bluetoothd coredumps from double free on connection of headset

Bug #1952217 reported by Adrian Wilkins

This bug report will be marked for expiration in 58 days if no further activity occurs. (find out why)

This bug affects 1 person
Affects Status Importance Assigned to Milestone
bluez (Ubuntu)

Bug Description


Since the security updates on 2021-11-23 connecting my headset causes bluetoothd to crash, which drops all the other connections.


Headset connects and works as it has done previously.

❯ lsb_release -rd
Description: Ubuntu 20.04.3 LTS
Release: 20.04

❯ apt-cache policy bluez
  Installed: 5.53-0ubuntu3.4
  Candidate: 5.53-0ubuntu3.4

Headset is a Sony WH-1000XM3. I have ppa:berglh/pulseaudio-a2dp installed for the LDAC codecs for this headset.

Revision history for this message
Adrian Wilkins (adrian-wilkins) wrote (last edit ):

Syslog from affected system.

- First action is to select the affected headset from the Bluetooth applet

The first thing that happens is the coredum. Then the service restarts ; this seems to be fast enough that the connection is still in progress, you can see the audio endpoints being registered,

? because the state is lost this does not complete and the device reports disconnection. *

- Second action is activation of a Bluetooth keyboard

This connects and functions correctly

- Third action is selecting the affected headset again

Same response. The keyboard is also disconnected but reconnects automatically.

* this is not true : these endpoints are re-registered merely on restarting the bluetooth service.

Revision history for this message
Adrian Wilkins (adrian-wilkins) wrote :

bluetoothd 5.62 (installed from source @ `applied/ubuntu/devel` ) working well.

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Thanks for the bug report. It appears there have been a few double-free fixes in BlueZ over the years. Please try the latest version by live booting Ubuntu 22.04 from USB:

tags: added: focal
Changed in bluez (Ubuntu):
status: New → Incomplete
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Please also check for crash reports so we can identify *which* double-free this is:

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers