Hi charles05, Thanks again for your attention to this issue. I've updated my analysis with a clearer explanation of the components involved and provided the symbolic backtrace you requested.
[High-Level Analysis] The crash is a SIGABRT (abort signal) that occurs consistently within PulseAudio's pa_bluetooth_transport_set_state() function. The call stack shows this function was triggered by a message from the system's D-Bus service, which is the standard way BlueZ communicates device state changes to applications like PulseAudio. The crash happens when PulseAudio attempts to process one of these state change notifications, specifically during stress-testing that involves rapid Bluetooth profile and transport state transitions. [Relationship between PulseAudio and BlueZ] To clarify, the crash occurs inside the libbluez5-util.so library. Although the name contains "bluez", I assume that this is a PulseAudio-internal utility module used specifically for interacting with the BlueZ stack. It is part of the pulseaudio source package, not the bluez package. Essentially, the situation is: 1. The BlueZ daemon manages the Bluetooth hardware and broadcasts device state changes (e.g., "device disconnected") over D-Bus. 2. PulseAudio's Bluetooth module listens for these messages. 3. The crash occurs inside PulseAudio's code while it is handling a message received from BlueZ. Therefore, this appears to be a bug in PulseAudio's state management logic when it receives a rapid or unusual sequence of valid messages from BlueZ. The issue lies in PulseAudio's handling of the situation, not in BlueZ itself. For this reason, the bug is correctly filed against the pulseaudio package. [Crashing Thread Backtrace (Thread 1)] Here is the formatted backtrace for the crashing thread, which supports this analysis. --------------------------------------------------------------- // Standard abort sequence initiated by the application #4 0x00007355aebf77f3 in __GI_abort () at ./stdlib/abort.c:79 ... // <<< Crash occurs here, in PulseAudio's Bluetooth utility library #5 0x00007355a886cfb5 in pa_bluetooth_transport_set_state () at /usr/lib/pulse-15.99.1+dfsg1/modules/libbluez5-util.so ... // <<< Triggered by a D-Bus message, the standard IPC for BlueZ #7 0x00007355aeed5869 in dbus_connection_dispatch () at /lib/x86_64-linux-gnu/libdbus-1.so.3 // Standard PulseAudio main event loop ... #12 0x0000610c5ab82f7d in main () ------------------------------------------------------------- [Next Steps?] This backtrace confirms the location of the fault within PulseAudio's logic. If you need any further resource, I will work on reproducing the crash with --log-level=debug enabled to capture the verbose logs leading up to this abort. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2121311 Title: pulseaudio aborts in pa_bluetooth_transport_set_state() (Bluetooth/BlueZ integration) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2121311/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
