bluetoothd dies with glibc malloc memory corruption when used with brcm_patchram

Workaround is to run bluetoothd in valgrind for now; it will prevent the crashes and allow pairing successfully, at which point a bluetooth keyboard (for example) will work.

I'll get the full stack trace "yet again", so that it's recorded in this bug.

Backtrace.

The workaround of comment #2, running bluetoothd under valgriond can be made automatic, to make the device more usable for the time being until the fix for this bug gets available. Simply follow the instructions on

https://wiki.ubuntu.com/Nexus7/UsingTheDevice#Stabilizing_the_Bluetooth_stack

After that I got my Bluetooth keyboard work using the standard GNOME tools to set it up, with PIN.

Bluetooth fully working using 3rd party app " bluetooth manager", including obex transfer and keyboard. Reboot after installation required.

Commit d4076ae3b7eff09f9d4c1f4193572e27db59dbd9 introduced couple of fields, which are not used in standard bluez user space stack. As a result, the kernel overwrites couple of bytes passed from the user space, when the two functions in the mentioned commit is invoked.

For reference, standard bluez code can be located here:
http://git.kernel.org/?p=bluetooth/bluez.git;a=blob;f=lib/hci.h;h=2f18ec8155efeab1b9bfc56a1af84a8dfcdea5c1;hb=HEAD#l2342

Attaching a patch .....

Thats really intersting. You checked wether bluetoothd is still detecting the memory corruption and is dieing?

I validated the patch on another reference platform.

Please note that the patch is for standard Linux bluez user space stack. Android does not need it.

Can someone with BT devices who can reproduce the crash test with this kernel?
It simply reverts commit d4076ae3b7eff09f9d4c1f4193572e27db59dbd9 as suggested by Mursalin in the comments above.
http://people.canonical.com/~jani/linux-image-3.1.10-8-nexus7_3.1.10-8.17_armhf.deb

I can take a crack at this tomorrow, will keep you posted

Jani, thank you for the fix. With the fixed kernel installed bluetoothd keeps stable without Valgrind now for me. I can use my Bluetooth keyboard without any workaround.

Till, thanks for testing so promptly. I sent the patch to the kernel list for inclusion in Raring.

This bug was fixed in the package linux-nexus7 - 3.1.10-8.17

---------------
linux-nexus7 (3.1.10-8.17) raring; urgency=low

  [ Tim Gardner ]

  * [Config] Updated getabis path

  [ Upstream Kernel Changes ]

  * Revert "Bluetooth: Add ACL MTU, available buffers and total buffers to
    hci_conn_info."
    - LP: #1070770
 -- Tim Gardner <email address hidden> Thu, 06 Dec 2012 07:26:05 -0700

Unfortunately, the fix in linux-nexus7 only works for Ubuntu 12.10. In the current Ubuntu 13.04 (daily snapshot from Dec 6, manually downloaded and installed linux-image-3.1.10-8-nexus7_3.1.10-8.17_armhf.deb from Launchpad, rebooted).

To use multirom, I need to install kernel_kexec_42.zip as described here
http://rootingandroid.net/how-to-install-multiple-roms-and-ubuntu-on-a-nexus-7/
(I found out when doing an apt-get upgrade that it wouldn't boot anymore, after the kernel was upgraded)
Then I'm not seeing that there is a bluetooth device. lsusb doesn't find one, hcitool scan says "No such device" and so on. Does there need to be an hci attach somewhere, if this is a serial-attached BT chip? Or is it just a missing driver in that kernel? If so, could someone provide an updated kernel image that has the bluetooth fixes and also the kexec-hardboot patch for multirom?

this was fixed long ago in the official images, closing teh nexus7 task ...

Shawn, you need MultiROM of at least version 7 and after having installed the Ubuntu ROM as one of the alternative ROMs, before you boot Ubuntu for the first time, you have to go in to the ROM list in Recovery, select the freshly added Ubuntu ROM and in the menu for modifying it, select the item to disable flash-kernel. The kernel_kexec_42.zip is only for Android and you have to apply it to the original Android system, by the "Install ZIP" entry of the main menu of Recovery. After having done all that you are able to boot both systems. Boot Ubuntu and follow the steps for the initial configuration. Kernel updates pulled by updating the system will not break the boot sector or the Android kernel and when you reboot into Ubuntu you will get the new kernel which got installed by your update. So you will be able to also test the kernel and make use of all our fixes, and boot back to Android whenever you want.

See also

https://wiki.ubuntu.com/Nexus7/Installation#Having_both_Android_and_Ubuntu_installed_for_dual_boot

Till,
Thanks for the comprehensive explanation. It does indeed work nicely now.