures atomic access to the list and reference counter, preventing
race conditions and avoiding sleeping in atomic context (which fixes CI
failures).
Fixes: b338d91703fa ("Bluetooth: Implement support for Mesh")
Cc: stable@vger.kernel.org
Signed-off-by: Maiquel Paiva <maiquelpaiva@gmail.com>
---
net/bluetooth/mgmt_util.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/mgmt_util.c b/net/bluetooth/mgmt_util.c
index bdce52363332..af9194e44943 100644
--- a/net/bluetooth/mgmt_util.c
+++ b/net/bluetooth/mgmt_util.c
@@ -397,8 +397,7 @@ struct mgmt_mesh_tx *mgmt_mesh_find(struct hci_dev *hdev, u8 handle)
{
struct mgmt_mesh_tx *mesh_tx;
- if (list_empty(&hdev->mesh_pending))
- return NULL;
+ guard(spinlock)(&hdev->lock);
list_for_each_entry(mesh_tx, &hdev->mesh_pending, list) {
if (mesh_tx->handle == handle)
@@ -420,6 +419,8 @@ struct mgmt_mesh_tx *mgmt_mesh_add(struct sock *sk, struct hci_dev *hdev,
if (!mesh_tx)
return NULL;
+ guard(spinlock)(&hdev->lock);
+
hdev->mesh_send_ref++;
if (!hdev->mesh_send_ref)
hdev->mesh_send_ref++;
--
2.43.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* RE: Bluetooth: mgmt: Fix heap overflow and race condition
2026-02-08 8:15 ` [PATCH v4 1/2] Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add Maiquel Paiva
@ 2026-02-08 8:43 ` bluez.test.bot
0 siblings, 0 replies; 8+ messages in thread
From: bluez.test.bot @ 2026-02-08 8:43 UTC (permalink / raw)
To: linux-bluetooth, maiquelpaiva
[-- Attachment #1: Type: text/plain, Size: 40968 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1051967
---Test result---
Test Summary:
CheckPatch PENDING 0.50 seconds
GitLint PENDING 0.29 seconds
SubjectPrefix PASS 0.12 seconds
BuildKernel FAIL 22.82 seconds
CheckAllWarning FAIL 25.31 seconds
CheckSparse FAIL 27.49 seconds
BuildKernel32 FAIL 22.06 seconds
TestRunnerSetup FAIL 531.86 seconds
TestRunner_l2cap-tester FAIL 0.08 seconds
TestRunner_iso-tester FAIL 0.08 seconds
TestRunner_bnep-tester FAIL 0.08 seconds
TestRunner_mgmt-tester FAIL 0.08 seconds
TestRunner_rfcomm-tester FAIL 0.08 seconds
TestRunner_sco-tester FAIL 0.08 seconds
TestRunner_ioctl-tester FAIL 0.08 seconds
TestRunner_mesh-tester FAIL 0.08 seconds
TestRunner_smp-tester FAIL 0.08 seconds
TestRunner_userchan-tester FAIL 0.08 seconds
IncrementalBuild PENDING 0.64 seconds
Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:
##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:
##############################
Test: BuildKernel - FAIL
Desc: Build Kernel for Bluetooth
Output:
net/bluetooth/mgmt_util.c: In function ‘mgmt_mesh_find’:
net/bluetooth/mgmt_util.c:400:18: error: passing argument 1 of ‘class_spinlock_constructor’ from incompatible pointer type [-Werror=incompatible-pointer-types]
400 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from ./include/linux/jump_label.h:78,
from ./arch/x86/include/asm/string_64.h:6,
from ./arch/x86/include/asm/string.h:8,
from ./arch/x86/include/asm/cpuid/api.h:10,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/jiffies.h:10,
from ./include/linux/ktime.h:25,
from ./include/linux/poll.h:7,
from ./include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
./include/linux/cleanup.h:490:77: note: expected ‘spinlock_t *’ {aka ‘struct spinlock *’} but argument is of type ‘struct mutex *’
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
./include/linux/cleanup.h:509:1: note: in expansion of macro ‘__DEFINE_LOCK_GUARD_1’
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
./include/linux/spinlock.h:565:1: note: in expansion of macro ‘DEFINE_LOCK_GUARD_1’
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
net/bluetooth/mgmt_util.c: In function ‘mgmt_mesh_add’:
net/bluetooth/mgmt_util.c:422:18: error: passing argument 1 of ‘class_spinlock_constructor’ from incompatible pointer type [-Werror=incompatible-pointer-types]
422 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from ./include/linux/jump_label.h:78,
from ./arch/x86/include/asm/string_64.h:6,
from ./arch/x86/include/asm/string.h:8,
from ./arch/x86/include/asm/cpuid/api.h:10,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/jiffies.h:10,
from ./include/linux/ktime.h:25,
from ./include/linux/poll.h:7,
from ./include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
./include/linux/cleanup.h:490:77: note: expected ‘spinlock_t *’ {aka ‘struct spinlock *’} but argument is of type ‘struct mutex *’
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
./include/linux/cleanup.h:509:1: note: in expansion of macro ‘__DEFINE_LOCK_GUARD_1’
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
./include/linux/spinlock.h:565:1: note: in expansion of macro ‘DEFINE_LOCK_GUARD_1’
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
make[4]: *** [scripts/Makefile.build:287: net/bluetooth/mgmt_util.o] Error 1
make[4]: *** Waiting for unfinished jobs....
make[3]: *** [scripts/Makefile.build:544: net/bluetooth] Error 2
make[2]: *** [scripts/Makefile.build:544: net] Error 2
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [/github/workspace/src/src/Makefile:2054: .] Error 2
make: *** [Makefile:248: __sub-make] Error 2
##############################
Test: CheckAllWarning - FAIL
Desc: Run linux kernel with all warning enabled
Output:
net/bluetooth/mgmt_util.c: In function ‘mgmt_mesh_find’:
net/bluetooth/mgmt_util.c:400:18: error: passing argument 1 of ‘class_spinlock_constructor’ from incompatible pointer type [-Werror=incompatible-pointer-types]
400 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from ./include/linux/jump_label.h:78,
from ./arch/x86/include/asm/string_64.h:6,
from ./arch/x86/include/asm/string.h:8,
from ./arch/x86/include/asm/cpuid/api.h:10,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/jiffies.h:10,
from ./include/linux/ktime.h:25,
from ./include/linux/poll.h:7,
from ./include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
./include/linux/cleanup.h:490:77: note: expected ‘spinlock_t *’ {aka ‘struct spinlock *’} but argument is of type ‘struct mutex *’
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
./include/linux/cleanup.h:509:1: note: in expansion of macro ‘__DEFINE_LOCK_GUARD_1’
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
./include/linux/spinlock.h:565:1: note: in expansion of macro ‘DEFINE_LOCK_GUARD_1’
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
net/bluetooth/mgmt_util.c: In function ‘mgmt_mesh_add’:
net/bluetooth/mgmt_util.c:422:18: error: passing argument 1 of ‘class_spinlock_constructor’ from incompatible pointer type [-Werror=incompatible-pointer-types]
422 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from ./include/linux/jump_label.h:78,
from ./arch/x86/include/asm/string_64.h:6,
from ./arch/x86/include/asm/string.h:8,
from ./arch/x86/include/asm/cpuid/api.h:10,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/jiffies.h:10,
from ./include/linux/ktime.h:25,
from ./include/linux/poll.h:7,
from ./include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
./include/linux/cleanup.h:490:77: note: expected ‘spinlock_t *’ {aka ‘struct spinlock *’} but argument is of type ‘struct mutex *’
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
./include/linux/cleanup.h:509:1: note: in expansion of macro ‘__DEFINE_LOCK_GUARD_1’
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
./include/linux/spinlock.h:565:1: note: in expansion of macro ‘DEFINE_LOCK_GUARD_1’
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
make[4]: *** [scripts/Makefile.build:287: net/bluetooth/mgmt_util.o] Error 1
make[4]: *** Waiting for unfinished jobs....
make[3]: *** [scripts/Makefile.build:544: net/bluetooth] Error 2
make[2]: *** [scripts/Makefile.build:544: net] Error 2
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [/github/workspace/src/src/Makefile:2054: .] Error 2
make: *** [Makefile:248: __sub-make] Error 2
##############################
Test: CheckSparse - FAIL
Desc: Run sparse tool with linux kernel
Output:
drivers/bluetooth/hci_vhci.c:717:1: error: bad constant expression
drivers/bluetooth/hci_vhci.c:718:1: error: bad constant expression
drivers/bluetooth/hci_vhci.c:720:1: error: bad constant expression
drivers/bluetooth/hci_vhci.c:721:1: error: bad constant expression
drivers/bluetooth/hci_vhci.c:722:1: error: bad constant expression
drivers/bluetooth/hci_vhci.c:723:1: error: bad constant expression
drivers/bluetooth/hci_vhci.c:723:1: error: bad constant expression
drivers/bluetooth/hci_vhci.c:724:1: error: bad constant expression
drivers/bluetooth/hci_vhci.c:725:1: error: bad constant expression
net/bluetooth/bnep/core.c:759:1: error: bad constant expression
net/bluetooth/bnep/core.c:760:1: error: bad constant expression
net/bluetooth/bnep/core.c:762:1: error: bad constant expression
net/bluetooth/bnep/core.c:763:1: error: bad constant expression
net/bluetooth/bnep/core.c:765:1: error: bad constant expression
net/bluetooth/bnep/core.c:766:1: error: bad constant expression
net/bluetooth/bnep/core.c:767:1: error: bad constant expression
net/bluetooth/bnep/core.c:768:1: error: bad constant expression
net/bluetooth/bnep/core.c:768:1: error: bad constant expression
net/bluetooth/bnep/core.c:769:1: error: bad constant expression
net/bluetooth/hidp/core.c:1474:1: error: bad constant expression
net/bluetooth/hidp/core.c:1475:1: error: bad constant expression
net/bluetooth/hidp/core.c:1476:1: error: bad constant expression
net/bluetooth/hidp/core.c:1477:1: error: bad constant expression
net/bluetooth/hidp/core.c:1478:1: error: bad constant expression
net/bluetooth/hidp/core.c:1478:1: error: bad constant expression
net/bluetooth/hidp/core.c:1479:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2273:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2274:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2276:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2277:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2279:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2280:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2282:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2283:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2284:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2285:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2285:1: error: bad constant expression
