Bug 356491 - bluez/hcid crashes when trying to pair audio headset
bluez/hcid crashes when trying to pair audio headset
Product: Fedora
Classification: Fedora
Component: bluez-utils (Show other bugs)
x86_64 Linux
low Severity high
: ---
: ---
Assigned To: David Woodhouse
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-10-29 10:42 EDT by Jes Sorensen
Modified: 2014-06-23 07:11 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-09 00:00:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
crash of blues-utils fc9 (9.90 KB, patch)
2007-10-29 12:10 EDT, Jes Sorensen
no flags Details | Diff
hcidump output (15.41 KB, text/plain)
2007-10-29 12:11 EDT, Jes Sorensen
no flags Details

  None (edit)
Description Jes Sorensen 2007-10-29 10:42:52 EDT
Description of problem:
trying to pair a Motorola H500 headset to my laptop, I get a crash
in the hcid debug log when trying to play audio.

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1. Go through the cumbersome process of registering the device
2. Try to play to pcm.bluetooth in an audio player
3. boom
Actual results:

Expected results:

Additional info:

hcid debug info, including library backtrace:

audio[3608]: Accepted new client connection on unix socket (fd=8)
audio[3608]: Package PKT_TYPE_CFG_REQ:0
audio[3608]: State changed /org/bluez/audio/device0: DISCONNECTED -> CONNECTING
hcid[3605]: /org/bluez/hci0: org.bluez.Adapter.GetRemoteServiceHandles()
hcid[3605]: no matching session found. creating a new one
hcid[3605]: sdp session added to cache
hcid[3605]: /org/bluez/hci0: org.bluez.Adapter.GetRemoteServiceRecord()
hcid[3605]: found matching session, removing from list
hcid[3605]: sdp session added to cache
audio[3608]: /org/bluez/audio/device0: Connecting to 00:19:1F:19:2D:5D channel 2
hcid[3605]: /org/bluez/hci0: org.bluez.Adapter.FinishRemoteServiceTransaction()
hcid[3605]: found matching session, removing from list
hcid[3605]: pin_code_request (sba=00:03:7A:C6:C5:22, dba=00:19:1F:19:2D:5D)
hcid[3605]: Calling PasskeyAgent.Request: name=:1.19, path=/org/bluez/passkey
hcid[3605]: New Request API failed, trying old one
hcid[3605]: /org/bluez/hci0: org.bluez.Adapter.GetName()
hcid[3605]: /org/bluez/hci0: org.bluez.Adapter.GetRemoteName()
audio[3608]: connect(): Connection refused (111)
*** glibc detected *** /usr/lib64/bluetooth/bluetoothd-service-audio: corrupted
double-linked list: 0x00002aaaaacee020 ***
======= Backtrace: =========
======= Memory map: ========
2aaaaaaab000-2aaaaaac9000 r-xp 00000000 fd:00 17465355                  
2aaaaacc8000-2aaaaacca000 rw-p 0001d000 fd:00 17465355                  
2aaaaacca000-2aaaaace5000 r-xp 00000000 fd:00 10551299                  
2aaaaace5000-2aaaaade7000 rw-p 2aaaaace5000 00:00 0 
2aaaaade7000-2aaaaadee000 r--s 00000000 fd:00 16484013                  
2aaaaaee4000-2aaaaaee5000 r--p 0001a000 fd:00 10551299                  
2aaaaaee5000-2aaaaaee6000 rw-p 0001b000 fd:00 10551299                  
2aaaaaee6000-2aaaaafac000 r-xp 00000000 fd:00 10551310                  
2aaaaafac000-2aaaab1ab000 ---p 000c6000 fd:00 10551310                  
2aaaab1ab000-2aaaab1ad000 rw-p 000c5000 fd:00 10551310                  
2aaaab1ad000-2aaaab1e6000 r-xp 00000000 fd:00 10551330                  
2aaaab1e6000-2aaaab3e6000 ---p 00039000 fd:00 10551330                  
2aaaab3e6000-2aaaab3e8000 rw-p 00039000 fd:00 10551330                  
2aaaab3e8000-2aaaab3fd000 r-xp 00000000 fd:00 16425976                  
2aaaab3fd000-2aaaab5fd000 ---p 00015000 fd:00 16425976                  
2aaaab5fd000-2aaaab5ff000 rw-p 00015000 fd:00 16425976                  
2aaaab5ff000-2aaaab600000 rw-p 2aaaab5ff000 00:00 0 
2aaaab600000-2aaaab74d000 r-xp 00000000 fd:00 10551304                  
2aaaab74d000-2aaaab94d000 ---p 0014d000 fd:00 10551304                  
2aaaab94d000-2aaaab951000 r--p 0014d000 fd:00 10551304                  
2aaaab951000-2aaaab952000 rw-p 00151000 fd:00 10551304                  
2aaaab952000-2aaaab957000 rw-p 2aaaab952000 00:00 0 
2aaaab957000-2aaaab95a000 r-xp 00000000 fd:00 10551328                  
2aaaab95a000-2aaaabb59000 ---p 00003000 fd:00 10551328                  
2aaaabb59000-2aaaabb5a000 rw-p 00002000 fd:00 10551328                  
2aaaabb5a000-2aaaabb5c000 rw-p 2aaaabb5a000 00:00 0 
2aaaabb5c000-2aaaabb69000 r-xp 00000000 fd:00 10551364                  
2aaaabb69000-2aaaabd69000 ---p 0000d000 fd:00 10551364                  
2aaaabd69000-2aaaabd6a000 rw-p 0000d000 fd:00 10551364                  
2aaaac000000-2aaaac021000 rw-p 2aaaac000000 00:00 0 
2aaaac021000-2aaab0000000 ---p 2aaaac021000 00:00 0 
7fffd223e000-7fffd2253000 rw-p 7ffffffea000 00:00 0                      [stack]
7fffd23fe000-7fffd2400000 r-xp 7fffd23fe000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
hcid[3605]: Audio service (audio) was killed by signal 6
hcid[3605]: Service owner exited: :1.61
hcid[3605]: Removing record with handle 0x10000
hcid[3605]: Service classes 0x08
hcid[3605]: Removing record with handle 0x10001
hcid[3605]: Service classes 0x00
hcid[3605]: PasskeyAgent.Request(/org/bluez/hci0, 00:19:1F:19:2D:5D) was canceled

