OpenWrt Forum Archive

Topic: BlueZ ver 5.28 BLE Pairing Crashes Kernel

The content of this topic has been archived on 5 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
wtucker
20 Mar 2015, 21:32

BlueZ ver 5.28 BLE Pairing Crashes Kernel.

I was looking for a way to perform pairing of a BLE device to  the D-Link DIR-505A1 / BLE dongle. I have most of it working discovery, connections, gatt commands, but pairing causes the kernel to crash.  I'm currently using dbus and bluetoothctl since I couldn't find another way to perform pairing in C yet. My Linux PC with Kernel 3.16.6 and bluetooth core 2.19 using the same bluetoothctl works fine.

Any Ideas how to fix this or where to look for more clues or something easier to try/use?

Using:

using latest trunk on 3/20/2015

============================================
Date:Feb  9 2012  Time:20:12:45
Cameo Version: v1.00 Build:03
Module Name: D-Link DIR-505A1
============================================
Starting kernel ...

[    0.000000] Linux version 3.18.9 (guest@W) (gcc version 4.8.3 (
OpenWrt/Linaro GCC 4.8-2014.04 r44873) ) #1 Fri Mar 20 10:42:02 MDT 2015
[    0.000000] bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 00019374 (MIPS 24Kc)
...
[   15.230000] Bluetooth: Core ver 2.19
[   15.230000] NET: Registered protocol family 31
[   15.230000] Bluetooth: HCI device and connection manager initialized
[   15.240000] Bluetooth: HCI socket layer initialized
[   15.250000] Bluetooth: L2CAP socket layer initialized
[   15.250000] Bluetooth: SCO socket layer initialized
[   15.270000] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[   15.270000] Bluetooth: BNEP filters: protocol multicast
[   15.280000] Bluetooth: BNEP socket layer initialized
[   15.300000] usbcore: registered new interface driver btusb
[   15.300000] Loading modules backported from Linux version master-2015-03-09-0-g141f155
[   15.310000] Backport generated by backports.git backports-20150129-0-gdd4a670
[   15.320000] Bluetooth: HCI UART driver ver 2.2
[   15.320000] Bluetooth: HCI H4 protocol initialized
[   15.330000] Bluetooth: HCI BCSP protocol initialized
[   15.330000] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[   15.340000] Bluetooth: HIDP socket layer initialized
[   15.340000] bluetooth hci0: Direct firmware load for brcm/BCM20702A0-0a5c-21e8.hcd failed with error -2
[   15.350000] bluetooth hci0: Falling back to user helper
[   15.370000] ip_tables: (C) 2000-2006 Netfilter Core Team
[   15.430000] Bluetooth: RFCOMM TTY layer initialized
[   15.430000] Bluetooth: RFCOMM socket layer initialized
[   15.430000] Bluetooth: RFCOMM ver 1.11
[   16.060000] Bluetooth: Unable to create crypto context

Also tried to add patch for this and it didn't make any difference.
[   16.060000] Bluetooth: Unable to create crypto context

Trying to Pair:

root@OpenWrt:/# bluetoothectl

Did:
power on
scan on
scan off

[bluetooth]# show
Controller 00:19:0E:12:46:8A
        Name: BlueZ 5.28
        Alias: BlueZ 5.28
        Class: 0x000000
        Powered: yes
        Discoverable: no
        Pairable: yes
        UUID: PnP Information           (00001200-0000-1000-8000-00805f9b34fb)
        UUID: Generic Access Profile    (00001800-0000-1000-8000-00805f9b34fb)
        UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
        UUID: A/V Remote Control        (0000110e-0000-1000-8000-00805f9b34fb)
        UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
        Modalias: usb:v1D6Bp0246d051C
        Discovering: no
[bluetooth]#

[bluetooth]# pair EC:FE:7E:10:95:1F
method call sender=:1.2 -> dest=org.bluez serial=49 path=/org/bluez/hci0/dev_EC_
FE_7E_10_95_1F; interface=org.bluez.Device1; member=Pair
method call sender=:1.0 -> dest=org.freedesktop.DBus serial=129 path=/org/freede
skt[  757.590000] CPU 0 Unable to handle kernel paging request at virtual addres
s 00000200, epc == 80067e20, ra == 83231668
[  757.600000] Oops[#1]:
[  757.600000] CPU: 0 PID: 778 Comm: kworker/u3:2 Not tainted 3.18.9 #1
[  757.600000] Workqueue: hci0 hci_alloc_dev [bluetooth]
[  757.600000] task: 83bff548 ti: 83336000 task.ti: 83336000
[  757.600000] $ 0   : 00000000 00000000 00000000 00000000
[  757.600000] $ 4   : 00000200 829f440c 00000000 00000000
[  757.600000] $ 8   : ffffffec 00000001 00000003 1f95107e
[  757.600000] $12   : 00000000 771f23a0 00000000 00000000
[  757.600000] $16   : 829f4400 82a0e500 00000000 00000002
[  757.600000] $20   : 00000200 00000003 82a0e594 00000080
[  757.600000] $24   : 00000003 8322cf20
[  757.600000] $28   : 83336000 83337c90 00000005 83231668
[  757.600000] Hi    : 00000009
[  757.600000] Lo    : 00000fa0
[  757.600000] epc   : 80067e20 mutex_lock+0x0/0x30
[  757.600000]     Not tainted
[  757.600000] ra    : 83231668 smp_conn_security+0x88/0x200 [bluetooth]
[  757.600000] Status: 1000fc03 KERNEL EXL IE
[  757.600000] Cause : 00800008
[  757.600000] BadVA : 00000200
[  757.600000] PrId  : 00019374 (MIPS 24Kc)
[  757.600000] Modules linked in: ath9k ath9k_common pppoe ppp_async iptable_nat
ath9k_hw ath pppox ppp_generic nf_nat_ipv4 nf_conntrack_ipv6 nf_conntrack_ipv4
mac80211 ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_tcpmss xt_strin
g xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt
_length xt_id xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlim
it xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_C
LASSIFY ts_kmp ts_fsm ts_bm slhc rfcomm nf_reject_ipv4 nf_nat_masquerade_ipv4 nf
_nat_irc nf_nat_ftp nf_nat nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrac
k_rtcache nf_conntrack_irc nf_conntrack_ftp iptable_raw iptable_mangle iptable_f
ilter ipt_ECN ip_tables hidp hci_uart crc_ccitt compat btusb bnep bluetooth act_
connmark nf_conntrack act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow
cls_route cls_fw sch_hfsc sch_ingress hid evdev input_core ledtrig_usbdev ip6t_
REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_raw ip6table_mangle ip6
table_filter ip6_tables x_tables ifb ipv6 arc4 crypto_blkcipher usb_storage ehci
_platform ehci_hcd sd_mod scsi_mod gpio_button_hotplug ext4 crc16 jbd2 mbcache u
sbcore nls_base usb_common crypto_hash
[  757.600000] Process kworker/u3:2 (pid: 778, threadinfo=83336000, task=83bff54
8, tls=00000000)
[  757.600000] Stack : 830f5400 832283f0 829f6e00 82a0e500 829f4400 830f5400 82a
0e500 829f4400
          829f4400 82a0e5ac 82a0e59c 8322c69c 83bb4000 829f4570 829f6c0b 8011ccf
0
          83bb4000 829f4570 829f6c0b 829f440c 829f4413 00000000 83bb4000 829f440
0
          00000000 829f440c 83bb4008 00000000 832381e8 832381b8 00000088 83211f5
8
          fffffff5 800f964c 83bb4000 83bb46bc 00000000 00000000 00000000 0000000
0
          ...
[  757.600000] Call Trace:
[  757.600000] [<80067e20>] mutex_lock+0x0/0x30
[  757.600000] [<83231668>] smp_conn_security+0x88/0x200 [bluetooth]
[  757.600000] [<8322c69c>] l2cap_connect_cfm+0x290/0x354 [bluetooth]
[  757.600000] [<83211f58>] hci_chan_lookup_handle+0x4fec/0x5968 [bluetooth]
[  757.600000]
[  757.600000]
Code: 8fb00024  03e00008  27bd0040 <c0820000> 2443ffff  e0830000  1060fffc  0000
0000  2442ffff
[  757.880000] ---[ end trace 9237985c83908c91 ]---
op/DBus; interface=org.freedesktop.DBus; member=AddMatch
