All of lore.kernel.org
 help / color / mirror / Atom feed
* 4.76 possible regression: bluetoothd segfaults when launching bluetooth programs
@ 2010-10-24 12:38 Ilya Basin
  2010-10-25 20:40 ` Johan Hedberg
  0 siblings, 1 reply; 5+ messages in thread
From: Ilya Basin @ 2010-10-24 12:38 UTC (permalink / raw)
  To: linux-bluetooth

[-- Attachment #1: Type: text/plain, Size: 1232 bytes --]

It all started after upgrading bluez from 4.69 to 4.76 .
'hcitool scan' work and bluetoothd starts normally, but when launching
any related program (e.g. Gnome bluetooth-applet), bluetoothd dies with segfault:
  Oct 24 11:31:01 IL kernel: bluetoothd[3894]: segfault at 0 ip
  b7632653 sp bfee9b5c error 4 in libc-2.12.1.so[b75be000+145000]

Downgrading to 4.69 helps, I don't even have to reboot, just
restarting bluetoothd

Additional info:
* package version(s)
kernel26 2.6.35.7
bluez 4.76
dbus 1.4.0

$ lsusb | grep lue
Bus 003 Device 002: ID 0a5c:2121 Broadcom Corp. BCM2210 Bluetooth

Compiled with debug flags, gdb output attached
dbus_message_iter_append_basic () is called 7 times after another bt
program starts.
Params seem valid:

Breakpoint 1, 0xb7e4e616 in dbus_message_iter_append_basic () from /usr/lib/libdbus-1.so.3
(gdb) print (void*)($esp+0)
$1 = (void *) 0xbffff3c0
(gdb) print *(char*)($esp+4)
$2 = 115 's'
(gdb) print **(char***)($esp+8)
$3 = 0xb80474f0 "0000110e-0000-1000-8000-00805f9b34fb"
(gdb) finish
Run till exit from #0  0xb7e4e616 in dbus_message_iter_append_basic () from /usr/lib/libdbus-1.so.3

Program received signal SIGSEGV, Segmentation fault.
0xb7d3e653 in strlen () from /lib/libc.so.6
(gdb) 

[-- Attachment #2: gdb.txt --]
[-- Type: TEXT/PLAIN, Size: 3007 bytes --]

[root@IL packages]# gdb --args /home/il/builds/bluez-debug/src/src/bluez-4.76/src/.libs/bluetoothd -n
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /.snapshots/persist/builds/bluez-debug/src/src/bluez-4.76/src/.libs/bluetoothd...(no debugging symbols found)...done.
(gdb) r
Starting program: /.snapshots/persist/builds/bluez-debug/src/src/bluez-4.76/src/.libs/bluetoothd -n
[Thread debugging using libthread_db enabled]
bluetoothd[20561]: Bluetooth deamon 4.76
bluetoothd[20561]: Starting SDP server
bluetoothd[20561]: HCI dev 0 registered
bluetoothd[20561]: HCI dev 0 up
bluetoothd[20561]: Starting security manager 0
bluetoothd[20561]: Clearing blocked list failed: Invalid argument (22)
bluetoothd[20561]: probe failed with driver input-headset for device /org/bluez/20561/hci0/dev_00_1B_98_A3_A5_2B
bluetoothd[20561]: probe failed with driver input-headset for device /org/bluez/20561/hci0/dev_00_1D_6E_4F_54_EA
bluetoothd[20561]: probe failed with driver input-headset for device /org/bluez/20561/hci0/dev_A8_7E_33_D7_29_DB
bluetoothd[20561]: Adapter /org/bluez/20561/hci0 has been enabled
bluetoothd[20561]: Inquiry Failed with status 0x12
^C
Program received signal SIGINT, Interrupt.
0xb7f73424 in __kernel_vsyscall ()
(gdb) b dbus_message_iter_append_basic
Breakpoint 1 at 0xb7e4e616
(gdb) c
Continuing.

====================
here i start another program
====================

Breakpoint 1, 0xb7e4e616 in dbus_message_iter_append_basic () from /usr/lib/libdbus-1.so.3
(gdb) c 6
Will ignore next 5 crossings of breakpoint 1.  Continuing.

Breakpoint 1, 0xb7e4e616 in dbus_message_iter_append_basic () from /usr/lib/libdbus-1.so.3
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0xb7d3e653 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0xb7d3e653 in strlen () from /lib/libc.so.6
#1  0xb7e5eb10 in ?? () from /usr/lib/libdbus-1.so.3
#2  0xb7e4a34b in ?? () from /usr/lib/libdbus-1.so.3
#3  0xb7e4e7a9 in dbus_message_iter_append_basic () from /usr/lib/libdbus-1.so.3
#4  0xb7fef03d in append_array_variant ()
#5  0xb7fef799 in emit_array_property_changed ()
#6  0xb7fe4de4 in adapter_service_ins_rem ()
#7  0xb7fd7fb1 in sdp_record_add ()
#8  0xb7fd79de in service_register_req ()
#9  0xb7fd5dfc in handle_request ()
#10 0xb7fd496e in io_session_event ()
#11 0xb7ef7a2b in ?? () from /usr/lib/libglib-2.0.so.0
#12 0xb7eb0b72 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#13 0xb7eb1350 in ?? () from /usr/lib/libglib-2.0.so.0
#14 0xb7eb1a1b in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#15 0xb7fd1bbd in main ()
(gdb) 


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: 4.76 possible regression: bluetoothd segfaults when launching bluetooth programs
  2010-10-24 12:38 4.76 possible regression: bluetoothd segfaults when launching bluetooth programs Ilya Basin
@ 2010-10-25 20:40 ` Johan Hedberg
  2010-10-26 13:04   ` Re[2]: " Ilya Basin
  0 siblings, 1 reply; 5+ messages in thread
From: Johan Hedberg @ 2010-10-25 20:40 UTC (permalink / raw)
  To: Ilya Basin; +Cc: linux-bluetooth

Hi Ilya,

On Sun, Oct 24, 2010, Ilya Basin wrote:
> Program received signal SIGSEGV, Segmentation fault.
> 0xb7d3e653 in strlen () from /lib/libc.so.6
> (gdb) bt
> #0  0xb7d3e653 in strlen () from /lib/libc.so.6
> #1  0xb7e5eb10 in ?? () from /usr/lib/libdbus-1.so.3
> #2  0xb7e4a34b in ?? () from /usr/lib/libdbus-1.so.3
> #3  0xb7e4e7a9 in dbus_message_iter_append_basic () from /usr/lib/libdbus-1.so.3
> #4  0xb7fef03d in append_array_variant ()
> #5  0xb7fef799 in emit_array_property_changed ()
> #6  0xb7fe4de4 in adapter_service_ins_rem ()
> #7  0xb7fd7fb1 in sdp_record_add ()
> #8  0xb7fd79de in service_register_req ()
> #9  0xb7fd5dfc in handle_request ()
> #10 0xb7fd496e in io_session_event ()
> #11 0xb7ef7a2b in ?? () from /usr/lib/libglib-2.0.so.0
> #12 0xb7eb0b72 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
> #13 0xb7eb1350 in ?? () from /usr/lib/libglib-2.0.so.0
> #14 0xb7eb1a1b in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
> #15 0xb7fd1bbd in main ()
> (gdb) 

Unfortunately this doesn't give too much info since you don't seem to
have all debug symbols enabled. Could you try to reproduce this with
latest bluez git. You don't need to install anything but just compile
(./boostrap-configure && make) and run (src/bluetoothd -nd) from the
source tree directly. Then, it'd also be nice if you could use git
bisect to determine the exact commit between 4.69 and 4.76 that
introduced this regression.
Thanks.

