Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PW_SID:920373] [v2] Bluetooth: btusb: Add NULL check for data in btusb_suspend #2631

Open
wants to merge 1 commit into
base: workflow
Choose a base branch
from
Open

[PW_SID:920373] [v2] Bluetooth: btusb: Add NULL check for data in btusb_suspend #2631

wants to merge 1 commit into from

Conversation

BluezTestBot
Copy link
Owner

When performing warm boot tests with an MT7920 device, we encounter
NULL pointer dereferences with failure rate 5/30. The crash occurs
during device suspend when btusb attempts to access data->hdev where
data is NULL. This may happen due to a race condition between PM suspend
and device disconnect. The root cause needs further investigation.

BUG: kernel NULL pointer dereference, address: 0000000000000000
Workqueue: pm pm_runtime_work
RIP: 0010:btusb_suspend+0x1d/0x1d0 [btusb]

Add a NULL check for data and return -ENODEV in this case to prevent
the NULL pointer dereference. This indicates that the device is no
longer available, which is appropriate when the driver's private data
is missing.

Signed-off-by: En-Wei Wu [email protected]

Changes in v2:

  • Change "dereference" to "dereferences" in commit message
  • Re-flow commit message lines to use more characters per line

drivers/bluetooth/btusb.c | 3 +++
1 file changed, 3 insertions(+)

@rickywu0421 @tedd-an
Bluetooth: btusb: Add NULL check for data in btusb_suspend
99aacc7 
When performing warm boot tests with an MT7920 device, we encounter
NULL pointer dereferences with failure rate 5/30. The crash occurs
during device suspend when btusb attempts to access data->hdev where
data is NULL. This may happen due to a race condition between PM suspend
and device disconnect. The root cause needs further investigation.

BUG: kernel NULL pointer dereference, address: 0000000000000000
Workqueue: pm pm_runtime_work
RIP: 0010:btusb_suspend+0x1d/0x1d0 [btusb]

Add a NULL check for data and return -ENODEV in this case to prevent
the NULL pointer dereference. This indicates that the device is no
longer available, which is appropriate when the driver's private data
is missing.

Signed-off-by: En-Wei Wu <[email protected]>
@github-actions GitHub Actions
Copy link

CheckPatch
Desc: Run checkpatch.pl script
Duration: 0.37 seconds
Result: PENDING

@github-actions GitHub Actions
Copy link

GitLint
Desc: Run gitlint
Duration: 0.34 seconds
Result: PENDING

@github-actions GitHub Actions
Copy link

SubjectPrefix
Desc: Check subject contains "Bluetooth" prefix
Duration: 0.07 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

BuildKernel
Desc: Build Kernel for Bluetooth
Duration: 25.01 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

CheckAllWarning
Desc: Run linux kernel with all warning enabled
Duration: 27.25 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

CheckSparse
Desc: Run sparse tool with linux kernel
Duration: 30.67 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

BuildKernel32
Desc: Build 32bit Kernel for Bluetooth
Duration: 24.65 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

TestRunnerSetup
Desc: Setup kernel and bluez for test-runner
Duration: 436.10 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

TestRunner_l2cap-tester
Desc: Run l2cap-tester with test-runner
Duration: 20.35 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

TestRunner_iso-tester
Desc: Run iso-tester with test-runner
Duration: 31.96 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

TestRunner_bnep-tester
Desc: Run bnep-tester with test-runner
Duration: 4.76 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

TestRunner_mgmt-tester
Desc: Run mgmt-tester with test-runner
Duration: 123.62 seconds
Result: FAIL
Output:

Total: 490, Passed: 484 (98.8%), Failed: 2, Not Run: 4

Failed Test Cases
LL Privacy - Set Flags 3 (2 Devices to RL)           Failed       0.180 seconds
LL Privacy - Start Discovery 2 (Disable RL)          Failed       0.182 seconds

@github-actions GitHub Actions
Copy link

TestRunner_rfcomm-tester
Desc: Run rfcomm-tester with test-runner
Duration: 7.66 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

TestRunner_sco-tester
Desc: Run sco-tester with test-runner
Duration: 9.28 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

TestRunner_ioctl-tester
Desc: Run ioctl-tester with test-runner
Duration: 8.05 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

TestRunner_mesh-tester
Desc: Run mesh-tester with test-runner
Duration: 6.08 seconds
Result: FAIL
Output:

BUG: KASAN: slab-use-after-free in run_timer_softirq+0x76c/0x7d0
WARNING: CPU: 0 PID: 63 at kernel/workqueue.c:2257 __queue_work+0x687/0xb40
Total: 10, Passed: 9 (90.0%), Failed: 1, Not Run: 0

Failed Test Cases
Mesh - Send cancel - 1                               Failed       0.119 seconds

@github-actions GitHub Actions
Copy link

TestRunner_smp-tester
Desc: Run smp-tester with test-runner
Duration: 7.17 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

TestRunner_userchan-tester
Desc: Run userchan-tester with test-runner
Duration: 4.99 seconds
Result: PASS

@github-actions GitHub Actions
Copy link

IncrementalBuild
Desc: Incremental build with the patches in the series
Duration: 0.69 seconds
Result: PENDING

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BluezTestBot @rickywu0421