[Pkg-bluetooth-maintainers] Bug#586364: bluez: bluetoothd segfaults when used with alsa
Stuart Pook
Debian52 at pook.it
Fri Jun 18 20:09:49 UTC 2010
Package: bluez
Version: 4.63-2
Severity: important
bluetoothd gets a Segmentation fault as soon as I try to use a bluetooth headset.
Connecting to a phone to synchronize works,
Everything worked well until I did an "apt-get upgrade".
:; sudo valgrind --log-file=/tmp/log bluetoothd -dn
bluetoothd[25713]: Bluetooth daemon 4.63
bluetoothd[25713]: Enabling debug information
bluetoothd[25713]: parsing main.conf
bluetoothd[25713]: discovto=0
bluetoothd[25713]: pairto=0
bluetoothd[25713]: pageto=8192
bluetoothd[25713]: name=%h-%d
bluetoothd[25713]: class=0x000100
bluetoothd[25713]: discov_interval=0
bluetoothd[25713]: Key file does not have key 'DeviceID'
bluetoothd[25713]: Starting SDP server
bluetoothd[25713]: Loading builtin plugins
bluetoothd[25713]: Loading audio plugin
bluetoothd[25713]: Loading hciops plugin
bluetoothd[25713]: Loading plugins /usr/lib/bluetooth/plugins
bluetoothd[25713]: Unix socket created: 8
bluetoothd[25713]: audio.conf: Key file does not have key 'AutoConnect'
bluetoothd[25713]: Telephony plugin initialized
bluetoothd[25713]: HFP AG features: "Ability to reject a call" "Enhanced call status" "Extended Error Result Codes"
bluetoothd[25713]: HCI dev 0 registered
bluetoothd[25713]: child 25716 forked
bluetoothd[25713]: btd_adapter_ref(0x61654a0): ref=1
bluetoothd[25713]: HCI dev 0 up
bluetoothd[25713]: Starting security manager 0
bluetoothd[25713]: Changing Major/Minor class to 0x000104
bluetoothd[25713]: Stopping Inquiry at adapter startup
bluetoothd[25713]: headset_server_probe: path /org/bluez/25713/hci0
bluetoothd[25713]: btd_adapter_ref(0x61654a0): ref=2
bluetoothd[25713]: audio_adapter_ref(0x61738f0): ref=1
bluetoothd[25713]: audio.conf: Key file does not have key 'Master'
bluetoothd[25713]: Adding record with handle 0x10000
bluetoothd[25713]: Record pattern UUID 00000003-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001108-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001112-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001203-0000-1000-8000-00805f9
bluetoothd[25713]: audio.conf: Key file does not have key 'SCORouting'
bluetoothd[25713]: Adding record with handle 0x10001
bluetoothd[25713]: Record pattern UUID 00000003-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000111e-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000111f-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001203-0000-1000-8000-00805f9
bluetoothd[25713]: a2dp_server_probe: path /org/bluez/25713/hci0
bluetoothd[25713]: audio_adapter_ref(0x61738f0): ref=2
bluetoothd[25713]: audio.conf: Key file does not have key 'Enable'
bluetoothd[25713]: audio.conf: Key file does not have key 'Disable'
bluetoothd[25713]: audio.conf: Key file does not have group 'A2DP'
bluetoothd[25713]: audio.conf: Key file does not have group 'A2DP'
bluetoothd[25713]: audio.conf: Key file does not have group 'A2DP'
bluetoothd[25713]: audio.conf: Key file does not have group 'A2DP'
bluetoothd[25713]: audio.conf: Key file does not have key 'Master'
bluetoothd[25713]: SEP 0x61b3ba0 registered: type:0 codec:0 seid:1
bluetoothd[25713]: Adding record with handle 0x10002
bluetoothd[25713]: Record pattern UUID 00000019-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000110a-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000110d-0000-1000-8000-00805f9
bluetoothd[25713]: avrcp_server_probe: path /org/bluez/25713/hci0
bluetoothd[25713]: audio_adapter_ref(0x61738f0): ref=3
bluetoothd[25713]: audio.conf: Key file does not have key 'Master'
bluetoothd[25713]: Adding record with handle 0x10003
bluetoothd[25713]: Record pattern UUID 00000017-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000110c-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000110e-0000-1000-8000-00805f9
bluetoothd[25713]: Adding record with handle 0x10004
bluetoothd[25713]: Record pattern UUID 00000017-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000110e-0000-1000-8000-00805f9
bluetoothd[25713]: Creating device /org/bluez/25713/hci0/dev_00_xx_45_xx_49_98
bluetoothd[25713]: btd_device_ref(0x61e6ea0): ref=1
bluetoothd[25713]: Probe drivers for /org/bluez/25713/hci0/dev_00_xx_45_xx_49_98
bluetoothd[25713]: adapter_get_device(00:xx:45:xx:49:98)
bluetoothd[25713]: btd_device_ref(0x61e6ea0): ref=2
bluetoothd[25713]: Registered interface org.bluez.Audio on path /org/bluez/25713/hci0/dev_00_xx_45_xx_49_98
bluetoothd[25713]: Found Headset record
bluetoothd[25713]: Registered interface org.bluez.Headset on path /org/bluez/25713/hci0/dev_00_xx_45_xx_49_98
bluetoothd[25713]: Found Handsfree record
bluetoothd[25713]: Creating device /org/bluez/25713/hci0/dev_00_17_xx_xx_xx_70
bluetoothd[25713]: btd_device_ref(0x6205040): ref=1
bluetoothd[25713]: Probe drivers for /org/bluez/25713/hci0/dev_00_17_xx_xx_xx_70
bluetoothd[25713]: adapter_get_device(00:17:xx:xx:xx:70)
bluetoothd[25713]: btd_device_ref(0x6205040): ref=2
bluetoothd[25713]: Registered interface org.bluez.Audio on path /org/bluez/25713/hci0/dev_00_17_xx_xx_xx_70
bluetoothd[25713]: audio handle_uuid: server not enabled for 00001112-0000-1000-8000-00805f9b34fb (0x1112)
bluetoothd[25713]: audio handle_uuid: server not enabled for 0000111f-0000-1000-8000-00805f9b34fb (0x111f)
bluetoothd[25713]: Found AV Target
bluetoothd[25713]: Registered interface org.bluez.Control on path /org/bluez/25713/hci0/dev_00_17_xx_xx_xx_70
bluetoothd[25713]: Found AV Target
bluetoothd[25713]: Creating device /org/bluez/25713/hci0/dev_00_19_xx_DB_xx_xx
bluetoothd[25713]: btd_device_ref(0x6253440): ref=1
bluetoothd[25713]: Probe drivers for /org/bluez/25713/hci0/dev_00_19_xx_DB_xx_xx
bluetoothd[25713]: adapter_get_device(00:19:xx:DB:xx:xx)
bluetoothd[25713]: btd_device_ref(0x6253440): ref=2
bluetoothd[25713]: Registered interface org.bluez.Audio on path /org/bluez/25713/hci0/dev_00_19_xx_DB_xx_xx
bluetoothd[25713]: Found Headset record
bluetoothd[25713]: Registered interface org.bluez.Headset on path /org/bluez/25713/hci0/dev_00_19_xx_DB_xx_xx
bluetoothd[25713]: Found Handsfree record
bluetoothd[25713]: Adapter /org/bluez/25713/hci0 has been enabled
bluetoothd[25713]: Entering main loop
bluetoothd[25713]: inquiry respone tx power level is 0
bluetoothd[25713]: Inquiry Failed with status 0x12
bluetoothd[25713]: child 25716 exited
bluetoothd[25713]: RFKILL event idx 3 type 2 op 0 soft 0 hard 0
bluetoothd[25713]: adapter_get_device(00:17:xx:xx:xx:70)
bluetoothd[25713]: link_key_request (sba=xx:xx:xx:xx:94:xx, dba=00:17:xx:xx:xx:70)
bluetoothd[25713]: kernel auth requirements = 0x00
bluetoothd[25713]: stored link key type = 0x06
bluetoothd[25713]: adapter_get_device(00:17:xx:xx:xx:70)
bluetoothd[25713]: link_key_request (sba=xx:xx:xx:xx:94:xx, dba=00:17:xx:xx:xx:70)
bluetoothd[25713]: kernel auth requirements = 0x00
bluetoothd[25713]: stored link key type = 0x06
bluetoothd[25713]: adapter_get_device(00:17:xx:xx:xx:70)
bluetoothd[25713]: link_key_request (sba=xx:xx:xx:xx:94:xx, dba=00:17:xx:xx:xx:70)
bluetoothd[25713]: kernel auth requirements = 0x00
bluetoothd[25713]: stored link key type = 0x06
bluetoothd[25713]: Accepted new client connection on unix socket (fd=19)
bluetoothd[25713]: Audio API: BT_REQUEST <- BT_GET_CAPABILITIES