Johan

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re[2]: 4.76 possible regression: bluetoothd segfaults when launching bluetooth programs
  2010-10-25 20:40 ` Johan Hedberg
@ 2010-10-26 13:04   ` Ilya Basin
  2010-10-26 14:19     ` Johan Hedberg
  0 siblings, 1 reply; 5+ messages in thread
From: Ilya Basin @ 2010-10-26 13:04 UTC (permalink / raw)
  To: Johan Hedberg; +Cc: linux-bluetooth

[-- Attachment #1: Type: text/plain, Size: 603 bytes --]

JH> have all debug symbols enabled. Could you try to reproduce this with
JH> latest bluez git. You don't need to install anything but just compile

segfaults start after this commit:
[d5e700051b1263b2028331d41d60de02a5a6f90e] Fix append_variant_array()
to take a number of elements

Not every BT program kills bluetoothd, but Smartcam does.
http://sourceforge.net/projects/smartcam/
  [il@IL bluez]$ smartcam
  smartcam: registered DBUS service "org.gnome.smartcam"
  Found smartcam device file: /dev/video0
  smartcam: started comm thread
  smartcam: port = 1
  sdp_record_register: Protocol error

-- 

[-- Attachment #2: gdb-new.txt --]
[-- Type: TEXT/PLAIN, Size: 20150 bytes --]

[root@IL bluez]# gdb --args ./src/.libs/bluetoothd -nd
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /.snapshots/persist/builds/bluez-git/bluez/src/.libs/bluetoothd...done.
(gdb) r
Starting program: /.snapshots/persist/builds/bluez-git/bluez/src/.libs/bluetoothd -nd
[Thread debugging using libthread_db enabled]
bluetoothd[5329]: Bluetooth deamon 4.76
bluetoothd[5329]: src/main.c:parse_config() parsing main.conf
bluetoothd[5329]: src/main.c:parse_config() discovto=0
bluetoothd[5329]: src/main.c:parse_config() pairto=0
bluetoothd[5329]: src/main.c:parse_config() pageto=8192
bluetoothd[5329]: src/main.c:parse_config() name=%h-%d
bluetoothd[5329]: src/main.c:parse_config() class=0x000100
bluetoothd[5329]: src/main.c:parse_config() discov_interval=0
bluetoothd[5329]: src/main.c:parse_config() Key file does not have key 'DeviceID'
bluetoothd[5329]: Starting SDP server
bluetoothd[5329]: src/plugin.c:plugin_init() Loading builtin plugins
bluetoothd[5329]: src/plugin.c:add_plugin() Loading audio plugin
bluetoothd[5329]: src/plugin.c:add_plugin() Loading input plugin
bluetoothd[5329]: src/plugin.c:add_plugin() Loading serial plugin
bluetoothd[5329]: src/plugin.c:add_plugin() Loading network plugin
bluetoothd[5329]: src/plugin.c:add_plugin() Loading service plugin
bluetoothd[5329]: src/plugin.c:add_plugin() Loading hciops plugin
bluetoothd[5329]: src/plugin.c:add_plugin() Loading formfactor plugin
bluetoothd[5329]: src/plugin.c:add_plugin() Loading storage plugin
bluetoothd[5329]: src/plugin.c:plugin_init() Loading plugins /usr/lib/bluetooth/plugins
bluetoothd[5329]: Version mismatch for netlink
bluetoothd[5329]: plugins/service.c:register_interface() path /org/bluez/5329/any
bluetoothd[5329]: plugins/service.c:register_interface() Registered interface org.bluez.Service on path /org/bluez/5329/any
bluetoothd[5329]: network/manager.c:read_config() /etc/bluetooth/network.conf: Key file does not have key 'DisableSecurity'
bluetoothd[5329]: network/manager.c:read_config() Config options: Security=true
bluetoothd[5329]: input/manager.c:input_manager_init() input.conf: Key file does not have key 'IdleTimeout'
bluetoothd[5329]: audio/manager.c:audio_manager_init() audio.conf: Key file does not have key 'AutoConnect'
bluetoothd[5329]: audio/unix.c:unix_init() Unix socket created: 10
bluetoothd[5329]: audio/headset.c:telephony_ready_ind() Telephony plugin initialized
bluetoothd[5329]: audio/headset.c:print_ag_features() HFP AG features: "Ability to reject a call" "Enhanced call status" "Extended Error Result Codes"
bluetoothd[5329]: HCI dev 0 registered
bluetoothd[5329]: plugins/hciops.c:init_device() child 5332 forked
bluetoothd[5329]: src/adapter.c:btd_adapter_ref() 0xb800d600: ref=1
bluetoothd[5329]: HCI dev 0 up
bluetoothd[5329]: Starting security manager 0
bluetoothd[5329]: src/adapter.c:btd_adapter_set_class() Changing Major/Minor class to 0x000100
bluetoothd[5329]: src/adapter.c:adapter_start() Stopping Inquiry at adapter startup
bluetoothd[5329]: plugins/service.c:register_interface() path /org/bluez/5329/hci0
bluetoothd[5329]: plugins/service.c:register_interface() Registered interface org.bluez.Service on path /org/bluez/5329/hci0
bluetoothd[5329]: network/manager.c:network_server_probe() path /org/bluez/5329/hci0
bluetoothd[5329]: src/adapter.c:btd_adapter_ref() 0xb800d600: ref=2
bluetoothd[5329]: network/server.c:server_register() Registered interface org.bluez.NetworkServer on path /org/bluez/5329/hci0
bluetoothd[5329]: serial/manager.c:proxy_probe() path /org/bluez/5329/hci0
bluetoothd[5329]: src/adapter.c:btd_adapter_ref() 0xb800d600: ref=3
bluetoothd[5329]: serial/proxy.c:proxy_register() Registered interface org.bluez.SerialProxyManager on path /org/bluez/5329/hci0
bluetoothd[5329]: src/adapter.c:btd_adapter_ref() 0xb800d600: ref=4
bluetoothd[5329]: audio/manager.c:headset_server_probe() path /org/bluez/5329/hci0
bluetoothd[5329]: src/adapter.c:btd_adapter_ref() 0xb800d600: ref=5
bluetoothd[5329]: audio/manager.c:audio_adapter_ref() 0xb800dd80: ref=1
bluetoothd[5329]: audio/manager.c:headset_server_init() audio.conf: Key file does not have key 'Master'
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Adding record with handle 0x10000
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00000003-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00001108-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00001112-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00001203-0000-1000-8000-00805f9
bluetoothd[5329]: audio/headset.c:headset_config_init() audio.conf: Key file does not have key 'SCORouting'
bluetoothd[5329]: audio/headset.c:headset_config_init() audio.conf: Key file does not have key 'FastConnectable'
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Adding record with handle 0x10001
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00000003-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 0000111e-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 0000111f-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00001203-0000-1000-8000-00805f9
bluetoothd[5329]: audio/manager.c:a2dp_server_probe() path /org/bluez/5329/hci0
bluetoothd[5329]: audio/manager.c:audio_adapter_ref() 0xb800dd80: ref=2
bluetoothd[5329]: audio/a2dp.c:a2dp_register() audio.conf: Key file does not have key 'Enable'
bluetoothd[5329]: audio/a2dp.c:a2dp_register() audio.conf: Key file does not have key 'Disable'
bluetoothd[5329]: audio/a2dp.c:a2dp_register() audio.conf: Key file does not have group 'A2DP'
bluetoothd[5329]: audio/a2dp.c:a2dp_register() audio.conf: Key file does not have group 'A2DP'
bluetoothd[5329]: audio/a2dp.c:a2dp_register() audio.conf: Key file does not have group 'A2DP'
bluetoothd[5329]: audio/a2dp.c:a2dp_register() audio.conf: Key file does not have group 'A2DP'
bluetoothd[5329]: audio/avdtp.c:avdtp_init() audio.conf: Key file does not have key 'Master'
bluetoothd[5329]: audio/avdtp.c:avdtp_register_sep() SEP 0xb800e730 registered: type:0 codec:0 seid:1
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Adding record with handle 0x10002
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00000019-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 0000110a-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 0000110d-0000-1000-8000-00805f9
bluetoothd[5329]: audio/manager.c:avrcp_server_probe() path /org/bluez/5329/hci0
bluetoothd[5329]: audio/manager.c:audio_adapter_ref() 0xb800dd80: ref=3
bluetoothd[5329]: audio/control.c:avrcp_register() audio.conf: Key file does not have key 'Master'
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Adding record with handle 0x10003
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00000017-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 0000110c-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 0000110e-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Adding record with handle 0x10004
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00000017-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00000100-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 00001002-0000-1000-8000-00805f9
bluetoothd[5329]: src/sdpd-service.c:add_record_to_server() Record pattern UUID 0000110e-0000-1000-8000-00805f9
