FS#53442 - [bluez] bluez 5.44-1 segfaults when connecting to an A2DP device

Attached to Project: Arch Linux
Opened by Cysioland (Cysioland) - Friday, 24 March 2017, 22:00 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 08 April 2018, 11:25 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Andreas Radke (AndyRTR)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 11
Private No

Details

As stated in title. Pairing is fine, but as soon as I try to connect, bluetoothd goes down

mar 24 22:59:13 centorea bluetoothd[559]: No cache for 00:18:09:9B:0F:28
mar 24 22:59:13 centorea kernel: bluetoothd[559]: segfault at 189 ip 0000000000469d60 sp 00007ffee92c3250 error 4 in bluetoothd[4000
mar 24 22:59:13 centorea systemd[1]: Started Process Core Dump (PID 30766/UID 0).
-- Subject: Ukończono uruchamianie jednostki systemd-coredump@1-30766-0.service
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Jednostka systemd-coredump@1-30766-0.service ukończyła uruchamianie.
--
-- Wynik uruchamiania: done.
mar 24 22:59:13 centorea systemd[1]: bluetooth.service: Main process exited, code=dumped, status=11/SEGV
mar 24 22:59:13 centorea systemd[1]: bluetooth.service: Unit entered failed state.
mar 24 22:59:13 centorea systemd[1]: bluetooth.service: Failed with result 'core-dump'.
mar 24 22:59:13 centorea systemd-coredump[30767]: Process 559 (bluetoothd) of user 0 dumped core.

Stack trace of thread 559:
#0 0x0000000000469d60 n/a (bluetoothd)
#1 0x00000000004472d3 n/a (bluetoothd)
#2 0x000000000047a31d n/a (bluetoothd)
#3 0x0000000000447405 n/a (bluetoothd)
#4 0x00007f8ac61cf45a g_main_context_dispatch (libglib-2.0.so.0)
#5 0x00007f8ac61cf810 n/a (libglib-2.0.so.0)
#6 0x00007f8ac61cfb32 g_main_loop_run (libglib-2.0.so.0)
#7 0x000000000040b6b2 n/a (bluetoothd)
#8 0x00007f8ac57a5511 __libc_start_main (libc.so.6)
#9 0x000000000040bf0a n/a (bluetoothd)
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Sunday, 08 April 2018, 11:25 GMT
Reason for closing:  Fixed
Comment by Cysioland (Cysioland) - Sunday, 26 March 2017, 11:08 GMT
Bisection results:

c80f3668982a3bc53d1655eeb48f5640181ae65f is the first bad commit
commit c80f3668982a3bc53d1655eeb48f5640181ae65f
Author: andyrtr <andyrtr@eb2447ed-0c53-47e4-bac8-5bc4a241df78>
Date: Tue Feb 28 17:06:57 2017 +0000

db-move: moved bluez from [testing] to [extra] (i686, x86_64)

git-svn-id: file:///srv/repos/svn-packages/svn@289676 eb2447ed-0c53-47e4-bac8-5bc4a241df78

:040000 040000 9a4aaddae103f6bb5b11ce1c43f9a62aa298ea90 12beda89c505d7cb6c870fceb05445c825fd4e34 M repos
Comment by Andreas Radke (AndyRTR) - Thursday, 30 March 2017, 14:21 GMT
Bisection should be done with upstream code, not with packages.

http://www.bluez.org/contact/
Comment by Markus Gräb (ghost91) - Friday, 31 March 2017, 16:30 GMT
At my notebook (Lenovo X220) I observer similar crashes.

Some of my debugging work, when running bluetoothd in gdb:

Breakpoint 1, browse_cb (recs=0x717f60, err=0, user_data=0x725790) at src/device.c:4523
4523 struct btd_adapter *adapter = device->adapter;
(gdb) p device->adapter
Cannot access memory at address 0x10157
(gdb)

As seen the device->adapter pointer is not valid, not sure why.
Comment by Cysioland (Cysioland) - Friday, 31 March 2017, 16:31 GMT
I diffed the upstream source between versions, and it seems like they slightly redid A2DP
Comment by Andreas Radke (AndyRTR) - Saturday, 01 April 2017, 08:29 GMT
Please bring it to the linux-bluetooth@vger.kernel.org ML.
Comment by Haley S. (HaleyS) - Sunday, 02 April 2017, 10:54 GMT
I can absolutely confirm this.
Bluetooth module: ID 413c:8187 Dell Computer Corp. DW375 Bluetooth Module
Bluetooth device: Jabra Halo Smart 1.8.1
Journalctl says: kernel: bluetoothd[530]: segfault at 10 ip 000000000046b634 sp 00007ffcd39f2160 error 4 in bluetoothd (deleted)[400000+da000]
More stacktraces:
ystemd-coredump[6623]: Process 530 (bluetoothd) of user 0 dumped core.

Stack trace of thread 530:
#0 0x000000000046b634 ba2str (bluetoothd)
#1 0x0000000000469673 n/a (bluetoothd)
#2 0x0000000000469d82 n/a (bluetoothd)
#3 0x00000000004472d3 n/a (bluetoothd)
#4 0x000000000047a31d n/a (bluetoothd)
#5 0x0000000000447405 n/a (bluetoothd)
#6 0x00007f30cc10745a g_main_context_dispatch (libglib-2.0.so.0)
#7 0x00007f30cc107810 n/a (libglib-2.0.so.0)
#8 0x00007f30cc107b32 g_main_loop_run (libglib-2.0.so.0)
#9 0x000000000040b6b2 n/a (bluetoothd)
#10 0x00007f30cb6dd511 __libc_start_main (libc.so.6)
#11 0x000000000040bf0a n/a (bluetoothd)

Steps to reproduce:
- Delete bluetooth headset from blueman (or gnome-bluetooth)
- Search using Blueman, attempt to connect to A2DP.
- Blueman appears to reach a connection, however shortly after the connection bars appear, Blueman crashes and complains about no present bluetooth adapter. This is likely the point where the crash listed above happens
- On restart of Bluetooth the Headset still appears paired, however only the low-quality headset profile is available. Once connected it is able to channel audio for some time, but will lead to continuous connection losses and reconnects.
Comment by Joao Machado (JoaoHerberto) - Monday, 03 April 2017, 02:40 GMT
I wonder if this issue is connected? https://bugs.archlinux.org/task/53424

Also see this Ubuntu thread: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1616695
Comment by Haley S. (HaleyS) - Monday, 03 April 2017, 07:15 GMT
From the Ubuntu ticket:
"So what I did was downgrade my Bluez & Bluez-libs from 5.44 to 5.41-2 and all is good in the bluetooth world!"
Also: Cysioland has reported the bug to the ML and filed a bug for it
- https://www.spinics.net/lists/linux-bluetooth/msg70136.html
- https://bugzilla.kernel.org/show_bug.cgi?id=195221
Comment by Daniel Andrei Minca (dminca) - Wednesday, 14 June 2017, 06:14 GMT
Just as an idea, it's worth to test the fix regarding gdm user that's spawning pulseaudio: https://wiki.archlinux.org/index.php/Bluetooth_headset#Gnome_with_GDM

I reverted to 5.41-2 and had to do that quick-fix for it to work, documented everything: https://ubuntulinuxx.wordpress.com/2017/06/13/connecting-skullcandy-hesh-2-wireless-headphones-to-bluetooth-on-archlinux/

NOTE: I know that reverting to a previous version is not the best way to fix the issue...
Comment by Cysioland (Cysioland) - Wednesday, 14 June 2017, 06:17 GMT
@dminca I needed that fix under 5.41-2 to make things work, and it still doesn't help with newest version.

