Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1569813 - bluez 5.49 bluetoothd coredump
Summary: bluez 5.49 bluetoothd coredump
Keywords:
Status: CLOSED DUPLICATE of bug 1567622
Alias: None
Product: Fedora
Classification: Fedora
Component: bluez
Version: 27
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Don Zickus
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-20 02:21 UTC by misha.pavlov
Modified: 2018-05-28 11:18 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-20 10:05:52 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description misha.pavlov 2018-04-20 02:21:55 UTC 
Description of problem:
systemd[1]: bluetooth.service: Main process exited, code=dumped, status=11/SEGV
With a USB Bluetooth adapter
Bus 003 Device 078: ID 0461:4d75 Primax Electronics, Ltd Rocketfish RF-FLBTAD Bluetooth Adapter

Version-Release number of selected component (if applicable):
bluez-5.49-1.fc27.rpm
most likely as well in bluez-5.49-2.fc28.rpm

How reproducible:
every time i attempt to connect bluetooth headphones

Steps to Reproduce:
1. start bluetooth service 
2. attempt to connect headphones


Actual results:
Apr 19 20:16:50 haswell kernel: bluetoothd[5048]: segfault at 8 ip 00005629670b02d0 sp 00007ffea0f99368 error 4 in bluetoothd[56296704d000+f6000]

Expected results:
Apr 19 20:17:45 haswell bluetoothd[5313]: Bluetooth daemon 5.49
Apr 19 20:17:45 haswell systemd[1]: Started Bluetooth service.

Additional info:
Appears to be known and patch available
https://www.spinics.net/lists/linux-bluetooth/msg74984.html

I patched bluez-5.49-1.fc27.src.rpm with the below and can confirm the fix

# cat ../0001-btd_adv_manager_refresh.patch
From dc29fa5306991ce80e5479c44559119fca57d11d Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 19 Apr 2018 19:37:13 -0400
Subject: [PATCH] 001-btd_adv_manager_refresh.patch

---
 src/advertising.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/advertising.c b/src/advertising.c
index b976562..101b9a9 100644
--- a/src/advertising.c
+++ b/src/advertising.c
@@ -1173,6 +1173,8 @@ void btd_adv_manager_destroy(struct btd_adv_manager *manager)

 void btd_adv_manager_refresh(struct btd_adv_manager *manager)
 {
-       queue_foreach(manager->clients, (queue_foreach_func_t)refresh_adv,
-                                                                       NULL);
+     if (manager != NULL) {
+         queue_foreach(manager->clients, (queue_foreach_func_t)refresh_adv,
+                                         NULL);
+     }
 }
--
2.14.3

I checked also bluez-5.49-2.fc28.src.rpm and don't see this being fixed there.
Comment 1 Bastien Nocera 2018-04-20 10:05:52 UTC 

*** This bug has been marked as a duplicate of bug 1567622 ***
Comment 2 Wolf Vollprecht 2018-05-28 11:18:07 UTC 
In my version of bluez this patch has not been integrated as far as i can tell. 

This version is slightly closer to the upstream fix:

diff --git a/src/advertising.c b/src/advertising.c
index b976562c4..0cb6eac3a 100644
--- a/src/advertising.c
+++ b/src/advertising.c
@@ -1173,6 +1173,9 @@ void btd_adv_manager_destroy(struct btd_adv_manager *manager)
 
 void btd_adv_manager_refresh(struct btd_adv_manager *manager)
 {
+	if (!manager)
+		return;
+
 	queue_foreach(manager->clients, (queue_foreach_func_t)refresh_adv,
 									NULL);
 }



Cheers!
Note You need to log in before you can comment on or make changes to this bug.