Hi Hsin-Yu,
On Tue, Dec 8, 2015 at 4:53 AM, Hsin-Yu Chao <hychao@xxxxxxxxxxxx> wrote:
> A crash was observed with backtrace below at setup_unref() inside
> a2dp_cancel(). Evidence is showing that this crash occurred after
> commit 33b447d where additional setup_unref() is being called.
> Remove a suspious setup_unref() call in 0889e24 which might be
> the cause to this crash.
>
> (libc-2.19.so -abort.c:89 ) abort
> (libc-2.19.so -libc_fatal.c:175 ) __libc_message
> (libc-2.19.so -malloc.c:4991 ) malloc_printerr
> (libc-2.19.so -malloc.c:3837 ) _int_free
> (bluetoothd -a2dp.c:2150 ) a2dp_cancel
> (bluetoothd -transport.c:231 ) media_owner_remove
> (bluetoothd -transport.c:244 ) media_transport_remove_owner
> (bluetoothd -transport.c:734 ) media_transport_free
> (bluetoothd -object.c:658 ) remove_interface
> (bluetoothd -object.c:1382 ) g_dbus_unregister_interface
> (bluetoothd -transport.c:182 ) media_transport_destroy
> (bluetoothd -media.c:246 ) clear_endpoint
> (bluetoothd -media.c:468 ) release_endpoint
> (bluetoothd -media.c:1879 ) path_free
> (bluetoothd -object.c:658 ) remove_interface
> (bluetoothd -object.c:1382 ) g_dbus_unregister_interface
> (libglib-2.0.so.0.3400.3 -gslist.c:894 ) g_slist_foreach
> (bluetoothd -adapter.c:4171 ) adapter_remove
> (bluetoothd -adapter.c:7453 ) index_removed
> (bluetoothd -queue.c:251 ) queue_foreach
> (bluetoothd -mgmt.c:280 ) can_read_data
> (bluetoothd -io-glib.c:170 ) watch_callback
> (libglib-2.0.so.0.3400.3 -gmain.c:2715 ) g_main_context_dispatch
> (libglib-2.0.so.0.3400.3 -gmain.c:3290 ) g_main_context_iterate
> (libglib-2.0.so.0.3400.3 -gmain.c:3484 ) g_main_loop_run
> (bluetoothd -main.c:661 ) main
> (libc-2.19.so -libc-start.c:292 ) __libc_start_main
>
> Signed-off-by: Hsin-Yu Chao <hychao@xxxxxxxxxxxx>
> ---
> profiles/audio/a2dp.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
> index 82e75bf..63c9366 100644
> --- a/profiles/audio/a2dp.c
> +++ b/profiles/audio/a2dp.c
> @@ -450,8 +450,6 @@ done:
> setup->err = NULL;
> }
>
> - setup_unref(setup);
Im not following why this one would be causing the problem,
auto_config would only be called by endpoint_setconf_cb but that
doesn't show in the backtrace? There is something wrong if that is
happening since that means there is a pending AVDTP SetConfiguration
indication being cancelled by the a2dp_cancel which should only cancel
outgoing requests, anyway a better fix would be check if setup is
valid:
diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index b0fea7c..9fa952f 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -419,6 +419,10 @@ static gboolean auto_config(gpointer data)
struct btd_device *dev = NULL;
struct btd_service *service;
+ /* Check if setup is valid */
+ if (!g_slist_find(setups, setup))
+ return FALSE;
+
/* Check if configuration was aborted */
if (setup->sep->stream == NULL)
return FALSE;
--
Luiz Augusto von Dentz
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
