[bug report] Bluetooth: btusb: mediatek: add MediaTek devcoredump support
Dan Carpenter
dan.carpenter at linaro.org
Mon Jul 3 06:21:32 PDT 2023
Hello Jing Cai,
The patch 872f8c253cb9: "Bluetooth: btusb: mediatek: add MediaTek
devcoredump support" from Jun 29, 2023, leads to the following Smatch
static checker warning:
drivers/bluetooth/btmtk.c:409 btmtk_process_coredump()
error: double free of 'skb'
drivers/bluetooth/btmtk.c
381 if (err < 0)
382 break;
383 data->cd_info.cnt = 0;
384
385 /* It is supposed coredump can be done within 5 seconds */
386 schedule_delayed_work(&hdev->dump.dump_timeout,
387 msecs_to_jiffies(5000));
388 fallthrough;
389 case HCI_DEVCOREDUMP_ACTIVE:
390 default:
391 err = hci_devcd_append(hdev, skb);
hci_devcd_append() free skb on error
392 if (err < 0)
393 break;
394 data->cd_info.cnt++;
395
396 /* Mediatek coredump data would be more than MTK_COREDUMP_NUM */
397 if (data->cd_info.cnt > MTK_COREDUMP_NUM &&
398 skb->len > sizeof(MTK_COREDUMP_END) &&
399 !memcmp((char *)&skb->data[skb->len - sizeof(MTK_COREDUMP_END)],
400 MTK_COREDUMP_END, sizeof(MTK_COREDUMP_END) - 1)) {
401 bt_dev_info(hdev, "Mediatek coredump end");
402 hci_devcd_complete(hdev);
403 }
404
405 break;
406 }
407
408 if (err < 0)
409 kfree_skb(skb);
double free
410
411 return err;
412 }
regards,
dan carpenter
More information about the Linux-mediatek
mailing list