bluetoothd crashed with SIGSEGV in g_slist_foreach()

Bug #1056525 reported by Steve Langasek
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
bluez (Ubuntu)
Expired
Medium
Unassigned

Bug Description

no idea what caused this crash, but may have coincided with a crash of my X session.

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: bluez 4.101-0ubuntu5
ProcVersionSignature: Ubuntu 3.5.0-15.22-generic 3.5.4
Uname: Linux 3.5.0-15-generic x86_64
ApportVersion: 2.5.2-0ubuntu4
Architecture: amd64
Date: Tue Sep 25 16:56:14 2012
ExecutablePath: /usr/sbin/bluetoothd
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.1)
InterestingModules: rfcomm bnep btusb bluetooth
MachineType: LENOVO 3249CTO
ProcCmdline: /usr/sbin/bluetoothd
ProcEnviron:
 PATH=(custom, no user)
 TERM=linux
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.5.0-15-generic root=/dev/mapper/hostname-root ro quiet splash --verbose vt.handoff=7
SegvAnalysis:
 Segfault happened at: 0x7f43cd14e030 <g_slist_foreach+16>: mov 0x8(%rdi),%rbx
 PC (0x7f43cd14e030) ok
 source "0x8(%rdi)" (0x00000079) not located in a known VMA region (needed readable region)!
 destination "%rbx" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: bluez
StacktraceTop:
 g_slist_foreach (list=0x71, list@entry=0x7f43ce9a4540, func=0x7f43cd137930 <g_free>, user_data=user_data@entry=0x0) at /build/buildd/glib2.0-2.33.14/./glib/gslist.c:893
 g_slist_free_full (list=0x7f43ce9a4540, free_func=<optimized out>) at /build/buildd/glib2.0-2.33.14/./glib/gslist.c:177
 ?? ()
 ?? ()
 g_main_dispatch (context=0x7f43ce956160) at /build/buildd/glib2.0-2.33.14/./glib/gmain.c:2715
Title: bluetoothd crashed with SIGSEGV in g_slist_foreach()
UpgradeStatus: Upgraded to quantal on 2012-06-11 (106 days ago)
UserGroups:

dmi.bios.date: 08/23/2010
dmi.bios.vendor: LENOVO
dmi.bios.version: 6QET52WW (1.22 )
dmi.board.name: 3249CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr6QET52WW(1.22):bd08/23/2010:svnLENOVO:pn3249CTO:pvrThinkPadX201:rvnLENOVO:rn3249CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 3249CTO
dmi.product.version: ThinkPad X201
dmi.sys.vendor: LENOVO
hciconfig:
 hci0: Type: BR/EDR Bus: USB
  BD Address: 70:F3:95:44:6E:D2 ACL MTU: 1021:8 SCO MTU: 64:1
  UP RUNNING PSCAN
  RX bytes:101874 acl:44 sco:1963 events:82 errors:0
  TX bytes:101621 acl:55 sco:1952 commands:31 errors:0
modified.conffile..etc.bluetooth.audio.conf: [modified]
modified.conffile..etc.bluetooth.rfcomm.conf: [modified]
mtime.conffile..etc.bluetooth.audio.conf: 2012-07-08T14:28:12.327532
mtime.conffile..etc.bluetooth.rfcomm.conf: 2010-09-25T01:24:39
syslog:

Revision history for this message
Steve Langasek (vorlon) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 g_slist_foreach (list=0x71, list@entry=0x7f43ce9a4540, func=0x7f43cd137930 <g_free>, user_data=user_data@entry=0x0) at /build/buildd/glib2.0-2.33.14/./glib/gslist.c:893
 g_slist_free_full (list=0x7f43ce9a4540, free_func=<optimized out>) at /build/buildd/glib2.0-2.33.14/./glib/gslist.c:177
 client_free (data=0x7f43ce962970) at audio/unix.c:112
 client_cb (cond=<optimized out>, data=0x7f43ce962970, chan=<optimized out>) at audio/unix.c:1766
 g_main_dispatch (context=0x7f43ce956160) at /build/buildd/glib2.0-2.33.14/./glib/gmain.c:2715

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in bluez (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in bluez (Ubuntu):
status: New → Confirmed
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

No idea either. I haven't been able to reproduce it so far.

Seems rather weird that there would be a bit of that list in the client that is already unref'd when g_slit_free_full() gets called, I'll keep trying to figure out a cause.

Were you able to reproduce this bug again?

information type: Private → Public
Changed in bluez (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Steve Langasek (vorlon) wrote :

It doesn't look like this particular crash is one that I've had again. Most of my bluetoothd crashes are closely related to discernable and reproducible triggers (powering off headset, etc), but not this one.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for bluez (Ubuntu) because there has been no activity for 60 days.]

Changed in bluez (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.