Your message dated Thu, 5 Aug 2010 16:14:47 +0900
with message-id <[email protected]>
and subject line Re: bluez: bluetoothd segfaults when used with alsa
has caused the Debian Bug report #586364,
regarding bluez: bluetoothd segfaults when used with alsa
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
586364: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586364
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: bluez
Version: 4.63-2
Severity: important

bluetoothd gets a Segmentation fault as soon as I try to use a bluetooth 
headset.
Connecting to a phone to synchronize works,

Everything worked well until I did an "apt-get upgrade".

:; sudo valgrind --log-file=/tmp/log bluetoothd -dn
bluetoothd[25713]: Bluetooth daemon 4.63
bluetoothd[25713]: Enabling debug information
bluetoothd[25713]: parsing main.conf
bluetoothd[25713]: discovto=0
bluetoothd[25713]: pairto=0
bluetoothd[25713]: pageto=8192
bluetoothd[25713]: name=%h-%d
bluetoothd[25713]: class=0x000100
bluetoothd[25713]: discov_interval=0
bluetoothd[25713]: Key file does not have key 'DeviceID'
bluetoothd[25713]: Starting SDP server
bluetoothd[25713]: Loading builtin plugins
bluetoothd[25713]: Loading audio plugin
bluetoothd[25713]: Loading hciops plugin
bluetoothd[25713]: Loading plugins /usr/lib/bluetooth/plugins
bluetoothd[25713]: Unix socket created: 8
bluetoothd[25713]: audio.conf: Key file does not have key 'AutoConnect'
bluetoothd[25713]: Telephony plugin initialized
bluetoothd[25713]: HFP AG features: "Ability to reject a call" "Enhanced call 
status" "Extended Error Result Codes" 
bluetoothd[25713]: HCI dev 0 registered
bluetoothd[25713]: child 25716 forked
bluetoothd[25713]: btd_adapter_ref(0x61654a0): ref=1
bluetoothd[25713]: HCI dev 0 up
bluetoothd[25713]: Starting security manager 0
bluetoothd[25713]: Changing Major/Minor class to 0x000104
bluetoothd[25713]: Stopping Inquiry at adapter startup
bluetoothd[25713]: headset_server_probe: path /org/bluez/25713/hci0
bluetoothd[25713]: btd_adapter_ref(0x61654a0): ref=2
bluetoothd[25713]: audio_adapter_ref(0x61738f0): ref=1
bluetoothd[25713]: audio.conf: Key file does not have key 'Master'
bluetoothd[25713]: Adding record with handle 0x10000
bluetoothd[25713]: Record pattern UUID 00000003-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001108-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001112-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001203-0000-1000-8000-00805f9
bluetoothd[25713]: audio.conf: Key file does not have key 'SCORouting'
bluetoothd[25713]: Adding record with handle 0x10001
bluetoothd[25713]: Record pattern UUID 00000003-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000111e-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000111f-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001203-0000-1000-8000-00805f9
bluetoothd[25713]: a2dp_server_probe: path /org/bluez/25713/hci0
bluetoothd[25713]: audio_adapter_ref(0x61738f0): ref=2
bluetoothd[25713]: audio.conf: Key file does not have key 'Enable'
bluetoothd[25713]: audio.conf: Key file does not have key 'Disable'
bluetoothd[25713]: audio.conf: Key file does not have group 'A2DP'
bluetoothd[25713]: audio.conf: Key file does not have group 'A2DP'
bluetoothd[25713]: audio.conf: Key file does not have group 'A2DP'
bluetoothd[25713]: audio.conf: Key file does not have group 'A2DP'
bluetoothd[25713]: audio.conf: Key file does not have key 'Master'
bluetoothd[25713]: SEP 0x61b3ba0 registered: type:0 codec:0 seid:1
bluetoothd[25713]: Adding record with handle 0x10002
bluetoothd[25713]: Record pattern UUID 00000019-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000110a-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000110d-0000-1000-8000-00805f9
bluetoothd[25713]: avrcp_server_probe: path /org/bluez/25713/hci0
bluetoothd[25713]: audio_adapter_ref(0x61738f0): ref=3
bluetoothd[25713]: audio.conf: Key file does not have key 'Master'
bluetoothd[25713]: Adding record with handle 0x10003