input[3609]: Unregistered manager path
hcid[3605]: Stopping SDP server
input[3609]: Exit
hcid[3605]: Releasing agent :1.19, /org/bluez/passkey
hcid[3605]: Releasing authorization agent :1.19, /org/bluez/auth
hcid[3605]: name_listener_remove(:1.19)
hcid[3605]: release_services
hcid[3605]: Unregistering service object: /org/bluez/service_echo
hcid[3605]: Unregistering service object: /org/bluez/service_audio
hcid[3605]: Unregistering service object: /org/bluez/service_input
hcid[3605]: name_listener_remove(:1.62)
hcid[3605]: Unregistering service object: /org/bluez/service_serial
hcid[3605]: Unregister path: /org/bluez/hci0
hcid[3605]: Unregister path: /org/bluez
hcid[3605]: Shutting down local server
hcid[3605]: Exit
[root@feather ~]# 
[root@feather ~]# rpm -q bluez-libs
[root@feather ~]#
Comment 1 Bastien Nocera 2007-10-29 11:00:17 EDT
It's not supposed to work in F8, although it shouldn't crash.

Please test with 3.22:

And if it still fails, please gather a backtrace using the instructions at:

Bluetooth audio integration is planned for F9 (might get into an F8 update though).
Comment 2 David Woodhouse 2007-10-29 11:34:40 EDT
Er, bluetooth audio was working fine in F8 a couple of weeks ago when I last
tested it. I thought it was one of the advertised features.
Comment 3 Jes Sorensen 2007-10-29 12:10:25 EDT
Created attachment 242011 [details]
crash of blues-utils fc9

hcid debug output from crash with latest fc9 binaries of bluez-utils/libs 3.22
Comment 4 Jes Sorensen 2007-10-29 12:11:32 EDT
Created attachment 242021 [details]
hcidump output

hcidump -XV output of operations to match hcid output
Comment 5 Jes Sorensen 2007-10-29 12:13:30 EDT
I tried out the fc9 binaries of blues-libs-3.22 and blues-utils-3.22 but 
they still crash in a similar way. I have attached the hcid output
which includes the backtrace and the hcidump output to see whats going
on on the wire.

I cannot see how I can get you anymore backtrace than that.

Comment 6 Bastien Nocera 2007-10-29 12:22:08 EDT
Please read http://fedoraproject.org/wiki/StackTraces and provide a backtrace of
the crash. The builtin backtrace provided by the glibc isn't good enough for us
to be able to fix this bug.

(In reply to comment #2)
> Er, bluetooth audio was working fine in F8 a couple of weeks ago when I last
> tested it. I thought it was one of the advertised features.

Supposed to be working, yes, which is why this isn't closed, but it's not one of
the advertised features, as there's still no UI.
Comment 7 Jes Sorensen 2007-10-29 12:41:23 EDT
Rather than telling my to read that bogus bug-tracking page, maybe you can
tell me how you suggest I get a stack trace of this thing?

bluetooth-service-audio is called through some suspicious back channel,
so doing gdb -p <pid> on it isn't exactly a walk in the park. It's not hcid
thats crashing.

I cannot install the debuginfo package for bluez-utils since it requires
a libgstbluetooth.so that isn't part of the package. Brilliant idea to have
the .debuginfo package require a special library it doesn't provide in it's
own package.

I've been through that stack traces page and there is nothing on it
that tells me how to get the stack trace you are asking for!

Comment 8 Bastien Nocera 2007-10-29 13:15:14 EDT
I added the info to:

Feel free to come back to me if the instructions aren't clear enough.

As for the debuginfo package, just install it with --nodeps. libgstbluetooth.so
is in bluez-utils-gstreamer, but the debuginfo package will still work fine
without that dependency installed.
Comment 9 Bug Zapper 2008-11-26 03:07:51 EST
This message is a reminder that Fedora 8 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 8.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '8'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 8's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 8 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
Comment 10 Bug Zapper 2009-01-09 00:00:27 EST
Fedora 8 changed to end-of-life (EOL) status on 2009-01-07. Fedora 8 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.