[PW_SID:1108159] Bluetooth: vhci: validate devcoredump state before side effects by BluezTestBot · Pull Request #295 · bluez/bluetooth-next

BluezTestBot · 2026-06-09T01:33:22Z

The VHCI force_devcoredump debugfs hook accepts a small test record from
userspace. It validates the requested terminal state only after
registering, initializing and appending a Bluetooth devcoredump.

As a result, an invalid state returns -EINVAL but still leaves queued
devcoredump work behind. With a non-zero timeout field, the rejected
write can still emit a devcoredump after the timeout expires.

Reject unsupported states before allocating the skb or changing the HCI
devcoredump state machine.

Assisted-by: Codex:gpt-5.5-cyber-preview
Signed-off-by: Samuel Moelius sam.moelius@trailofbits.com

drivers/bluetooth/hci_vhci.c | 8 ++++++++
1 file changed, 8 insertions(+)

The VHCI force_devcoredump debugfs hook accepts a small test record from userspace. It validates the requested terminal state only after registering, initializing and appending a Bluetooth devcoredump. As a result, an invalid state returns -EINVAL but still leaves queued devcoredump work behind. With a non-zero timeout field, the rejected write can still emit a devcoredump after the timeout expires. Reject unsupported states before allocating the skb or changing the HCI devcoredump state machine. Assisted-by: Codex:gpt-5.5-cyber-preview Signed-off-by: Samuel Moelius <sam.moelius@trailofbits.com>

github-actions · 2026-06-09T01:46:16Z

CheckPatch
Desc: Run checkpatch.pl script
Duration: 0.54 seconds
Result: PASS

github-actions · 2026-06-09T01:46:18Z

VerifyFixes
Desc: Verify Fixes tag format and validity
Duration: 0.07 seconds
Result: PASS

github-actions · 2026-06-09T01:46:20Z

VerifySignedoff
Desc: Verify Signed-off-by chain
Duration: 0.07 seconds
Result: PASS

github-actions · 2026-06-09T01:46:22Z

GitLint
Desc: Run gitlint
Duration: 0.21 seconds
Result: PASS

github-actions · 2026-06-09T01:46:23Z

SubjectPrefix
Desc: Check subject contains "Bluetooth" prefix
Duration: 0.07 seconds
Result: PASS

github-actions · 2026-06-09T01:46:56Z

BuildKernel
Desc: Build Kernel for Bluetooth
Duration: 26.64 seconds
Result: PASS

github-actions · 2026-06-09T01:47:31Z

CheckAllWarning
Desc: Run linux kernel with all warning enabled
Duration: 29.34 seconds
Result: PASS

github-actions · 2026-06-09T01:48:05Z

CheckSparse
Desc: Run sparse tool with linux kernel
Duration: 28.65 seconds
Result: PASS

github-actions · 2026-06-09T01:48:37Z

BuildKernel32
Desc: Build 32bit Kernel for Bluetooth
Duration: 26.87 seconds
Result: PASS

github-actions · 2026-06-09T01:58:12Z

TestRunnerSetup
Desc: Setup kernel and bluez for test-runner
Duration: 571.93 seconds
Result: PASS

github-actions · 2026-06-09T01:59:12Z

TestRunner_l2cap-tester
Desc: Run l2cap-tester with test-runner
Duration: 58.86 seconds
Result: PASS

github-actions · 2026-06-09T02:00:38Z

TestRunner_iso-tester
Desc: Run iso-tester with test-runner
Duration: 84.06 seconds
Result: PASS

github-actions · 2026-06-09T02:00:59Z

TestRunner_bnep-tester
Desc: Run bnep-tester with test-runner
Duration: 18.89 seconds
Result: PASS

github-actions · 2026-06-09T02:04:33Z

TestRunner_mgmt-tester
Desc: Run mgmt-tester with test-runner
Duration: 211.74 seconds
Result: FAIL
Output:

Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4

Failed Test Cases
Read Exp Feature - Success                           Failed       0.244 seconds

github-actions · 2026-06-09T02:05:00Z

TestRunner_rfcomm-tester
Desc: Run rfcomm-tester with test-runner
Duration: 25.44 seconds
Result: PASS

github-actions · 2026-06-09T02:05:34Z

TestRunner_sco-tester
Desc: Run sco-tester with test-runner
Duration: 32.50 seconds
Result: PASS

github-actions · 2026-06-09T02:06:02Z

TestRunner_ioctl-tester
Desc: Run ioctl-tester with test-runner
Duration: 25.91 seconds
Result: PASS

github-actions · 2026-06-09T02:06:30Z

TestRunner_mesh-tester
Desc: Run mesh-tester with test-runner
Duration: 25.85 seconds
Result: FAIL
Output:

Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0

Failed Test Cases
Mesh - Send cancel - 1                               Timed out    2.373 seconds
Mesh - Send cancel - 2                               Timed out    1.990 seconds

github-actions · 2026-06-09T02:06:55Z

TestRunner_smp-tester
Desc: Run smp-tester with test-runner
Duration: 23.00 seconds
Result: PASS

github-actions · 2026-06-09T02:07:17Z

TestRunner_userchan-tester
Desc: Run userchan-tester with test-runner
Duration: 19.92 seconds
Result: PASS

github-actions · 2026-06-09T02:07:41Z

TestRunner_6lowpan-tester
Desc: Run 6lowpan-tester with test-runner
Duration: 22.42 seconds
Result: PASS

github-actions · 2026-06-09T02:08:11Z

IncrementalBuild
Desc: Incremental build with the patches in the series
Duration: 24.45 seconds
Result: PASS

github-actions Bot added the area:hci_vhci label Jun 9, 2026

Conversation

BluezTestBot commented Jun 9, 2026

Assisted-by: Codex:gpt-5.5-cyber-preview Signed-off-by: Samuel Moelius sam.moelius@trailofbits.com

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

github-actions Bot commented Jun 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Assisted-by: Codex:gpt-5.5-cyber-preview
Signed-off-by: Samuel Moelius sam.moelius@trailofbits.com