bluetoothd[25713]: Record pattern UUID 00000017-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000110c-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000110e-0000-1000-8000-00805f9
bluetoothd[25713]: Adding record with handle 0x10004
bluetoothd[25713]: Record pattern UUID 00000017-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[25713]: Record pattern UUID 0000110e-0000-1000-8000-00805f9
bluetoothd[25713]: Creating device /org/bluez/25713/hci0/dev_00_xx_45_xx_49_98
bluetoothd[25713]: btd_device_ref(0x61e6ea0): ref=1
bluetoothd[25713]: Probe drivers for /org/bluez/25713/hci0/dev_00_xx_45_xx_49_98
bluetoothd[25713]: adapter_get_device(00:xx:45:xx:49:98)
bluetoothd[25713]: btd_device_ref(0x61e6ea0): ref=2
bluetoothd[25713]: Registered interface org.bluez.Audio on path 
/org/bluez/25713/hci0/dev_00_xx_45_xx_49_98
bluetoothd[25713]: Found Headset record
bluetoothd[25713]: Registered interface org.bluez.Headset on path 
/org/bluez/25713/hci0/dev_00_xx_45_xx_49_98
bluetoothd[25713]: Found Handsfree record
bluetoothd[25713]: Creating device /org/bluez/25713/hci0/dev_00_17_xx_xx_xx_70
bluetoothd[25713]: btd_device_ref(0x6205040): ref=1
bluetoothd[25713]: Probe drivers for /org/bluez/25713/hci0/dev_00_17_xx_xx_xx_70
bluetoothd[25713]: adapter_get_device(00:17:xx:xx:xx:70)
bluetoothd[25713]: btd_device_ref(0x6205040): ref=2
bluetoothd[25713]: Registered interface org.bluez.Audio on path 
/org/bluez/25713/hci0/dev_00_17_xx_xx_xx_70
bluetoothd[25713]: audio handle_uuid: server not enabled for 
00001112-0000-1000-8000-00805f9b34fb (0x1112)
bluetoothd[25713]: audio handle_uuid: server not enabled for 
0000111f-0000-1000-8000-00805f9b34fb (0x111f)
bluetoothd[25713]: Found AV Target
bluetoothd[25713]: Registered interface org.bluez.Control on path 
/org/bluez/25713/hci0/dev_00_17_xx_xx_xx_70
bluetoothd[25713]: Found AV Target
bluetoothd[25713]: Creating device /org/bluez/25713/hci0/dev_00_19_xx_DB_xx_xx
bluetoothd[25713]: btd_device_ref(0x6253440): ref=1
bluetoothd[25713]: Probe drivers for /org/bluez/25713/hci0/dev_00_19_xx_DB_xx_xx
bluetoothd[25713]: adapter_get_device(00:19:xx:DB:xx:xx)
bluetoothd[25713]: btd_device_ref(0x6253440): ref=2
bluetoothd[25713]: Registered interface org.bluez.Audio on path 
/org/bluez/25713/hci0/dev_00_19_xx_DB_xx_xx
bluetoothd[25713]: Found Headset record
bluetoothd[25713]: Registered interface org.bluez.Headset on path 
/org/bluez/25713/hci0/dev_00_19_xx_DB_xx_xx
bluetoothd[25713]: Found Handsfree record
bluetoothd[25713]: Adapter /org/bluez/25713/hci0 has been enabled
bluetoothd[25713]: Entering main loop
bluetoothd[25713]: inquiry respone tx power level is 0
bluetoothd[25713]: Inquiry Failed with status 0x12
bluetoothd[25713]: child 25716 exited
bluetoothd[25713]: RFKILL event idx 3 type 2 op 0 soft 0 hard 0
bluetoothd[25713]: adapter_get_device(00:17:xx:xx:xx:70)
bluetoothd[25713]: link_key_request (sba=xx:xx:xx:xx:94:xx, 
dba=00:17:xx:xx:xx:70)
bluetoothd[25713]: kernel auth requirements = 0x00
bluetoothd[25713]: stored link key type = 0x06
bluetoothd[25713]: adapter_get_device(00:17:xx:xx:xx:70)
bluetoothd[25713]: link_key_request (sba=xx:xx:xx:xx:94:xx, 
dba=00:17:xx:xx:xx:70)
bluetoothd[25713]: kernel auth requirements = 0x00
bluetoothd[25713]: stored link key type = 0x06
bluetoothd[25713]: adapter_get_device(00:17:xx:xx:xx:70)
bluetoothd[25713]: link_key_request (sba=xx:xx:xx:xx:94:xx, 
dba=00:17:xx:xx:xx:70)
bluetoothd[25713]: kernel auth requirements = 0x00
bluetoothd[25713]: stored link key type = 0x06
bluetoothd[25713]: Accepted new client connection on unix socket (fd=19)
bluetoothd[25713]: Audio API: BT_REQUEST <- BT_GET_CAPABILITIES
Segmentation fault

The segfault arrives as soon as I run aplay:

:; aplay -vv -d 10 -D JX10 /home/stuart/ws/music_test/test-test-8000-mono.wav
ALSA lib audio/pcm_bluetooth.c:1566:(audioservice_recv) Too short (0 bytes) IPC 
packet from bluetoothd
aplay: main:654: audio open error: Invalid argument

