Re: [PATCH BlueZ bluez] bap: Add NULL check for stream in iso_bcast_confirm_cb()

Luiz Augusto von Dentz <luiz.dentz@xxxxxxxxx> · Tue, 22 Jul 2025 10:27:39 -0400

Hi,

On Mon, Jul 21, 2025 at 11:29 PM Yang Li via B4 Relay
<devnull+yang.li.amlogic.com@xxxxxxxxxx> wrote:
>
> From: Yang Li <yang.li@xxxxxxxxxxx>
>
> When a BIG sync is established and then immediately terminated,
> the associated stream may have already been released.
>
> backtrace:
>   (gdb) bt
>   #0  0x006d16c0 in queue_find ()
>   #1  0x006d16cc in queue_find ()
>   #2  0x006edd14 in stream_get_io ()
>   #3  0x006f0bdc in bt_bap_stream_get_io ()
>   #4  0x0064a440 in iso_bcast_confirm_cb ()
>   #5  0x0065c36c in server_cb ()
>   #6  0xf7878c24 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
>   #7  0xf7878fb0 in ?? () from /usr/lib/libglib-2.0.so.0
>   #8  0xf78793ec in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
>   #9  0x007055d0 in mainloop_run ()
>   #10 0x00705a34 in mainloop_run_with_signal ()
>   #11 0x0061484c in main ()
>
> Signed-off-by: Yang Li <yang.li@xxxxxxxxxxx>
> ---
>  profiles/audio/bap.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c
> index f39a40458..022b5ae28 100644
> --- a/profiles/audio/bap.c
> +++ b/profiles/audio/bap.c
> @@ -1370,12 +1370,17 @@ static bool stream_io_unset(const void *data, const void *user_data)
>  static void iso_bcast_confirm_cb(GIOChannel *io, GError *err, void *user_data)
>  {
>         struct bap_setup *setup = user_data;
> -       struct bt_bap_stream *stream = setup->stream;
> +       struct bt_bap_stream *stream;
>         int fd;
>         struct bap_data *bap_data = setup->data;
>
> +       if (!setup && !setup->stream)
> +               return;

This is indicative that io channel is not being canceled/shutdown
properly, if it was then the confirm callback shall not be called, so
this is more of a workaround so we need to figure out why that
callback is still being called if the stream is destroyed.

>         DBG("BIG Sync completed");
>
> +       stream = setup->stream;
> +
>         /* The order of the BIS fds notified from kernel corresponds
>          * to the order of the BISes that were enqueued before
>          * calling bt_io_bcast_accept.
>
> ---
> base-commit: 52de8da1a99cd33b517284f87d231055a0dee6bb
> change-id: 20250722-bap_crash-7ba065496958
>
> Best regards,
> --
> Yang Li <yang.li@xxxxxxxxxxx>
>
>
>

-- 
Luiz Augusto von Dentz