Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1962186ybz;
        Sun, 26 Apr 2020 08:05:29 -0700 (PDT)
X-Google-Smtp-Source: APiQypJuRBWhtrfbQ3ff+kSe6tt7Fj4AId7oe36KsRDHCbQvwuSkz76vN5yqa1U7AE5fFGBVgosE
X-Received: by 2002:a05:6402:1d89:: with SMTP id dk9mr15153262edb.382.1587913529648;
        Sun, 26 Apr 2020 08:05:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1587913529; cv=none;
        d=google.com; s=arc-20160816;
        b=IwkLpM8EBePNwGbYkSEXeIcyeM6IJP5UsRXP+I47NitY4420jG0dS7hmp3MszVhhzM
         XKVMMV6QSW+lRjvppnvy1HGiMoWe65gpFeKCr3BKDxyfszyOLvqeD3j8h0aqfU4e47Ga
         0b7v8wEO0GRoiTGZ37JZqVGz+iJL8ZSf8/GFOcSBQIMqYItAZPmGDvdAirVIFFP28fPJ
         kl8LrHpKIZh44pBSiwbT+EXf6AppXG+z5PZEd4cWIfZiPFvikoWjwxqwum1Gu7+eq4lx
         QGS7fBwA0kWRUWJ2CgegvcL+Aey72ndNFwrYQAolYCF0h26apNV67wOJrYEKxh+3oE/E
         SXzg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:content-disposition
         :mime-version:message-id:subject:to:from:date:dkim-signature;
        bh=c5lHDXq5Iwjr4o8FZIkZW66wNgHpRAIsl/JS/ZW6U6w=;
        b=Gs8fNjIqCkx51QYE+yDBbZ91BnSr43pkFZjWsj/CztspZBE53bp2egoPjsPgwThPkm
         w0gFkxF2krOu0cp7ckKU2wlVF2uMoHMBqBWQAoRhYa0VCL+dHyzfjEYF+qeKzbUc50sb
         bCW9twl0ExNapY2Wy9DGYCf9oaw8fNh6BRsUoeQSs6bryhf/glV0VFMD3xQP92aX7jm0
         ofevxnwmPn1Km1P0czSCH1Eaf2J3g9nGjePoWlixsT06c6o1ny1+Pyommq12SwP8PU3j
         r1Uf/kxmsg9FPl3W39wLX0Hd7x+8gTvI8ixpgnyoxGoXLvnUIcNJpcXPN3bOIBAJYWN/
         6XhA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=CfDWxfMF;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e1si6580920ejl.173.2020.04.26.08.04.46;
        Sun, 26 Apr 2020 08:05:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=CfDWxfMF;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726147AbgDZPEj (ORCPT <rfc822;nicolas.fabbro@gmail.com>
        + 99 others); Sun, 26 Apr 2020 11:04:39 -0400
Received: from mail.kernel.org ([198.145.29.99]:55320 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726143AbgDZPEj (ORCPT <rfc822;linux-bluetooth@vger.kernel.org>);
        Sun, 26 Apr 2020 11:04:39 -0400
Received: from pali.im (pali.im [31.31.79.79])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 9955C206D4;
        Sun, 26 Apr 2020 15:04:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1587913478;
        bh=xFvY3gcKWHJNHEWrcuJuogWR/gCNV5LWSpRQNFluZqg=;
        h=Date:From:To:Subject:From;
        b=CfDWxfMF7zYkhl8ecpXgcaQDlRunNX4HU8dmmzKyQEQsWo+uIGaT9as7S6ACPX/Cp
         VatJkYfC1iwxV7FDmeoWbcqWIl7Lc0WEFU0BN5U5zvde4+6e29VbaVLjQOQSBlPx52
         N/BAjr0CLBc1e6KAg9yfl7yKrftVVk4syYfbv2FA=
Received: by pali.im (Postfix)
        id AABC6B71; Sun, 26 Apr 2020 17:04:35 +0200 (CEST)
Date:   Sun, 26 Apr 2020 17:04:35 +0200
From:   Pali =?utf-8?B?Um9ow6Fy?= <pali@kernel.org>
To:     linux-bluetooth@vger.kernel.org,
        Luiz Augusto von Dentz <luiz.dentz@gmail.com>
Subject: bluetoothd crashes when tryting to change A2DP codec via DBus
Message-ID: <20200426150435.s562o34mertpj6ct@pali>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: NeoMutt/20180716
Sender: linux-bluetooth-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

Hello!

Bluez bluetoothd daemon compiled from git master branch crashes when I
try to call DBus method for switching A2DP codec. Below is stacktrace
from gdb. It looks like NULL pointer dereference. It is reproducible.

Program received signal SIGSEGV, Segmentation fault.
0x000055e1b3659c1a in avdtp_find_remote_sep (session=0x55e1b408bf80, lsep=0x0) at profiles/audio/avdtp.c:1221
1221            if (lsep->info.inuse)
(gdb) bt
#0  0x000055e1b3659c1a in avdtp_find_remote_sep (session=0x55e1b408bf80, lsep=0x0) at profiles/audio/avdtp.c:1221
#1  0x000055e1b36568fc in find_remote_sep (sep=<optimized out>, chan=<optimized out>, chan=<optimized out>) at profiles/audio/a2dp.c:1169
#2  0x000055e1b3656955 in a2dp_reconfigure (data=0x55e1b40a1e10) at profiles/audio/a2dp.c:1188
#3  0x00007f4e07e90863 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007f4e07e8fdd8 in g_main_context_dispatch () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007f4e07e901c8 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#6  0x00007f4e07e904c2 in g_main_loop_run () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#7  0x000055e1b36ef725 in mainloop_run () at src/shared/mainloop-glib.c:79
#8  0x000055e1b36efb02 in mainloop_run_with_signal (func=<optimized out>, user_data=0x0) at src/shared/mainloop-notify.c:201
#9  0x000055e1b364b15e in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:770
(gdb) print lsep
$1 = (struct avdtp_local_sep *) 0x0