FS#48644 - [bluez] bluez 5.38 segfaults when connecting a2dp device

Attached to Project: Arch Linux
Opened by Thomas Bächler (brain0) - Sunday, 20 March 2016, 14:30 GMT
Last edited by Andreas Radke (AndyRTR) - Friday, 01 April 2016, 15:53 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Andreas Radke (AndyRTR)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 7
Private No

Details

With bluez 5.38-1, bluetoothd segfaults when connecting a bluetooth audio device.

[ 8340.896223] lije pulseaudio[912]: W: [pulseaudio] module-bluez5-device.c: Profile has no transport
[ 8341.301294] lije bluetoothd[10811]: a2dp-source profile connect failed for 00:22:37:3F:8A:F3: Device or resource busy
[ 8341.345157] lije bluetoothd[10811]: /org/bluez/hci0/dev_00_22_37_3F_8A_F3/fd0: fd(35) ready
[ 8341.346278] lije rtkit-daemon[913]: Supervising 4 threads of 1 processes of 1 users.
[ 8341.347599] lije rtkit-daemon[913]: Successfully made thread 10921 of process 912 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5.
[ 8341.347662] lije rtkit-daemon[913]: Supervising 5 threads of 1 processes of 1 users.
[ 8342.292960] lije kernel: input: 00:22:37:3F:8A:F3 as /devices/virtual/input/input20
[ 8341.500569] lije systemd-networkd[517]: br0: Starting DHCPv6 client on NDisc request failed: Invalid argument
[ 8346.483405] lije kernel: bluetoothd[10811]: segfault at 58 ip 000000000042467e sp 00007fff71471cb0 error 4 in bluetoothd[400000+fc000]
[ 8345.689383] lije systemd[1]: Started Process Core Dump (PID 10930/UID 0).
[ 8345.719863] lije systemd[1]: bluetooth.service: Main process exited, code=dumped, status=11/SEGV
[ 8345.719950] lije systemd[1]: bluetooth.service: Unit entered failed state.
[ 8345.720000] lije systemd[1]: bluetooth.service: Failed with result 'core-dump'.
[ 8345.721095] lije kdeinit5[841]: bluedevil: Bluetooth operational changed false
[ 8345.723589] lije dbus[511]: [system] Activating via systemd: service name='org.bluez' unit='dbus-org.bluez.service'
[ 8345.739425] lije systemd-coredump[10931]: Process 10811 (bluetoothd) of user 0 dumped core.

Stack trace of thread 10811:
#0 0x000000000042467e n/a (bluetoothd)
#1 0x0000000000420fb9 n/a (bluetoothd)
#2 0x00007f46fbbb7c3a g_main_context_dispatch (libglib-2.0.so.0)
#3 0x00007f46fbbb7fe0 n/a (libglib-2.0.so.0)
#4 0x00007f46fbbb8302 g_main_loop_run (libglib-2.0.so.0)
#5 0x000000000040ba48 n/a (bluetoothd)
#6 0x00007f46fb190710 __libc_start_main (libc.so.6)
#7 0x000000000040c1c9 n/a (bluetoothd)

Downgrade to bluez 5.37-2 fixes the problem.
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Friday, 01 April 2016, 15:53 GMT
Reason for closing:  Fixed
Comment by Andreas Radke (AndyRTR) - Sunday, 20 March 2016, 16:10 GMT
Feel free to report this upstream and bisect both releases.
Comment by Jean Daniel BUSSY (SilverSurfer972) - Tuesday, 22 March 2016, 04:48 GMT
I could reproduce this.
Downgrading did fix the problem
Comment by suawekk (suawekk) - Tuesday, 22 March 2016, 10:22 GMT
I can also confirm that issue is present and downgrade fixed it
Comment by Ignacio José Salcedo Ojeda (isalcedo) - Tuesday, 22 March 2016, 12:54 GMT
I confirm this bug. Downgrade to bluez-5.37-2 fixed it.
Comment by deleted account (crocket) - Wednesday, 23 March 2016, 14:01 GMT
I reproduced this bug. Downgrading it to 5.37 fixed it.
Comment by Francesco Di Nardo (angelsoul) - Wednesday, 23 March 2016, 15:49 GMT
I confirm this bug. Downgrading it to 5.37-2 fixed it.
Comment by Ivan Shapovalov (intelfx) - Wednesday, 23 March 2016, 20:35 GMT
Can reproduce, fixed in upstream.
Please consider cherry-picking this patch: http://git.kernel.org/cgit/bluetooth/bluez.git/commit/?id=177d27c8c3db4588ec13dae0368f240902c42825
Comment by Andreas Radke (AndyRTR) - Friday, 25 March 2016, 10:18 GMT
Please give 5.38-2 in testing repo a try.
Comment by Ivan Shapovalov (intelfx) - Friday, 25 March 2016, 12:33 GMT
5.38-2 in testing fixes the bug here.
Comment by Maksim Kraev (maximka) - Tuesday, 29 March 2016, 00:08 GMT
  • Field changed: Percent Complete (100% → 0%)
5.38-2 still has the problem, the issue is not fixed
Comment by Ignacio José Salcedo Ojeda (isalcedo) - Tuesday, 29 March 2016, 00:09 GMT
In my case, is fixed. Please, do a double check.
Comment by Maksim Kraev (maximka) - Tuesday, 29 March 2016, 07:05 GMT
Yes sure:


