Hello:
This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:
On Fri, 12 Apr 2024 22:55:55 +0300 you wrote:
> Cancel stream's queued requests before freeing the stream.
>
> As the callbacks may do some cleanup on error, be sure to call them
> before removing the requests.
>
> Fixes:
> =======================================================================
> ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000013430
> READ of size 8 at 0x60d000013430 thread T0
> #0 0x89cb9f in stream_stop_complete src/shared/bap.c:1211
> #1 0x89c997 in bap_req_complete src/shared/bap.c:1192
> #2 0x8a105f in bap_process_queue src/shared/bap.c:1474
> #3 0x93c93f in timeout_callback src/shared/timeout-glib.c:25
> ...
> freed by thread T0 here:
> #1 0x89b744 in bap_stream_free src/shared/bap.c:1105
> #2 0x89bac8 in bap_stream_detach src/shared/bap.c:1122
> #3 0x89dbfc in bap_stream_state_changed src/shared/bap.c:1261
> #4 0x8a2169 in bap_ucast_set_state src/shared/bap.c:1554
> #5 0x89e0d5 in stream_set_state src/shared/bap.c:1291
> #6 0x8a78b6 in bap_ucast_release src/shared/bap.c:1927
> #7 0x8d45bb in bt_bap_stream_release src/shared/bap.c:5516
> #8 0x8ba63f in remove_streams src/shared/bap.c:3538
> #9 0x7f23d0 in queue_foreach src/shared/queue.c:207
> #10 0x8bb875 in bt_bap_remove_pac src/shared/bap.c:3593
> #11 0x47416c in media_endpoint_destroy profiles/audio/media.c:185
> =======================================================================
>
> [...]
Here is the summary with links:
- [BlueZ,1/2] shared/bap: clean up requests for a stream before freeing it
(no matching commit)
- [BlueZ,2/2] bap: cancel stream operation before freeing setup
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=d3a6a6459cbd
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
