Bluez-5.83 is crashing during suspend/resume.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The problem started when my distro (Slackware64-current) upgraded to bluez-5.83.
The current git still has the problem (01f3ef3cd9d69b56554f5ef6d7ac2a5c40e41393)

Steps to reproduce the crash:

- Start bluetoothd;
- Start pipewire;
- Connect headphones;
- Play something (!mandatory!),
- Suspend (pm_test="freeze" is enough).
- When you resume bluetoothd has crashed.

Running `git bisect` landed me on this commit:
---
commit cdcdfb4843b485e08f6a1460b5a03a3420453a51
Author: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
Date:   Fri May 16 17:49:20 2025 -0400

    a2dp: Fix not destroying streams when unregistering

    When a2dp_unregister_sep it must destroy the stream queue before freeing
    the a2dp_sep otherwise it will cause memory leaks.

---
Reverting this commit seems to fix the issue, even for the current git.

I tried to get backtrace from a core-dump, but it was useless, so I
tried valgrind instead.
The following is result from `valgrind --tool=memcheck
--redzone-size=256 --freelist-vol=1000000000 --free-fill=0xcc
--undef-value-errors=no --leak-check=no
--log-file=bluetooth.%p.valgrind.log  ./src/bluetoothd`

---
==13728== Invalid read of size 8
==13728==    at 0x4253DA: release_stream (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x493D36E: g_slist_foreach (in
/usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x4233A2: connection_lost (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4260FC: session_cb (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4918FA2: ??? (in /usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x491B076: ??? (in /usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x491BA6E: g_main_loop_run (in
/usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x4DFFF4: mainloop_run (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4E03EE: mainloop_run_with_signal (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x40A6C1: main (in /mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==  Address 0x53ca558 is 24 bytes inside a block of size 40 free'd
==13728==    at 0x484C78B: free (vg_replace_malloc.c:989)
==13728==    by 0x424B77: avdtp_unregister_sep (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x41C393: a2dp_unregister_sep (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4AD7F8: proxy_free (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x49163EE: g_list_foreach (in
/usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x491641F: g_list_free_full (in
/usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x4ACFE6: service_disconnect (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4A8FDB: service_filter (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4A9272: message_filter (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4A350E8: dbus_connection_dispatch (in
/usr/lib64/libdbus-1.so.3.38.3)
==13728==    by 0x4A83A7: message_dispatch (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4918FA2: ??? (in /usr/lib64/libglib-2.0.so.0.8400.3)
==13728==  Block was alloc'd at
==13728==    at 0x4850A5F: calloc (vg_replace_malloc.c:1675)
==13728==    by 0x4921F65: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x424A26: avdtp_register_sep (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x420A3F: a2dp_add_sep (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x40E22F: endpoint_init_a2dp_source (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4112F4: media_endpoint_create (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4128C9: proxy_added_cb (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4ADB1F: parse_interfaces.part.0 (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4AEE4A: get_managed_objects_reply (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4A35225: dbus_connection_dispatch (in
/usr/lib64/libdbus-1.so.3.38.3)
==13728==    by 0x4A83A7: message_dispatch (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4918FA2: ??? (in /usr/lib64/libglib-2.0.so.0.8400.3)
==13728==
==13728== Invalid read of size 8
==13728==    at 0x4253E3: release_stream (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x493D36E: g_slist_foreach (in
/usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x4233A2: connection_lost (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4260FC: session_cb (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4918FA2: ??? (in /usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x491B076: ??? (in /usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x491BA6E: g_main_loop_run (in
/usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x4DFFF4: mainloop_run (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4E03EE: mainloop_run_with_signal (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x40A6C1: main (in /mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==  Address 0xccccccccccccccfc is not stack'd, malloc'd or
(recently) free'd
==13728==
==13728==
==13728== Process terminating with default action of signal 11
(SIGSEGV): dumping core
==13728==  General Protection Fault
==13728==    at 0x4253E3: release_stream (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x493D36E: g_slist_foreach (in
/usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x4233A2: connection_lost (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4260FC: session_cb (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4918FA2: ??? (in /usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x491B076: ??? (in /usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x491BA6E: g_main_loop_run (in
/usr/lib64/libglib-2.0.so.0.8400.3)
==13728==    by 0x4DFFF4: mainloop_run (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x4E03EE: mainloop_run_with_signal (in
/mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==    by 0x40A6C1: main (in /mnt/btr3/tmp/build/bluez/src/bluetoothd)
==13728==
==13728== HEAP SUMMARY:
==13728==     in use at exit: 130,034 bytes in 2,358 blocks
==13728==   total heap usage: 17,390 allocs, 15,032 frees, 1,298,930
bytes allocated
==13728==
---

I used the same options as my distro to build bluez:
CFLAGS="-Og -ggdb -march=x86-64 -mtune=generic -fPIC"
./configure \
  --prefix=/usr \
  --libdir=/usr/lib64 \
  --sysconfdir=/etc \
  --mandir=/usr/man \
  --localstatedir=/var \
  --docdir=/usr/doc/bluez-5.83 \
  --enable-library \
  --disable-systemd \
  --enable-deprecated \
  --build=x86_64-slackware-linux

I hope this helps you diagnose and properly fix the issue.

Best Regards
   Ivan Kalvachev
[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux