Skip to content

Instantly share code, notes, and snippets.

@penn5

penn5/debug_bluetooth.md

Last active March 10, 2019 16:47
Show Gist options
  • Save penn5/3d818eebe0f6787a78f6a1a9dc611752 to your computer and use it in GitHub Desktop.
Save penn5/3d818eebe0f6787a78f6a1a9dc611752 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
debug_bluetooth.md

Debugging a crashing bluetooth service

Getting logs for others

Enable Bluetooth HCI Snoop Logging in Developer Options and reboot. Wait for a crash and when one occurs, send /data/misc/bluetooth/logs and a logcat of the crash

Reading logs

DO NOT ATTEMPT THIS IF YOU ARE NOT EXPERIENCED WITH C/C++

  1. Clone system_bt. This will be essential.
  2. Search the logs for the root cause. This may be difficult to find, but is probably found by searching your logcat for /system/lib64/libbluetooth.so. This will show you the DEBUG log of the bluetooth service crash.
  3. If the root cause is a timeout, load btsnoop_hci.log.last into Wireshark and search for bthci_cmd.opcode == <the timeout out opcode in log>. This might help for other types of crash too.
  4. Open stack/include/hcidefs.h and search for 0x00.. replacing the dots with the last two characters of the timed out opcode. There may be several occurences, cycle through them until you find the one that matches the name given in Wireshark. After #define is the opcode name. An example is HCI_SNIFF_MODE.
  5. Run grep -r <opcode name> | grep -v '#define'. This will show you some instances, check each one and see if it has a conditional that uses *_SUPPORTED or similar. If there is no conditional, give up. Otherwise, see what feature/command it is checking for. If it isn't a feature or command, you will need to add more to https://github.com/phhusson/platform_system_bt/commit/b6b4b2af61d89f5ea54373f71abef73b2eb00c83. However it it's a feature or state, you can quite simply disable this feature or state. Check which one it is by opening it in wireshark (states in packet 26, features in packet 14). Check which bit needs disabling, and write a left-aligned inverted bitmask to disable it. To disable the state .... ...1 = Passive Scanning State and Master Role combination: True, for example, you could make a bitmask 0000000000000000000000001. Install a phhusson GSI and setprop either persist.sys.bt.unsupport.features or persist.sys.bt.unsupport.states or persist.sys.bt.unsupport.stdfeatures to your bitmask and toggle Bluetooth. Hopefully everything now works, if not, start the entire debug process again

Some examples that might be useful for reference are phhusson/treble_experimentations#399 and phhusson/treble_experimentations#376

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment