From: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
To: "luiz.dentz@gmail.com" <luiz.dentz@gmail.com>
Cc: "linux-bluetooth@vger.kernel.org" <linux-bluetooth@vger.kernel.org>
Subject: Re: bluez SEGV in current master
Date: Wed, 14 Jun 2023 17:00:34 +0000 [thread overview]
Message-ID: <b1588e0579d4dfd9947d0d6938f10eb0e05e8558.camel@infinera.com> (raw)
In-Reply-To: <CABBYNZKhf0Ve5P+N9zhAuUwU5O-e5JcifcxE-0=o+X_hRdPtyA@mail.gmail.com>
On Wed, 2023-06-14 at 09:53 -0700, Luiz Augusto von Dentz wrote:
> Hi Joakim,
>
> On Wed, Jun 14, 2023 at 9:32 AM Joakim Tjernlund
> <Joakim.Tjernlund@infinera.com> wrote:
> >
> > On Wed, 2023-06-14 at 09:25 -0700, Luiz Augusto von Dentz wrote:
> > > Hi Joakim,
> > >
> > > On Wed, Jun 14, 2023 at 5:36 AM Joakim Tjernlund
> > > <Joakim.Tjernlund@infinera.com> wrote:
> > > >
> > > > commit bap: Add broadcast source support, 3030883, in bluez.git
> > > >
> > > > A co-worker see this SEGV when connecting a headset:
> > > >
> > > > Jun 13 13:38:15 systemd-coredump[3941]: Process 1897 (bluetoothd) of user 0 dumped core.
> > > > Module bluetoothd without build-id.
> > > > #0 0x0000556bea93277a a2dp_resume_complete (bluetoothd + 0x3e77a)
> > > > #1 0x0000556bea9210a2 finalize_resume (bluetoothd + 0x2d0a2)
> > > > #2 0x0000556bea92afaf avdtp_start_resp (bluetoothd + 0x36faf)
> > > > #6 0x0000556bea9dcc85 mainloop_run (bluetoothd + 0xe8c85)
> > > > #7 0x0000556bea9dd0dc mainloop_run_with_signal (bluetoothd + 0xe90dc)
> > > > #8 0x0000556bea91a4ef main (bluetoothd + 0x264ef)
> > > > #11 0x0000556bea91ace1 _start (bluetoothd + 0x26ce1)
> > > > Jun 13 13:38:15 systemd[1]: bluetooth.service: Main process exited, code=dumped, status=11/SEGV
> > > >
> > > >
> > > > Crash seems to be at:
> > > >
> > > > 342 static void a2dp_resume_complete(struct avdtp *session, int err,
> > > > 343 void *user_data)
> > > > 344 {
> > > > 345 struct media_owner *owner = user_data;
> > > > 346 struct media_request *req = owner->pending;
> > > > 347 struct media_transport *transport = owner->transport;
> > > > 348 struct a2dp_sep *sep = media_endpoint_get_sep(transport->endpoint);
> > > >
> > > > A good start(but does NOT fix the problem) might be:
> > > >
> > > > --- bluez-9999/profiles/audio/transport.c.org 2023-06-13 18:38:14.542137531 +0200
> > > > +++ bluez-9999/profiles/audio/transport.c 2023-06-13 18:48:32.542527882 +0200
> > > > @@ -345,7 +345,7 @@
> > > > struct media_owner *owner = user_data;
> > > > struct media_request *req = owner->pending;
> > > > struct media_transport *transport = owner->transport;
> > > > - struct a2dp_sep *sep = media_endpoint_get_sep(transport->endpoint);
> > > > + struct a2dp_sep *sep;
> > > > struct avdtp_stream *stream;
> > > > int fd;
> > > > uint16_t imtu, omtu;
> > > > @@ -355,7 +355,10 @@
> > > >
> > > > if (err)
> > > > goto fail;
> > > > + if (!transport)
> > > > + goto fail;
> > > >
> > > > + sep = media_endpoint_get_sep(transport->endpoint);
> > > > stream = a2dp_sep_get_stream(sep);
> > > > if (stream == NULL)
> > > > goto fail;
> > > >
> > > > bluez-5.66 Works fine though.
> > > >
> > > > Headset: WH-1000XM3
> > > >
> > > > Jocke
> > >
> > > Weird, I don't think much has changed for A2DP, but perhaps there is
> > > some BAP related changes affecting A2DP for some reason, any chance to
> > > bisect the patch that introduces this problem? Or it is not always
> > > reproducible?
> >
> > It is reproducible but on an remote laptop used for daily work so would disturb quite a lot.
> > Can I turn off BAP somehow to see if it is interfering ?
> >
> > Any chance it is related to https://github.com/bluez/bluez/issues/533 ?
>
> Right, yeah that is possible since it appears to be some unbalanced
> reference count issue, that said that was a very old version, not sure
> if we haven't fixed that.
It is not fixed in unref code discussed in that issue on master
Jocke
next prev parent reply other threads:[~2023-06-14 17:00 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-14 12:29 bluez SEGV in current master Joakim Tjernlund
2023-06-14 13:52 ` bluez.test.bot
2023-06-14 16:25 ` Luiz Augusto von Dentz
2023-06-14 16:32 ` Joakim Tjernlund
2023-06-14 16:53 ` Luiz Augusto von Dentz
2023-06-14 17:00 ` Joakim Tjernlund [this message]
2023-06-27 8:35 ` Joakim Tjernlund
2023-06-27 13:14 ` Joakim Tjernlund
2023-06-29 16:58 ` Joakim Tjernlund
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b1588e0579d4dfd9947d0d6938f10eb0e05e8558.camel@infinera.com \
--to=joakim.tjernlund@infinera.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).