Comments (7)
Vudentz
commented on June 2, 2024
5.50 is quite old actually, could you try upgrading to 5.55 to check if you can still reproduce?
from bluez.
i0r14
commented on June 2, 2024
Sorry, my first post wasn't clear enough.
Bluez was on 5.55 when I found out about those segfaults.
Actually, the 3 blocks of code from my first post show what happened when the system was on bluez 5.55.
Then, I kept downgrading bluez, version by version, every time reproducing the segfault until ver. 5.50, that seems to not be affected.
Thanks for your help.
from bluez.
i0r14
commented on June 2, 2024
These are the outputs of btmon.
The first is with 5.50 ( device works perfectly ), the second with 5.55 ( segfault as soon as the device is connected ).
As I said, any other versions in between of 5.50 and 5.55 are affected by the same segfault.
5.50
Bluetooth monitor ver 5.50
= Note: Linux version 5.9.8-arch1-1 (x86_64) 0.427306
= Note: Bluetooth subsystem version 2.22 0.427308
= New Index: YY:YY:YY:YY:YY:YY (Primary,USB,hci0) [hci0] 0.427309
= Open Index: YY:YY:YY:YY:YY:YY [hci0] 0.427309
= Index Info: YY:YY:YY:YY:YY:YY (Cambridge Silicon Radio) [hci0] 0.427309
@ MGMT Open: bluetoothd (privileged) version 1.18 {0x0001} 0.427310
< HCI Command: Create Connection (0x01|0x0005) plen 13 #1 [hci0] 12.853776
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Packet type: 0xcc18
DM1 may be used
DH1 may be used
DM3 may be used
DH3 may be used
DM5 may be used
DH5 may be used
Page scan repetition mode: R2 (0x02)
Page scan mode: Mandatory (0x00)
Clock offset: 0x0000
Role switch: Allow slave (0x01)
> HCI Event: Command Status (0x0f) plen 4 #2 [hci0] 12.975244
Create Connection (0x01|0x0005) ncmd 1
Status: Success (0x00)
> HCI Event: Role Change (0x12) plen 8 #3 [hci0] 14.018495
Status: Success (0x00)
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Role: Slave (0x01)
> HCI Event: Connect Complete (0x03) plen 11 #4 [hci0] 14.064508
Status: Success (0x00)
Handle: 70
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Link type: ACL (0x01)
Encryption: Disabled (0x00)
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2 #5 [hci0] 14.064561
Handle: 70
> HCI Event: Page Scan Repetition Mode Change (0x20) plen 7 #6 [hci0] 14.065534
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Page scan repetition mode: R1 (0x01)
> HCI Event: Command Status (0x0f) plen 4 #7 [hci0] 14.069506
Read Remote Supported Features (0x01|0x001b) ncmd 0
Status: Success (0x00)
> HCI Event: Max Slots Change (0x1b) plen 3 #8 [hci0] 14.167529
Handle: 70
Max slots: 5
> HCI Event: Command Status (0x0f) plen 4 #9 [hci0] 14.169528
NOP (0x00|0x0000) ncmd 1
Status: Success (0x00)
> HCI Event: Read Remote Supported Features (0x0b) plen 11 #10 [hci0] 14.174534
Status: Success (0x00)
Handle: 70
Features: 0xff 0xfe 0x8f 0xfe 0xdb 0xff 0x7b 0x87
3 slot packets
5 slot packets
Encryption
Slot offset
Timing accuracy
Role switch
Hold mode
Sniff mode
Power control requests
Channel quality driven data rate (CQDDR)
SCO link
HV2 packets
HV3 packets
u-law log synchronous data
A-law log synchronous data
CVSD synchronous data
Paging parameter negotiation
Power control
Transparent synchronous data
Broadcast Encryption
Enhanced Data Rate ACL 2 Mbps mode
Enhanced Data Rate ACL 3 Mbps mode
Enhanced inquiry scan
Interlaced inquiry scan
Interlaced page scan
RSSI with inquiry results
Extended SCO link (EV3 packets)
EV4 packets
EV5 packets
AFH capable slave
AFH classification slave
LE Supported (Controller)
3-slot Enhanced Data Rate ACL packets
5-slot Enhanced Data Rate ACL packets
Sniff subrating
Pause encryption
AFH capable master
AFH classification master
Enhanced Data Rate eSCO 2 Mbps mode
Enhanced Data Rate eSCO 3 Mbps mode
3-slot Enhanced Data Rate eSCO packets
Extended Inquiry Response
Simultaneous LE and BR/EDR (Controller)
Secure Simple Pairing
Encapsulated PDU
Erroneous Data Reporting
Non-flushable Packet Boundary Flag
Link Supervision Timeout Changed Event
Inquiry TX Power Level
