You are not logged in.

#1 2020-11-06 13:11:13

fikovnik
Member
Registered: 2020-11-06
Posts: 2

Bluetoothd crashes when connecting to a loudspeaker

Hi,

I have a raspberry pi 3 setup as a loudspeaker:

[bluetoothctl]# info 00:1A:7D:DA:71:0F
Device 00:1A:7D:DA:71:0F (public)
        Name: radio1
        Alias: radio1
        Class: 0x00040414
        Icon: audio-card
        Paired: yes
        Trusted: no
        Blocked: no
        Connected: no
        LegacyPairing: no
        UUID: Audio Sink                (0000110b-0000-1000-8000-00805f9b34fb)
        UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
        UUID: A/V Remote Control        (0000110e-0000-1000-8000-00805f9b34fb)
        UUID: PnP Information           (00001200-0000-1000-8000-00805f9b34fb)
        Modalias: usb:v1D6Bp0246d0532
        RSSI: -69

I can connect to it using my android phone and a window box.

When I try on my linux laptop running arch (5.9.4-arch1-1, bluez 5.55-1, pulseaudio 13.99.3-1, pulseaudio-modules-bt 1.4-3), the bluetoothd crashes:

Nov 06 13:25:03 kathmandu pulseaudio[1934]: Found duplicated D-Bus path for sep endpoint /org/bluez/hci0/dev_00_1A_7D_DA_71_0F/sep1
Nov 06 13:25:03 kathmandu pulseaudio[1934]: Found duplicated D-Bus path for sep endpoint /org/bluez/hci0/dev_00_1A_7D_DA_71_0F/sep2
Nov 06 13:25:03 kathmandu pulseaudio[1934]: Found duplicated D-Bus path for sep endpoint /org/bluez/hci0/dev_00_1A_7D_DA_71_0F/sep3
Nov 06 13:25:03 kathmandu bluetoothd[11096]: profiles/audio/a2dp.c:register_remote_sep() Could not register remote sep /org/bluez/hci0/dev_00_1A_7D_DA_71_0F/sep2
Nov 06 13:25:03 kathmandu audit[11096]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=11096 comm="bluetoothd" exe="/usr/lib/bluetooth/bluetoothd" sig=11 res=1
Nov 06 13:25:03 kathmandu bluetoothd[11096]: profiles/audio/a2dp.c:register_remote_sep() Could not register remote sep /org/bluez/hci0/dev_00_1A_7D_DA_71_0F/sep3
Nov 06 13:25:03 kathmandu kernel: bluetoothd[11096]: segfault at 3 ip 00005602dce85517 sp 00007fffefc38050 error 4 in bluetoothd[5602dce80000+a8000]
Nov 06 13:25:03 kathmandu kernel: Code: 48 8d 0d d7 35 0a 00 ba 04 00 00 00 4c 89 f7 44 0f b6 c0 be 01 00 00 00 31 c0 ff 15 db 58 10 00 48 8b 7d 10 67 e8 99 77 00 00 <44> 0f b6 6b 03 48 8b 7d 10 44 0f b6 f8 67 e8 66 77 00 00 48 83 ec
Nov 06 13:25:03 kathmandu kernel: audit: type=1701 audit(1604665503.844:244): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=11096 comm="bluetoothd" exe="/usr/lib/bluetooth/bluetoothd" sig=11 res=1
Nov 06 13:25:03 kathmandu audit: BPF prog-id=42 op=LOAD
Nov 06 13:25:03 kathmandu audit: BPF prog-id=43 op=LOAD
Nov 06 13:25:03 kathmandu kernel: audit: type=1334 audit(1604665503.891:245): prog-id=42 op=LOAD
Nov 06 13:25:03 kathmandu kernel: audit: type=1334 audit(1604665503.891:246): prog-id=43 op=LOAD
Nov 06 13:25:03 kathmandu systemd[1]: Started Process Core Dump (PID 11445/UID 0).
Nov 06 13:25:03 kathmandu audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@6-11445-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Nov 06 13:25:03 kathmandu kernel: audit: type=1130 audit(1604665503.894:247): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@6-11445-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Nov 06 13:25:04 kathmandu systemd[1]: bluetooth.service: Main process exited, code=dumped, status=11/SEGV
Nov 06 13:25:04 kathmandu systemd[1]: bluetooth.service: Failed with result 'core-dump'.
Nov 06 13:25:04 kathmandu audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=bluetooth comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Nov 06 13:25:04 kathmandu kernel: audit: type=1131 audit(1604665504.181:248): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=bluetooth comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Nov 06 13:25:04 kathmandu systemd-coredump[11446]: [?] Process 11096 (bluetoothd) of user 0 dumped core.

                                                   Stack trace of thread 11096:
                                                   #0  0x00005602dce85517 n/a (bluetoothd + 0x25517)
                                                   #1  0x00005602dcf13f6d n/a (bluetoothd + 0xb3f6d)
                                                   #2  0x00005602dce85e3e n/a (bluetoothd + 0x25e3e)
                                                   #3  0x00005602dce88b13 n/a (bluetoothd + 0x28b13)
                                                   #4  0x00005602dce8ad5e n/a (bluetoothd + 0x2ad5e)
                                                   #5  0x00005602dce903a9 n/a (bluetoothd + 0x303a9)
                                                   #6  0x00007f477bef6914 g_main_context_dispatch (libglib-2.0.so.0 + 0x52914)
                                                   #7  0x00007f477bf4a7d1 n/a (libglib-2.0.so.0 + 0xa67d1)
                                                   #8  0x00007f477bef5e63 g_main_loop_run (libglib-2.0.so.0 + 0x51e63)
                                                   #9  0x00005602dcf25a06 n/a (bluetoothd + 0xc5a06)
                                                   #10 0x00005602dcf25e88 n/a (bluetoothd + 0xc5e88)
                                                   #11 0x00005602dce80ac1 n/a (bluetoothd + 0x20ac1)
                                                   #12 0x00007f477bbc9152 __libc_start_main (libc.so.6 + 0x28152)
                                                   #13 0x00005602dce8177e n/a (bluetoothd + 0x2177e)
Nov 06 13:25:04 kathmandu systemd[1]: systemd-coredump@6-11445-0.service: Succeeded.
Nov 06 13:25:04 kathmandu kernel: audit: type=1131 audit(1604665504.201:249): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@6-11445-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Nov 06 13:25:04 kathmandu audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@6-11445-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Nov 06 13:25:04 kathmandu audit: BPF prog-id=43 op=UNLOAD
Nov 06 13:25:04 kathmandu audit: BPF prog-id=42 op=UNLOAD

I tried to connect to other loudspeaker (Bose mini 2 soundlink) and it works.
If I install and start ofono service, bluetoothd does not crash, but after connecting, it immediately disconnects.

Any idea what can be wrong?

Last edited by fikovnik (2020-11-06 13:23:11)

Offline

#2 2020-11-19 15:33:56

fikovnik
Member
Registered: 2020-11-06
Posts: 2

Re: Bluetoothd crashes when connecting to a loudspeaker

I did a bit of debugging today and I found that the problem is in: store_remote_sep

Nov 19 15:30:06 kathmandu systemd-coredump[2471254]: [?] Process 2470723 (bluetoothd) of user 0 dumped core.

                                                     Stack trace of thread 2470723:
                                                     #0  0x0000562a9a47e517 store_remote_sep (bluetoothd + 0x25517)
                                                     #1  0x0000562a9a50cf6d queue_foreach (bluetoothd + 0xb3f6d)
                                                     #2  0x0000562a9a47ee3e store_remote_seps (bluetoothd + 0x25e3e)
                                                     #3  0x0000562a9a481b13 discover_cb (bluetoothd + 0x28b13)
                                                     #4  0x0000562a9a483d5e finalize_discovery (bluetoothd + 0x2ad5e)
                                                     #5  0x0000562a9a4893a9 avdtp_parse_resp (bluetoothd + 0x303a9)
                                                     #6  0x00007f3c0785e914 g_main_context_dispatch (libglib-2.0.so.0 + 0x52914)
                                                     #7  0x00007f3c078b27d1 n/a (libglib-2.0.so.0 + 0xa67d1)
                                                     #8  0x00007f3c0785de63 g_main_loop_run (libglib-2.0.so.0 + 0x51e63)
                                                     #9  0x0000562a9a51ea06 mainloop_run (bluetoothd + 0xc5a06)
                                                     #10 0x0000562a9a51ee88 mainloop_run_with_signal (bluetoothd + 0xc5e88)
                                                     #11 0x0000562a9a479ac1 main (bluetoothd + 0x20ac1)
                                                     #12 0x00007f3c07531152 __libc_start_main (libc.so.6 + 0x28152)
                                                     #13 0x0000562a9a47a77e _start (bluetoothd + 0x2177e)

Concretely, in profiles/audio/a2dp.c:

 2657  offset = sprintf(value, "%02hhx:%02hhx:%02hhx:",                              
 2658       avdtp_get_type(sep->sep), codec->media_codec_type,                   
 2659       avdtp_get_delay_reporting(sep->sep)); 

The codec->media_codec_type is NULL. When I add a simple check for NULL returning early for the function, it starts to work.

I submitted a bug https://bugs.archlinux.org/task/68671

Last edited by fikovnik (2020-11-19 17:00:44)

Offline

Board footer

Powered by FluxBB