[PATCH bluez] bap: Fix setup double free with bis sink

public inbox for linux-bluetooth@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH bluez] bap: Fix setup double free with bis sink
@ 2025-08-19  8:03 Ye He via B4 Relay
  2025-08-19  9:28 ` [bluez] " bluez.test.bot
  0 siblings, 1 reply; 2+ messages in thread
From: Ye He via B4 Relay @ 2025-08-19  8:03 UTC (permalink / raw)
  To: Linux Bluetooth; +Cc: Ye He

From: Ye He <ye.he@amlogic.com>

If try to remove the bis sink device that big sync lost with
remote bis source, the following crash is observed:

0x00000a78 in ?? ()
0x004c8970 in setup_free ()
0x00551a78 in queue_remove_all ()
0x00551abc in queue_destroy ()
0x004cb590 in bap_data_remove ()
0x004cb9f0 in bap_bcast_remove ()
0x0051457c in service_remove ()
0x005272e4 in device_remove ()
0x0050e134 in adapter_remove_connection ()
0x0050e24c in dev_disconnected ()
0x00553478 in request_complete ()
0x00554670 in can_read_data ()
0x005850c4 in watch_callback ()
0xf7d5ab9c in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
0xf7d5af28 in ?? () from /usr/lib/libglib-2.0.so.0

Signed-off-by: Ye He <ye.he@amlogic.com>
---
 profiles/audio/bap.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c
index 2994881ccc1d7daa1d97210edc6ff67381e74cc1..c8c83cf94c57878f3bd8b805e926bd58ff648d9a 100644
--- a/profiles/audio/bap.c
+++ b/profiles/audio/bap.c
@@ -1010,6 +1010,8 @@ static void setup_free(void *data)
 
 	if (setup->ep)
 		queue_remove(setup->ep->setups, setup);
+	else if (setup->data->bcast_snks)
+		queue_remove(setup->data->bcast_snks, setup);
 
 	setup_io_close(setup, NULL);
 

---
base-commit: 0bb66d3d1abd7d25b840d535c03b1b9613727d5c
change-id: 20250819-bap-setup-double-free-38169b207db5

Best regards,
-- 
Ye He <ye.he@amlogic.com>



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* RE: [bluez] bap: Fix setup double free with bis sink
  2025-08-19  8:03 [PATCH bluez] bap: Fix setup double free with bis sink Ye He via B4 Relay
@ 2025-08-19  9:28 ` bluez.test.bot
  0 siblings, 0 replies; 2+ messages in thread
From: bluez.test.bot @ 2025-08-19  9:28 UTC (permalink / raw)
  To: linux-bluetooth, ye.he

[-- Attachment #1: Type: text/plain, Size: 1261 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=992906

---Test result---

Test Summary:
CheckPatch                    PENDING   0.26 seconds
GitLint                       PENDING   0.27 seconds
BuildEll                      PASS      19.91 seconds
BluezMake                     PASS      2683.26 seconds
MakeCheck                     PASS      20.54 seconds
MakeDistcheck                 PASS      182.13 seconds
CheckValgrind                 PASS      233.10 seconds
CheckSmatch                   PASS      304.97 seconds
bluezmakeextell               PASS      127.21 seconds
IncrementalBuild              PENDING   0.37 seconds
ScanBuild                     PASS      904.12 seconds

Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:

##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:

##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:



---
Regards,
Linux Bluetooth


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-08-19  9:28 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-19  8:03 [PATCH bluez] bap: Fix setup double free with bis sink Ye He via B4 Relay
2025-08-19  9:28 ` [bluez] " bluez.test.bot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox