Bluetoothd crashes while deactivation when a headset is connected

SYAM SIDHARDHAN <s.syam@xxxxxxxxxxx> · Fri, 16 Mar 2012 13:10:50 +0000 (GMT)

Hi,

While testing bluez 4.98 release code on an arm platform I have faced
a bluetoothd crash during deactivation of the bluetooth module,
when a headset is connected. I tried to reproduce it, but failed. 

Similar crash has been once found with bluetoothd while file transfer(obexd)
is in progress and bluetooth deactivated.
The gdb bt shows that it happens at the gdbus/object.c - invalidate_parent_data().

The gdb bt callstack is shown below:
====================================
(gdb) bt
#0  invalidate_parent_data (conn=0x403d9cf8, child_path=<value optimized out>) at gdbus/object.c:495
#1  0x400122fc in invalidate_parent_data (conn=0x403d9cf8, child_path=<value optimized out>) at gdbus/object.c:490
#2  0x4001248c in object_path_unref (connection=0x403d9cf8, path=0x403da1c0 "/org/bluez/2969/hci0/dev_00_02_20_00_06_52")
    at gdbus/object.c:597
#3  0x40012c7c in g_dbus_unregister_interface (connection=0x403d9cf8, path=0x403da1c0 "/org/bluez/2969/hci0/dev_00_02_20_00_06_52", 
    name=0x4009d0bc "org.bluez.Device") at gdbus/object.c:729
#4  0x40078038 in btd_device_unref (device=<value optimized out>) at src/device.c:2809
#5  0x40079558 in device_remove (device=0x403e2900, remove_stored=<value optimized out>) at src/device.c:1143
#6  0x400728a4 in adapter_remove (adapter=0x403df2e0) at src/adapter.c:2436
#7  0x4006e9c8 in manager_remove_adapter (id=<value optimized out>) at src/manager.c:293
#8  btd_manager_unregister_adapter (id=<value optimized out>) at src/manager.c:434
#9  0x4004a6ec in device_event (event=<value optimized out>, index=0) at plugins/hciops.c:2774
#10 0x4004a88c in io_stack_event (chan=<value optimized out>, cond=<value optimized out>, data=<value optimized out>)
    at plugins/hciops.c:2895
#11 0x4021469c in g_io_unix_dispatch (source=<value optimized out>, callback=0x4004a7fc <io_stack_event>, user_data=0x0)
    at /home/fullbuild-sbs/fullbuild/gitsrc/glib2.0/glib/giounix.c:166
#12 0x401cc124 in g_main_dispatch (context=0x403d5f60) at /home/fullbuild-sbs/fullbuild/gitsrc/glib2.0/glib/gmain.c:2440
#13 g_main_context_dispatch (context=0x403d5f60) at /home/fullbuild-sbs/fullbuild/gitsrc/glib2.0/glib/gmain.c:3013
#14 0x401cc834 in g_main_context_iterate (context=0x403d5f60, block=1077763936, dispatch=740, self=<value optimized out>)
    at /home/fullbuild-sbs/fullbuild/gitsrc/glib2.0/glib/gmain.c:3091
#15 0x401ccf2c in g_main_loop_run (loop=0x403d5100) at /home/fullbuild-sbs/fullbuild/gitsrc/glib2.0/glib/gmain.c:3299
#16 0x4005fbb4 in main (argc=1, argv=0x400b3dac) at src/main.c:539

