As stated in title. Pairing is fine, but as soon as I try to connect, bluetoothd goes down. Works fine after downgrading to 5.43.2. Stacktrace: #0 0x0000000000469d60 n/a (bluetoothd) #1 0x00000000004472d3 n/a (bluetoothd) #2 0x000000000047a31d n/a (bluetoothd) #3 0x0000000000447405 n/a (bluetoothd) #4 0x00007f8ac61cf45a g_main_context_dispatch (libglib-2.0.so.0) #5 0x00007f8ac61cf810 n/a (libglib-2.0.so.0) #6 0x00007f8ac61cfb32 g_main_loop_run (libglib-2.0.so.0) #7 0x000000000040b6b2 n/a (bluetoothd) #8 0x00007f8ac57a5511 __libc_start_main (libc.so.6) #9 0x000000000040bf0a n/a (bluetoothd) I'm using Arch Linux, and reported the bug to their bug tracker, they told me to go to upstream.
see also Arch Linux Bugtracker: - https://bugs.archlinux.org/task/53442 - https://bugs.archlinux.org/task/53424
Still reproduces with latest GIT c896183: [lakostis@lks ~]$ sudo gdb --args /usr/libexec/bluetooth/bluetoothd -n [sudo] password for lakostis: GNU gdb (GDB) 7.9-alt3 (ALT Linux) Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-alt-linux". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/libexec/bluetooth/bluetoothd...Reading symbols from /usr/lib/debug/usr/libexec/bluetooth/bluetoothd.debug...done. done. (gdb) break browse_cb Breakpoint 1 at 0x48eb54 (gdb) run Starting program: /usr/libexec/bluetooth/bluetoothd -n [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". bluetoothd[19262]: Bluetooth daemon 5.45 bluetoothd[19262]: Starting SDP server bluetoothd[19262]: Bluetooth management interface 1.14 initialized bluetoothd[19262]: No cache for F4:5F:69:01:3D:69 Breakpoint 1, 0x000000000048eb54 in browse_cb () (gdb) info locals No symbol table info available. (gdb) info frame Stack level 0, frame at 0x7fffffffe840: rip = 0x48eb54 in browse_cb; saved rip = 0x461130 called by frame at 0x7fffffffe8a0 Arglist at 0x7fffffffe830, args: Locals at 0x7fffffffe830, Previous frame's sp is 0x7fffffffe840 Saved registers: rbp at 0x7fffffffe830, rip at 0x7fffffffe838 (gdb) x 0x48eb54 0x48eb54 <browse_cb+4>: 0x48535441 (gdb) x/c 0x48eb54 0x48eb54 <browse_cb+4>: 65 'A' (gdb) continue Continuing. Program received signal SIGSEGV, Segmentation fault. 0x000000000048eb8d in browse_cb () (gdb) x/c 0x48eb54 0x48eb54 <browse_cb+4>: 65 'A' (gdb) bt #0 0x000000000048eb8d in browse_cb () #1 0x0000000000461130 in search_completed_cb () #2 0x00000000004a6ee0 in sdp_process () #3 0x00000000004611e4 in search_process_cb () #4 0x00007f6875ce67ea in g_main_dispatch (context=0x71de80) at gmain.c:3234 #5 g_main_context_dispatch (context=context@entry=0x71de80) at gmain.c:3899 #6 0x00007f6875ce6b68 in g_main_context_iterate (context=0x71de80, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3972 #7 0x00007f6875ce6e82 in g_main_loop_run (loop=0x71ddf0) at gmain.c:4168 #8 0x000000000044f198 in main () (gdb) x/c 0x000000000048eb8d 0x48eb8d <browse_cb+61>: 72 'H' (gdb) quit A debugging session is active. bluetoothd[31069]: attrib/gattrib.c:g_attrib_unref() 0x73aae0: g_attrib_unref=0 bluetoothd[31069]: src/device.c:connect_profiles() /org/bluez/hci0/dev_F4_5F_69_01_3D_69 (all), client :1.868 bluetoothd[31069]: src/device.c:connect_profiles() Resolving services for /org/bluez/hci0/dev_F4_5F_69_01_3D_69 bluetoothd[31069]: src/adapter.c:connected_callback() hci0 device F4:5F:69:01:3D:69 connected eir_len 13 bluetoothd[31069]: src/gatt-database.c:connect_cb() New incoming BR/EDR ATT connection bluetoothd[31069]: attrib/gattrib.c:g_attrib_ref() 0x73d280: g_attrib_ref=1 