Description of problem: Seeing frequent crashes of bluetoothd, only showing up in dmesg: [ 54.578679] traps: bluetoothd[1114] general protection fault ip:7f7ab35f48ae sp:7ffcd8c1cf58 error:0 in libc-2.32.so[7f7ab34bd000+14f000] The crashes seem to happen when resuming from suspend-to-RAM. Before suspending a Bluetooth mouse was in use. The system also knows about a Bluetooth speaker but that's currently switched off. Version-Release number of selected component (if applicable): bluez-5.55-1.fc33.x86_64 How reproducible: Frequently Additional info: from coredumpctl, PID: 1114 (bluetoothd) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Wed 2021-01-27 18:19:48 GMT (1h 7min ago) Command Line: /usr/libexec/bluetooth/bluetoothd Executable: /usr/libexec/bluetooth/bluetoothd Control Group: /system.slice/bluetooth.service Unit: bluetooth.service Slice: system.slice Boot ID: d6225650abff46a7ab18e15d3f63f0f1 Machine ID: eb28cb4ed407490b9235acb1cb393fb1 Hostname: dante.cb.ettle Storage: /var/lib/systemd/coredump/core.bluetoothd.0.d6225650abff46a7ab18e15d3f63f0f1.1114.1611771588000000.zst Message: Process 1114 (bluetoothd) of user 0 dumped core. Stack trace of thread 1114: #0 0x00007f7ab35f48ae __strcmp_avx2 (libc.so.6 + 0x15d8ae) #1 0x000055c1343a398d match_endpoint_by_path (bluetoothd + 0x3098d) #2 0x000055c13441657c queue_remove_if (bluetoothd + 0xa357c) #3 0x000055c1343a9220 proxy_removed_cb (bluetoothd + 0x36220) #4 0x000055c1344150e9 proxy_free (bluetoothd + 0xa20e9) #5 0x00007f7ab36fdd60 g_list_foreach (libglib-2.0.so.0 + 0x43d60) #6 0x00007f7ab370875f g_list_free_full (libglib-2.0.so.0 + 0x4e75f) #7 0x000055c13440fb86 service_disconnect (bluetoothd + 0x9cb86) #8 0x000055c1344126c0 service_filter (bluetoothd + 0x9f6c0) #9 0x000055c134411b73 message_filter.lto_priv.0 (bluetoothd + 0x9eb73) #10 0x00007f7ab3682221 dbus_connection_dispatch (libdbus-1.so.3 + 0x19221) #11 0x000055c13440d940 message_dispatch (bluetoothd + 0x9a940) #12 0x00007f7ab370ca2b g_idle_dispatch (libglib-2.0.so.0 + 0x52a2b) #13 0x00007f7ab370d96f g_main_context_dispatch (libglib-2.0.so.0 + 0x5396f) #14 0x00007f7ab375f758 g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xa5758) #15 0x00007f7ab370d033 g_main_loop_run (libglib-2.0.so.0 + 0x53033) #16 0x000055c134391b69 main (bluetoothd + 0x1eb69) #17 0x00007f7ab34bf1e2 __libc_start_main (libc.so.6 + 0x281e2) #18 0x000055c1343933fe _start (bluetoothd + 0x203fe)
I've seen very similar crash. After it happens my BT adapter stopped working, restarting bluetoothd doesn't help. Line from the dmesg: ``` [11354.004785] traps: bluetoothd[789] general protection fault ip:7fa53b18e4e8 sp:7ffe0f90a188 error:0 in libc-2.32.so[7fa53b076000+14f000] ``` coredumpctl info: ``` PID: 789 (bluetoothd) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Sun 2021-02-07 17:44:12 MSK (29min ago) Command Line: /usr/libexec/bluetooth/bluetoothd Executable: /usr/libexec/bluetooth/bluetoothd Control Group: /system.slice/bluetooth.service Unit: bluetooth.service Slice: system.slice Boot ID: 3c5007ae2a804713bf68f80ab0ae8dc4 Machine ID: 0f812d1f6b7a4345846be1d2d3be8548 Hostname: rapidus Storage: /var/lib/systemd/coredump/core.bluetoothd.0.3c5007ae2a804713bf68f80ab0ae8dc4.789.1612709052000000.zst Message: Process 789 (bluetoothd) of user 0 dumped core. Stack trace of thread 789: #0 0x00007fa53b18e4e8 __GI___strcmp_ssse3 (libc.so.6 + 0x13e4e8) #1 0x000055a79b2a398d match_endpoint_by_path (bluetoothd + 0x3098d) #2 0x000055a79b31657c queue_remove_if (bluetoothd + 0xa357c) #3 0x000055a79b2a9220 proxy_removed_cb (bluetoothd + 0x36220) #4 0x000055a79b3150e9 proxy_free (bluetoothd + 0xa20e9) #5 0x00007fa53b2c3d60 g_list_foreach (libglib-2.0.so.0 + 0x43d60) #6 0x00007fa53b2ce75f g_list_free_full (libglib-2.0.so.0 + 0x4e75f) #7 0x000055a79b30fb86 service_disconnect (bluetoothd + 0x9cb86) #8 0x000055a79b3126c0 service_filter (bluetoothd + 0x9f6c0) #9 0x000055a79b311b73 message_filter.lto_priv.0 (bluetoothd + 0x9eb73) #10 0x00007fa53b23fa91 dbus_connection_dispatch (libdbus-1.so.3 + 0x17a91) #11 0x000055a79b30d940 message_dispatch (bluetoothd + 0x9a940) #12 0x00007fa53b2d2a2b g_idle_dispatch (libglib-2.0.so.0 + 0x52a2b) #13 0x00007fa53b2d396f g_main_context_dispatch (libglib-2.0.so.0 + 0x5396f) #14 0x00007fa53b325758 g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xa5758) #15 0x00007fa53b2d3033 g_main_loop_run (libglib-2.0.so.0 + 0x53033) #16 0x000055a79b291b69 main (bluetoothd + 0x1eb69) #17 0x00007fa53b0781e2 __libc_start_main (libc.so.6 + 0x281e2) #18 0x000055a79b2933fe _start (bluetoothd + 0x203fe) ```
I get this crash reliably every boot FWIW. Core was generated by `/usr/libexec/bluetooth/bluetoothd'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101 101 ../sysdeps/x86_64/multiarch/strcmp-avx2.S: No such file or directory. (gdb) where #0 __strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101 #1 0x0000558c253dc411 in match_endpoint_by_path (a=<optimized out>, b=<optimized out>) at profiles/audio/media.c:2188 #2 0x0000558c2545de54 in queue_remove_if (queue=0x558c26b9b540, function=0x558c253dc400 <match_endpoint_by_path>, user_data=0x558c26b96230) at src/shared/queue.c:279 #3 0x0000558c253e5023 in proxy_removed_cb (proxy=<optimized out>, user_data=0x558c26b7e740) at profiles/audio/media.c:2210 #4 0x0000558c2545cc6d in proxy_free (data=0x558c26b937b0) at gdbus/client.c:568 #5 0x00007f48e33a1bf0 in g_list_foreach (list=<optimized out>, func=0x558c2545cc20 <proxy_free>, user_data=0x0) at ../glib/glist.c:1090 #6 0x00007f48e33a15af in g_list_free_full (list=0x558c26b9c340 = {...}, free_func=<optimized out>) at ../glib/glist.c:244 #7 0x0000558c2545a58a in service_disconnect (conn=0x558c26b84240, user_data=0x558c26b9acc0) at gdbus/client.c:1300 #8 0x0000558c25453b68 in service_filter (connection=0x558c26b84240, message=<optimized out>, user_data=0x558c26b954a0) at gdbus/watch.c:471 #9 0x0000558c25453093 in message_filter (connection=0x558c26b84240, message=0x558c26b85cb0, user_data=<optimized out>) at gdbus/watch.c:544 #10 0x00007f48e331b191 in dbus_connection_dispatch (connection=0x558c26b84240) at ../../dbus/dbus-connection.c:4704 #11 dbus_connection_dispatch (connection=connection@entry=0x558c26b84240) at ../../dbus/dbus-connection.c:4576 #12 0x0000558c2544fa58 in message_dispatch (data=data@entry=0x558c26b84240) at gdbus/mainloop.c:59 #13 0x00007f48e33a374b in g_idle_dispatch (source=0x558c26b9ef00, callback=0x558c2544fa40 <message_dispatch>, user_data=0x558c26b84240) at ../glib/gmain.c:5848 #14 0x00007f48e33a74cf in g_main_dispatch (context=0x558c26b7f340) at ../glib/gmain.c:3337 #15 g_main_context_dispatch (context=0x558c26b7f340) at ../glib/gmain.c:4055 #16 0x00007f48e33fb4e8 in g_main_context_iterate.constprop.0 (context=0x558c26b7f340, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4131 #17 0x00007f48e33a6a93 in g_main_loop_run (loop=0x558c26b80520) at ../glib/gmain.c:4329 #18 0x0000558c253cf240 in mainloop_run () at src/shared/mainloop-glib.c:66 #19 mainloop_run_with_signal (func=0x558c25410430 <signal_callback>, user_data=0x0) at src/shared/mainloop-notify.c:188 #20 main (argc=<optimized out>, argv=<optimized out>) at src/main.c:1120 (gdb) up #1 0x0000558c253dc411 in match_endpoint_by_path (a=<optimized out>, b=<optimized out>) at profiles/audio/media.c:2188 2188 return !strcmp(endpoint->path, path); (gdb) up #2 0x0000558c2545de54 in queue_remove_if (queue=0x558c26b9b540, function=0x558c253dc400 <match_endpoint_by_path>, user_data=0x558c26b96230) at src/shared/queue.c:279 279 if (function(entry->data, user_data)) { (gdb) up #3 0x0000558c253e5023 in proxy_removed_cb (proxy=<optimized out>, user_data=0x558c26b7e740) at profiles/audio/media.c:2210 2210 endpoint = queue_remove_if(app->endpoints, (gdb) info locals app = 0x558c26b7e740 endpoint = <optimized out> player = <optimized out> iface = <optimized out> path = 0x558c26b96230 "/MediaEndpoint/A2DPSource/ldac" __btd_debug_desc = {file = 0x558c2547ae91 "profiles/audio/media.c", flags = 0} __func__ = "proxy_removed_cb" __btd_debug_desc = {file = 0x558c2547ae91 "profiles/audio/media.c", flags = 0}
Above from bluez-5.59-1.fc34.x86_64
This message is a reminder that Fedora 33 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 33 on 2021-11-30. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '33'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 33 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 33 changed to end-of-life (EOL) status on 2021-11-30. Fedora 33 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.