The bluetoothd log is shown below:
==================================
bluetoothd[2707]: audio/sink.c:sink_set_state() State changed /org/bluez/2707/hci0/dev_00_1D_25_BA_4A_93: SINK_STATE_CONNECTED -> SINK_STATE_PLAYING
bluetoothd[2707]: audio/unix.c:client_cb() Audio API: BT_REQUEST <- BT_STOP_STREAM
bluetoothd[2707]: audio/avdtp.c:avdtp_ref() 0x40456e80: ref=4
bluetoothd[2707]: audio/a2dp.c:setup_ref() 0x40450378: ref=1
bluetoothd[2707]: audio/avdtp.c:session_cb() 
bluetoothd[2707]: audio/avdtp.c:avdtp_parse_resp() SUSPEND request succeeded
bluetoothd[2707]: audio/avdtp.c:avdtp_sep_set_state() stream state changed: STREAMING -> OPEN
bluetoothd[2707]: audio/sink.c:sink_set_state() State changed /org/bluez/2707/hci0/dev_00_1D_25_BA_4A_93: SINK_STATE_PLAYING -> SINK_STATE_CONNECTED
bluetoothd[2707]: audio/a2dp.c:suspend_cfm() Source 0x40449048: Suspend_Cfm
bluetoothd[2707]: audio/unix.c:unix_ipc_sendmsg() Audio API: BT_RESPONSE -> BT_STOP_STREAM
bluetoothd[2707]: audio/a2dp.c:setup_unref() 0x40450378: ref=0
bluetoothd[2707]: audio/a2dp.c:setup_free() 0x40450378
bluetoothd[2707]: audio/avdtp.c:avdtp_unref() 0x40456e80: ref=3
bluetoothd[2707]: gdbus/object.c:generic_message() /: org.bluez.Manager.DefaultAdapter()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.GetProperties()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.ListDevices()
bluetoothd[2707]: gdbus/object.c:generic_message() /: org.bluez.Manager.DefaultAdapter()
bluetoothd[2707]: gdbus/object.c:generic_message() /: org.bluez.Manager.DefaultAdapter()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.GetProperties()
bluetoothd[2707]: gdbus/object.c:generic_message() /: org.bluez.Manager.DefaultAdapter()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.GetProperties()
bluetoothd[2707]: gdbus/object.c:generic_message() /: org.bluez.Manager.DefaultAdapter()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.GetProperties()
bluetoothd[2707]: gdbus/object.c:generic_message() /: org.bluez.Manager.DefaultAdapter()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.ListDevices()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0/dev_00_02_20_00_06_52: org.bluez.Device.GetProperties()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0/dev_00_1D_25_BA_4A_93: org.bluez.Device.GetProperties()
bluetoothd[2707]: gdbus/object.c:generic_message() /: org.bluez.Manager.DefaultAdapter()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.FindDevice()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0/dev_00_1D_25_BA_4A_93: org.bluez.Headset.GetProperties()
bluetoothd[2707]: gdbus/object.c:generic_message() /: org.bluez.Manager.DefaultAdapter()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.FindDevice()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0/dev_00_1D_25_BA_4A_93: org.bluez.AudioSink.GetProperties()
bluetoothd[2707]: gdbus/object.c:generic_message() /: org.bluez.Manager.DefaultAdapter()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.GetProperties()
bluetoothd[2707]: gdbus/object.c:generic_message() /: org.bluez.Manager.DefaultAdapter()
bluetoothd[2707]: audio/avctp.c:session_cb() AVCTP session 0x40451850 got disconnected
bluetoothd[2707]: audio/avctp.c:avctp_set_state() AVCTP Disconnected
bluetoothd[2707]: audio/avctp.c:avctp_disconnected() AVCTP: closing uinput for 00:1D:25:BA:4A:93
bluetoothd[2707]: audio/avdtp.c:avdtp_sep_set_state() stream state changed: OPEN -> IDLE
bluetoothd[2707]: audio/avdtp.c:avdtp_unref() 0x40456e80: ref=2
bluetoothd[2707]: audio/a2dp.c:a2dp_sep_unlock() SEP 0x40449048 unlocked
bluetoothd[2707]: audio/avdtp.c:avdtp_unref() 0x40456e80: ref=1

