Bluetooth: hci_conn: Use disable_delayed_work_sync

This makes use of disable_delayed_work_sync instead
cancel_delayed_work_sync as it not only cancel the ongoing work but also
disables new submit which is disarable since the object holding the work
is about to be freed.

Reported-by: syzbot+2446dd3cb07277388db6@syzkaller.appspotmail.com
Tested-by: syzbot+2446dd3cb07277388db6@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=2446dd3cb07277388db6
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 50e65b2..40c4a36 100644 (file)
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -1127,9 +1127,9 @@ void hci_conn_del(struct hci_conn *conn)
 
        hci_conn_unlink(conn);
 
-       cancel_delayed_work_sync(&conn->disc_work);
-       cancel_delayed_work_sync(&conn->auto_accept_work);
-       cancel_delayed_work_sync(&conn->idle_work);
+       disable_delayed_work_sync(&conn->disc_work);
+       disable_delayed_work_sync(&conn->auto_accept_work);
+       disable_delayed_work_sync(&conn->idle_work);
 
        if (conn->type == ACL_LINK) {
                /* Unacked frames */