[pulseaudio-tickets] [Bug 96831] New: PulseAudio crashes when I disconnect Bluetooth A2DP headphones (with Bluez 5)

bugzilla-daemon Wed, 06 Jul 2016 07:30:36 -0700

https://bugs.freedesktop.org/show_bug.cgi?id=96831


            Bug ID: 96831
           Summary: PulseAudio crashes when I disconnect Bluetooth A2DP
                    headphones (with Bluez 5)
           Product: PulseAudio
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: modules
          Assignee: pulseaudio-bugs@lists.freedesktop.org
          Reporter: makos...@googlemail.com
        QA Contact: pulseaudio-bugs@lists.freedesktop.org
                CC: lenn...@poettering.net

For the last few PulseAudio versions, including 9.0, it's been segfaulting
every time I disconnect my Bluetooth headphones with no usable backtrace. It
turns out that module-bluez5-device.so is unloading itself when the device
disconnects, which means that when pa_module_unload returns the code in
module-bluez5-device.so that's doing this is no longer loaded and PulseAudio
crashes. Backtrace of the place where it unloads itself is as follows:

#0  0x00007ffff6bc3120 in dlclose () from /lib64/libdl.so.2
#1  0x0000555555561473 in bind_now_close (d=<optimized out>, m=<optimized out>)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/daemon/ltdl-bind-now.c:87
#2  0x00007ffff7444106 in lt_dlclose (handle=0x555555a71010)
    at
/var/tmp/portage/dev-libs/libltdl-2.4.6/work/libtool-2.4.6/libltdl/ltdl.c:1989
#3  0x00007ffff7b5c89e in pa_module_free (m=0x555555bee380)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/pulsecore/module.c:249
#4  0x00007ffff7b5d50d in pa_module_unload (m=<optimized out>,
force=force@entry=true)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/pulsecore/module.c:271
#5  0x00007fffe5db146e in device_connection_changed_cb (y=<optimized out>,
d=<optimized out>, u=0x555555bef0d0)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/modules/bluetooth/module-bluez5-device.c:2038
#6  0x00007ffff7b5aa2d in pa_hook_fire (hook=0x555555ab0780,
data=0x555555a0bd60)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/pulsecore/hook-list.c:104
#7  0x00007fffe75f6676 in pa_bluetooth_transport_unlink (t=0x555555bb0150)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/modules/bluetooth/bluez5-util.c:199
#8  0x00007fffe75f6742 in pa_bluetooth_transport_free (t=0x555555bb0150)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/modules/bluetooth/bluez5-util.c:209
#9  0x00007fffe75f9500 in endpoint_clear_configuration (conn=<optimized out>,
userdata=0x555555ab0760, m=0x555555770740)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/modules/bluetooth/bluez5-util.c:1473
#10 endpoint_handler (c=<optimized out>, m=0x555555770740,
userdata=0x555555ab0760)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/modules/bluetooth/bluez5-util.c:1521
#11 0x00007ffff72122f7 in _dbus_object_tree_dispatch_and_unlock () from
/usr/lib64/libdbus-1.so.3
#12 0x00007ffff72026b2 in dbus_connection_dispatch () from
/usr/lib64/libdbus-1.so.3
#13 0x00007ffff76b0137 in dispatch_cb (ea=0x55555576d898, ev=0x555555b7efb0,
userdata=<optimized out>)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/pulsecore/dbus-util.c:53
#14 0x00007ffff790009a in dispatch_defer (m=0x55555576d840)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/pulse/mainloop.c:680
#15 pa_mainloop_dispatch (m=m@entry=0x55555576d840)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/pulse/mainloop.c:889
#16 0x00007ffff7900307 in pa_mainloop_iterate (m=0x55555576d840,
block=<optimized out>, retval=0x7fffffffd138)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/pulse/mainloop.c:929
#17 0x00007ffff7900410 in pa_mainloop_run (m=0x55555576d840,
retval=0x7fffffffd138)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/pulse/mainloop.c:944
#18 0x000055555555b622 in main (argc=<optimized out>, argv=<optimized out>)
    at
/var/tmp/portage/media-sound/pulseaudio-9.0/work/pulseaudio-9.0/src/daemon/main.c:1141

Note that this is the last point at which I can get a full backtrace - after
dlclose returns, module-bluez5-device.so is no longer loaded and the
information required to create one is no longer available. The actual crash
happens once we try and return into device_connection_changed_cb in
module-bluez5-device.c which has been unmapped from memory. Final log messages
are as follows:

D: [pulseaudio] device-port.c: Setting port headset-output to status unknown
D: [pulseaudio] core-subscribe.c: Dropped redundant event due to change event.
D: [pulseaudio] bluez5-util.c: dbus: path=/MediaEndpoint/A2DPSource,
interface=org.bluez.MediaEndpoint1, member=ClearConfiguration
D: [pulseaudio] bluez5-util.c: Clearing transport
/org/bluez/hci0/dev_20_15_00_00_07_FD/fd7 profile a2dp_sink
D: [pulseaudio] bluez5-util.c: Transport
/org/bluez/hci0/dev_20_15_00_00_07_FD/fd7 state changed from idle to
disconnected
D: [pulseaudio] module-rescue-streams.c: No sink inputs to move away.
D: [pulseaudio] module-rescue-streams.c: No source outputs to move away.
D: [bluetooth] module-bluez5-device.c: IO thread shutdown requested, stopping
cleanly
D: [bluetooth] module-bluez5-device.c: IO thread shutting down
[Thread 0x7fffe5b99700 (LWP 10177) exited]
I: [pulseaudio] sink.c: Freeing sink 1 "bluez_sink.20_15_00_00_07_FD"
I: [pulseaudio] source.c: Freeing source 3
"bluez_sink.20_15_00_00_07_FD.monitor"
I: [pulseaudio] card.c: Changed profile of card 4
"bluez_card.20_15_00_00_07_FD" to off
D: [pulseaudio] card.c: Setting card bluez_card.20_15_00_00_07_FD profile
a2dp_sink to availability status no
D: [pulseaudio] core-subscribe.c: Dropped redundant event due to change event.
D: [pulseaudio] device-port.c: Setting port headset-output to status no
D: [pulseaudio] core-subscribe.c: Dropped redundant event due to change event.
D: [pulseaudio] module-bluez5-discover.c: Unregistering module for
/org/bluez/hci0/dev_20_15_00_00_07_FD
D: [pulseaudio] module-bluez5-device.c: Unloading module for device
/org/bluez/hci0/dev_20_15_00_00_07_FD
I: [pulseaudio] module.c: Unloading "module-bluez5-device" (index: #24).
I: [pulseaudio] card.c: Freed 4 "bluez_card.20_15_00_00_07_FD"
D: [pulseaudio] core-subscribe.c: Dropped redundant event due to remove event.
I: [pulseaudio] module.c: Unloaded "module-bluez5-device" (index: #24).

Thread 1 "pulseaudio" received signal SIGSEGV, Segmentation fault.
0x00007fffe5db146e in ?? ()

This is on Gentoo x86-64. Note that this doesn't affect all systems and I
haven't been able to figure out why, so you may have difficulty reproducing
this. On another Gentoo system the offending call to dlclose doesn't actually
unload the library for a reason I have not been able to determine and it seems
to remain loaded indefinitely with no crash.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

_______________________________________________
pulseaudio-bugs mailing list
pulseaudio-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/pulseaudio-bugs

[pulseaudio-tickets] [Bug 96831] New: PulseAudio crashes when I disconnect Bluetooth A2DP headphones (with Bluez 5)

Reply via email to