Valgrind gives lots of messages such as 

==25713== Conditional jump or move depends on uninitialised value(s)
==25713==    at 0x4016236: index (strchr.S:56)
==25713==    by 0x4007164: expand_dynamic_string_token (dl-load.c:324)
==25713==    by 0x4007567: _dl_map_object (dl-load.c:2173)
==25713==    by 0x400186A: map_doit (rtld.c:634)
==25713==    by 0x400D5C5: _dl_catch_error (dl-error.c:178)
==25713==    by 0x400176E: do_preload (rtld.c:818)
==25713==    by 0x40043F1: dl_main (rtld.c:1678)
==25713==    by 0x4014776: _dl_sysdep_start (dl-sysdep.c:243)
==25713==    by 0x4001422: _dl_start (rtld.c:338)
==25713==    by 0x4000AF7: ??? (in /lib/ld-2.11.2.so)
==25713==    by 0x1: ???
==25713==    by 0x7FF000D22: ???

==25713== Invalid read of size 8
==25713==    at 0x5C01B92: __GI_strlen (strlen.S:31)
==25713==    by 0x50A0D71: g_strdup (gstrfuncs.c:101)
==25713==    by 0x50B366C: g_set_prgname (gutils.c:1981)
==25713==    by 0x508FE6F: g_option_context_parse (goption.c:1708)
==25713==    by 0x13A4B0: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713==  Address 0x61172b8 is 8 bytes inside a block of size 11 alloc'd
==25713==    at 0x4C241A7: malloc (vg_replace_malloc.c:195)
==25713==    by 0x5089504: g_malloc (gmem.c:132)
==25713==    by 0x50B5190: g_path_get_basename (gutils.c:781)
==25713==    by 0x508FE64: g_option_context_parse (goption.c:1707)
==25713==    by 0x13A4B0: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x5BA4C4C: (below main) (libc-start.c:228)

==25713== Invalid read of size 8
==25713==    at 0x5C00173: __GI_strcmp (strcmp.S:102)
==25713==    by 0x5C182D6: __tzstring (tzset.c:102)
==25713==    by 0x5C19EA2: __tzfile_read (tzfile.c:430)
==25713==    by 0x5C18B47: tzset_internal (tzset.c:439)
==25713==    by 0x5C18C68: __tz_convert (tzset.c:624)
==25713==    by 0x5C5117C: __vsyslog_chk (syslog.c:201)
==25713==    by 0x13ADA7: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x13A505: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713==  Address 0x6119018 is 4 bytes after a block of size 20 alloc'd
==25713==    at 0x4C241A7: malloc (vg_replace_malloc.c:195)
==25713==    by 0x5C182F1: __tzstring (tzset.c:107)
==25713==    by 0x5C19EA2: __tzfile_read (tzfile.c:430)
==25713==    by 0x5C18B47: tzset_internal (tzset.c:439)
==25713==    by 0x5C18C68: __tz_convert (tzset.c:624)
==25713==    by 0x5C5117C: __vsyslog_chk (syslog.c:201)
==25713==    by 0x13ADA7: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x13A505: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x5BA4C4C: (below main) (libc-start.c:228)

==25713== Conditional jump or move depends on uninitialised value(s)
==25713==    at 0x534784A: ??? (in /lib/libdbus-1.so.3.4.0)
==25713==    by 0x5347919: ??? (in /lib/libdbus-1.so.3.4.0)
==25713==    by 0x534622A: ??? (in /lib/libdbus-1.so.3.4.0)
==25713==    by 0x5346479: ??? (in /lib/libdbus-1.so.3.4.0)
==25713==    by 0x5333820: ??? (in /lib/libdbus-1.so.3.4.0)
==25713==    by 0x5331D39: ??? (in /lib/libdbus-1.so.3.4.0)
==25713==    by 0x5331F0F: ??? (in /lib/libdbus-1.so.3.4.0)
==25713==    by 0x53378D4: ??? (in /lib/libdbus-1.so.3.4.0)
==25713==    by 0x53380D7: dbus_message_iter_append_basic (in 
/lib/libdbus-1.so.3.4.0)
==25713==    by 0x5339F08: dbus_message_new_error (in /lib/libdbus-1.so.3.4.0)
==25713==    by 0x533C46D: ??? (in /lib/libdbus-1.so.3.4.0)
==25713==    by 0x532EC10: dbus_connection_send_with_reply (in 
/lib/libdbus-1.so.3.4.0)