Segmentation fault
The segfault arrives as soon as I run aplay:
:; aplay -vv -d 10 -D JX10 /home/stuart/ws/music_test/test-test-8000-mono.wav
ALSA lib audio/pcm_bluetooth.c:1566:(audioservice_recv) Too short (0 bytes) IPC packet from bluetoothd
aplay: main:654: audio open error: Invalid argument
Valgrind gives lots of messages such as
==25713== Conditional jump or move depends on uninitialised value(s)
==25713== at 0x4016236: index (strchr.S:56)
==25713== by 0x4007164: expand_dynamic_string_token (dl-load.c:324)
==25713== by 0x4007567: _dl_map_object (dl-load.c:2173)
==25713== by 0x400186A: map_doit (rtld.c:634)
==25713== by 0x400D5C5: _dl_catch_error (dl-error.c:178)
==25713== by 0x400176E: do_preload (rtld.c:818)
==25713== by 0x40043F1: dl_main (rtld.c:1678)
==25713== by 0x4014776: _dl_sysdep_start (dl-sysdep.c:243)
==25713== by 0x4001422: _dl_start (rtld.c:338)
==25713== by 0x4000AF7: ??? (in /lib/ld-2.11.2.so)
==25713== by 0x1: ???
==25713== by 0x7FF000D22: ???
==25713== Invalid read of size 8
==25713== at 0x5C01B92: __GI_strlen (strlen.S:31)
==25713== by 0x50A0D71: g_strdup (gstrfuncs.c:101)
==25713== by 0x50B366C: g_set_prgname (gutils.c:1981)
==25713== by 0x508FE6F: g_option_context_parse (goption.c:1708)
==25713== by 0x13A4B0: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713== Address 0x61172b8 is 8 bytes inside a block of size 11 alloc'd
==25713== at 0x4C241A7: malloc (vg_replace_malloc.c:195)
==25713== by 0x5089504: g_malloc (gmem.c:132)
==25713== by 0x50B5190: g_path_get_basename (gutils.c:781)
==25713== by 0x508FE64: g_option_context_parse (goption.c:1707)
==25713== by 0x13A4B0: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713== Invalid read of size 8
==25713== at 0x5C00173: __GI_strcmp (strcmp.S:102)
==25713== by 0x5C182D6: __tzstring (tzset.c:102)
==25713== by 0x5C19EA2: __tzfile_read (tzfile.c:430)
==25713== by 0x5C18B47: tzset_internal (tzset.c:439)
==25713== by 0x5C18C68: __tz_convert (tzset.c:624)
==25713== by 0x5C5117C: __vsyslog_chk (syslog.c:201)
==25713== by 0x13ADA7: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x13A505: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713== Address 0x6119018 is 4 bytes after a block of size 20 alloc'd
==25713== at 0x4C241A7: malloc (vg_replace_malloc.c:195)
==25713== by 0x5C182F1: __tzstring (tzset.c:107)
==25713== by 0x5C19EA2: __tzfile_read (tzfile.c:430)
==25713== by 0x5C18B47: tzset_internal (tzset.c:439)
==25713== by 0x5C18C68: __tz_convert (tzset.c:624)
==25713== by 0x5C5117C: __vsyslog_chk (syslog.c:201)
==25713== by 0x13ADA7: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x13A505: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713== Conditional jump or move depends on uninitialised value(s)
==25713== at 0x534784A: ??? (in /lib/libdbus-1.so.3.4.0)
==25713== by 0x5347919: ??? (in /lib/libdbus-1.so.3.4.0)
==25713== by 0x534622A: ??? (in /lib/libdbus-1.so.3.4.0)
==25713== by 0x5346479: ??? (in /lib/libdbus-1.so.3.4.0)
==25713== by 0x5333820: ??? (in /lib/libdbus-1.so.3.4.0)
==25713== by 0x5331D39: ??? (in /lib/libdbus-1.so.3.4.0)
==25713== by 0x5331F0F: ??? (in /lib/libdbus-1.so.3.4.0)
==25713== by 0x53378D4: ??? (in /lib/libdbus-1.so.3.4.0)
==25713== by 0x53380D7: dbus_message_iter_append_basic (in /lib/libdbus-1.so.3.4.0)
==25713== by 0x5339F08: dbus_message_new_error (in /lib/libdbus-1.so.3.4.0)
==25713== by 0x533C46D: ??? (in /lib/libdbus-1.so.3.4.0)
==25713== by 0x532EC10: dbus_connection_send_with_reply (in /lib/libdbus-1.so.3.4.0)
==25713== Invalid read of size 8
==25713== at 0x5C937D4: __strcmp_ssse3 (strcmp.S:586)