net/bluetooth/rfcomm/core.c:2286:1: error: bad constant expression
drivers/bluetooth/hci_ldisc.c:932:1: error: bad constant expression
drivers/bluetooth/hci_ldisc.c:933:1: error: bad constant expression
drivers/bluetooth/hci_ldisc.c:934:1: error: bad constant expression
drivers/bluetooth/hci_ldisc.c:935:1: error: bad constant expression
drivers/bluetooth/hci_ldisc.c:935:1: error: bad constant expression
drivers/bluetooth/hci_ldisc.c:936:1: error: bad constant expression
net/bluetooth/af_bluetooth.c:972:1: error: bad constant expression
net/bluetooth/af_bluetooth.c:973:1: error: bad constant expression
net/bluetooth/af_bluetooth.c:974:1: error: bad constant expression
net/bluetooth/af_bluetooth.c:975:1: error: bad constant expression
net/bluetooth/af_bluetooth.c:975:1: error: bad constant expression
net/bluetooth/af_bluetooth.c:976:1: error: bad constant expression
drivers/bluetooth/hci_bcsp.c:783:1: error: bad constant expression
drivers/bluetooth/hci_bcsp.c:784:1: error: bad constant expression
drivers/bluetooth/hci_bcsp.c:786:1: error: bad constant expression
drivers/bluetooth/hci_bcsp.c:787:1: error: bad constant expression
net/bluetooth/hci_core.c:85:9: warning: context imbalance in '__hci_dev_get' - different lock contexts for basic block
net/bluetooth/hci_core.c: note: in included file (through include/linux/notifier.h, include/linux/memory_hotplug.h, include/linux/mmzone.h, include/linux/gfp.h, include/linux/xarray.h, include/linux/radix-tree.h, ...):
./include/linux/srcu.h:463:9: warning: context imbalance in 'hci_dev_put_srcu' - unexpected unlock
net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):
./include/net/bluetooth/hci.h:2922:47: warning: array of flexible structures
./include/net/bluetooth/hci.h:3008:43: warning: array of flexible structures
drivers/bluetooth/hci_bcm.c:167:1: error: bad constant expression
drivers/bluetooth/hci_bcm.c:168:1: error: bad constant expression
drivers/bluetooth/hci_ag6xx.c:257:24: warning: restricted __le32 degrades to integer
drivers/bluetooth/hci_mrvl.c:170:23: warning: restricted __le16 degrades to integer
drivers/bluetooth/hci_mrvl.c:203:23: warning: restricted __le16 degrades to integer
net/bluetooth/l2cap_core.c:7735:1: error: bad constant expression
net/bluetooth/l2cap_core.c:7736:1: error: bad constant expression
net/bluetooth/l2cap_core.c:7738:1: error: bad constant expression
net/bluetooth/l2cap_core.c:7739:1: error: bad constant expression
drivers/bluetooth/bcm203x.c:261:1: error: bad constant expression
drivers/bluetooth/bcm203x.c:262:1: error: bad constant expression
drivers/bluetooth/bcm203x.c:263:1: error: bad constant expression
drivers/bluetooth/bcm203x.c:264:1: error: bad constant expression
drivers/bluetooth/bcm203x.c:264:1: error: bad constant expression
drivers/bluetooth/bcm203x.c:265:1: error: bad constant expression
drivers/bluetooth/bcm203x.c:266:1: error: bad constant expression
net/bluetooth/mgmt_util.c: In function ‘mgmt_mesh_find’:
net/bluetooth/mgmt_util.c:400:18: error: passing argument 1 of ‘class_spinlock_constructor’ from incompatible pointer type [-Werror=incompatible-pointer-types]
400 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from ./include/linux/jump_label.h:78,
from ./arch/x86/include/asm/string_64.h:6,
from ./arch/x86/include/asm/string.h:8,
from ./arch/x86/include/asm/cpuid/api.h:10,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/jiffies.h:10,
from ./include/linux/ktime.h:25,
from ./include/linux/poll.h:7,
from ./include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
./include/linux/cleanup.h:490:77: note: expected ‘spinlock_t *’ {aka ‘struct spinlock *’} but argument is of type ‘struct mutex *’
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
./include/linux/cleanup.h:509:1: note: in expansion of macro ‘__DEFINE_LOCK_GUARD_1’
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
./include/linux/spinlock.h:565:1: note: in expansion of macro ‘DEFINE_LOCK_GUARD_1’
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
net/bluetooth/mgmt_util.c: In function ‘mgmt_mesh_add’:
net/bluetooth/mgmt_util.c:422:18: error: passing argument 1 of ‘class_spinlock_constructor’ from incompatible pointer type [-Werror=incompatible-pointer-types]
422 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from ./include/linux/jump_label.h:78,
from ./arch/x86/include/asm/string_64.h:6,
from ./arch/x86/include/asm/string.h:8,
from ./arch/x86/include/asm/cpuid/api.h:10,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/jiffies.h:10,
from ./include/linux/ktime.h:25,
from ./include/linux/poll.h:7,
from ./include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
./include/linux/cleanup.h:490:77: note: expected ‘spinlock_t *’ {aka ‘struct spinlock *’} but argument is of type ‘struct mutex *’
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
./include/linux/cleanup.h:509:1: note: in expansion of macro ‘__DEFINE_LOCK_GUARD_1’
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
./include/linux/spinlock.h:565:1: note: in expansion of macro ‘DEFINE_LOCK_GUARD_1’
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
make[4]: *** [scripts/Makefile.build:287: net/bluetooth/mgmt_util.o] Error 1
make[3]: *** [scripts/Makefile.build:544: net/bluetooth] Error 2
make[2]: *** [scripts/Makefile.build:544: net] Error 2
make[2]: *** Waiting for unfinished jobs....
