Ubuntu
bluez package

bluetoothd crashed with SIGSEGV in g_main_context_dispatch()

Bug #280878 reported by Rajeev Sharma
274
This bug affects 51 people
Affects Status Importance Assigned to Milestone
bluez (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: bluez

I am trying to connect my mobile to computer using bluetooth to transfer sounds from mobile to computer. When I click connect on mobile, it connects and immediately disconnects and I get a message in computer saying "application crashed".

$ lsb_release -rd
Description: Ubuntu intrepid (development branch)
Release: 8.10

$ apt-cache policy bluez
bluez:
  Installed: 4.12-0ubuntu2
  Candidate: 4.12-0ubuntu2
  Version table:
 *** 4.12-0ubuntu2 0
        500 http://in.archive.ubuntu.com intrepid/main Packages
        100 /var/lib/dpkg/status

ProblemType: Crash
Architecture: i386
CrashCounter: 1
DistroRelease: Ubuntu 8.10
ExecutablePath: /usr/sbin/bluetoothd
NonfreeKernelModules: wl
Package: bluez 4.12-0ubuntu2
ProcAttrCurrent: unconfined
ProcCmdline: /usr/sbin/bluetoothd
ProcEnviron: PATH=/sbin:/bin:/usr/sbin:/usr/bin
Signal: 11
SourcePackage: bluez
StacktraceTop:
 ?? () from /usr/lib/bluetooth/plugins/audio.so
 ?? () from /usr/lib/bluetooth/plugins/audio.so
 ?? () from /usr/sbin/bluetoothd
 ?? () from /usr/lib/libglib-2.0.so.0
 g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
Title: bluetoothd crashed with SIGSEGV in g_main_context_dispatch()
Uname: Linux 2.6.27-6-generic i686
UserGroups:

Tags: apport-crash
Revision history for this message
Rajeev Sharma (rajeev1982) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:headset_get_state (dev=0xb897cce8) at headset.c:2223
ag_io_cb (chan=0xb8976968, err=0, src=0xbf89d46a, dst=0xbf89d464, data=0xb8975148) at manager.c:497
listen_cb (chan=0xb8975250, cond=G_IO_IN, user_data=0xb8975198) at glib-helper.c:637
g_io_unix_dispatch (source=0xb8975298, callback=0xb8094c3e <listen_cb>, user_data=0xb8975198)
IA__g_main_context_dispatch (context=0xb896eb50) at /build/buildd/glib2.0-2.18.1/glib/gmain.c:2142

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Changed in bluez:
importance: Undecided → Medium
Revision history for this message
Mario Limonciello (superm1) wrote :

When you are saying transfer sounds, are you meaning audio playback, or literally transferring files? From the trace it looks like it was trying to offer an audio type service when the crash happened.

Mario Limonciello (superm1)
Changed in bluez:
status: New → Incomplete
Revision history for this message
Rajeev Sharma (rajeev1982) wrote :

I was trying to use the audio service not transfer files.

Mario Limonciello (superm1)
Changed in bluez:
status: Incomplete → Triaged
Revision history for this message
kylea (kylea) wrote :

Similar issue to the initial post - connected to the phone and then bluetooth module crashed

Was running this command to try and sync to my Nokia 6233

msynctool --sync nokia-sync --filter-objtype contact

Normal Bluetooth connection for file transfer works ok

attached are the files used in the sync process

Revision history for this message
kylea (kylea) wrote :

Bit more info on this:

Normal Bluetooth file transfer works ok - however when in Sync mode the pc does connect but immediately disconnects.

Revision history for this message
frEEk (jknopp) wrote :

I had the same error when trying to connect my BT headset just now. It initially worked fine, but after I deleted the existing device profile and tried to pair fresh, the crash occurred. A subsequent attempt (after restarting bluetooth) had the same effect.

Revision history for this message
Tobias Bradtke (webwurst) wrote :

For me this error occured when i searched for all channels within "BlueProximity".

Revision history for this message
Joshua Wise (joshua-joshuawise) wrote :

I got a segv as reported by apport, although I was doing nothing with bluetooth at the time of the crash (other than running blueproximity in the background).

Revision history for this message
Baptiste Mille-Mathias (bmillemathias) wrote :

This bug and bug 284454 seems quite similar.