And I can understand your post being profanity laced, but please, HFP/HSP and A2DP carry audio, not video, please correct that, for fox sake.
Comment by Daniel Andrei Minca (dminca) - Wednesday, 14 June 2017, 06:28 GMT
I am aware of the Audio protocols used. Have you tried switching profile to A2DP via `pacmd set-card-profile [id] a2dp_sink`?
Comment by Andreas Radke (AndyRTR) - Thursday, 10 August 2017, 20:23 GMT
New update out. Has this been fixed?
Comment by Joao Machado (JoaoHerberto) - Thursday, 10 August 2017, 22:19 GMT
Just ran the latest update from Manjaro, and the audio quality is working great!,watching a video is not so good, the audio sync off just by passing my hand between headphones and laptop. BLUEZ 5.46.1 installed today.
Comment by Eike (Eike) - Saturday, 26 August 2017, 14:50 GMT
I ran into the same issue and downgraded from 5.46-1 to 5.41-2 where my headphones work out of the box. Before downgrading I tried loading pulseaudio's bt modules after starting X11 and not at boot as per[1] which was not working - so I reverted back to how the configs were before.

[1] https://gist.github.com/freyes/dfc3f5232526a62bbc09adc816e0477d
Comment by Andreas Radke (AndyRTR) - Saturday, 26 August 2017, 15:08 GMT
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=5252296b725ef159992be5372f60721bd9adca48

Check if this is the fix for your issues. It will be included in the next release.
Comment by Joao Machado (JoaoHerberto) - Saturday, 26 August 2017, 18:36 GMT
WHen is the next release supposed to be out?
Comment by Andre Herbst (moormaster) - Monday, 28 August 2017, 17:10 GMT
I build and installed the aur package bluez-git.

I am able to pair with my bose soundbar ( https://www.bose.com/en_us/products/speakers/home_theater/bose-solo-5-tv-sound-system.html#v=solo_5_black ). The bluetooth daemon does not immediately connect to the soundbar after pairing (which it did with ver 5.43-2). The dameon does not crash anymore.

I can connect to the soundbar only after turning the soundbar off and on again - but the sound is still played through my internal soundcard.

I am still downgrading to bluez 5.43-2 which was the last working version for me.
Comment by Daniel Andrei Minca (dminca) - Saturday, 30 September 2017, 08:58 GMT
Issue no longer occurring on latest BlueZ v5.47-2.

I was now able to connect the Wireless Headset to A2DP without encountering any errors, it just works all of a sudden.
Comment by Andreas Radke (AndyRTR) - Saturday, 30 September 2017, 10:53 GMT
@Cysioland - is it fixed for you too?
Comment by Cysioland (Cysioland) - Saturday, 30 September 2017, 11:02 GMT
It pairs, but there are major synchronization issues, as @JoaoHerberto mentioned
Comment by Andreas Radke (AndyRTR) - Wednesday, 21 February 2018, 09:18 GMT
Is this still an issue?
Comment by Andre Herbst (moormaster) - Wednesday, 21 February 2018, 17:28 GMT
Yes, it is still an issue with the most recent bluez-git version 5.48

Now I get a segfault, when trying to connect to my bose solo soundbar. I did the following:

$ bluetoothctl
[NEW] Controller 00:09:DD:60:XX:XX ChromeLinux_5E0F [default]
[NEW] Device 08:DF:1F:82:XX:XX Bose Solo 5 system
Agent registered
[bluetooth]# pair 08:DF:1F:82:XX:XX
Attempting to pair with 08:DF:1F:82:XX:XX
[CHG] Device 08:DF:1F:82:XX:XX Connected: yes
[CHG] Device 08:DF:1F:82:XX:XX Paired: yes
Pairing successful
[CHG] Device 08:DF:1F:82:XX:XX Connected: no
[bluetooth]# connect 08:DF:1F:82:XX:XX
Attempting to connect to 08:DF:1F:82:XX:XX
[CHG] Device 08:DF:1F:82:C8:9E Connected: yes
[CHG] Device 08:DF:1F:82:C8:9E UUIDs: 00001000-d102-11e1-9b23-XXXXXXXXXXXX
[CHG] Device 08:DF:1F:82:C8:9E UUIDs: 0000110b-0000-1000-8000-XXXXXXXXXXXX
[CHG] Device 08:DF:1F:82:C8:9E UUIDs: 0000110c-0000-1000-8000-XXXXXXXXXXXX
[CHG] Device 08:DF:1F:82:C8:9E UUIDs: 0000110e-0000-1000-8000-XXXXXXXXXXXX
[CHG] Device 08:DF:1F:82:C8:9E UUIDs: 00001800-0000-1000-8000-XXXXXXXXXXXX
[CHG] Device 08:DF:1F:82:C8:9E UUIDs: 00001801-0000-1000-8000-XXXXXXXXXXXX
[CHG] Device 08:DF:1F:82:C8:9E ServicesResolved: yes
Connection successful


