debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #08004
[Bug 2121311] Re: pulseaudio aborts in pa_bluetooth_transport_set_state() (Bluetooth/BlueZ integration)
Here is the full backtrace for the crash, along with a brief analysis.
StacktraceTop:
pa_bluetooth_transport_set_state () at /usr/lib/pulse-15.99.1+dfsg1/modules/libbluez5-util.so
() at /usr/lib/pulse-15.99.1+dfsg1/modules/libbluez5-util.so
dbus_connection_dispatch () at /lib/x86_64-linux-gnu/libdbus-1.so.3
() at /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-15.99.so
pa_mainloop_dispatch () at /lib/x86_64-linux-gnu/libpulse.so.0
---
Thread 1 (Thread 0x7355ae16a080 (LWP 872)) - CRASHING THREAD:
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=126811830132864) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=126811830132864) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=126811830132864, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3 0x00007355aec11476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007355aebf77f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x00007355a886cfb5 in pa_bluetooth_transport_set_state () at /usr/lib/pulse-15.99.1+dfsg1/modules/libbluez5-util.so
#6 0x00007355a886f28b in () at /usr/lib/pulse-15.99.1+dfsg1/modules/libbluez5-util.so
#7 0x00007355aeed5869 in dbus_connection_dispatch () at /lib/x86_64-linux-gnu/libdbus-1.so.3
#8 0x00007355aefdcd08 in () at /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-15.99.so
#9 0x00007355aef4cb30 in pa_mainloop_dispatch () at /lib/x86_64-linux-gnu/libpulse.so.0
#10 0x00007355aef4d0ca in pa_mainloop_iterate () at /lib/x86_64-linux-gnu/libpulse.so.0
#11 0x00007355aef4d170 in pa_mainloop_run () at /lib/x86_64-linux-gnu/libpulse.so.0
#12 0x0000610c5ab82f7d in main ()
---
Thread 4 (Thread 0x7355a0e4d640 (LWP 905)):
#0 0x00007355aece7bcf in __GI___poll (fds=0x735598006840, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1 0x00007355a85c9256 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2 0x00007355a85732b3 in g_main_loop_run () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3 0x00007355a362ec7f in () at /usr/lib/pulse-15.99.1+dfsg1/modules/module-snap-policy.so
#4 0x00007355aefe3cb3 in () at /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-15.99.so
#5 0x00007355aec63ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#6 0x00007355aecf5850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
---
Thread 3 (Thread 0x7355a9095640 (LWP 904)):
#0 0x00007355aece7cce in __ppoll (fds=0x610c789f5460, nfds=3, timeout=<optimized out>, sigmask=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:42
#1 0x00007355af04e389 in pa_rtpoll_run () at /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecore-15.99.so
#2 0x00007355a99de7bb in () at /usr/lib/pulse-15.99.1+dfsg1/modules/libalsa-util.so
#3 0x00007355aefe3cb3 in () at /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-15.99.so
#4 0x00007355aec63ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#5 0x00007355aecf5850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
---
Thread 2 (Thread 0x7355a9896640 (LWP 903)):
#0 0x00007355aece7cce in __ppoll (fds=0x610c789e26f0, nfds=3, timeout=<optimized out>, sigmask=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:42
#1 0x00007355af04e389 in pa_rtpoll_run () at /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecore-15.99.so
#2 0x00007355a99dd387 in () at /usr/lib/pulse-15.99.1+dfsg1/modules/libalsa-util.so
#3 0x00007355aefe3cb3 in () at /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-15.99.so
#4 0x00007355aec63ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#5 0x00007355aecf5850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/2121311
Title:
pulseaudio aborts in pa_bluetooth_transport_set_state()
(Bluetooth/BlueZ integration)
Status in pulseaudio package in Ubuntu:
Incomplete
Bug description:
What happened
- While stress-testing Bluetooth with a custom RFCOMM/L2CAP fuzzing harness on a separate Ubuntu test device, pulseaudio aborted in pa_bluetooth_transport_set_state() (module-bluez5 / libbluez5-util.so). The harness drives rapid, occasionally malformed transport/profile transitions—frequent connect/disconnect and state flapping.
Steps to reproduce (high-level)
1. Pair/connect a Bluetooth audio device (e.g., headset/speaker).
2. Generate rapid transport/profile state changes (connect/disconnect/suspend/resume, A2DP ↔ HFP/HSP switching) using a test harness.
3. After a short burst (minutes), pulseaudio exits with SIGABRT in pa_bluetooth_transport_set_state().
Repro notes (from fuzzing)
- Traffic rate: ~55 packets/second (mix of RFCOMM frames and L2CAP signaling).
- Pattern: quick successive control/state transitions
- Impact: user-session PulseAudio terminates
Environment
- Distro/arch: Ubuntu 22.04 (amd64)
- Package: pulseaudio 1:15.99.1+dfsg1-1ubuntu2.2
- Cmdline: /usr/bin/pulseaudio --daemonize=no --log-target=journal
- Device under test: separate machine used for Bluetooth fuzz testing
Attachments
- Apport crash: _usr_bin_pulseaudio.1000.crash (uploaded).
Note: I don’t have btmon/journal extracts or pactl snapshots handy for
this run; I can capture them on the test device if helpful.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2121311/+subscriptions
References
