Re: bluez SEGV in current master

Luiz Augusto von Dentz <luiz.dentz@xxxxxxxxx> · Wed, 14 Jun 2023 09:25:58 -0700

Hi Joakim,

On Wed, Jun 14, 2023 at 5:36 AM Joakim Tjernlund
<Joakim.Tjernlund@xxxxxxxxxxxx> wrote:
>
> commit bap: Add broadcast source support, 3030883, in bluez.git
>
> A co-worker see this SEGV when connecting a headset:
>
> Jun 13 13:38:15 systemd-coredump[3941]: Process 1897 (bluetoothd) of user 0 dumped core.
>                                         Module bluetoothd without build-id.
>                                         #0  0x0000556bea93277a a2dp_resume_complete (bluetoothd + 0x3e77a)
>                                         #1  0x0000556bea9210a2 finalize_resume (bluetoothd + 0x2d0a2)
>                                         #2  0x0000556bea92afaf avdtp_start_resp (bluetoothd + 0x36faf)
>                                         #6  0x0000556bea9dcc85 mainloop_run (bluetoothd + 0xe8c85)
>                                         #7  0x0000556bea9dd0dc mainloop_run_with_signal (bluetoothd + 0xe90dc)
>                                         #8  0x0000556bea91a4ef main (bluetoothd + 0x264ef)
>                                         #11 0x0000556bea91ace1 _start (bluetoothd + 0x26ce1)
> Jun 13 13:38:15 systemd[1]: bluetooth.service: Main process exited, code=dumped, status=11/SEGV
>
>
> Crash seems to be at:
>
> 342     static void a2dp_resume_complete(struct avdtp *session, int err,
> 343                                                             void *user_data)
> 344     {
> 345             struct media_owner *owner = user_data;
> 346             struct media_request *req = owner->pending;
> 347             struct media_transport *transport = owner->transport;
> 348             struct a2dp_sep *sep = media_endpoint_get_sep(transport->endpoint);
>
> A good start(but does NOT fix the problem) might be:
>
> --- bluez-9999/profiles/audio/transport.c.org   2023-06-13 18:38:14.542137531 +0200
> +++ bluez-9999/profiles/audio/transport.c       2023-06-13 18:48:32.542527882 +0200
> @@ -345,7 +345,7 @@
>         struct media_owner *owner = user_data;
>         struct media_request *req = owner->pending;
>         struct media_transport *transport = owner->transport;
> -       struct a2dp_sep *sep = media_endpoint_get_sep(transport->endpoint);
> +       struct a2dp_sep *sep;
>         struct avdtp_stream *stream;
>         int fd;
>         uint16_t imtu, omtu;
> @@ -355,7 +355,10 @@
>
>         if (err)
>                 goto fail;
> +       if (!transport)
> +               goto fail;
>
> +       sep = media_endpoint_get_sep(transport->endpoint);
>         stream = a2dp_sep_get_stream(sep);
>         if (stream == NULL)
>                 goto fail;
>
> bluez-5.66 Works fine though.
>
> Headset: WH-1000XM3
>
>   Jocke

Weird, I don't think much has changed for A2DP, but perhaps there is
some BAP related changes affecting A2DP for some reason, any chance to
bisect the patch that introduces this problem? Or it is not always
reproducible?

-- 
Luiz Augusto von Dentz