FS#68242 - [bluez] Segfault if `MultiProfile = multiple` since 5.55-1
Attached to Project:
Arch Linux
Opened by Mehdi Abaakouk (sileht) - Tuesday, 13 October 2020, 21:00 GMT
Last edited by Andreas Radke (AndyRTR) - Monday, 08 February 2021, 10:45 GMT
Opened by Mehdi Abaakouk (sileht) - Tuesday, 13 October 2020, 21:00 GMT
Last edited by Andreas Radke (AndyRTR) - Monday, 08 February 2021, 10:45 GMT
|
Details
Description:
Segfault if `MultiProfile = multiple` since 5.55-1. It was working fine in 5.54-2 Additional info: * package version(s) 5.55-1 * link to upstream bug report: https://github.com/bluez/bluez/issues/45 Steps to reproduce: systemd bluetoothd service doesn't start with this error: ``` # journalctl -u bluetoohd -n 10 ... Oct 13 22:56:22 joe bluetoothd[267840]: Endpoint unregistered: sender=:1.2566 path=/MediaEndpoint/A2DPSink/sbc Oct 13 22:56:22 joe bluetoothd[267840]: free(): double free detected in tcache 2 Oct 13 22:56:22 joe systemd[1]: bluetooth.service: Main process exited, code=dumped, status=6/ABRT Oct 13 22:56:22 joe systemd[1]: bluetooth.service: Failed with result 'core-dump'. ``` Manually, it's not better: ``` # /usr/lib/bluetooth/bluetoothd free(): double free detected in tcache 2 Aborted (core dumped) ``` So I recompiled the package with symbol and get the following backtrace: ``` (gdb) bt #0 0x00007ffff7b9e615 in raise () from /usr/lib/libc.so.6 #1 0x00007ffff7b87862 in abort () from /usr/lib/libc.so.6 #2 0x00007ffff7be05e8 in __libc_message () from /usr/lib/libc.so.6 #3 0x00007ffff7be827a in malloc_printerr () from /usr/lib/libc.so.6 #4 0x00007ffff7be9d4c in _int_free () from /usr/lib/libc.so.6 #5 0x000055555558735e in media_endpoint_destroy (endpoint=0x5555556c4ce0) at profiles/audio/media.c:180 #6 0x0000555555587b63 in media_endpoint_create (adapter=adapter@entry=0x5555556c3480, sender=sender@entry=0x5555556be868 ":1.2566", path=0x5555556c7534 "/MediaEndpoint/A2DPSink/sbc", uuid=0x5555556c7568 "0000110b-0000-1000-8000-00805f9b34fb", delay_reporting=0, codec=<optimized out>, capabilities=0x5555556c75bc "\377\377\002\065", size=4, err=0x7fffffffe340) at profiles/audio/media.c:823 #7 0x00005555555881e4 in register_endpoint (conn=<optimized out>, msg=0x5555556bd580, data=0x5555556c3480) at profiles/audio/media.c:926 #8 0x0000555555604519 in process_message (connection=0x5555556927f0, message=0x5555556bd580, method=0x555555676ba0 <media_methods>, iface_user_data=<optimized out>) at gdbus/object.c:259 #9 0x00007ffff7e357d6 in ?? () from /usr/lib/libdbus-1.so.3 #10 0x00007ffff7e253bd in dbus_connection_dispatch () from /usr/lib/libdbus-1.so.3 #11 0x0000555555600bb1 in message_dispatch (data=0x5555556927f0) at gdbus/mainloop.c:72 #12 0x00007ffff7eb5924 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #13 0x00007ffff7f09621 in ?? () from /usr/lib/libglib-2.0.so.0 #14 0x00007ffff7eb4e73 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #15 0x0000555555619a06 in mainloop_run () at src/shared/mainloop-glib.c:79 #16 0x0000555555619e88 in mainloop_run_with_signal (func=<optimized out>, user_data=0x0) at src/shared/mainloop-notify.c:201 #17 0x0000555555574ac1 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:971 ``` |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Monday, 08 February 2021, 10:45 GMT
Reason for closing: Upstream
Additional comments about closing: bluez-git has the fix available and will be included in the next release. see upstream report.
Monday, 08 February 2021, 10:45 GMT
Reason for closing: Upstream
Additional comments about closing: bluez-git has the fix available and will be included in the next release. see upstream report.