Enhanced Power Control
Extended features
< HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3 #11 [hci0] 14.174546
Handle: 70
Page: 1
> HCI Event: Command Status (0x0f) plen 4 #12 [hci0] 14.179530
Read Remote Extended Features (0x01|0x001c) ncmd 1
Status: Success (0x00)
> HCI Event: Read Remote Extended Features (0x23) plen 13 #13 [hci0] 14.184538
Status: Success (0x00)
Handle: 70
Page: 1/2
Features: 0x07 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Secure Simple Pairing (Host Support)
LE Supported (Host)
Simultaneous LE and BR/EDR (Host)
< HCI Command: Remote Name Request (0x01|0x0019) plen 10 #14 [hci0] 14.184561
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Page scan repetition mode: R2 (0x02)
Page scan mode: Mandatory (0x00)
Clock offset: 0x0000
> HCI Event: Command Status (0x0f) plen 4 #15 [hci0] 14.189532
Remote Name Request (0x01|0x0019) ncmd 1
Status: Success (0x00)
> HCI Event: Remote Name Req Complete (0x07) plen 255 #16 [hci0] 14.212534
Status: Success (0x00)
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Name: JBL Link 300
@ MGMT Event: Device Connected (0x000b) plen 27 {0x0002} [hci0] 14.212544
BR/EDR Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Flags: 0x00000000
Data length: 14
Name (complete): JBL Link 300
@ MGMT Event: Device Connected (0x000b) plen 27 {0x0001} [hci0] 14.212544
BR/EDR Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Flags: 0x00000000
Data length: 14
Name (complete): JBL Link 300
< HCI Command: Authentication Requested (0x01|0x0011) plen 2 #17 [hci0] 14.212550
Handle: 70
> HCI Event: Command Status (0x0f) plen 4 #18 [hci0] 14.214525
Authentication Requested (0x01|0x0011) ncmd 1
Status: Success (0x00)
> HCI Event: Link Key Request (0x17) plen 6 #19 [hci0] 14.215539
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
< HCI Command: Link Key Request Reply (0x01|0x000b) plen 22 #20 [hci0] 14.215563
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Link key: XX
> HCI Event: Command Complete (0x0e) plen 10 #21 [hci0] 14.219543
Link Key Request Reply (0x01|0x000b) ncmd 1
Status: Success (0x00)
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
> HCI Event: Auth Complete (0x06) plen 3 #22 [hci0] 14.231542
Status: Success (0x00)
Handle: 70
< HCI Command: Set Connection Encryption (0x01|0x0013) plen 3 #23 [hci0] 14.231553
Handle: 70
Encryption: Enabled (0x01)
> HCI Event: Command Status (0x0f) plen 4 #24 [hci0] 14.237544
Set Connection Encryption (0x01|0x0013) ncmd 1
Status: Success (0x00)
> HCI Event: Encryption Change (0x08) plen 4 #25 [hci0] 14.256548
Status: Success (0x00)
Handle: 70
Encryption: Enabled with E0 (0x01)
< HCI Command: Read Encryption Key Size (0x05|0x0008) plen 2 #26 [hci0] 14.256573
Handle: 70
> HCI Event: Command Complete (0x0e) plen 7 #27 [hci0] 14.261552
Read Encryption Key Size (0x05|0x0008) ncmd 1
Status: Success (0x00)
Handle: 70
5.55
Bluetooth monitor ver 5.55
= Note: Linux version 5.9.8-arch1-1 (x86_64) 0.735727
= Note: Bluetooth subsystem version 2.22 0.735729
= New Index: YY:YY:YY:YY:YY:YY (Primary,USB,hci0) [hci0] 0.735729
= Open Index: YY:YY:YY:YY:YY:YY [hci0] 0.735730
= Index Info: YY:YY:YY:YY:YY:YY (Cambridge Silicon Radio) [hci0] 0.735730
@ MGMT Open: bluetoothd (privileged) version 1.18 {0x0001} 0.735731
< HCI Command: Create Connection (0x01|0x0005) plen 13 #1 [hci0] 4.711393
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Packet type: 0xcc18
DM1 may be used
DH1 may be used
DM3 may be used
DH3 may be used
DM5 may be used
DH5 may be used
Page scan repetition mode: R2 (0x02)
Page scan mode: Mandatory (0x00)
Clock offset: 0x0000
Role switch: Allow slave (0x01)
> HCI Event: Command Status (0x0f) plen 4 #2 [hci0] 4.832477
Create Connection (0x01|0x0005) ncmd 1
Status: Success (0x00)
> HCI Event: Role Change (0x12) plen 8 #3 [hci0] 5.322538
Status: Success (0x00)
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Role: Slave (0x01)
> HCI Event: Connect Complete (0x03) plen 11 #4 [hci0] 5.381546
Status: Success (0x00)