drivers/bluetooth/bpa10x.c:444:1: error: bad constant expression
drivers/bluetooth/bpa10x.c:445:1: error: bad constant expression
drivers/bluetooth/bpa10x.c:446:1: error: bad constant expression
drivers/bluetooth/bpa10x.c:447:1: error: bad constant expression
drivers/bluetooth/bpa10x.c:447:1: error: bad constant expression
drivers/bluetooth/bfusb.c:720:1: error: bad constant expression
drivers/bluetooth/bfusb.c:721:1: error: bad constant expression
drivers/bluetooth/bfusb.c:722:1: error: bad constant expression
drivers/bluetooth/bfusb.c:723:1: error: bad constant expression
drivers/bluetooth/bfusb.c:723:1: error: bad constant expression
drivers/bluetooth/bfusb.c:724:1: error: bad constant expression
drivers/bluetooth/btsdio.c:372:1: error: bad constant expression
drivers/bluetooth/btsdio.c:373:1: error: bad constant expression
drivers/bluetooth/btsdio.c:374:1: error: bad constant expression
drivers/bluetooth/btsdio.c:375:1: error: bad constant expression
drivers/bluetooth/btsdio.c:375:1: error: bad constant expression
drivers/bluetooth/ath3k.c:533:1: error: bad constant expression
drivers/bluetooth/ath3k.c:534:1: error: bad constant expression
drivers/bluetooth/ath3k.c:535:1: error: bad constant expression
drivers/bluetooth/ath3k.c:536:1: error: bad constant expression
drivers/bluetooth/ath3k.c:536:1: error: bad constant expression
drivers/bluetooth/ath3k.c:537:1: error: bad constant expression
drivers/bluetooth/btusb.c:4659:1: error: bad constant expression
drivers/bluetooth/btusb.c:4660:1: error: bad constant expression
drivers/bluetooth/btusb.c:4662:1: error: bad constant expression
drivers/bluetooth/btusb.c:4663:1: error: bad constant expression
drivers/bluetooth/btusb.c:4665:1: error: bad constant expression
drivers/bluetooth/btusb.c:4666:1: error: bad constant expression
drivers/bluetooth/btusb.c:4668:1: error: bad constant expression
drivers/bluetooth/btusb.c:4669:1: error: bad constant expression
drivers/bluetooth/btusb.c:4671:1: error: bad constant expression
drivers/bluetooth/btusb.c:4672:1: error: bad constant expression
drivers/bluetooth/btusb.c:4673:1: error: bad constant expression
drivers/bluetooth/btusb.c:4674:1: error: bad constant expression
drivers/bluetooth/btusb.c:4674:1: error: bad constant expression
drivers/bluetooth/btintel.c:3792:1: error: bad constant expression
drivers/bluetooth/btintel.c:3793:1: error: bad constant expression
drivers/bluetooth/btintel.c:3794:1: error: bad constant expression
drivers/bluetooth/btintel.c:3795:1: error: bad constant expression
drivers/bluetooth/btintel.c:3795:1: error: bad constant expression
drivers/bluetooth/btintel.c:3796:1: error: bad constant expression
drivers/bluetooth/btintel.c:3797:1: error: bad constant expression
drivers/bluetooth/btintel.c:3798:1: error: bad constant expression
drivers/bluetooth/btintel.c:3799:1: error: bad constant expression
drivers/bluetooth/btmrvl_main.c:782:1: error: bad constant expression
drivers/bluetooth/btmrvl_main.c:783:1: error: bad constant expression
drivers/bluetooth/btmrvl_main.c:784:1: error: bad constant expression
drivers/bluetooth/btmrvl_main.c:785:1: error: bad constant expression
drivers/bluetooth/btmrvl_main.c:785:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1769:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1770:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1771:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1772:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1772:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1773:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1774:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1775:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1776:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1777:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1778:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1779:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1780:1: error: bad constant expression
drivers/bluetooth/btmrvl_sdio.c:1781:1: error: bad constant expression
drivers/bluetooth/btmtksdio.c:1556:1: error: bad constant expression
drivers/bluetooth/btmtksdio.c:1557:1: error: bad constant expression
drivers/bluetooth/btmtksdio.c:1559:1: error: bad constant expression
drivers/bluetooth/btmtksdio.c:1560:1: error: bad constant expression
drivers/bluetooth/btmtksdio.c:1561:1: error: bad constant expression
drivers/bluetooth/btmtksdio.c:1562:1: error: bad constant expression
drivers/bluetooth/btmtksdio.c:1562:1: error: bad constant expression
drivers/bluetooth/btbcm.c:780:1: error: bad constant expression
drivers/bluetooth/btbcm.c:781:1: error: bad constant expression
drivers/bluetooth/btbcm.c:782:1: error: bad constant expression
drivers/bluetooth/btbcm.c:783:1: error: bad constant expression
drivers/bluetooth/btbcm.c:783:1: error: bad constant expression
drivers/bluetooth/btmtkuart.c:994:1: error: bad constant expression
drivers/bluetooth/btmtkuart.c:995:1: error: bad constant expression
drivers/bluetooth/btmtkuart.c:996:1: error: bad constant expression
drivers/bluetooth/btmtkuart.c:997:1: error: bad constant expression
drivers/bluetooth/btmtkuart.c:997:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1514:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1515:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1516:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1517:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1517:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1518:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1519:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1520:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1521:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1522:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1523:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1524:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1525:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1526:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1527:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1528:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1529:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1530:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1531:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1532:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1533:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1534:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1535:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1536:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1537:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1538:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1539:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1540:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1541:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1542:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1543:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1544:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1545:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1546:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1547:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1548:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1549:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1550:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1551:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1552:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1553:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1554:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1555:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1556:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1557:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1558:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1559:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1560:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1561:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1562:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1563:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1564:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1565:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1566:1: error: bad constant expression