Name : bluez
Version : 5.38-2
Description : Daemons for the bluetooth protocol stack
Architecture : x86_64
URL : http://www.bluez.org/
Licenses : GPL2
Groups : None
Provides : None
Depends On : libical dbus glib2
Optional Deps : None
Required By : gnome-bluetooth pulseaudio-bluetooth
Optional For : networkmanager
Conflicts With : obexd-client obexd-server
Replaces : None
Installed Size : 1793.00 KiB
Packager : Andreas Radke <andyrtr@archlinux.org>
Build Date : Fri 25 Mar 2016 10:13:21 GMT
Install Date : Mon 28 Mar 2016 20:21:51 BST
Install Reason : Installed as a dependency for another package
Install Script : No
Validated By : Signature


Mar 29 08:03:01 archi-x13 bluetoothd[562]: /org/bluez/hci0/dev_08_EF_3B_C9_03_49/fd0: fd(34) ready
Mar 29 08:03:01 archi-x13 rtkit-daemon[3589]: Supervising 3 threads of 1 processes of 1 users.
Mar 29 08:03:01 archi-x13 rtkit-daemon[3589]: Successfully made thread 6256 of process 3588 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5.
Mar 29 08:03:01 archi-x13 rtkit-daemon[3589]: Supervising 4 threads of 1 processes of 1 users.
Mar 29 08:03:01 archi-x13 kernel: input: 08:EF:3B:C9:03:49 as /devices/virtual/input/input20
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (II) config/udev: Adding input device 08:EF:3B:C9:03:49 (/dev/input/event17)
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (**) 08:EF:3B:C9:03:49: Applying InputClass "libinput keyboard catchall"
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (**) 08:EF:3B:C9:03:49: Applying InputClass "system-keyboard"
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (II) systemd-logind: got fd for /dev/input/event17 13:81 fd 38 paused 0
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (II) Using input driver 'libinput' for '08:EF:3B:C9:03:49'
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (**) 08:EF:3B:C9:03:49: always reports core events
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (**) Option "Device" "/dev/input/event17"
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (**) Option "_source" "server/udev"
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (II) input device '08:EF:3B:C9:03:49', /dev/input/event17 is tagged by udev as: Keyboard
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (II) input device '08:EF:3B:C9:03:49', /dev/input/event17 is a keyboard
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (**) Option "config_info" "udev:/sys/devices/virtual/input/input20/event17"
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (II) XINPUT: Adding extended input device "08:EF:3B:C9:03:49" (type: KEYBOARD, id 16)
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (**) Option "xkb_layout" "gb,ru"
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (**) Option "xkb_variant" ","
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (II) input device '08:EF:3B:C9:03:49', /dev/input/event17 is tagged by udev as: Keyboard
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (II) input device '08:EF:3B:C9:03:49', /dev/input/event17 is a keyboard
Mar 29 08:03:02 archi-x13 kernel: bluetoothd[562]: segfault at 20 ip 00000000004275ef sp 00007ffd6e5765c0 error 6 in bluetoothd[400000+fc000]
Mar 29 08:03:02 archi-x13 systemd[1]: Created slice system-systemd\x2dcoredump.slice.
Mar 29 08:03:02 archi-x13 systemd[1]: Started Process Core Dump (PID 6261/UID 0).
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (II) config/udev: removing device 08:EF:3B:C9:03:49
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (**) Option "fd" "38"
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (II) UnloadModule: "libinput"
Mar 29 08:03:02 archi-x13 /usr/lib/gdm/gdm-x-session[3488]: (II) systemd-logind: releasing fd for 13:81
Mar 29 08:03:02 archi-x13 NetworkManager[569]: <info> (64:BC:0C:F5:BD:E5): device state change: disconnected -> unmanaged (reason 'removed') [30 10 36]
Mar 29 08:03:02 archi-x13 systemd[1]: bluetooth.service: Main process exited, code=dumped, status=11/SEGV
Mar 29 08:03:02 archi-x13 systemd[1]: bluetooth.service: Unit entered failed state.
Mar 29 08:03:02 archi-x13 systemd[1]: bluetooth.service: Failed with result 'core-dump'.
Mar 29 08:03:02 archi-x13 dbus-daemon[864]: Activating service name='ca.desrt.dconf'
Mar 29 08:03:02 archi-x13 dbus-daemon[864]: Successfully activated service 'ca.desrt.dconf'
Mar 29 08:03:02 archi-x13 systemd-coredump[6263]: Process 562 (bluetoothd) of user 0 dumped core.

