Simulate ACL being disconnected before SCO is established. Kernel shall not crash. eSCO ACL Disconnect - Failure Link: https://lore.kernel.org/linux-bluetooth/00000000000013b93805fbbadc50@xxxxxxxxxx/ --- Notes: Current bluetooth-next/master crashes, similarly as what syzbot says. tools/sco-tester.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tools/sco-tester.c b/tools/sco-tester.c index f3de42c7b..ecc65e092 100644 --- a/tools/sco-tester.c +++ b/tools/sco-tester.c @@ -800,6 +800,36 @@ static void test_connect_simult_disc(const void *test_data) test_connect(test_data); } +static bool hook_acl_disc(const void *msg, uint16_t len, void *user_data) +{ + const struct bt_hci_evt_conn_complete *ev = msg; + struct test_data *data = tester_get_data(); + struct bthost *bthost; + + tester_print("Disconnect ACL"); + + bthost = hciemu_client_get_host(data->hciemu); + bthost_hci_disconnect(bthost, le16_to_cpu(ev->handle), 0x13); + + hciemu_flush_client_events(data->hciemu); + + return true; +} + +static void test_connect_acl_disc(const void *test_data) +{ + struct test_data *data = tester_get_data(); + + /* ACL disconnected before SCO is established seen. + * Kernel shall not crash, but <= 6.5-rc5 crash. + */ + hciemu_add_hook(data->hciemu, HCIEMU_HOOK_POST_EVT, + BT_HCI_EVT_CONN_COMPLETE, + hook_acl_disc, NULL); + + test_connect(test_data); +} + int main(int argc, char *argv[]) { tester_init(&argc, &argv); @@ -826,6 +856,10 @@ int main(int argc, char *argv[]) &connect_failure_reset, setup_powered, test_connect_simult_disc); + test_sco("eSCO ACL Disconnect - Failure", + &connect_failure_reset, setup_powered, + test_connect_acl_disc); + test_sco_11("SCO CVSD 1.1 - Success", &connect_success, setup_powered, test_connect); -- 2.41.0