drivers/bluetooth/btrtl.c:1567:1: error: bad constant expression
drivers/bluetooth/btqca.c:1042:1: error: bad constant expression
drivers/bluetooth/btqca.c:1043:1: error: bad constant expression
drivers/bluetooth/btqca.c:1044:1: error: bad constant expression
drivers/bluetooth/btqca.c:1044:1: error: bad constant expression
drivers/bluetooth/hci_nokia.c:803:1: error: bad constant expression
drivers/bluetooth/hci_nokia.c:804:1: error: bad constant expression
drivers/bluetooth/hci_nokia.c:805:1: error: bad constant expression
drivers/bluetooth/hci_nokia.c:806:1: error: bad constant expression
drivers/bluetooth/hci_nokia.c:806:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1489:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1490:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1491:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1492:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1493:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1493:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1494:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1495:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1496:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1497:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1498:1: error: bad constant expression
drivers/bluetooth/btmtk.c:1499:1: error: bad constant expression
make[1]: *** [/github/workspace/src/src/Makefile:2054: .] Error 2
make: *** [Makefile:248: __sub-make] Error 2
##############################
Test: BuildKernel32 - FAIL
Desc: Build 32bit Kernel for Bluetooth
Output:
net/bluetooth/mgmt_util.c: In function ‘mgmt_mesh_find’:
net/bluetooth/mgmt_util.c:400:18: error: passing argument 1 of ‘class_spinlock_constructor’ from incompatible pointer type [-Werror=incompatible-pointer-types]
400 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from ./include/linux/string.h:7,
from ./arch/x86/include/asm/page_32.h:18,
from ./arch/x86/include/asm/page.h:14,
from ./arch/x86/include/asm/processor.h:20,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/jiffies.h:10,
from ./include/linux/ktime.h:25,
from ./include/linux/poll.h:7,
from ./include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
./include/linux/cleanup.h:490:77: note: expected ‘spinlock_t *’ {aka ‘struct spinlock *’} but argument is of type ‘struct mutex *’
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
./include/linux/cleanup.h:509:1: note: in expansion of macro ‘__DEFINE_LOCK_GUARD_1’
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
./include/linux/spinlock.h:565:1: note: in expansion of macro ‘DEFINE_LOCK_GUARD_1’
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
net/bluetooth/mgmt_util.c: In function ‘mgmt_mesh_add’:
net/bluetooth/mgmt_util.c:422:18: error: passing argument 1 of ‘class_spinlock_constructor’ from incompatible pointer type [-Werror=incompatible-pointer-types]
422 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from ./include/linux/string.h:7,
from ./arch/x86/include/asm/page_32.h:18,
from ./arch/x86/include/asm/page.h:14,
from ./arch/x86/include/asm/processor.h:20,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/jiffies.h:10,
from ./include/linux/ktime.h:25,
from ./include/linux/poll.h:7,
from ./include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
./include/linux/cleanup.h:490:77: note: expected ‘spinlock_t *’ {aka ‘struct spinlock *’} but argument is of type ‘struct mutex *’
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
./include/linux/cleanup.h:509:1: note: in expansion of macro ‘__DEFINE_LOCK_GUARD_1’
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
./include/linux/spinlock.h:565:1: note: in expansion of macro ‘DEFINE_LOCK_GUARD_1’
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
make[4]: *** [scripts/Makefile.build:287: net/bluetooth/mgmt_util.o] Error 1
make[4]: *** Waiting for unfinished jobs....
make[3]: *** [scripts/Makefile.build:544: net/bluetooth] Error 2
make[2]: *** [scripts/Makefile.build:544: net] Error 2
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [/github/workspace/src/src/Makefile:2054: .] Error 2
make: *** [Makefile:248: __sub-make] Error 2
##############################
Test: TestRunnerSetup - FAIL
Desc: Setup kernel and bluez for test-runner
Output:
Kernel:
net/bluetooth/mgmt_util.c: In function ‘mgmt_mesh_find’:
net/bluetooth/mgmt_util.c:400:18: error: passing argument 1 of ‘class_spinlock_constructor’ from incompatible pointer type [-Werror=incompatible-pointer-types]
400 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from ./include/linux/jump_label.h:78,
from ./arch/x86/include/asm/string_64.h:6,
from ./arch/x86/include/asm/string.h:8,
from ./arch/x86/include/asm/cpuid/api.h:10,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/jiffies.h:10,
from ./include/linux/ktime.h:25,
from ./include/linux/poll.h:7,
from ./include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
./include/linux/cleanup.h:490:77: note: expected ‘spinlock_t *’ {aka ‘struct spinlock *’} but argument is of type ‘struct mutex *’
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
./include/linux/cleanup.h:509:1: note: in expansion of macro ‘__DEFINE_LOCK_GUARD_1’
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
./include/linux/spinlock.h:565:1: note: in expansion of macro ‘DEFINE_LOCK_GUARD_1’
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
net/bluetooth/mgmt_util.c: In function ‘mgmt_mesh_add’:
net/bluetooth/mgmt_util.c:422:18: error: passing argument 1 of ‘class_spinlock_constructor’ from incompatible pointer type [-Werror=incompatible-pointer-types]
422 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from ./include/linux/jump_label.h:78,
from ./arch/x86/include/asm/string_64.h:6,
from ./arch/x86/include/asm/string.h:8,
from ./arch/x86/include/asm/cpuid/api.h:10,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/jiffies.h:10,
from ./include/linux/ktime.h:25,
from ./include/linux/poll.h:7,
from ./include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
./include/linux/cleanup.h:490:77: note: expected ‘spinlock_t *’ {aka ‘struct spinlock *’} but argument is of type ‘struct mutex *’
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
./include/linux/cleanup.h:509:1: note: in expansion of macro ‘__DEFINE_LOCK_GUARD_1’
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
./include/linux/spinlock.h:565:1: note: in expansion of macro ‘DEFINE_LOCK_GUARD_1’
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
make[4]: *** [scripts/Makefile.build:287: net/bluetooth/mgmt_util.o] Error 1
make[3]: *** [scripts/Makefile.build:544: net/bluetooth] Error 2
make[3]: *** Waiting for unfinished jobs....