==25713== by 0x50A45E8: g_str_equal (gstring.c:116)
==25713== by 0x14623C: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x146397: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x13A924: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713== Address 0x6142338 is 0 bytes after a block of size 8 alloc'd
==25713== at 0x4C241A7: malloc (vg_replace_malloc.c:195)
==25713== by 0x5089504: g_malloc (gmem.c:132)
==25713== by 0x50A2948: g_strndup (gstrfuncs.c:155)
==25713== by 0x507AAC1: g_key_file_parse_value_as_string (gkeyfile.c:3609)
==25713== by 0x507B358: g_key_file_get_string_list (gkeyfile.c:1556)
==25713== by 0x146354: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x13A924: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713==
==25713== Invalid read of size 4
==25713== at 0x119DC8: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x12BF05: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x12DB77: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x50806C1: g_main_context_dispatch (gmain.c:1960)
==25713== by 0x5084537: g_main_context_iterate (gmain.c:2591)
==25713== by 0x5084A44: g_main_loop_run (gmain.c:2799)
==25713== by 0x13A960: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713== Address 0x41c is not stack'd, malloc'd or (recently) free'd
==25713==
==25713==
==25713== Process terminating with default action of signal 11 (SIGSEGV)
==25713== Access not within mapped region at address 0x41C
==25713== at 0x119DC8: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x12BF05: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x12DB77: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x50806C1: g_main_context_dispatch (gmain.c:1960)
==25713== by 0x5084537: g_main_context_iterate (gmain.c:2591)
==25713== by 0x5084A44: g_main_loop_run (gmain.c:2799)
==25713== by 0x13A960: ??? (in /usr/sbin/bluetoothd)
==25713== by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713== If you believe this happened as a result of a stack
==25713== overflow in your program's main thread (unlikely but
==25713== possible), you can try to increase the size of the
==25713== main thread stack using the --main-stacksize= flag.
==25713== The main thread stack size used in this run was 8388608.
It would perhaps be usefull to a have a debug version of bluez.
regards
Stuart (http://www.pook.it/)
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages bluez depends on:
ii dbus 1.2.24-1 simple interprocess messaging syst
ii libbluetooth3 4.63-2 Library to use the BlueZ Linux Blu
ii libc6 2.11.2-1 Embedded GNU C Library: Shared lib
ii libdbus-1-3 1.2.24-1 simple interprocess messaging syst
ii libglib2.0-0 2.24.1-1 The GLib library of C routines
ii libnl1 1.1-5 library for dealing with netlink s
ii libusb-0.1-4 2:0.1.12-15 userspace USB programming library
ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip
ii makedev 2.3.1-89 creates device files in /dev
ii module-init-tools 3.12~pre2-3 tools for managing Linux kernel mo
ii udev 157-1 /dev/ and hotplug management daemo
bluez recommends no packages.
Versions of packages bluez suggests:
ii python-dbus 0.83.1-1 simple interprocess messaging syst
ii python-gobject 2.21.1-2 Python bindings for the GObject li
-- Configuration Files:
/etc/bluetooth/main.conf changed:
[General]
DisablePlugins = network,input,serial,netlink,service,storage,hal
Name = %h-%d
Class = 0x000100
DiscoverableTimeout = 0
PairableTimeout = 0
PageTimeout = 8192
DiscoverSchedulerInterval = 0
InitiallyPowered = true
RememberPowered = true
ReverseServiceDiscovery = true
NameResolving = true
-- debconf-show failed
More information about the Pkg-bluetooth-maintainers
mailing list