bluetoothd[5329]: plugins/formfactor.c:formfactor_probe() Setting 0x000100 for major/minor device class
bluetoothd[5329]: Clearing blocked list failed: Invalid argument (22)
bluetoothd[5329]: src/device.c:device_create() Creating device /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B
bluetoothd[5329]: src/device.c:btd_device_ref() 0xb80299e0: ref=1
bluetoothd[5329]: src/device.c:device_probe_drivers() Probe drivers for /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B: 00001101-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/port.c:create_serial_device() Registered interface org.bluez.Serial on path /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B: 00001103-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B: 00001105-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B: 00001106-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B: 00001112-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B: 0000111f-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B: db1d8f12-95f3-402c-9b97-bc504c9a55c4
bluetoothd[5329]: input/manager.c:headset_probe() path /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B
bluetoothd[5329]: probe failed with driver input-headset for device /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B
bluetoothd[5329]: src/adapter.c:adapter_get_device() 00:1B:98:A3:A5:2B
bluetoothd[5329]: src/device.c:btd_device_ref() 0xb80299e0: ref=2
bluetoothd[5329]: audio/device.c:audio_device_register() Registered interface org.bluez.Audio on path /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B
bluetoothd[5329]: audio/manager.c:handle_uuid() server not enabled for 00001112-0000-1000-8000-00805f9b34fb (0x1112)
bluetoothd[5329]: audio/manager.c:handle_uuid() server not enabled for 0000111f-0000-1000-8000-00805f9b34fb (0x111f)
bluetoothd[5329]: audio/manager.c:handle_uuid() server not enabled for 0000110a-0000-1000-8000-00805f9b34fb (0x110a)
bluetoothd[5329]: audio/manager.c:handle_uuid() Found AV Target
bluetoothd[5329]: audio/control.c:control_init() Registered interface org.bluez.Control on path /org/bluez/5329/hci0/dev_00_1B_98_A3_A5_2B
bluetoothd[5329]: audio/manager.c:handle_uuid() Found AV Target
bluetoothd[5329]: src/device.c:device_create() Creating device /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA
bluetoothd[5329]: src/device.c:btd_device_ref() 0xb802cf08: ref=1
bluetoothd[5329]: src/device.c:device_probe_drivers() Probe drivers for /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA: 00000002-0000-1000-8000-0002ee000002
bluetoothd[5329]: serial/port.c:create_serial_device() Registered interface org.bluez.Serial on path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA: 00001103-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA: 00001105-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA: 00001106-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA: 00001112-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA: 0000111b-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA: 0000111f-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA: 00005005-0000-1000-8000-0002ee000001
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA: 00005601-0000-1000-8000-0002ee000001
bluetoothd[5329]: input/manager.c:headset_probe() path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA
bluetoothd[5329]: probe failed with driver input-headset for device /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA
bluetoothd[5329]: src/adapter.c:adapter_get_device() 00:1D:6E:4F:54:EA
bluetoothd[5329]: src/device.c:btd_device_ref() 0xb802cf08: ref=2
bluetoothd[5329]: audio/device.c:audio_device_register() Registered interface org.bluez.Audio on path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA
bluetoothd[5329]: audio/manager.c:handle_uuid() server not enabled for 00001112-0000-1000-8000-00805f9b34fb (0x1112)
bluetoothd[5329]: audio/manager.c:handle_uuid() server not enabled for 0000111f-0000-1000-8000-00805f9b34fb (0x111f)
bluetoothd[5329]: audio/manager.c:handle_uuid() server not enabled for 0000110a-0000-1000-8000-00805f9b34fb (0x110a)
bluetoothd[5329]: audio/manager.c:handle_uuid() Found AV Target
bluetoothd[5329]: audio/control.c:control_init() Registered interface org.bluez.Control on path /org/bluez/5329/hci0/dev_00_1D_6E_4F_54_EA
bluetoothd[5329]: audio/manager.c:handle_uuid() Found AV Target
bluetoothd[5329]: src/device.c:device_create() Creating device /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB
bluetoothd[5329]: src/device.c:btd_device_ref() 0xb8031df0: ref=1
bluetoothd[5329]: src/device.c:device_probe_drivers() Probe drivers for /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 00000002-0000-1000-8000-0002ee000002
bluetoothd[5329]: serial/port.c:create_serial_device() Registered interface org.bluez.Serial on path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 00000004-0000-1000-8000-0002ee000002
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 00001103-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 00001105-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 00001106-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 00001112-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 0000111b-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 0000111f-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 0000112f-0000-1000-8000-00805f9b34fb
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 00005005-0000-1000-8000-0002ee000001
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 00005557-0000-1000-8000-0002ee000001
bluetoothd[5329]: serial/manager.c:serial_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB: 00005601-0000-1000-8000-0002ee000001
bluetoothd[5329]: input/manager.c:headset_probe() path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB
bluetoothd[5329]: probe failed with driver input-headset for device /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB
bluetoothd[5329]: src/adapter.c:adapter_get_device() A8:7E:33:D7:29:DB
bluetoothd[5329]: src/device.c:btd_device_ref() 0xb8031df0: ref=2
bluetoothd[5329]: audio/device.c:audio_device_register() Registered interface org.bluez.Audio on path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB
bluetoothd[5329]: audio/manager.c:handle_uuid() server not enabled for 00001112-0000-1000-8000-00805f9b34fb (0x1112)
bluetoothd[5329]: audio/manager.c:handle_uuid() server not enabled for 0000111f-0000-1000-8000-00805f9b34fb (0x111f)
bluetoothd[5329]: audio/manager.c:handle_uuid() server not enabled for 0000110a-0000-1000-8000-00805f9b34fb (0x110a)
bluetoothd[5329]: audio/manager.c:handle_uuid() Found AV Target
bluetoothd[5329]: audio/control.c:control_init() Registered interface org.bluez.Control on path /org/bluez/5329/hci0/dev_A8_7E_33_D7_29_DB
bluetoothd[5329]: audio/manager.c:handle_uuid() Found AV Remote
bluetoothd[5329]: Adapter /org/bluez/5329/hci0 has been enabled
bluetoothd[5329]: src/main.c:main() Entering main loop
bluetoothd[5329]: plugins/hciops.c:child_exit() child 5332 exited
bluetoothd[5329]: src/rfkill.c:rfkill_event() RFKILL event idx 0 type 2 op 0 soft 0 hard 0
bluetoothd[5329]: src/rfkill.c:rfkill_event() RFKILL event idx 1 type 1 op 0 soft 0 hard 0
bluetoothd[5329]: Inquiry Failed with status 0x12