make[2]: *** [scripts/Makefile.build:544: net] Error 2
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [/github/workspace/src/src/Makefile:2054: .] Error 2
make: *** [Makefile:248: __sub-make] Error 2
##############################
Test: TestRunner_l2cap-tester - FAIL
Desc: Run l2cap-tester with test-runner
Output:
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
qemu: could not open kernel file '/github/workspace/src/src/arch/x86/boot/bzImage': No such file or directory
##############################
Test: TestRunner_iso-tester - FAIL
Desc: Run iso-tester with test-runner
Output:
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
qemu: could not open kernel file '/github/workspace/src/src/arch/x86/boot/bzImage': No such file or directory
##############################
Test: TestRunner_bnep-tester - FAIL
Desc: Run bnep-tester with test-runner
Output:
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
qemu: could not open kernel file '/github/workspace/src/src/arch/x86/boot/bzImage': No such file or directory
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
qemu: could not open kernel file '/github/workspace/src/src/arch/x86/boot/bzImage': No such file or directory
##############################
Test: TestRunner_rfcomm-tester - FAIL
Desc: Run rfcomm-tester with test-runner
Output:
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
qemu: could not open kernel file '/github/workspace/src/src/arch/x86/boot/bzImage': No such file or directory
##############################
Test: TestRunner_sco-tester - FAIL
Desc: Run sco-tester with test-runner
Output:
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
qemu: could not open kernel file '/github/workspace/src/src/arch/x86/boot/bzImage': No such file or directory
##############################
Test: TestRunner_ioctl-tester - FAIL
Desc: Run ioctl-tester with test-runner
Output:
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
qemu: could not open kernel file '/github/workspace/src/src/arch/x86/boot/bzImage': No such file or directory
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
qemu: could not open kernel file '/github/workspace/src/src/arch/x86/boot/bzImage': No such file or directory
##############################
Test: TestRunner_smp-tester - FAIL
Desc: Run smp-tester with test-runner
Output:
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
qemu: could not open kernel file '/github/workspace/src/src/arch/x86/boot/bzImage': No such file or directory
##############################
Test: TestRunner_userchan-tester - FAIL
Desc: Run userchan-tester with test-runner
Output:
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
qemu: could not open kernel file '/github/workspace/src/src/arch/x86/boot/bzImage': No such file or directory
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling
2026-02-08 8:15 ` [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling Maiquel Paiva
@ 2026-02-08 12:57 ` kernel test robot
2026-02-08 12:57 ` kernel test robot
2026-02-09 19:44 ` Luiz Augusto von Dentz
2 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2026-02-08 12:57 UTC (permalink / raw)
To: Maiquel Paiva, linux-bluetooth
Cc: oe-kbuild-all, luiz.dentz, gregkh, marcel, Maiquel Paiva, stable
Hi Maiquel,
kernel test robot noticed the following build errors:
[auto build test ERROR on bluetooth/master]
[also build test ERROR on bluetooth-next/master linus/master v6.19-rc8 next-20260205]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Maiquel-Paiva/Bluetooth-mgmt-Fix-heap-overflow-in-mgmt_mesh_add/20260208-161842
base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git master
patch link: https://lore.kernel.org/r/20260208081559.44983-3-maiquelpaiva%40gmail.com
patch subject: [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling
config: sparc-randconfig-002-20260208 (https://download.01.org/0day-ci/archive/20260208/202602082014.LJf0O75Y-lkp@intel.com/config)
compiler: sparc-linux-gcc (GCC) 11.5.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260208/202602082014.LJf0O75Y-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202602082014.LJf0O75Y-lkp@intel.com/
All errors (new ones prefixed by >>):
net/bluetooth/mgmt_util.c: In function 'mgmt_mesh_find':
>> net/bluetooth/mgmt_util.c:400:25: error: passing argument 1 of 'class_spinlock_constructor' from incompatible pointer type [-Werror=incompatible-pointer-types]
400 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from include/linux/irqflags.h:17,
from include/asm-generic/cmpxchg-local.h:6,
from arch/sparc/include/asm/cmpxchg_32.h:67,
from arch/sparc/include/asm/cmpxchg.h:7,
from arch/sparc/include/asm/atomic_32.h:17,
from arch/sparc/include/asm/atomic.h:7,
from include/linux/atomic.h:7,
from include/asm-generic/bitops/lock.h:5,
from arch/sparc/include/asm/bitops_32.h:102,
from arch/sparc/include/asm/bitops.h:7,
from include/linux/bitops.h:67,
from include/linux/log2.h:12,
from include/asm-generic/div64.h:55,
from ./arch/sparc/include/generated/asm/div64.h:1,
from include/linux/math.h:6,
from include/linux/math64.h:6,
from include/linux/jiffies.h:7,
from include/linux/ktime.h:25,
from include/linux/poll.h:7,
from include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
include/linux/cleanup.h:490:77: note: expected 'spinlock_t *' {aka 'struct spinlock *'} but argument is of type 'struct mutex *'
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
include/linux/cleanup.h:509:1: note: in expansion of macro '__DEFINE_LOCK_GUARD_1'
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
include/linux/spinlock.h:565:1: note: in expansion of macro 'DEFINE_LOCK_GUARD_1'
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
net/bluetooth/mgmt_util.c: In function 'mgmt_mesh_add':
net/bluetooth/mgmt_util.c:422:25: error: passing argument 1 of 'class_spinlock_constructor' from incompatible pointer type [-Werror=incompatible-pointer-types]
422 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
| |
| struct mutex *
In file included from include/linux/irqflags.h:17,
from include/asm-generic/cmpxchg-local.h:6,
from arch/sparc/include/asm/cmpxchg_32.h:67,
from arch/sparc/include/asm/cmpxchg.h:7,
from arch/sparc/include/asm/atomic_32.h:17,
from arch/sparc/include/asm/atomic.h:7,
from include/linux/atomic.h:7,
from include/asm-generic/bitops/lock.h:5,
from arch/sparc/include/asm/bitops_32.h:102,
from arch/sparc/include/asm/bitops.h:7,
from include/linux/bitops.h:67,
from include/linux/log2.h:12,
from include/asm-generic/div64.h:55,
from ./arch/sparc/include/generated/asm/div64.h:1,
from include/linux/math.h:6,
from include/linux/math64.h:6,
from include/linux/jiffies.h:7,
from include/linux/ktime.h:25,
from include/linux/poll.h:7,
from include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/mgmt_util.c:26:
include/linux/cleanup.h:490:77: note: expected 'spinlock_t *' {aka 'struct spinlock *'} but argument is of type 'struct mutex *'
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
include/linux/cleanup.h:509:1: note: in expansion of macro '__DEFINE_LOCK_GUARD_1'
509 | __DEFINE_LOCK_GUARD_1(_name, _type, _lock)
| ^~~~~~~~~~~~~~~~~~~~~
include/linux/spinlock.h:565:1: note: in expansion of macro 'DEFINE_LOCK_GUARD_1'
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
vim +/class_spinlock_constructor +400 net/bluetooth/mgmt_util.c
395
396 struct mgmt_mesh_tx *mgmt_mesh_find(struct hci_dev *hdev, u8 handle)
397 {
398 struct mgmt_mesh_tx *mesh_tx;
399
> 400 guard(spinlock)(&hdev->lock);
401
402 list_for_each_entry(mesh_tx, &hdev->mesh_pending, list) {
403 if (mesh_tx->handle == handle)
404 return mesh_tx;
405 }
406
407 return NULL;
408 }
409
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling
2026-02-08 8:15 ` [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling Maiquel Paiva
2026-02-08 12:57 ` kernel test robot
@ 2026-02-08 12:57 ` kernel test robot
2026-02-09 19:44 ` Luiz Augusto von Dentz
2 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2026-02-08 12:57 UTC (permalink / raw)
To: Maiquel Paiva, linux-bluetooth
Cc: oe-kbuild-all, luiz.dentz, gregkh, marcel, Maiquel Paiva, stable
Hi Maiquel,
kernel test robot noticed the following build errors:
[auto build test ERROR on bluetooth/master]
[also build test ERROR on bluetooth-next/master linus/master v6.19-rc8 next-20260205]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Maiquel-Paiva/Bluetooth-mgmt-Fix-heap-overflow-in-mgmt_mesh_add/20260208-161842
base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git master
patch link: https://lore.kernel.org/r/20260208081559.44983-3-maiquelpaiva%40gmail.com
patch subject: [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling
config: i386-randconfig-r071-20260208 (https://download.01.org/0day-ci/archive/20260208/202602082055.pF9xO7lP-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
smatch version: v0.5.0-8994-gd50c5a4c
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260208/202602082055.pF9xO7lP-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202602082055.pF9xO7lP-lkp@intel.com/
All errors (new ones prefixed by >>):
>> net/bluetooth/mgmt_util.c:400:18: error: incompatible pointer types passing 'struct mutex *' to parameter of type 'spinlock_t *' (aka 'struct spinlock *') [-Werror,-Wincompatible-pointer-types]
400 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
include/linux/spinlock.h:565:1: note: passing argument to parameter 'l' here
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^
include/linux/cleanup.h:508:60: note: expanded from macro 'DEFINE_LOCK_GUARD_1'
508 | __DEFINE_UNLOCK_GUARD(_name, _type, _unlock, __VA_ARGS__) \
| ^
include/linux/cleanup.h:490:77: note: expanded from macro '\
__DEFINE_LOCK_GUARD_1'
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
| ^
net/bluetooth/mgmt_util.c:422:18: error: incompatible pointer types passing 'struct mutex *' to parameter of type 'spinlock_t *' (aka 'struct spinlock *') [-Werror,-Wincompatible-pointer-types]
422 | guard(spinlock)(&hdev->lock);
| ^~~~~~~~~~~
include/linux/spinlock.h:565:1: note: passing argument to parameter 'l' here
565 | DEFINE_LOCK_GUARD_1(spinlock, spinlock_t,
| ^
include/linux/cleanup.h:508:60: note: expanded from macro 'DEFINE_LOCK_GUARD_1'
508 | __DEFINE_UNLOCK_GUARD(_name, _type, _unlock, __VA_ARGS__) \
| ^
include/linux/cleanup.h:490:77: note: expanded from macro '\
__DEFINE_LOCK_GUARD_1'
490 | static __always_inline class_##_name##_t class_##_name##_constructor(_type *l) \
| ^
2 errors generated.
vim +400 net/bluetooth/mgmt_util.c
395
396 struct mgmt_mesh_tx *mgmt_mesh_find(struct hci_dev *hdev, u8 handle)
397 {
398 struct mgmt_mesh_tx *mesh_tx;
399
> 400 guard(spinlock)(&hdev->lock);
401
402 list_for_each_entry(mesh_tx, &hdev->mesh_pending, list) {
403 if (mesh_tx->handle == handle)
404 return mesh_tx;
405 }
406
407 return NULL;
408 }
409
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling
2026-02-08 8:15 ` [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling Maiquel Paiva
2026-02-08 12:57 ` kernel test robot
2026-02-08 12:57 ` kernel test robot
@ 2026-02-09 19:44 ` Luiz Augusto von Dentz
2 siblings, 0 replies; 8+ messages in thread
From: Luiz Augusto von Dentz @ 2026-02-09 19:44 UTC (permalink / raw)
To: Maiquel Paiva; +Cc: linux-bluetooth, gregkh, marcel, stable
Hi Maiquel,
On Sun, Feb 8, 2026 at 3:17 AM Maiquel Paiva <maiquelpaiva@gmail.com> wrote:
>
> The functions mgmt_mesh_add and mgmt_mesh_find modify or traverse the
> mesh_pending list without locking, leading to potential race conditions
> and list corruption.
>
> Use guard(spinlock) with hdev->lock to protect the critical sections.
> This ensures atomic access to the list and reference counter, preventing
> race conditions and avoiding sleeping in atomic context (which fixes CI
> failures).
>
> Fixes: b338d91703fa ("Bluetooth: Implement support for Mesh")
> Cc: stable@vger.kernel.org
> Signed-off-by: Maiquel Paiva <maiquelpaiva@gmail.com>
> ---
> net/bluetooth/mgmt_util.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/net/bluetooth/mgmt_util.c b/net/bluetooth/mgmt_util.c
> index bdce52363332..af9194e44943 100644
> --- a/net/bluetooth/mgmt_util.c
> +++ b/net/bluetooth/mgmt_util.c
> @@ -397,8 +397,7 @@ struct mgmt_mesh_tx *mgmt_mesh_find(struct hci_dev *hdev, u8 handle)
> {
> struct mgmt_mesh_tx *mesh_tx;
>
> - if (list_empty(&hdev->mesh_pending))
> - return NULL;
> + guard(spinlock)(&hdev->lock);
Not sure why you switched to use hdev->lock and not mgmt_pending_lock?
And that is a mutex still, not a spinlock.
>
> list_for_each_entry(mesh_tx, &hdev->mesh_pending, list) {
> if (mesh_tx->handle == handle)
> @@ -420,6 +419,8 @@ struct mgmt_mesh_tx *mgmt_mesh_add(struct sock *sk, struct hci_dev *hdev,
> if (!mesh_tx)
> return NULL;
>
> + guard(spinlock)(&hdev->lock);
> +
> hdev->mesh_send_ref++;
> if (!hdev->mesh_send_ref)
> hdev->mesh_send_ref++;
> --
> 2.43.0
>
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v4 0/2] Bluetooth: mgmt: Fix heap overflow and race condition
2026-02-08 8:15 [PATCH v4 0/2] Bluetooth: mgmt: Fix heap overflow and race condition Maiquel Paiva
2026-02-08 8:15 ` [PATCH v4 1/2] Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add Maiquel Paiva
2026-02-08 8:15 ` [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling Maiquel Paiva
@ 2026-02-09 20:00 ` patchwork-bot+bluetooth
2 siblings, 0 replies; 8+ messages in thread
From: patchwork-bot+bluetooth @ 2026-02-09 20:00 UTC (permalink / raw)
To: Maiquel Paiva; +Cc: linux-bluetooth, luiz.dentz, gregkh, marcel
Hello:
This series was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Sun, 8 Feb 2026 08:15:57 +0000 you wrote:
> This series fixes two vulnerabilities found in net/bluetooth/mgmt_util.c related to mesh handling.
>
> Patch 1 addresses a heap buffer overflow in mgmt_mesh_add by validating the user-provided length.
> Patch 2 resolves race conditions in mgmt_mesh_add and mgmt_mesh_find by protecting the list operations.
>
> Changes in v4:
> - Replaced guard(mutex) with guard(spinlock) using hdev->lock in Patch 2.
> - This fixes the "sleeping function called from invalid context" and circular locking warnings reported by the CI robot in v3.
>
> [...]
Here is the summary with links:
- [v4,1/2] Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add
(no matching commit)
- [v4,2/2] Bluetooth: mgmt: Fix race conditions in mesh handling
https://git.kernel.org/bluetooth/bluetooth-next/c/567233b63ddb
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2026-02-09 20:00 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-08 8:15 [PATCH v4 0/2] Bluetooth: mgmt: Fix heap overflow and race condition Maiquel Paiva
2026-02-08 8:15 ` [PATCH v4 1/2] Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add Maiquel Paiva
2026-02-08 8:43 ` Bluetooth: mgmt: Fix heap overflow and race condition bluez.test.bot
2026-02-08 8:15 ` [PATCH v4 2/2] Bluetooth: mgmt: Fix race conditions in mesh handling Maiquel Paiva
2026-02-08 12:57 ` kernel test robot
2026-02-08 12:57 ` kernel test robot
2026-02-09 19:44 ` Luiz Augusto von Dentz
2026-02-09 20:00 ` [PATCH v4 0/2] Bluetooth: mgmt: Fix heap overflow and race condition patchwork-bot+bluetooth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox