[Pkg-bluetooth-maintainers] Bug#498170: bluez-audio: segfault in headset_cancel_stream

Timo Juhani Lindfors timo.lindfors at iki.fi
Sun Sep 7 19:22:53 UTC 2008


Package: bluez-audio
Version: 3.36-1
Severity: normal

Steps to reproduce:
0) (Optional) buy openmoko freerunner ;-)
1) cat >> .asoundrc <<EOF

pcm.bt {
 type bluetooth
 device "00:02:76:D0:D6:F9";
}
EOF

2) hcid -n -d
3) speaker-test -r 8000 -D bt
4) wait for a while

Expected results:
4) hcid continues to run

Actual results:
4) hcid segfaults.

More info:
1) Here's a complete transcript of what I see when I run hcid under GDB:

$ gdb --args hcid -n -d
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabi"...
(gdb) r
Starting program: /usr/sbin/hcid -n -d
hcid[16827]: Bluetooth HCI daemon
hcid[16827]: Enabling debug information
hcid[16827]: Parsing /etc/bluetooth/main.conf failed: No such file or directory
hcid[16827]: Starting SDP server
hcid[16827]: Adding rec : 0x2a062780
hcid[16827]: with handle : 0x1
hcid[16827]: Adding rec : 0x2a064890
hcid[16827]: with handle : 0x0
hcid[16827]: Service classes 0x00
hcid[16827]: Loading plugins /usr/lib/bluetooth/plugins
hcid[16827]: /usr/lib/bluetooth/plugins/audio.so
hcid[16827]: Unix socket created: 12
hcid[16827]: audio.conf: Key file does not have key 'Master'
hcid[16827]: Couldn't find record for : 0x10000
hcid[16827]: Adding record with handle 0x10000
hcid[16827]: Adding rec : 0x2a0664a0
hcid[16827]: with handle : 0x10000
hcid[16827]: Service classes 0x00
hcid[16827]: audio.conf: Key file does not have key 'SCORouting'
hcid[16827]: audio.conf: Key file does not have key 'Disable'
hcid[16827]: audio.conf: Key file does not have group 'A2DP'
hcid[16827]: audio.conf: Key file does not have group 'A2DP'
hcid[16827]: audio.conf: Key file does not have group 'A2DP'
hcid[16827]: audio.conf: Key file does not have group 'A2DP'
hcid[16827]: audio.conf: Key file does not have key 'Master'
hcid[16827]: SEP 0x2a066b48 registered: type:0 codec:0 seid:1
hcid[16827]: Couldn't find record for : 0x10001
hcid[16827]: Adding record with handle 0x10001
hcid[16827]: Adding rec : 0x2a064a70
hcid[16827]: with handle : 0x10001
hcid[16827]: Service classes 0x08
hcid[16827]: audio.conf: Key file does not have key 'Master'
hcid[16827]: Couldn't find record for : 0x10002
hcid[16827]: Adding record with handle 0x10002
hcid[16827]: Adding rec : 0x2a0670e8
hcid[16827]: with handle : 0x10002
hcid[16827]: Service classes 0x08
hcid[16827]: Couldn't find record for : 0x10003
hcid[16827]: Adding record with handle 0x10003
hcid[16827]: Adding rec : 0x2a066e20
hcid[16827]: with handle : 0x10003
hcid[16827]: Service classes 0x08
hcid[16827]: Registered manager path:/org/bluez/audio
hcid[16827]: Loading device 00:02:76:D0:D6:F9 (headset )
hcid[16827]: Selecting default device
hcid[16827]: name headset uuid 00001108-0000-1000-8000-00805F9B34FB
hcid[16827]: name headset uuid 0000111E-0000-1000-8000-00805F9B34FB
hcid[16827]: Registering service object: headset (/org/bluez/service_headset)
hcid[16827]: name sink uuid 0000110B-0000-1000-8000-00805F9B34FB
hcid[16827]: Registering service object: sink (/org/bluez/service_sink)
hcid[16827]: name audio uuid 00001108-0000-1000-8000-00805F9B34FB
hcid[16827]: name audio uuid 0000111E-0000-1000-8000-00805F9B34FB
hcid[16827]: name audio uuid 00001112-0000-1000-8000-00805F9B34FB
hcid[16827]: name audio uuid 0000111F-0000-1000-8000-00805F9B34FB
hcid[16827]: name audio uuid 0000110D-0000-1000-8000-00805F9B34FB
hcid[16827]: name audio uuid 0000110A-0000-1000-8000-00805F9B34FB
hcid[16827]: name audio uuid 0000110B-0000-1000-8000-00805F9B34FB
hcid[16827]: name audio uuid 0000110C-0000-1000-8000-00805F9B34FB
hcid[16827]: name audio uuid 0000110E-0000-1000-8000-00805F9B34FB
hcid[16827]: Registering service object: audio (/org/bluez/service_audio)
hcid[16827]: HCI dev 0 registered
hcid[16827]: HCI dev 0 already up
hcid[16827]: Device hci0 has been added
hcid[16827]: Starting security manager 0
hcid[16827]: Device hci0 has been activated
hcid[16827]: child 16830 exited
hcid[16827]: child 16831 exited
hcid[16827]: Accepted new client connection on unix socket (fd=16)
hcid[16827]: Audio API: received BT_GETCAPABILITIES_REQ
hcid[16827]: Audio API: sending BT_GETCAPABILITIES_RSP
hcid[16827]: Audio API: received BT_SETCONFIGURATION_REQ
hcid[16827]: config sco - device = 00:02:76:D0:D6:F9 access_mode = 2
hcid[16827]: State changed /org/bluez/audio/device0: HEADSET_STATE_DISCONNECTED -> HEADSET_STATE_CONNECT_IN_PROGRESS
hcid[16827]: /org/bluez/audio/device0: Connecting to 00:02:76:D0:D6:F9 channel 2
hcid[16827]: link_key_request (sba=00:06:6E:16:EB:C6, dba=00:02:76:D0:D6:F9)
hcid[16827]: kernel auth requirements = 0x00
hcid[16827]: stored link key type = 0x00
hcid[16827]: connect(): Connection timed out (110)
hcid[16827]: Audio API: sending BT_SETCONFIGURATION_RSP
hcid[16827]: State changed /org/bluez/audio/device0: HEADSET_STATE_CONNECT_IN_PROGRESS -> HEADSET_STATE_DISCONNECTED
hcid[16827]: Audio API: received BT_STREAMSTART_REQ
hcid[16827]: Audio API: sending BT_STREAMSTART_RSP
hcid[16827]: Audio API: sending BT_STREAMFD_IND
hcid[16827]: unix_sendmsg_fd: Bad file descriptor(9)
hcid[16827]: resume failed
hcid[16827]: Audio API: sending BT_STREAMSTART_RSP
hcid[16827]: Unix client disconnected (fd=16)
hcid[16827]: Accepted new client connection on unix socket (fd=16)
hcid[16827]: Audio API: received BT_GETCAPABILITIES_REQ
hcid[16827]: Audio API: sending BT_GETCAPABILITIES_RSP
hcid[16827]: Audio API: received BT_SETCONFIGURATION_REQ
hcid[16827]: config sco - device = 00:02:76:D0:D6:F9 access_mode = 2
hcid[16827]: /org/bluez/audio/device0: Connecting to 00:02:76:D0:D6:F9 channel 2
hcid[16827]: State changed /org/bluez/audio/device0: HEADSET_STATE_DISCONNECTED -> HEADSET_STATE_CONNECT_IN_PROGRESS
hcid[16827]: link_key_request (sba=00:06:6E:16:EB:C6, dba=00:02:76:D0:D6:F9)
hcid[16827]: kernel auth requirements = 0x00
hcid[16827]: stored link key type = 0x00
hcid[16827]: Unix client disconnected (fd=16)
hcid[16827]: State changed /org/bluez/audio/device0: HEADSET_STATE_CONNECT_IN_PROGRESS -> HEADSET_STATE_DISCONNECTED
hcid[16827]: Default passkey agent (:1.47, /org/bluez/passkey_agent_16837) registered
hcid[16827]: Accepted new client connection on unix socket (fd=16)
hcid[16827]: Audio API: received BT_GETCAPABILITIES_REQ
hcid[16827]: Audio API: sending BT_GETCAPABILITIES_RSP
hcid[16827]: Audio API: received BT_SETCONFIGURATION_REQ
hcid[16827]: config sco - device = 00:02:76:D0:D6:F9 access_mode = 2
hcid[16827]: /org/bluez/audio/device0: Connecting to 00:02:76:D0:D6:F9 channel 2
hcid[16827]: State changed /org/bluez/audio/device0: HEADSET_STATE_DISCONNECTED -> HEADSET_STATE_CONNECT_IN_PROGRESS
hcid[16827]: Unix client disconnected (fd=16)
hcid[16827]: State changed /org/bluez/audio/device0: HEADSET_STATE_CONNECT_IN_PROGRESS -> HEADSET_STATE_DISCONNECTED
hcid[16827]: connect(): Connection timed out (110)

Program received signal SIGSEGV, Segmentation fault.
0x402e7a00 in ?? ()
(gdb) x/4i $pc
0x402e7a00:	ldr	r3, [r3]
0x402e7a04:	cmp	r3, #0	; 0x0
0x402e7a08:	beq	0x402e7a30
0x402e7a0c:	ldr	r3, [r11, #-28]
(gdb) p $r3
$1 = 0
(gdb) bt
#0  0x402e7a00 in ?? ()
(gdb) shell pidof hcid
16827
(gdb) shell cat /proc/16827/maps
2a000000-2a058000 r-xp 00000000 b3:02 201792     /usr/sbin/hcid
2a058000-2a05a000 rw-p 00058000 b3:02 201792     /usr/sbin/hcid
2a05a000-2a07c000 rwxp 2a05a000 00:00 0          [heap]
40000000-4001d000 r-xp 00000000 b3:02 170915     /lib/ld-2.7.so
4001d000-40021000 rw-p 4001d000 00:00 0 
40024000-40026000 rw-p 0001c000 b3:02 170915     /lib/ld-2.7.so
40026000-4002d000 r--s 00000000 b3:02 127204     /usr/lib/gconv/gconv-modules.cache
4002e000-40031000 r-xp 00000000 b3:02 129404     /usr/lib/libgmodule-2.0.so.0.1600.5
40031000-40038000 ---p 00003000 b3:02 129404     /usr/lib/libgmodule-2.0.so.0.1600.5
40038000-40039000 rw-p 00002000 b3:02 129404     /usr/lib/libgmodule-2.0.so.0.1600.5
40039000-4003b000 r-xp 00000000 b3:02 170912     /lib/libdl-2.7.so
4003b000-40042000 ---p 00002000 b3:02 170912     /lib/libdl-2.7.so
40042000-40043000 r--p 00001000 b3:02 170912     /lib/libdl-2.7.so
40043000-40044000 rw-p 00002000 b3:02 170912     /lib/libdl-2.7.so
40044000-400f8000 r-xp 00000000 b3:02 129401     /usr/lib/libglib-2.0.so.0.1600.5
400f8000-40100000 ---p 000b4000 b3:02 129401     /usr/lib/libglib-2.0.so.0.1600.5
40100000-40101000 rw-p 000b4000 b3:02 129401     /usr/lib/libglib-2.0.so.0.1600.5
40101000-40134000 r-xp 00000000 b3:02 129271     /usr/lib/libdbus-1.so.3.4.0
40134000-4013b000 ---p 00033000 b3:02 129271     /usr/lib/libdbus-1.so.3.4.0
4013b000-4013c000 r--p 00032000 b3:02 129271     /usr/lib/libdbus-1.so.3.4.0
4013c000-4013d000 rw-p 00033000 b3:02 129271     /usr/lib/libdbus-1.so.3.4.0
4013d000-4014f000 r-xp 00000000 b3:02 125573     /usr/lib/libbluetooth.so.2.11.2
4014f000-40157000 ---p 00012000 b3:02 125573     /usr/lib/libbluetooth.so.2.11.2
40157000-40158000 rw-p 00012000 b3:02 125573     /usr/lib/libbluetooth.so.2.11.2
40158000-40272000 r-xp 00000000 b3:02 170925     /lib/libc-2.7.so
40272000-40279000 ---p 0011a000 b3:02 170925     /lib/libc-2.7.so
40279000-4027a000 r--p 00119000 b3:02 170925     /lib/libc-2.7.so
4027a000-4027c000 rw-p 0011a000 b3:02 170925     /lib/libc-2.7.so