bluetoothd[2707]: HCI dev 0 down
bluetoothd[2707]: plugins/hciops.c:hciops_stop_discovery() index 0
bluetoothd[2707]: src/adapter.c:adapter_remove_connection() 
bluetoothd[2707]: audio/manager.c:state_changed() /org/bluez/2707/hci0 powered off
bluetoothd[2707]: audio/telephony.c:telephony_exit() 
bluetoothd[2707]: audio/headset.c:telephony_deinit() Telephony deinitialized
bluetoothd[2707]: Adapter /org/bluez/2707/hci0 has been disabled
bluetoothd[2707]: src/adapter.c:set_mode_complete() 
bluetoothd[2707]: audio/headset.c:rfcomm_io_cb() ERR or HUP on RFCOMM socket
bluetoothd[2707]: audio/telephony.c:telephony_device_disconnected() telephony-samsung: device 0x4044fe70 disconnected
bluetoothd[2707]: audio/headset.c:headset_set_state() State changed /org/bluez/2707/hci0/dev_00_1D_25_BA_4A_93: HEADSET_STATE_CONNECTED -> HEADSET_STATE_DISCONNECTED
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.SetProperty()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.SetProperty()
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.SetProperty()
bluetoothd[2707]: audio/avdtp.c:session_cb() 
bluetoothd[2707]: audio/avdtp.c:connection_lost() Disconnected from 00:1D:25:BA:4A:93
bluetoothd[2707]: audio/sink.c:sink_set_state() State changed /org/bluez/2707/hci0/dev_00_1D_25_BA_4A_93: SINK_STATE_CONNECTED -> SINK_STATE_DISCONNECTED
bluetoothd[2707]: audio/avdtp.c:avdtp_unref() 0x40456e80: ref=0
bluetoothd[2707]: audio/avdtp.c:avdtp_unref() 0x40456e80: freeing session and removing from list
bluetoothd[2707]: gdbus/object.c:generic_message() /org/bluez/2707/hci0: org.bluez.Adapter.SetProperty()
bluetoothd[2707]: audio/unix.c:client_cb() Unix client disconnected (fd=32)
bluetoothd[2707]: audio/unix.c:client_free() client_free(0x40444a00)

bluetoothd[2707]: HCI dev 0 unregistered
bluetoothd[2707]: Stopping hci0 event socket
bluetoothd[2707]: Unregister path: /org/bluez/2707/hci0
bluetoothd[2707]: src/adapter.c:adapter_remove() Removing adapter /org/bluez/2707/hci0
bluetoothd[2707]: src/device.c:device_remove() Removing device /org/bluez/2707/hci0/dev_00_02_20_00_06_52
bluetoothd[2707]: network/manager.c:network_remove() path /org/bluez/2707/hci0/dev_00_02_20_00_06_52
bluetoothd[2707]: network/connection.c:path_unregister() Unregistered interface org.bluez.Network on path /org/bluez/2707/hci0/dev_00_02_20_00_06_52
bluetoothd[2707]: src/device.c:btd_device_unref() 0x4044a900: ref=2
bluetoothd[2707]: serial/manager.c:serial_remove() path /org/bluez/2707/hci0/dev_00_02_20_00_06_52
bluetoothd[2707]: serial/port.c:path_unregister() Unregistered interface org.bluez.Serial on path /org/bluez/2707/hci0/dev_00_02_20_00_06_52
bluetoothd[2707]: audio/unix.c:unix_device_removed() unix_device_removed(0x4044e690)
bluetoothd[2707]: audio/control.c:path_unregister() Unregistered interface org.bluez.Control on path /org/bluez/2707/hci0/dev_00_02_20_00_06_52
bluetoothd[2707]: src/device.c:btd_device_unref() 0x4044a900: ref=1
bluetoothd[2707]: src/device.c:btd_device_unref() 0x4044a900: ref=0
bluetoothd[2707]: src/device.c:device_free() 0x4044a900

*******************************
callstack information (PID:2707)
*******************************
cnt_callstack = 16
 0: (0x400ed308) [/usr/sbin/bluetoothd]+0xd308
 1: (0x400ed2fc) [/usr/sbin/bluetoothd]+0xd2fc
 2: (0x400ed48c) [/usr/sbin/bluetoothd]+0xd48c
 3: g_dbus_unregister_interface+0x7c(0x400edc7c) [/usr/sbin/bluetoothd]+0xdc7c
 4: btd_device_unref+0xa0(0x40153038) [/usr/sbin/bluetoothd]+0x73038

addr2line -Cfe bluetoothd 0xd308
invalidate_parent_data
/home/dh79pyun/workspace/git/bluetooth/bluez/gdbus/object.c:495
467: static void invalidate_parent_data(DBusConnection *conn, const char *child_path)
...
495: g_free(data->introspect);

Regards,
Syamÿôèº{.nÇ+‰·Ÿ®‰†+%ŠËÿ±éÝ¶¥Šwÿº{.nÇ+‰·¥Š{±ý¹nzÚ(¶âžØ^n‡r¡ö¦zË?ëh™¨èÚ&£ûàz¿äz¹Þ—ú+€Ê+zf£¢·hšˆ§~††Ûiÿÿï?êÿ‘êçz_è®æj:+v‰¨þ)ß£øm