Handle: 71
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Link type: ACL (0x01)
Encryption: Disabled (0x00)
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2 #5 [hci0] 5.381604
Handle: 71
> HCI Event: Page Scan Repetition Mode Change (0x20) plen 7 #6 [hci0] 5.382543
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Page scan repetition mode: R1 (0x01)
> HCI Event: Command Status (0x0f) plen 4 #7 [hci0] 5.387542
Read Remote Supported Features (0x01|0x001b) ncmd 0
Status: Success (0x00)
> HCI Event: Max Slots Change (0x1b) plen 3 #8 [hci0] 5.474553
Handle: 71
Max slots: 5
> HCI Event: Command Status (0x0f) plen 4 #9 [hci0] 5.476566
NOP (0x00|0x0000) ncmd 1
Status: Success (0x00)
> HCI Event: Read Remote Supported Features (0x0b) plen 11 #10 [hci0] 5.482572
Status: Success (0x00)
Handle: 71
Features: 0xff 0xfe 0x8f 0xfe 0xdb 0xff 0x7b 0x87
3 slot packets
5 slot packets
Encryption
Slot offset
Timing accuracy
Role switch
Hold mode
Sniff mode
Power control requests
Channel quality driven data rate (CQDDR)
SCO link
HV2 packets
HV3 packets
u-law log synchronous data
A-law log synchronous data
CVSD synchronous data
Paging parameter negotiation
Power control
Transparent synchronous data
Broadcast Encryption
Enhanced Data Rate ACL 2 Mbps mode
Enhanced Data Rate ACL 3 Mbps mode
Enhanced inquiry scan
Interlaced inquiry scan
Interlaced page scan
RSSI with inquiry results
Extended SCO link (EV3 packets)
EV4 packets
EV5 packets
AFH capable slave
AFH classification slave
LE Supported (Controller)
3-slot Enhanced Data Rate ACL packets
5-slot Enhanced Data Rate ACL packets
Sniff subrating
Pause encryption
AFH capable master
AFH classification master
Enhanced Data Rate eSCO 2 Mbps mode
Enhanced Data Rate eSCO 3 Mbps mode
3-slot Enhanced Data Rate eSCO packets
Extended Inquiry Response
Simultaneous LE and BR/EDR (Controller)
Secure Simple Pairing
Encapsulated PDU
Erroneous Data Reporting
Non-flushable Packet Boundary Flag
Link Supervision Timeout Changed Event
Inquiry TX Power Level
Enhanced Power Control
Extended features
< HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3 #11 [hci0] 5.482618
Handle: 71
Page: 1
> HCI Event: Command Status (0x0f) plen 4 #12 [hci0] 5.487554
Read Remote Extended Features (0x01|0x001c) ncmd 1
Status: Success (0x00)
> HCI Event: Read Remote Extended Features (0x23) plen 13 #13 [hci0] 5.492561
Status: Success (0x00)
Handle: 71
Page: 1/2
Features: 0x07 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Secure Simple Pairing (Host Support)
LE Supported (Host)
Simultaneous LE and BR/EDR (Host)
< HCI Command: Remote Name Request (0x01|0x0019) plen 10 #14 [hci0] 5.492584
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Page scan repetition mode: R2 (0x02)
Page scan mode: Mandatory (0x00)
Clock offset: 0x0000
> HCI Event: Command Status (0x0f) plen 4 #15 [hci0] 5.497555
Remote Name Request (0x01|0x0019) ncmd 1
Status: Success (0x00)
> HCI Event: Remote Name Req Complete (0x07) plen 255 #16 [hci0] 5.519554
Status: Success (0x00)
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Name: JBL Link 300
@ MGMT Event: Device Connected (0x000b) plen 27 {0x0001} [hci0] 5.519576
BR/EDR Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Flags: 0x00000000
Data length: 14
Name (complete): JBL Link 300
< HCI Command: Authentication Requested (0x01|0x0011) plen 2 #17 [hci0] 5.519581
Handle: 71
> HCI Event: Command Status (0x0f) plen 4 #18 [hci0] 5.520545
Authentication Requested (0x01|0x0011) ncmd 1
Status: Success (0x00)
> HCI Event: Link Key Request (0x17) plen 6 #19 [hci0] 5.521551
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
< HCI Command: Link Key Request Reply (0x01|0x000b) plen 22 #20 [hci0] 5.521622
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
Link key: bf5c6cc245fc6917e587e6bce3edc7a8
> HCI Event: Command Complete (0x0e) plen 10 #21 [hci0] 5.525562
Link Key Request Reply (0x01|0x000b) ncmd 1
Status: Success (0x00)
Address: XX:XX:XX:XX:XX:XX (AzureWave Technology Inc.)
> HCI Event: Auth Complete (0x06) plen 3 #22 [hci0] 5.536560
Status: Success (0x00)
Handle: 71
< HCI Command: Set Connection Encryption (0x01|0x0013) plen 3 #23 [hci0] 5.536584
Handle: 71
Encryption: Enabled (0x01)
> HCI Event: Command Status (0x0f) plen 4 #24 [hci0] 5.543561
Set Connection Encryption (0x01|0x0013) ncmd 1
Status: Success (0x00)
> HCI Event: Encryption Change (0x08) plen 4 #25 [hci0] 5.562563
Status: Success (0x00)
Handle: 71
Encryption: Enabled with E0 (0x01)
< HCI Command: Read Encryption Key Size (0x05|0x0008) plen 2 #26 [hci0] 5.562586
Handle: 71
> HCI Event: Command Complete (0x0e) plen 7 #27 [hci0] 5.567566
Read Encryption Key Size (0x05|0x0008) ncmd 1
Status: Success (0x00)
Handle: 71
Key size: 16
< ACL Data TX: Handle 71 flags 0x00 dlen 10 #28 [hci0] 5.567593
L2CAP: Information Request (0x0a) ident 1 len 2
Type: Extended features supported (0x0002)
> HCI Event: Number of Completed Packets (0x13) plen 5 #29 [hci0] 5.572566
Num handles: 1
Handle: 71
Count: 1
> ACL Data RX: Handle 71 flags 0x02 dlen 16 #30 [hci0] 5.574454
L2CAP: Information Response (0x0b) ident 1 len 8
Type: Extended features supported (0x0002)
Result: Success (0x0000)
Features: 0x000000b8
Enhanced Retransmission Mode
Streaming Mode
FCS Option
Fixed Channels
< ACL Data TX: Handle 71 flags 0x00 dlen 10 #31 [hci0] 5.574477
L2CAP: Information Request (0x0a) ident 2 len 2
Type: Fixed channels supported (0x0003)
> HCI Event: Number of Completed Packets (0x13) plen 5 #32 [hci0] 5.579566
Num handles: 1
Handle: 71
Count: 1
> ACL Data RX: Handle 71 flags 0x02 dlen 20 #33 [hci0] 5.580583
L2CAP: Information Response (0x0b) ident 2 len 12
Type: Fixed channels supported (0x0003)
Result: Success (0x0000)
Channels: 0x0000000000000002
L2CAP Signaling (BR/EDR)
< ACL Data TX: Handle 71 flags 0x00 dlen 12 #34 [hci0] 5.580606
L2CAP: Connection Request (0x02) ident 3 len 4
PSM: 25 (0x0019)
Source CID: 64
> HCI Event: Number of Completed Packets (0x13) plen 5 #35 [hci0] 5.584566
Num handles: 1
Handle: 71
Count: 1
> ACL Data RX: Handle 71 flags 0x02 dlen 16 #36 [hci0] 5.585706
L2CAP: Connection Response (0x03) ident 3 len 8
Destination CID: 64
Source CID: 64
Result: Connection pending (0x0001)
Status: No further information available (0x0000)
> ACL Data RX: Handle 71 flags 0x02 dlen 10 #37 [hci0] 5.586876
L2CAP: Information Request (0x0a) ident 1 len 2
Type: Extended features supported (0x0002)
< ACL Data TX: Handle 71 flags 0x00 dlen 16 #38 [hci0] 5.586899
L2CAP: Information Response (0x0b) ident 1 len 8
Type: Extended features supported (0x0002)
Result: Success (0x0000)
Features: 0x000002b8
Enhanced Retransmission Mode
Streaming Mode
FCS Option
Fixed Channels
Unicast Connectionless Data Reception
> HCI Event: Number of Completed Packets (0x13) plen 5 #39 [hci0] 5.594568
Num handles: 1
Handle: 71
Count: 1
> ACL Data RX: Handle 71 flags 0x02 dlen 10 #40 [hci0] 5.595615
L2CAP: Information Request (0x0a) ident 2 len 2
Type: Fixed channels supported (0x0003)
< ACL Data TX: Handle 71 flags 0x00 dlen 20 #41 [hci0] 5.595637
L2CAP: Information Response (0x0b) ident 2 len 12
Type: Fixed channels supported (0x0003)
Result: Success (0x0000)
Channels: 0x0000000000000006
L2CAP Signaling (BR/EDR)
Connectionless reception
> HCI Event: Number of Completed Packets (0x13) plen 5 #42 [hci0] 5.599569
Num handles: 1
Handle: 71
Count: 1
> ACL Data RX: Handle 71 flags 0x02 dlen 16 #43 [hci0] 5.600707
L2CAP: Connection Response (0x03) ident 3 len 8
Destination CID: 64
Source CID: 64
Result: Connection pending (0x0001)
Status: Authorization pending (0x0002)
> ACL Data RX: Handle 71 flags 0x02 dlen 16 #44 [hci0] 5.605708
L2CAP: Connection Response (0x03) ident 3 len 8
Destination CID: 64
Source CID: 64
Result: Connection successful (0x0000)
Status: No further information available (0x0000)
< ACL Data TX: Handle 71 flags 0x00 dlen 23 #45 [hci0] 5.605731
L2CAP: Configure Request (0x04) ident 4 len 15
Destination CID: 64
Flags: 0x0000
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Basic (0x00)
TX window size: 0
Max transmit: 0
Retransmission timeout: 0
Monitor timeout: 0
Maximum PDU size: 0
> ACL Data RX: Handle 71 flags 0x02 dlen 27 #46 [hci0] 5.606865
L2CAP: Configure Request (0x04) ident 3 len 19
Destination CID: 64
Flags: 0x0000
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 1024
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Basic (0x00)
TX window size: 0
Max transmit: 0
Retransmission timeout: 0
Monitor timeout: 0
Maximum PDU size: 0
< ACL Data TX: Handle 71 flags 0x00 dlen 18 #47 [hci0] 5.606888
L2CAP: Configure Response (0x05) ident 3 len 10
Source CID: 64
Flags: 0x0000
Result: Success (0x0000)
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 1024
> HCI Event: Number of Completed Packets (0x13) plen 5 #48 [hci0] 5.609599
Num handles: 1
Handle: 71
Count: 1
> ACL Data RX: Handle 71 flags 0x02 dlen 18 #49 [hci0] 5.610614
L2CAP: Configure Response (0x05) ident 4 len 10
Source CID: 64
Flags: 0x0000
Result: Success (0x0000)
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 672
< ACL Data TX: Handle 71 flags 0x00 dlen 6 #50 [hci0] 5.611458
Channel: 64 len 2 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Discover (0x01) Command (0x00) type 0x00 label 0 nosp 0
> HCI Event: Number of Completed Packets (0x13) plen 5 #51 [hci0] 5.611576
Num handles: 1
Handle: 71
Count: 1
> HCI Event: Number of Completed Packets (0x13) plen 5 #52 [hci0] 5.615558
Num handles: 1
Handle: 71
Count: 1
> ACL Data RX: Handle 71 flags 0x02 dlen 24 #53 [hci0] 5.618078
Channel: 64 len 20 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Discover (0x01) Response Accept (0x02) type 0x00 label 0 nosp 0
ACP SEID: 1
Media Type: Audio (0x00)
SEP Type: SNK (0x01)
In use: No
ACP SEID: 2
Media Type: Audio (0x00)
SEP Type: SNK (0x01)
In use: No
ACP SEID: 3
Media Type: Audio (0x00)
SEP Type: SNK (0x01)
In use: No
ACP SEID: 4
Media Type: Audio (0x00)
SEP Type: SNK (0x01)
In use: No
ACP SEID: 5
Media Type: Audio (0x00)
SEP Type: SNK (0x01)
In use: No
ACP SEID: 6
Media Type: Audio (0x00)
SEP Type: SNK (0x01)
In use: No
ACP SEID: 7
Media Type: Audio (0x00)
SEP Type: SRC (0x00)
In use: No
ACP SEID: 8
Media Type: Audio (0x00)
SEP Type: SRC (0x00)
In use: No
ACP SEID: 9
Media Type: Audio (0x00)
SEP Type: SRC (0x00)
In use: No
< ACL Data TX: Handle 71 flags 0x00 dlen 7 #54 [hci0] 5.618104
Channel: 64 len 3 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Get All Capabilities (0x0c) Command (0x00) type 0x00 label 1 nosp 0
ACP SEID: 7
> HCI Event: Number of Completed Packets (0x13) plen 5 #55 [hci0] 5.622571
Num handles: 1
Handle: 71
Count: 1
> ACL Data RX: Handle 71 flags 0x02 dlen 18 #56 [hci0] 5.624340
Channel: 64 len 14 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Get All Capabilities (0x0c) Response Accept (0x02) type 0x00 label 1 nosp 0
Service Category: Media Transport (0x01)
Service Category: Media Codec (0x07)
Media Type: Audio (0x00)
Media Codec: SBC (0x00)
Frequency: 0xf0
16000
32000
44100
48000
Channel Mode: 0x0f
Mono
Dual Channel
Stereo
Joint Stereo
Block Length: 0xf0
4
8
12
16
Subbands: 0x0c
4
8
Allocation Method: 0x03
SNR
Loudness
Minimum Bitpool: 2
Maximum Bitpool: 64
Service Category: Delay Reporting (0x08)
< ACL Data TX: Handle 71 flags 0x00 dlen 7 #57 [hci0] 5.624570
Channel: 64 len 3 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Get All Capabilities (0x0c) Command (0x00) type 0x00 label 2 nosp 0
ACP SEID: 8
> HCI Event: Number of Completed Packets (0x13) plen 5 #58 [hci0] 5.629572
Num handles: 1
Handle: 71
Count: 1
> ACL Data RX: Handle 71 flags 0x02 dlen 18 #59 [hci0] 5.631812
Channel: 64 len 14 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Get All Capabilities (0x0c) Response Accept (0x02) type 0x00 label 2 nosp 0
Service Category: Media Transport (0x01)
Service Category: Media Codec (0x07)
Media Type: Audio (0x00)
Media Codec: SBC (0x00)
Frequency: 0xf0
16000
32000
44100
48000
Channel Mode: 0x0f
Mono
Dual Channel
Stereo
Joint Stereo
Block Length: 0xf0
4
8
12
16
Subbands: 0x0c
4
8
Allocation Method: 0x03
SNR
Loudness
Minimum Bitpool: 2
Maximum Bitpool: 64
Service Category: Delay Reporting (0x08)
< ACL Data TX: Handle 71 flags 0x00 dlen 7 #60 [hci0] 5.631857
Channel: 64 len 3 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Get All Capabilities (0x0c) Command (0x00) type 0x00 label 3 nosp 0
ACP SEID: 9
> HCI Event: Number of Completed Packets (0x13) plen 5 #61 [hci0] 5.635573
Num handles: 1
Handle: 71
Count: 1
> ACL Data RX: Handle 71 flags 0x02 dlen 18 #62 [hci0] 5.638063
Channel: 64 len 14 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Get All Capabilities (0x0c) Response Accept (0x02) type 0x00 label 3 nosp 0
Service Category: Media Transport (0x01)
Service Category: Media Codec (0x07)
Media Type: Audio (0x00)
Media Codec: SBC (0x00)
Frequency: 0xf0
16000
32000
44100
48000
Channel Mode: 0x0f
Mono
Dual Channel
Stereo
Joint Stereo
Block Length: 0xf0
4
8
12
16
Subbands: 0x0c
4
8
Allocation Method: 0x03
SNR
Loudness
Minimum Bitpool: 2
Maximum Bitpool: 64
Service Category: Delay Reporting (0x08)
= bluetoothd: profiles/audio/a2dp.c:register_remote_sep() Could not register remote sep /org/bluez/hci0/dev_80_C5_F2_3C_5.. 5.638170
= bluetoothd: profiles/audio/a2dp.c:register_remote_sep() Could not register remote sep /org/bluez/hci0/dev_80_C5_F2_3C_5.. 5.638180
= bluetoothd: profiles/audio/a2dp.c:register_remote_sep() Could not register remote sep /org/bluez/hci0/dev_80_C5_F2_3C_5.. 5.638183
< ACL Data TX: Handle 71 flags 0x00 dlen 12 #63 [hci0] 5.849879
L2CAP: Disconnection Request (0x06) ident 5 len 4
Destination CID: 64
Source CID: 64
@ MGMT Close: bluetoothd {0x0001} 5.849925
> ACL Data RX: Handle 71 flags 0x02 dlen 12 #64 [hci0] 5.883195
L2CAP: Disconnection Response (0x07) ident 5 len 4
Destination CID: 64
Source CID: 64
> HCI Event: Number of Completed Packets (0x13) plen 5 #65 [hci0] 5.883603
Num handles: 1
Handle: 71
Count: 1
< HCI Command: Disconnect (0x01|0x0006) plen 3 #66 [hci0] 7.981897
Handle: 71
Reason: Remote User Terminated Connection (0x13)
> HCI Event: Command Status (0x0f) plen 4 #67 [hci0] 8.093870
Disconnect (0x01|0x0006) ncmd 1
Status: Success (0x00)
> HCI Event: Disconnect Complete (0x05) plen 4 #68 [hci0] 8.122874
Status: Success (0x00)
Handle: 71
Reason: Connection Terminated By Local Host (0x16)
I've also attached the files with the complete btmon output.
I hope this could be of any help.
from bluez.
Vudentz
commented on June 2, 2024
Looks there is a problem parsing the remote SEPs, there are 9 seps and at some point it seems the registration fails which is probably what is causing the crash.
@i0r14 are you able to run bluetoothd with valgrind? That should tell use exactly where it is crashing, although I suspect I know what is the problem now it would be great if we can confirm it is crashing due to registration error.
from bluez.
i0r14
commented on June 2, 2024
@Vudentz, here is the valgrind output as you asked for.
# valgrind --leak-check=full ./bluetoothd
==9598== Memcheck, a memory error detector
==9598== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==9598== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==9598== Command: ./bluetoothd
==9598==
==9598== Invalid read of size 1
==9598== at 0x12D92C: store_remote_sep (a2dp.c:2652)
==9598== by 0x1B75BC: queue_foreach (queue.c:220)
==9598== by 0x12E1E6: store_remote_seps (a2dp.c:2688)
==9598== by 0x130E00: discover_cb (a2dp.c:2722)
==9598== by 0x132F4D: finalize_discovery (avdtp.c:1039)
==9598== by 0x138487: avdtp_parse_resp (avdtp.c:2896)
==9598== by 0x138487: session_cb (avdtp.c:2220)
==9598== by 0x138487: session_cb (avdtp.c:2144)
==9598== by 0x48C0913: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.6600.2)
==9598== by 0x49147D0: ??? (in /usr/lib/libglib-2.0.so.0.6600.2)
==9598== by 0x48BFE62: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.6600.2)
==9598== by 0x1C8AA4: mainloop_run (mainloop-glib.c:79)
==9598== by 0x1C8EFB: mainloop_run_with_signal (mainloop-notify.c:201)
==9598== by 0x129088: main (main.c:971)
==9598== Address 0x3 is not stack'd, malloc'd or (recently) free'd
==9598==
==9598==
==9598== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==9598== Access not within mapped region at address 0x3
==9598== at 0x12D92C: store_remote_sep (a2dp.c:2652)
==9598== by 0x1B75BC: queue_foreach (queue.c:220)
==9598== by 0x12E1E6: store_remote_seps (a2dp.c:2688)
==9598== by 0x130E00: discover_cb (a2dp.c:2722)
==9598== by 0x132F4D: finalize_discovery (avdtp.c:1039)
==9598== by 0x138487: avdtp_parse_resp (avdtp.c:2896)
==9598== by 0x138487: session_cb (avdtp.c:2220)
==9598== by 0x138487: session_cb (avdtp.c:2144)
==9598== by 0x48C0913: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.6600.2)
==9598== by 0x49147D0: ??? (in /usr/lib/libglib-2.0.so.0.6600.2)
==9598== by 0x48BFE62: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.6600.2)
==9598== by 0x1C8AA4: mainloop_run (mainloop-glib.c:79)
==9598== by 0x1C8EFB: mainloop_run_with_signal (mainloop-notify.c:201)
==9598== by 0x129088: main (main.c:971)
==9598== If you believe this happened as a result of a stack
==9598== overflow in your program's main thread (unlikely but
==9598== possible), you can try to increase the size of the
==9598== main thread stack using the --main-stacksize= flag.
==9598== The main thread stack size used in this run was 8388608.
==9598==
==9598== HEAP SUMMARY:
==9598== in use at exit: 126,344 bytes in 2,321 blocks
==9598== total heap usage: 10,482 allocs, 8,161 frees, 936,073 bytes allocated
==9598==
==9598== LEAK SUMMARY:
==9598== definitely lost: 0 bytes in 0 blocks
==9598== indirectly lost: 0 bytes in 0 blocks
==9598== possibly lost: 0 bytes in 0 blocks
==9598== still reachable: 126,344 bytes in 2,321 blocks
==9598== suppressed: 0 bytes in 0 blocks
==9598== Reachable blocks (those to which a pointer was found) are not shown.
==9598== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==9598==
==9598== For lists of detected and suppressed errors, rerun with: -s
==9598== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
from bluez.
i0r14
commented on June 2, 2024
Hello,
#57 seemed like the same issue, so I tried to patch sources with 4bbfda6.
I can confirm that this commit solves my problem too.
Thanks for your work.
from bluez.
VictorQueiroz
commented on June 2, 2024
This problem is still happening on 5.62 (Arch Linux) whenever I connect my "Phillips TAT1235":
Oct 16 05:07:59 VQ-L380-Yoga systemd[1]: Starting Bluetooth service...
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Bluetooth daemon 5.62
Oct 16 05:07:59 VQ-L380-Yoga systemd[1]: Started Bluetooth service.
