Hi Joakim,
On Wed, Jun 14, 2023 at 9:32 AM Joakim Tjernlund
<Joakim.Tjernlund@xxxxxxxxxxxx> wrote:
>
> On Wed, 2023-06-14 at 09:25 -0700, Luiz Augusto von Dentz wrote:
> > Hi Joakim,
> >
> > On Wed, Jun 14, 2023 at 5:36 AM Joakim Tjernlund
> > <Joakim.Tjernlund@xxxxxxxxxxxx> wrote:
> > >
> > > commit bap: Add broadcast source support, 3030883, in bluez.git
> > >
> > > A co-worker see this SEGV when connecting a headset:
> > >
> > > Jun 13 13:38:15 systemd-coredump[3941]: Process 1897 (bluetoothd) of user 0 dumped core.
> > > Module bluetoothd without build-id.
> > > #0 0x0000556bea93277a a2dp_resume_complete (bluetoothd + 0x3e77a)
> > > #1 0x0000556bea9210a2 finalize_resume (bluetoothd + 0x2d0a2)
> > > #2 0x0000556bea92afaf avdtp_start_resp (bluetoothd + 0x36faf)
> > > #6 0x0000556bea9dcc85 mainloop_run (bluetoothd + 0xe8c85)
> > > #7 0x0000556bea9dd0dc mainloop_run_with_signal (bluetoothd + 0xe90dc)
> > > #8 0x0000556bea91a4ef main (bluetoothd + 0x264ef)
> > > #11 0x0000556bea91ace1 _start (bluetoothd + 0x26ce1)
> > > Jun 13 13:38:15 systemd[1]: bluetooth.service: Main process exited, code=dumped, status=11/SEGV
> > >
> > >
> > > Crash seems to be at:
> > >
> > > 342 static void a2dp_resume_complete(struct avdtp *session, int err,
> > > 343 void *user_data)
> > > 344 {
> > > 345 struct media_owner *owner = user_data;
> > > 346 struct media_request *req = owner->pending;
> > > 347 struct media_transport *transport = owner->transport;
> > > 348 struct a2dp_sep *sep = media_endpoint_get_sep(transport->endpoint);
> > >
> > > A good start(but does NOT fix the problem) might be:
> > >
> > > --- bluez-9999/profiles/audio/transport.c.org 2023-06-13 18:38:14.542137531 +0200
> > > +++ bluez-9999/profiles/audio/transport.c 2023-06-13 18:48:32.542527882 +0200
> > > @@ -345,7 +345,7 @@
> > > struct media_owner *owner = user_data;
> > > struct media_request *req = owner->pending;
> > > struct media_transport *transport = owner->transport;
> > > - struct a2dp_sep *sep = media_endpoint_get_sep(transport->endpoint);
> > > + struct a2dp_sep *sep;
> > > struct avdtp_stream *stream;
> > > int fd;
> > > uint16_t imtu, omtu;
> > > @@ -355,7 +355,10 @@
> > >
> > > if (err)
> > > goto fail;
> > > + if (!transport)
> > > + goto fail;
> > >
> > > + sep = media_endpoint_get_sep(transport->endpoint);
> > > stream = a2dp_sep_get_stream(sep);
> > > if (stream == NULL)
> > > goto fail;
> > >
> > > bluez-5.66 Works fine though.
> > >
> > > Headset: WH-1000XM3
> > >
> > > Jocke
> >
> > Weird, I don't think much has changed for A2DP, but perhaps there is
> > some BAP related changes affecting A2DP for some reason, any chance to
> > bisect the patch that introduces this problem? Or it is not always
> > reproducible?
>
> It is reproducible but on an remote laptop used for daily work so would disturb quite a lot.
> Can I turn off BAP somehow to see if it is interfering ?
>
> Any chance it is related to https://github.com/bluez/bluez/issues/533 ?
Right, yeah that is possible since it appears to be some unbalanced
reference count issue, that said that was a very old version, not sure
if we haven't fixed that.
> Jocke
--
Luiz Augusto von Dentz
