Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#68671 - [bluez] blouetoothd segfaults when pairing with a loudspeaker
Attached to Project:
Arch Linux
Opened by Filip Krikava (fikovnik) - Thursday, 19 November 2020, 17:00 GMT
Last edited by Andreas Radke (AndyRTR) - Monday, 08 February 2021, 11:49 GMT
Opened by Filip Krikava (fikovnik) - Thursday, 19 November 2020, 17:00 GMT
Last edited by Andreas Radke (AndyRTR) - Monday, 08 February 2021, 11:49 GMT
|
DetailsHi,
I have a raspberry pi 3 setup as a loudspeaker: ``` [bluetoothctl]# info 00:1A:7D:DA:71:0F Device 00:1A:7D:DA:71:0F (public) Name: radio1 Alias: radio1 Class: 0x00040414 Icon: audio-card Paired: yes Trusted: no Blocked: no Connected: no LegacyPairing: no UUID: Audio Sink (0000110b-0000-1000-8000-00805f9b34fb) UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb) UUID: A/V Remote Control (0000110e-0000-1000-8000-00805f9b34fb) UUID: PnP Information (00001200-0000-1000-8000-00805f9b34fb) Modalias: usb:v1D6Bp0246d0532 RSSI: -69 ``` I can connect to it using my android phone and a window box. When I try on arch (5.9.4-arch1-1, bluez 5.55-1, pulseaudio 13.99.3-1, pulseaudio-modules-bt 1.4-3), the bluetoothd crashes: ``` Nov 06 13:25:03 kathmandu pulseaudio[1934]: Found duplicated D-Bus path for sep endpoint /org/bluez/hci0/dev_00_1A_7D_DA_71_0F/sep1 Nov 06 13:25:03 kathmandu pulseaudio[1934]: Found duplicated D-Bus path for sep endpoint /org/bluez/hci0/dev_00_1A_7D_DA_71_0F/sep2 Nov 06 13:25:03 kathmandu pulseaudio[1934]: Found duplicated D-Bus path for sep endpoint /org/bluez/hci0/dev_00_1A_7D_DA_71_0F/sep3 Nov 06 13:25:03 kathmandu bluetoothd[11096]: profiles/audio/a2dp.c:register_remote_sep() Could not register remote sep /org/bluez/hci0/dev_00_1A_7D_DA_71_0F/sep2 Nov 06 13:25:03 kathmandu audit[11096]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=11096 comm="bluetoothd" exe="/usr/lib/bluetooth/bluetoothd" sig=11 res=1 Nov 06 13:25:03 kathmandu bluetoothd[11096]: profiles/audio/a2dp.c:register_remote_sep() Could not register remote sep /org/bluez/hci0/dev_00_1A_7D_DA_71_0F/sep3 Nov 06 13:25:03 kathmandu kernel: bluetoothd[11096]: segfault at 3 ip 00005602dce85517 sp 00007fffefc38050 error 4 in bluetoothd[5602dce80000+a8000] Nov 06 13:25:03 kathmandu kernel: Code: 48 8d 0d d7 35 0a 00 ba 04 00 00 00 4c 89 f7 44 0f b6 c0 be 01 00 00 00 31 c0 ff 15 db 58 10 00 48 8b 7d 10 67 e8 99 77 00 00 <44> 0f b6 6b 03 48 8b 7d 10 44 0f b6 f8 67 e8 66 77 00 00 48 83 ec Nov 06 13:25:03 kathmandu kernel: audit: type=1701 audit(1604665503.844:244): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=11096 comm="bluetoothd" exe="/usr/lib/bluetooth/bluetoothd" sig=11 res=1 Nov 06 13:25:03 kathmandu audit: BPF prog-id=42 op=LOAD Nov 06 13:25:03 kathmandu audit: BPF prog-id=43 op=LOAD Nov 06 13:25:03 kathmandu kernel: audit: type=1334 audit(1604665503.891:245): prog-id=42 op=LOAD Nov 06 13:25:03 kathmandu kernel: audit: type=1334 audit(1604665503.891:246): prog-id=43 op=LOAD Nov 06 13:25:03 kathmandu systemd[1]: Started Process Core Dump (PID 11445/UID 0). Nov 06 13:25:03 kathmandu audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@6-11445-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 06 13:25:03 kathmandu kernel: audit: type=1130 audit(1604665503.894:247): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@6-11445-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 