bluetoothd[31069]: src/device.c:load_gatt_db() Restoring F4:5F:69:01:3D:69 gatt database from file bluetoothd[31069]: No cache for F4:5F:69:01:3D:69 bluetoothd[31069]: src/gatt-client.c:btd_gatt_client_connected() Device connected. bluetoothd[31069]: src/device.c:gatt_debug() Primary service discovery failed. ATT ECODE: 0x0a bluetoothd[31069]: src/device.c:gatt_client_ready_cb() status: success, error: 0 bluetoothd[31069]: src/gatt-client.c:btd_gatt_client_ready() GATT client ready bluetoothd[31069]: src/gatt-client.c:create_services() Exporting objects for GATT services: F4:5F:69:01:3D:69 bluetoothd[31069]: src/device.c:device_svc_resolved() /org/bluez/hci0/dev_F4_5F_69_01_3D_69 err 0 bluetoothd[31069]: src/device.c:connect_profiles() /org/bluez/hci0/dev_F4_5F_69_01_3D_69 (all), client :1.868 Program received signal SIGSEGV, Segmentation fault. 0x000000000048eb8d in browse_cb ()
Created attachment 257395 [details] Fix crashing when connecting ATT over BR/EDR Please check if the attached patch fixes the problem.
Patch does not resolve the problem for me
Logs, btw what device is this that connects over ATT?
ATT is what Konstantin's device uses, mine does not, and probably that's why the patch did not solve my problem.
(In reply to Luiz Von Dentz from comment #3) > Created attachment 257395 [details] > Fix crashing when connecting ATT over BR/EDR > > Please check if the attached patch fixes the problem. Thanks! With attached patch I see no crashes during connection: Jul 7 12:14:49 lks bluetoothd[22595]: No cache for F4:5F:69:01:3D:69 Jul 7 12:19:18 lks bluetoothd[22595]: Endpoint registered: sender=:1.1088 path=/MediaEndpoint/A2DPSource Jul 7 12:19:18 lks bluetoothd[22595]: Endpoint registered: sender=:1.1088 path=/MediaEndpoint/A2DPSink Jul 7 12:19:30 lks bluetoothd[22595]: Can't open input device: No such file or directory (2) Jul 7 12:19:30 lks bluetoothd[22595]: AVRCP: failed to init uinput for F4:5F:69:01:3D:69 Jul 7 12:19:33 lks bluetoothd[22595]: /org/bluez/hci0/dev_F4_5F_69_01_3D_69/fd0: fd(28) ready
hmm, still crashing on pair with another device: bluetoothd[24105]: src/adapter.c:adapter_start() adapter /org/bluez/hci0 has been enabled bluetoothd[24105]: src/adapter.c:add_whitelist_complete() 20:14:10:76:69:A6 added to kernel whitelist bluetoothd[24105]: src/adapter.c:add_whitelist_complete() 11:11:11:28:F9:5E added to kernel whitelist bluetoothd[24105]: src/adapter.c:add_whitelist_complete() D0:03:4B:DF:0A:AD added to kernel whitelist bluetoothd[24105]: src/adapter.c:add_whitelist_complete() F4:5F:69:01:3D:69 added to kernel whitelist bluetoothd[24105]: src/adapter.c:add_whitelist_complete() 00:1D:DF:4D:EB:E4 added to kernel whitelist bluetoothd[24105]: src/adapter.c:load_link_keys_complete() link keys loaded for hci0 bluetoothd[24105]: src/adapter.c:get_connections_complete() Connection count: 0 bluetoothd[24105]: src/agent.c:agent_ref() 0x72ba90: ref=1 bluetoothd[24105]: src/agent.c:register_agent() agent :1.1201 bluetoothd[24105]: src/agent.c:agent_ref() 0x72a3a0: ref=1 bluetoothd[24105]: src/agent.c:register_agent() agent :1.1207 bluetoothd[24105]: src/device.c:connect_profiles() /org/bluez/hci0/dev_00_1D_DF_4D_EB_E4 (all), client :1.1207 bluetoothd[24105]: src/device.c:connect_profiles() Resolving services for /org/bluez/hci0/dev_00_1D_DF_4D_EB_E4 bluetoothd[24105]: src/adapter.c:connected_callback() hci0 device 00:1D:DF:4D:EB:E4 connected eir_len 26 bluetoothd[24105]: src/gatt-database.c:connect_cb() New incoming BR/EDR ATT