   string "type='sig[  757.890000] CPU 0 Unable to handle kernel paging request
at virtual address fffffff0, epc == 801b5158, ra == 802c8c68
[  757.890000] Oops[#2]:
[  757.890000] CPU: 0 PID: 778 Comm: kworker/u3:2 Tainted: G      D        3.18.
9 #1
[  757.890000] task: 83bff548 ti: 83336000 task.ti: 83336000
[  757.890000] $ 0   : 00000000 803d0000 00000000 c9d6a9c5
[  757.890000] $ 4   : 83bff548 00000000 80359590 c9d6a9c5
[  757.890000] $ 8   : 00000003 00000000 00000000 000a0014
[  757.890000] $12   : 0000000e 00000007 00000001 80337d74
[  757.890000] $16   : 00000000 00000001 80359590 83828000
[  757.890000] $20   : 83bff744 80360000 80359590 00000000
[  757.890000] $24   : 0000000e 80117168
[  757.890000] $28   : 83336000 83337a48 00000010 802c8c68
[  757.890000] Hi    : 000000b0
[  757.890000] Lo    : 75c3a480
[  757.890000] epc   : 801b5158 kthread_data+0x4/0xc
[  757.890000]     Tainted: G      D
[  757.890000] ra    : 802c8c68 wq_worker_sleeping+0x14/0xc0
[  757.890000] Status: 1000fc02 KERNEL EXL
[  757.890000] Cause : 80800008
[  757.890000] BadVA : fffffff0
[  757.890000] PrId  : 00019374 (MIPS 24Kc)
[  757.890000] Modules linked in: ath9k ath9k_common pppoe ppp_async iptable_nat
ath9k_hw ath pppox ppp_generic nf_nat_ipv4 nf_conntrack_ipv6 nf_conntrack_ipv4
mac80211 ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_tcpmss xt_strin
g xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt
_length xt_id xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlim
it xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_C
LASSIFY ts_kmp ts_fsm ts_bm slhc rfcomm nf_reject_ipv4 nf_nat_masquerade_ipv4 nf
_nat_irc nf_nat_ftp nf_nat nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrac
k_rtcache nf_conntrack_irc nf_conntrack_ftp iptable_raw iptable_mangle iptable_f
ilter ipt_ECN ip_tables hidp hci_uart crc_ccitt compat btusb bnep bluetooth act_
connmark nf_conntrack act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow
cls_route cls_fw sch_hfsc sch_ingress hid evdev input_core ledtrig_usbdev ip6t_
REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_raw ip6table_mangle ip6
table_filter ip6_tables x_tables ifb ipv6 arc4 crypto_blkcipher usb_storage ehci
_platform ehci_hcd sd_mod scsi_mod gpio_button_hotplug ext4 crc16 jbd2 mbcache u
sbcore nls_base usb_common crypto_hash
[  757.890000] Process kworker/u3:2 (pid: 778, threadinfo=83336000, task=83bff54
8, tls=00000000)
[  757.890000] Stack : 00000001 80359590 83828000 83bff744 83bff548 80066278 803
d0000 00000000
          83337a68 83337a68 83bff548 00000001 83bff540 83828000 83bff6c0 0000000
1
          83bff540 00000000 00000010 80129220 803d4880 00000002 80362a6c 803d000
0
          83337aa8 83337aa8 83bff708 08000000 83337aa8 83337ad4 83337bd8 8031881
8
          0000000b 00000028 00000200 00000003 00000000 00000000 00030000 801228b
8
          ...

(Last edited by wtucker on 20 Mar 2015, 21:35)

Post #2
zloop
22 Mar 2015, 10:23

Not knowing the bluetooth subsystem but:

- test BlueZ 5.29 it might have some fixes
- check if you are using the correct commands - there might be bugs in the bluez tools with new "LE" devices or some things that are "not supposed to work that way"
- Kernel 3.16 and 3.18 might differ: Bluetooth LE is "new" and needs testings - looking at the release news of bluez for 5.22 and other versions (many of them have LE improvements)

Unable to create crypto context

-> Low Energy Secure Connections which will require a 3.19 or newer kernel.
from bluez 5.26 release note

You could report this to linux-bluetooth or bluez - maybe its something "obvious" that can be identified by
your crash (it looks like it is security and mutex related)

The discussion might have continued from here.