06 13:25:04 kathmandu systemd[1]: bluetooth.service: Main process exited, code=dumped, status=11/SEGV Nov 06 13:25:04 kathmandu systemd[1]: bluetooth.service: Failed with result 'core-dump'. Nov 06 13:25:04 kathmandu audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=bluetooth comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Nov 06 13:25:04 kathmandu kernel: audit: type=1131 audit(1604665504.181:248): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=bluetooth comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Nov 06 13:25:04 kathmandu systemd-coredump[11446]: [?] Process 11096 (bluetoothd) of user 0 dumped core. Stack trace of thread 2526285: #0 0x000055ac5132c517 store_remote_sep (bluetoothd + 0x25517) #1 0x000055ac513baf6d queue_foreach (bluetoothd + 0xb3f6d) #2 0x000055ac5132ce3e store_remote_seps (bluetoothd + 0x25e3e) #3 0x000055ac5132fb13 discover_cb (bluetoothd + 0x28b13) #4 0x000055ac51331d5e finalize_discovery (bluetoothd + 0x2ad5e) #5 0x000055ac513373a9 avdtp_parse_resp (bluetoothd + 0x303a9) #6 0x00007f55bd639914 g_main_context_dispatch (libglib-2.0.so.0 + 0x52914) #7 0x00007f55bd68d7d1 n/a (libglib-2.0.so.0 + 0xa67d1) #8 0x00007f55bd638e63 g_main_loop_run (libglib-2.0.so.0 + 0x51e63) #9 0x000055ac513cca06 mainloop_run (bluetoothd + 0xc5a06) #10 0x000055ac513cce88 mainloop_run_with_signal (bluetoothd + 0xc5e88) #11 0x000055ac51327ac1 main (bluetoothd + 0x20ac1) #12 0x00007f55bd30c152 __libc_start_main (libc.so.6 + 0x28152) #13 0x000055ac5132877e _start (bluetoothd + 0x2177e)Nov 06 13:25:04 kathmandu systemd[1]: systemd-coredump%406-11445-0.service: Succeeded. Nov 06 13:25:04 kathmandu kernel: audit: type=1131 audit(1604665504.201:249): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@6-11445-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 06 13:25:04 kathmandu audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@6-11445-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 06 13:25:04 kathmandu audit: BPF prog-id=43 op=UNLOAD Nov 06 13:25:04 kathmandu audit: BPF prog-id=42 op=UNLOAD ``` The problematic lines in `store_remote_sep` (`profiles/audio/a2dp.c`) are: ``` 2657 offset = sprintf(value, "%02hhx:%02hhx:%02hhx:", 2658 avdtp_get_type(sep->sep), codec->media_codec_type, 2659 avdtp_get_delay_reporting(sep->sep)); ``` The `codec->media_codec_type` is `NULL`. When I add a simple null check and return early from the function, it starts to work. Not sure if it is of any help, but connecting to other loudspeaker (Bose mini 2 soundlink) or BT headsets - it works fine. Another thing: if I install and start ofono service, bluetoothd does not crash, but after connecting, it immediately disconnects. |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Monday, 08 February 2021, 11:49 GMT
Reason for closing: Fixed
Additional comments about closing: 5.55-2 - upstream patch applied
Monday, 08 February 2021, 11:49 GMT
Reason for closing: Fixed
Additional comments about closing: 5.55-2 - upstream patch applied
I asked yesterday at #bluez, but I have not received nay answer.
you could try: https://github.com/bluez/bluez/issues.
[1] https://github.com/bluez/bluez/commit/326d70edd99c3f21cf299dba55214e2c8957e622
[2] https://github.com/bluez/bluez/commit/d83f1d480a15e0229ff47c197e0145a4640e626a
[3] https://lore.kernel.org/linux-bluetooth/20201123183440.433677-1-luiz.dentz%40gmail.com/