Program received signal SIGSEGV, Segmentation fault.
0xb7d2a653 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0xb7d2a653 in strlen () from /lib/libc.so.6
#1  0xb7e53b10 in ?? () from /usr/lib/libdbus-1.so.3
#2  0xb7e3f34b in ?? () from /usr/lib/libdbus-1.so.3
#3  0xb7e437a9 in dbus_message_iter_append_basic () from /usr/lib/libdbus-1.so.3
#4  0xb7feebb4 in append_array_variant (iter=0xbffff584, type=115, val=0xbffff5f0, n_elements=6) at src/dbus-common.c:228
#5  0xb7feee58 in emit_array_property_changed (conn=0xb8009eb8, path=0xb8015860 "/org/bluez/5329/hci0", interface=0xb7ffd4b8 "org.bluez.Adapter",
    name=0xb7ffd638 "UUIDs", type=115, value=0xbffff5f0, num=6) at src/dbus-common.c:320
#6  0xb7fe400e in adapter_emit_uuids_updated (adapter=0xb800d600) at src/adapter.c:1107
#7  0xb7fe40fb in adapter_service_ins_rem (bdaddr=0xbffff770, rec=0xb800d5d8, insert=1) at src/adapter.c:1146
#8  0xb7fe4133 in adapter_service_insert (bdaddr=0xbffff770, rec=0xb800d5d8) at src/adapter.c:1153
#9  0xb7fd596a in sdp_record_add (device=0xbffff770, rec=0xb800d5d8) at src/sdpd-database.c:188
#10 0xb7fd520e in service_register_req (req=0xbffff770, rsp=0xbffff70c) at src/sdpd-service.c:684
#11 0xb7fd3ab2 in process_request (req=0xbffff770) at src/sdpd-request.c:992
#12 0xb7fd3de1 in handle_request (sk=25, data=0xb8029890 "u", len=119) at src/sdpd-request.c:1087
#13 0xb7fd1e01 in io_session_event (chan=0xb800cda0, cond=G_IO_IN, data=0xb8004990) at src/sdpd-server.c:188
#14 0xb7eeca2b in ?? () from /usr/lib/libglib-2.0.so.0
#15 0xb7ea5b72 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#16 0xb7ea6350 in ?? () from /usr/lib/libglib-2.0.so.0
#17 0xb7ea6a1b in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#18 0xb7fce93c in main (argc=1, argv=0xbffffad4) at src/main.c:486
(gdb)