==25713== Invalid read of size 8
==25713==    at 0x5C937D4: __strcmp_ssse3 (strcmp.S:586)
==25713==    by 0x50A45E8: g_str_equal (gstring.c:116)
==25713==    by 0x14623C: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x146397: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x13A924: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713==  Address 0x6142338 is 0 bytes after a block of size 8 alloc'd
==25713==    at 0x4C241A7: malloc (vg_replace_malloc.c:195)
==25713==    by 0x5089504: g_malloc (gmem.c:132)
==25713==    by 0x50A2948: g_strndup (gstrfuncs.c:155)
==25713==    by 0x507AAC1: g_key_file_parse_value_as_string (gkeyfile.c:3609)
==25713==    by 0x507B358: g_key_file_get_string_list (gkeyfile.c:1556)
==25713==    by 0x146354: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x13A924: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x5BA4C4C: (below main) (libc-start.c:228)

==25713== 
==25713== Invalid read of size 4
==25713==    at 0x119DC8: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x12BF05: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x12DB77: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x50806C1: g_main_context_dispatch (gmain.c:1960)
==25713==    by 0x5084537: g_main_context_iterate (gmain.c:2591)
==25713==    by 0x5084A44: g_main_loop_run (gmain.c:2799)
==25713==    by 0x13A960: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713==  Address 0x41c is not stack'd, malloc'd or (recently) free'd
==25713== 
==25713== 
==25713== Process terminating with default action of signal 11 (SIGSEGV)
==25713==  Access not within mapped region at address 0x41C
==25713==    at 0x119DC8: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x12BF05: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x12DB77: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x50806C1: g_main_context_dispatch (gmain.c:1960)
==25713==    by 0x5084537: g_main_context_iterate (gmain.c:2591)
==25713==    by 0x5084A44: g_main_loop_run (gmain.c:2799)
==25713==    by 0x13A960: ??? (in /usr/sbin/bluetoothd)
==25713==    by 0x5BA4C4C: (below main) (libc-start.c:228)
==25713==  If you believe this happened as a result of a stack
==25713==  overflow in your program's main thread (unlikely but
==25713==  possible), you can try to increase the size of the
==25713==  main thread stack using the --main-stacksize= flag.
==25713==  The main thread stack size used in this run was 8388608.

It would perhaps be usefull to a have a debug version of bluez.

regards
Stuart (http://www.pook.it/)

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bluez depends on:
ii  dbus                         1.2.24-1    simple interprocess messaging syst
ii  libbluetooth3                4.63-2      Library to use the BlueZ Linux Blu
ii  libc6                        2.11.2-1    Embedded GNU C Library: Shared lib
ii  libdbus-1-3                  1.2.24-1    simple interprocess messaging syst
ii  libglib2.0-0                 2.24.1-1    The GLib library of C routines
ii  libnl1                       1.1-5       library for dealing with netlink s
ii  libusb-0.1-4                 2:0.1.12-15 userspace USB programming library
ii  lsb-base                     3.2-23.1    Linux Standard Base 3.2 init scrip
ii  makedev                      2.3.1-89    creates device files in /dev
ii  module-init-tools            3.12~pre2-3 tools for managing Linux kernel mo
ii  udev                         157-1       /dev/ and hotplug management daemo

bluez recommends no packages.

Versions of packages bluez suggests:
ii  python-dbus                   0.83.1-1   simple interprocess messaging syst
ii  python-gobject                2.21.1-2   Python bindings for the GObject li

-- Configuration Files:
/etc/bluetooth/main.conf changed:
[General]
DisablePlugins = network,input,serial,netlink,service,storage,hal
Name = %h-%d
Class = 0x000100
DiscoverableTimeout = 0
PairableTimeout = 0
PageTimeout = 8192
DiscoverSchedulerInterval = 0
InitiallyPowered = true
RememberPowered = true
ReverseServiceDiscovery = true
NameResolving = true


-- debconf-show failed



--- End Message ---
--- Begin Message ---
Version: 4.66-1

Hi,

On Wed, Aug 04, 2010 at 06:24:35AM +0900, Nobuhiro Iwamatsu wrote:
> Hi,
> 
> > Usingbluez-4.66 from http://www.bluez.org/ installed into /usr/local 
> > stopped the seg faults.
> > I'm using the same configuration files.
> > 
> Thanks for your test.
> 
> > Valgrind is still showing lots of errors so there is a real bug somewhere.
> >
> > is there a debug package for/lib/libdbus-1.so.3.4.0 ?
> 
> No, Current dbus version is 1.2.24-3.
> Could you test this version?
> Of cource, I will test.

I checked on environment following
ii  dbus                                 1.2.24-2                          
simple interprocess messaging system
ii  bluez-alsa                           4.66-1                            
Bluetooth ALSA support

Work fine for me. I close this bug.

Best regards,
 Nobuhiro



--- End Message ---

Reply via email to