Revision history for this message
Mario Limonciello (superm1) wrote :

This was fixed in c82739046f031f32e3e66128062818eea2fc9e9e (v4.31) by converting to BtIO's API.

Author: Johan Hedberg <email address hidden> 2009-02-19 13:08:20
Committer: Johan Hedberg <email address hidden> 2009-02-19 13:08:20
Parent: 8c26ea9f1865757aa796ff0ef7042bfb4c2bb6e8 (Add missing comma)
Child: e777c55aa7cd84fe63bcdee16acde8d1a293b928 (Make use of g_error_free instead of g_clear_error when possible.)
Branches: master, remotes/origin/master
Follows: 4.30
Precedes: 4.31

    Convert HSP/HFP to use btio confirm_cb

------------------------------- audio/manager.c -------------------------------
index 1eb1790..35f9c6e 100644
@@ -403,6 +403,8 @@ static void auth_cb(DBusError *derr, void *user_data)
 {
  struct audio_device *device = user_data;
  const char *uuid;
+ GError *err = NULL;
+ GIOChannel *io;

  if (get_hfp_active(device))
   uuid = HFP_AG_UUID;
@@ -411,20 +413,21 @@ static void auth_cb(DBusError *derr, void *user_data)

  if (derr && dbus_error_is_set(derr)) {
   error("Access denied: %s", derr->message);
-
   headset_set_state(device, HEADSET_STATE_DISCONNECTED);
- } else {
- char hs_address[18];
+ return;
+ }

- ba2str(&device->dst, hs_address);
- debug("Accepted headset connection from %s for %s",
- hs_address, device->path);
+ io = headset_get_rfcomm(device);

- headset_set_authorized(device);
+ if (!bt_io_accept(io, headset_connect_cb, device, NULL, &err)) {
+ error("bt_io_accept: %s", err->message);
+ g_error_free(err);
+ headset_set_state(device, HEADSET_STATE_DISCONNECTED);
+ return;
  }
 }

-static void ag_io_cb(GIOChannel *chan, GError *err, gpointer data)
+static void ag_confirm(GIOChannel *chan, gpointer data)
 {
  const char *server_uuid, *remote_uuid;
  uint16_t svclass;
@@ -432,22 +435,17 @@ static void ag_io_cb(GIOChannel *chan, GError *err, gpointer data)
  gboolean hfp_active;
  bdaddr_t src, dst;
  int perr;
- GError *gerr = NULL;
+ GError *err = NULL;
  uint8_t ch;

- if (err) {
- error("%s", err->message);
- return;
- }
-
- bt_io_get(chan, BT_IO_RFCOMM, &gerr,
+ bt_io_get(chan, BT_IO_RFCOMM, &err,
    BT_IO_OPT_SOURCE_BDADDR, &src,
    BT_IO_OPT_DEST_BDADDR, &dst,
    BT_IO_OPT_CHANNEL, &ch,
    BT_IO_OPT_INVALID);
- if (gerr) {
- error("%s", gerr->message);
- g_clear_error(&gerr);
+ if (err) {
+ error("%s", err->message);
+ g_clear_error(&err);
   goto drop;
  }

@@ -533,7 +531,7 @@ static int headset_server_init(struct audio_adapter *adapter)
    master = tmp;
  }

- io = bt_io_listen(BT_IO_RFCOMM, ag_io_cb, NULL, adapter, NULL, &err,
+ io = bt_io_listen(BT_IO_RFCOMM, NULL, ag_confirm, adapter, NULL, &err,
     BT_IO_OPT_SOURCE_BDADDR, &adapter->src,
     BT_IO_OPT_CHANNEL, chan,
     BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
@@ -564,7 +562,7 @@ static int headset_server_init(struct audio_adapter *adapter)

  chan = DEFAULT_HF_AG_CHANNEL;

- io = bt_io_listen(BT_IO_RFCOMM, ag_io_cb, NULL, adapter, NULL, &err,
+ io = bt_io_listen(BT_IO_RFCOMM, NULL, ag_confirm, adapter, NULL, &err,
     BT_IO_OPT_SOURCE_BDADDR, &adapter->src,
     BT_IO_OPT_CHANNEL, chan,
     BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,

Changed in bluez (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.