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Re[2]: 4.76 possible regression: bluetoothd segfaults when launching bluetooth programs
  2010-10-26 13:04   ` Re[2]: " Ilya Basin
@ 2010-10-26 14:19     ` Johan Hedberg
  2010-10-26 19:02       ` Re[4]: " Ilya Basin
  0 siblings, 1 reply; 5+ messages in thread
From: Johan Hedberg @ 2010-10-26 14:19 UTC (permalink / raw)
  To: Ilya Basin; +Cc: linux-bluetooth

Hi Ilya,

On Tue, Oct 26, 2010, Ilya Basin wrote:
> JH> have all debug symbols enabled. Could you try to reproduce this with
> JH> latest bluez git. You don't need to install anything but just compile
> 
> segfaults start after this commit:
> [d5e700051b1263b2028331d41d60de02a5a6f90e] Fix append_variant_array()
> to take a number of elements
> 
> Not every BT program kills bluetoothd, but Smartcam does.
> http://sourceforge.net/projects/smartcam/
>   [il@IL bluez]$ smartcam
>   smartcam: registered DBUS service "org.gnome.smartcam"
>   Found smartcam device file: /dev/video0
>   smartcam: started comm thread
>   smartcam: port = 1
>   sdp_record_register: Protocol error

Thanks for the info. This program seems to add a somehow malformed
service record which is the cause of the crash. Before the patch you
pointed out a NULL pointer was used to detect the end of a pointer array
and so bt_uuid2string() returning NULL for this service record didn't
cause any bad behavior (since the code just stopped iterating a pointer
array after this). However after the patch the code uses an explicit
integer value for the list length and would try to dereference the NULL
pointer in the middle of the list.

I've now pushed a patch to git which should fix this:
http://git.kernel.org/?p=bluetooth/bluez.git;a=commitdiff;h=e31d21c7f238352893a365ab50642707c44087cd

Please do a git pull and see if it really fixes the issue for you.
Thanks.

Johan

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re[4]: 4.76 possible regression: bluetoothd segfaults when launching bluetooth programs
  2010-10-26 14:19     ` Johan Hedberg
@ 2010-10-26 19:02       ` Ilya Basin
  0 siblings, 0 replies; 5+ messages in thread
From: Ilya Basin @ 2010-10-26 19:02 UTC (permalink / raw)
  To: Johan Hedberg; +Cc: linux-bluetooth

Hi Johan. The patch works, many thanks.



^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-10-26 19:02 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-10-24 12:38 4.76 possible regression: bluetoothd segfaults when launching bluetooth programs Ilya Basin
2010-10-25 20:40 ` Johan Hedberg
2010-10-26 13:04   ` Re[2]: " Ilya Basin
2010-10-26 14:19     ` Johan Hedberg
2010-10-26 19:02       ` Re[4]: " Ilya Basin

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.