[Bug 1887910] Re: [bionic]blutoothd segfault when you cancel the keyboard pairing during the dialog for pairing code

Alex Tu 1887910 at bugs.launchpad.net
Thu Jul 23 17:08:46 UTC 2020 

It's seems not just one patch can fix this issue. I found another corner
case that still can trigger a blutoothd segmentation fault.

I pair one Bluetooth keyboard but cancel before input pairing keycode.
Before timeout of latest keyboard pairing, I pair another Bluetooth
keyboard and still cancel it before input pairing keycode.

Please hold this SRU process and I'm debugging for that corner case.

** Changed in: bluez (Ubuntu Bionic)
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1887910

Title:
  [bionic]blutoothd segfault when you cancel the keyboard pairing during
  the dialog for pairing code

Status in OEM Priority Project:
  In Progress
Status in bluez package in Ubuntu:
  Fix Released
Status in bluez source package in Bionic:
  In Progress
Status in bluez source package in Eoan:
  Fix Released
Status in bluez source package in Focal:
  Fix Released
Status in bluez source package in Groovy:
  Fix Released

Bug description:
  [Impact]

  This patch is for this issue:
  steps: 
  1. pair bluetooth keyboard 
  2. see the dialog asking user input the code for pairing. 
  3. press "esc" to cancel it. 
  4. blutoothd segfault shows in dmesg after a while. 
  5. Bluetooth shows off on setting UI of right top corner. dmesg shows: [ 978.138593] bluetoothd[1569]: segfault at 0 ip 000055564abe0a06 sp 00007ffe4bec6410 error 4 in bluetoothd[55564ab77000+f3000]

  
  [Test Case]

   1. pair bluetooth keyboard
   2. see the dialog asking user input the code for pairing.
   3. press "esc" to cancel it.
   4. the bluetooth should still work to pair another bluetooth device.

  [Regression Potential]

   * This patch workaround the case that a queue node was created but
  not yet assigned function before user input pairing keycode. If the
  user cancel the paring before inputting pairing keycode then assign
  the function pointer a dummy 'direct_match'.

  * Bluetoothd responses to Bluetooth functions and "queue" is a shared
  common data structure, so in case of regression happens then blutoothd
  systemd service would be crashed.

   * We can verify this by operating add/remove BT devices to trigger
  queue operations.

   * I verified on target machine BIOS ID:0983 on BT mouse, keyboard,
  headset on pairing, remove and functionality checking.

  [Other Info]

   * NO.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1887910/+subscriptions

More information about the Ubuntu-sponsors mailing list