Stack trace of thread 562:
#0 0x00000000004275ef n/a (bluetoothd)
#1 0x0000000000420fb9 n/a (bluetoothd)
#2 0x00007f95a1996c3a g_main_context_dispatch (libglib-2.0.so.0)
#3 0x00007f95a1996fe0 n/a (libglib-2.0.so.0)
#4 0x00007f95a1997302 g_main_loop_run (libglib-2.0.so.0)
#5 0x000000000040ba48 n/a (bluetoothd)
#6 0x00007f95a0f6f710 __libc_start_main (libc.so.6)
#7 0x000000000040c1c9 n/a (bluetoothd)
Comment by Minh Quan Nguyen (mqn) - Tuesday, 29 March 2016, 07:19 GMT
I'm still seeing the error after upgrading to 5.38-2 as well. I hope the attached backtrace helps.
Comment by deleted account (crocket) - Tuesday, 29 March 2016, 12:02 GMT
How did you get the trace?
Comment by Andreas Radke (AndyRTR) - Tuesday, 29 March 2016, 14:03 GMT
Please report this back to the bluez mailing list so upstream knows there's still something broken.
I guess it only looks similar but is a different bug.
Comment by Ivan Shapovalov (intelfx) - Tuesday, 29 March 2016, 14:54 GMT
It actually looks like a different code path broken by the same commit.

To whoever caught this again, try reverting 70fdb77. I'll send a patch once I get to the PC...
Comment by Maksim Kraev (maximka) - Wednesday, 30 March 2016, 15:36 GMT
> To whoever caught this again, try reverting 70fdb77

Tried 5.38-1 without 70fdb77, still crashes
Comment by Minh Quan Nguyen (mqn) - Thursday, 31 March 2016, 05:51 GMT
I reverted 70fdb77 and rebuilt 5.38-2. It appears to be working for me.

@crocket
I grabbed the PKGBUILD for bluez 5.38-2; built it using makepkg with strip disabled and debug enabled; and then ran it under gdb.
Comment by Ivan Shapovalov (intelfx) - Thursday, 31 March 2016, 17:06 GMT
OK, so this is not so obvious... reported upstream.

@maximka

Then it looks like a different bug. Try to rebuild bluez with options=(!strip debug) and get a backtrace.
Comment by Maksim Kraev (maximka) - Thursday, 31 March 2016, 19:00 GMT
Do you want me to try with or without 70fdb77 ?
Comment by Ivan Shapovalov (intelfx) - Thursday, 31 March 2016, 19:04 GMT
If you say that it does not matter, then probably it does not matter. Try with 70fdb77 — just to minimize difference to upstream.
Comment by Maksim Kraev (maximka) - Thursday, 31 March 2016, 19:35 GMT
attached
Comment by Ivan Shapovalov (intelfx) - Thursday, 31 March 2016, 19:36 GMT
@maximka

This is not a backtrace. Issue "bt" command inside gdb and paste its output.
Comment by Maksim Kraev (maximka) - Thursday, 31 March 2016, 19:39 GMT
Sorry, my fault
Comment by Ivan Shapovalov (intelfx) - Thursday, 31 March 2016, 19:44 GMT
Hmm. Strange. This should really get fixed by reverting 70fdb77. Any chance you can try this again, now with that commit reverted? And don't forget to restart bluetooth.service...
Comment by Maksim Kraev (maximka) - Thursday, 31 March 2016, 19:48 GMT Comment by Maksim Kraev (maximka) - Thursday, 31 March 2016, 20:04 GMT
more information, it crashes when I am trying to connect to a soundbar. connection to a headset works normal.
Comment by Karoly Negyesi (chx) - Friday, 01 April 2016, 05:31 GMT
I do not see a segfault but after connection 5.38-2 disconnects with a timeout. Downgrading to 5.37-1 solves it. (I also tried downgrading pulseaudio and the kernel and neither helped. It's definitely bluez.) I posted to https://bbs.archlinux.org/viewtopic.php?pid=1615769 and https://bugzilla.kernel.org/show_bug.cgi?id=115671
Comment by Andreas Radke (AndyRTR) - Friday, 01 April 2016, 14:43 GMT
Please give bluez 5.38-3 a try.
Comment by Maksim Kraev (maximka) - Friday, 01 April 2016, 15:45 GMT
5.38-3 both soundbar and headset work. thank you.

Loading...