Edit: At this point I opened Gnome bluetooth settings which immediately leads to crashing the bluetooth daemon:
[CHG] Controller 00:09:DD:60:EA:56 Discovering: yes
Agent unregistered
[DEL] Controller 00:09:DD:60:EA:56 ChromeLinux_5E0F [default]
Waiting to connect to bluetoothd...


dmesg is showing:

[ 105.005346] Bluetooth: hci0: last event is not cmd complete (0x0f)
[ 105.028514] bluetoothd[441]: segfault at 8 ip 000055d1ddd408e0 sp 00007ffcfab35da8 error 4 in bluetoothd[55d1ddcdf000+f4000]


Edit #2: If I connect to the bose soundbar by only using the console pairing, connection and sound seems to work ... Until I open the gnome bluetooth settings. So this might be another issue dealing with the combination gnome <> bluez.
Comment by Michael Schubert (mschu) - Wednesday, 14 March 2018, 12:37 GMT
I'm also observing core dumps in bluetooth.service using bluez 5.49 trying to connect to an A2DP sink.
5.48-[12] and 5.47-[34] work as expected.

[13282.131766] bluetoothd[27969]: segfault at 8 ip 0000560754342fd0 sp 00007ffef4000b68 error 4 in bluetoothd[5607542df000+f8000]
Comment by Andreas Radke (AndyRTR) - Wednesday, 21 March 2018, 14:08 GMT
Not sure if this is still the same bug. At least please report this to the bluez mailing list or upstream tracker.
Comment by Miles (miles) - Wednesday, 04 April 2018, 10:39 GMT
hi!

not sure if this is the same bug, so i opened a new task: https://bugs.archlinux.org/task/58094

here is the commit that might fix this: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e10c204e1226e94a1eaaeaee076e7e2e5b13c504
Comment by Andreas Radke (AndyRTR) - Wednesday, 04 April 2018, 12:07 GMT
Please try 5.49-2 in testing.
Comment by Miles (miles) - Wednesday, 04 April 2018, 22:03 GMT
still getting the same error. https://pastebin.com/Eg3hMYun

ps: i might be wrong, but it could be that the patch you applied worked when built against the current master, not 5.49. if i understood sjanc correctly, this is the patch we should cherrypick: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=2c3bba7b38be03834162e34069156f1fd49f0528
Comment by Andreas Radke (AndyRTR) - Thursday, 05 April 2018, 17:44 GMT
Please heck 5.49-3 with that commit included.

If this is still not enough please try on top of 5.49 locally before requesting to add somewhat random commits. Every cherry picking can have unwanted side affects.
Comment by Miles (miles) - Friday, 06 April 2018, 08:45 GMT
5.49-3 works, thank you. also, i did not request random commits, but 2 commits that actually fix this bug. i did describe the difference between the two in my post, which was closed (i specifically pointed out the first patch was applied to the current master, not 5.49).

thank you for packaging this up, it works now.
Comment by Andreas Radke (AndyRTR) - Friday, 06 April 2018, 08:57 GMT
Has the initial issue for other users also been solved?
Comment by Andre Herbst (moormaster) - Friday, 06 April 2018, 09:06 GMT
I will be able to retest it on sunday evening.
Comment by Daniel (archsoft) - Friday, 06 April 2018, 11:02 GMT
5.49-3 solved for me, thank you!
Comment by Andre Herbst (moormaster) - Sunday, 08 April 2018, 09:08 GMT
5.49-3 solved it for me, too.

I am able again
- to pair with my bose speakers
- to connect to them
- to open gnome bluetooth settings without crashing anything

Loading...