connection bluetoothd[24105]: attrib/gattrib.c:g_attrib_ref() 0x73b300: g_attrib_ref=1 bluetoothd[24105]: src/device.c:load_gatt_db() Restoring 00:1D:DF:4D:EB:E4 gatt database from file bluetoothd[24105]: No cache for 00:1D:DF:4D:EB:E4 bluetoothd[24105]: src/gatt-client.c:btd_gatt_client_connected() Device connected. bluetoothd[24105]: src/device.c:gatt_debug() Primary service discovery failed. ATT ECODE: 0x0a bluetoothd[24105]: src/device.c:gatt_client_ready_cb() status: success, error: 0 bluetoothd[24105]: src/gatt-client.c:btd_gatt_client_ready() GATT client ready bluetoothd[24105]: src/gatt-client.c:create_services() Exporting objects for GATT services: 00:1D:DF:4D:EB:E4 bluetoothd[24105]: src/device.c:device_svc_resolved() /org/bluez/hci0/dev_00_1D_DF_4D_EB_E4 err 0 bluetoothd[24105]: src/device.c:connect_profiles() /org/bluez/hci0/dev_00_1D_DF_4D_EB_E4 (all), client :1.1207 Program received signal SIGSEGV, Segmentation fault. 0x0000000000493dc2 in ba2str () (gdb) bt #0 0x0000000000493dc2 in ba2str () #1 0x000000000048e1f6 in ?? () #2 0x000000000048ec18 in ?? () #3 0x0000000000461130 in ?? () #4 0x00000000004a6f0f in ?? () #5 0x00000000004611e4 in ?? () #6 0x00007fad980337ea in g_main_dispatch (context=0x71de80) at gmain.c:3234 #7 g_main_context_dispatch (context=context@entry=0x71de80) at gmain.c:3899 #8 0x00007fad98033b68 in g_main_context_iterate (context=0x71de80, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3972 #9 0x00007fad98033e82 in g_main_loop_run (loop=0x722990) at gmain.c:4168 #10 0x000000000044f198 in ?? () #11 0x00007fad973e7661 in __libc_start_main (main=0x44ee3d, argc=3, argv=0x7fffffffeba8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffeb98) at ../csu/libc-start.c:295 #12 0x000000000040aeda in ?? () (gdb) where #0 0x0000000000493dc2 in ba2str () #1 0x000000000048e1f6 in ?? () #2 0x000000000048ec18 in ?? () #3 0x0000000000461130 in ?? () #4 0x00000000004a6f0f in ?? () #5 0x00000000004611e4 in ?? () #6 0x00007fad980337ea in g_main_dispatch (context=0x71de80) at gmain.c:3234 #7 g_main_context_dispatch (context=context@entry=0x71de80) at gmain.c:3899 #8 0x00007fad98033b68 in g_main_context_iterate (context=0x71de80, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3972 #9 0x00007fad98033e82 in g_main_loop_run (loop=0x722990) at gmain.c:4168 #10 0x000000000044f198 in ?? () #11 0x00007fad973e7661 in __libc_start_main (main=0x44ee3d, argc=3, argv=0x7fffffffeba8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffeb98) at ../csu/libc-start.c:295 #12 0x000000000040aeda in ?? () (gdb) x 0x0000000000493dc2 in ba2str () A syntax error in expression, near `in ba2str ()'. (gdb) x 0x0000000000493dc2 0x493dc2 <ba2str+20>: 0x0f00b60f (gdb) x/s 0x0000000000493dc2 0x493dc2 <ba2str+20>: "\017\266"
Strange, there does seems to be anything suspicious in the logs and crashing on ba2str is really weird since that is just converting the address to string and it doesn't seem we have freed either the adapter or the device address. Is there any way to run bluetoothd with valgrind?
(In reply to Luiz Von Dentz from comment #9) > Strange, there does seems to be anything suspicious in the logs and crashing > on ba2str is really weird since that is just converting the address to > string and it doesn't seem we have freed either the adapter or the device > address. > > Is there any way to run bluetoothd with valgrind? After many tries I can't reproduce this problem again, so maybe it was an old instance of bluetoothd running.