On Wed, 2023-06-14 at 09:53 -0700, Luiz Augusto von Dentz wrote: > Hi Joakim, > > On Wed, Jun 14, 2023 at 9:32 AM Joakim Tjernlund > <Joakim.Tjernlund@xxxxxxxxxxxx> wrote: > > > > On Wed, 2023-06-14 at 09:25 -0700, Luiz Augusto von Dentz wrote: > > > Hi Joakim, > > > > > > On Wed, Jun 14, 2023 at 5:36 AM Joakim Tjernlund > > > <Joakim.Tjernlund@xxxxxxxxxxxx> wrote: > > > > > > > > commit bap: Add broadcast source support, 3030883, in bluez.git > > > > > > > > A co-worker see this SEGV when connecting a headset: > > > > > > > > Jun 13 13:38:15 systemd-coredump[3941]: Process 1897 (bluetoothd) of user 0 dumped core. > > > > Module bluetoothd without build-id. > > > > #0 0x0000556bea93277a a2dp_resume_complete (bluetoothd + 0x3e77a) > > > > #1 0x0000556bea9210a2 finalize_resume (bluetoothd + 0x2d0a2) > > > > #2 0x0000556bea92afaf avdtp_start_resp (bluetoothd + 0x36faf) > > > > #6 0x0000556bea9dcc85 mainloop_run (bluetoothd + 0xe8c85) > > > > #7 0x0000556bea9dd0dc mainloop_run_with_signal (bluetoothd + 0xe90dc) > > > > #8 0x0000556bea91a4ef main (bluetoothd + 0x264ef) > > > > #11 0x0000556bea91ace1 _start (bluetoothd + 0x26ce1) > > > > Jun 13 13:38:15 systemd[1]: bluetooth.service: Main process exited, code=dumped, status=11/SEGV > > > > > > > > > > > > Crash seems to be at: > > > > > > > > 342 static void a2dp_resume_complete(struct avdtp *session, int err, > > > > 343 void *user_data) > > > > 344 { > > > > 345 struct media_owner *owner = user_data; > > > > 346 struct media_request *req = owner->pending; > > > > 347 struct media_transport *transport = owner->transport; > > > > 348 struct a2dp_sep *sep = media_endpoint_get_sep(transport->endpoint); > > > > > > > > A good start(but does NOT fix the problem) might be: > > > > > > > > --- bluez-9999/profiles/audio/transport.c.org 2023-06-13 18:38:14.542137531 +0200 > > > > +++ bluez-9999/profiles/audio/transport.c 2023-06-13 18:48:32.542527882 +0200 > > > > @@ -345,7 +345,7 @@ > > > > struct media_owner *owner = user_data; > > > > struct media_request *req = owner->pending; > > > > struct media_transport *transport = owner->transport; > > > > - struct a2dp_sep *sep = media_endpoint_get_sep(transport->endpoint); > > > > + struct a2dp_sep *sep; > > > > struct avdtp_stream *stream; > > > > int fd; > > > > uint16_t imtu, omtu; > > > > @@ -355,7 +355,10 @@ > > > > > > > > if (err) > > > > goto fail; > > > > + if (!transport) > > > > + goto fail; > > > > > > > > + sep = media_endpoint_get_sep(transport->endpoint); > > > > stream = a2dp_sep_get_stream(sep); > > > > if (stream == NULL) > > > > goto fail; > > > > > > > > bluez-5.66 Works fine though. > > > > > > > > Headset: WH-1000XM3 > > > > > > > > Jocke > > > > > > Weird, I don't think much has changed for A2DP, but perhaps there is > > > some BAP related changes affecting A2DP for some reason, any chance to > > > bisect the patch that introduces this problem? Or it is not always > > > reproducible? > > > > It is reproducible but on an remote laptop used for daily work so would disturb quite a lot. > > Can I turn off BAP somehow to see if it is interfering ? > > > > Any chance it is related to https://github.com/bluez/bluez/issues/533 ? > > Right, yeah that is possible since it appears to be some unbalanced > reference count issue, that said that was a very old version, not sure > if we haven't fixed that. It is not fixed in unref code discussed in that issue on master Jocke