4027c000-4027f000 rw-p 4027c000 00:00 0 
4027f000-40295000 r-xp 00000000 b3:02 170735     /lib/libselinux.so.1
40295000-4029c000 ---p 00016000 b3:02 170735     /lib/libselinux.so.1
4029c000-4029d000 r--p 00015000 b3:02 170735     /lib/libselinux.so.1
4029d000-4029e000 rw-p 00016000 b3:02 170735     /lib/libselinux.so.1
4029e000-402c1000 r-xp 00000000 b3:02 128510     /usr/lib/libpcre.so.3.12.1
402c1000-402c9000 ---p 00023000 b3:02 128510     /usr/lib/libpcre.so.3.12.1
402c9000-402ca000 rw-p 00023000 b3:02 128510     /usr/lib/libpcre.so.3.12.1
402ca000-402d6000 r-xp 00000000 b3:02 170722     /lib/libgcc_s.so.1
402d6000-402dd000 ---p 0000c000 b3:02 170722     /lib/libgcc_s.so.1
402dd000-402de000 rw-p 0000b000 b3:02 170722     /lib/libgcc_s.so.1
402de000-40303000 r-xp 00000000 b3:02 175205     /usr/lib/bluetooth/plugins/audio.so
40303000-4030b000 ---p 00025000 b3:02 175205     /usr/lib/bluetooth/plugins/audio.so
4030b000-4030c000 rw-p 00025000 b3:02 175205     /usr/lib/bluetooth/plugins/audio.so
bedc1000-bedd6000 rw-p befeb000 00:00 0          [stack]
(gdb) add-symbol-file /usr/lib/bluetooth/plugins/audio.so 0x402de000
add symbol table from file "/usr/lib/bluetooth/plugins/audio.so" at
	.text_addr = 0x402de000
(y or n) y
Reading symbols from /usr/lib/bluetooth/plugins/audio.so...done.
(gdb) bt
#0  0x402e7a00 in headset_cancel_stream (dev=0x5, id=0) at headset.c:1671
#1  0x2a049610 in ?? ()
(gdb) l
786		struct sockaddr_hci addr;
787		struct hci_filter flt;
788		struct sigaction sa;
789		GIOChannel *ctl_io, *child_io;
790		uint16_t mtu = 0;
791		int opt, daemonize = 1, debug = 0, sdp = 1, experimental = 0;
792		GKeyFile *config;
793	
794		/* Default HCId settings */
795		memset(&hcid, 0, sizeof(hcid));
(gdb) l 1671
Line number 1666 out of range; main.c has 971 lines.
(gdb) l headset.c:1671
1666		g_free(cb);
1667	
1668		if (p->callbacks || p->msg)
1669			return TRUE;
1670	
1671		pending_connect_finalize(dev);
1672	
1673		if (hs->auto_dc) {
1674			if (hs->rfcomm)
1675				hs->dc_timer = g_timeout_add(DC_TIMEOUT,
(gdb) up
#1  0x2a049610 in ?? ()
(gdb) down
#0  0x402e7a00 in headset_cancel_stream (dev=0x5, id=0) at headset.c:1671
1671		pending_connect_finalize(dev);
(gdb) p dev
$2 = (struct audio_device *) 0x5





More information about the Pkg-bluetooth-maintainers mailing list