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Starting SDP server
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Bluetooth management interface 1.18 initialized
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Failed to set privacy: Rejected (0x0b)
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/ldac
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSink/aptx_hd
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/aptx_hd
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSink/aptx
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/aptx
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/aac
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSink/sbc
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/sbc
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSink/sbc_xq
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/sbc_xq
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/faststream
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/faststream_duplex
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/aptx_ll_1
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/aptx_ll_0
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/aptx_ll_duplex_1
Oct 16 05:07:59 VQ-L380-Yoga bluetoothd[5516]: Endpoint registered: sender=:1.54 path=/MediaEndpoint/A2DPSource/aptx_ll_duplex_0
Oct 16 05:08:07 VQ-L380-Yoga bluetoothd[5516]: src/device.c:search_cb() 6A:56:3A:1F:D8:36: error updating services: Host is down (112)
Oct 16 05:08:38 VQ-L380-Yoga bluetoothd[5516]: double free or corruption (out)
Oct 16 05:08:39 VQ-L380-Yoga systemd[1]: bluetooth.service: Main process exited, code=dumped, status=6/ABRT
Oct 16 05:08:39 VQ-L380-Yoga systemd[1]: bluetooth.service: Failed with result 'core-dump'.
-` victor@VQ-L380-Yoga
.o+` -------------------
`ooo/ OS: Arch Linux x86_64
`+oooo: Host: 20M7S03400 ThinkPad L380 Yoga
`+oooooo: Kernel: 5.10.73-1-lts
-+oooooo+: Uptime: 18 mins
`/:-:++oooo+: Packages: 1399 (pacman), 13 (flatpak), 28 (snap)
`/++++/+++++++: Shell: zsh 5.8
`/++++++++++++++: Resolution: 2560x1080
`/+++ooooooooooooo/` DE: GNOME 40.5
./ooosssso++osssssso+` WM: Mutter
.oossssso-````/ossssss+` WM Theme: Adwaita
-osssssso. :ssssssso. Theme: Adwaita-dark [GTK2/3]
:osssssss/ osssso+++. Icons: Adwaita [GTK2/3]
/ossssssss/ +ssssooo/- Terminal: gnome-terminal
`/ossssso+/:- -:/+osssso+- CPU: Intel i5-8250U (8) @ 3.400GHz
`+sso+:-` `.-/+oso: GPU: Intel UHD Graphics 620
`++:. `-/+/ Memory: 4820MiB / 31873MiB
.` `/
Additional notes:
- Connecting/reconnecting my MX Anywhere 3 works perfectly. No problems at all.
- Pairing the TWS for the first time works, though. Not sure what is going on.
The following also works:
- Let it reconnect to my laptop and wait for the crash (bluetoothd is down with the core dump error)
- Pair for the first time on my phone and wait for it to connect successfully
- Turn the phone's bluetooth off
- It'll connect successfully to my laptop
I don't know what is wrong, but it looks weird to me.
Edit: I just tried https://github.com/bluez/bluez/archive/refs/tags/5.61.tar.gz and the problem is simply gone. How can we undo whatever broke 5.62? I can look into it and provide a PR. For the Arch Linux users that want to try, I just downloaded bluez-git repository and edited the PKGBUILD to download 5.61 from this GitHub repository: bluez-git.zip.
from bluez.
Related Issues (20)
- Manufacture data fails when exceeding 31 bytes (BLE 5.x EA)
- Advertising interval (min/max) ignored with experimental option HOT 4
- bluez 5.75 ds4 controller not recognized in steam
- Bluetooth keyboard reconnects after disconnecting, but key presses don't register HOT 3
- Unexpected result from build option '--enable-nfc' HOT 4
- bluetoothd crashes sometimes when reconnecting my Bluetooth keyboard HOT 3
- BAP Unicast issue HOT 2
- bluez-daemon crashed, segment error HOT 2
- Remove of remote LE OOB data HOT 2
- no input from gamepad HOT 1
- >=bluez-5.72 fail to build with musl-1.2.5: tools/hex2hcd.c:305:18: error: call to undeclared function 'basename' HOT 1
- No Bluetooth devices connecting HOT 1
- Cannot access org.bluez.obex.* DBus objects
- [5.72] BlueZ repeatedly rejects Connection Parameter Update HOT 25
- Phantom gamepad devices in /dev after disconnecting HOT 8
- Bluetooth not working HOT 20
- Bluetooth Keyboard connectivity issue HOT 1
- Bluez peripheral using DBus API always ask pairing request on Android HOT 3
- Crackling sound after udpating to 5.73 and newer
- When connecting the mouse: No service update HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bluez.