New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Random crash on device reconnect #815
Comments
This one seems that is crashing on a NULL pointer in queue_pop_head but the if statement is exactly checking for NULL pointer so it really beats me what is going on, can you try running it under valgrind?
Well these other logs are crashing inside glib so I wonder what is going on here since I never seem anything like that, we don't even enable threading so the presence of pthread in the traces is really not expected. |
Also another backtrace
|
Id replay structured has been allocated it shall be set back to NULL after calling uhid_replay_free otherwise it may cause the following crash: Invalid read of size 1 at 0x1D8FC4: bt_uhid_record (uhid.c:116) by 0x1D912C: uhid_read_handler (uhid.c:158) by 0x201A64: watch_callback (io-glib.c:157) by 0x48D4198: g_main_dispatch.lto_priv.0 (gmain.c:3344) by 0x49333BE: UnknownInlinedFun (gmain.c:4152) by 0x49333BE: g_main_context_iterate_unlocked.isra.0 (gmain.c:4217) by 0x48D4DC6: g_main_loop_run (gmain.c:4419) by 0x2020F4: mainloop_run (mainloop-glib.c:66) by 0x20254B: mainloop_run_with_signal (mainloop-notify.c:188) by 0x12D6D4: main (main.c:1456) Address 0x53ae9c0 is 0 bytes inside a block of size 40 free'd at 0x48468CF: free (vg_replace_malloc.c:985) by 0x1D8E19: uhid_replay_free (uhid.c:68) by 0x1D8E19: uhid_replay_free (uhid.c:59) by 0x1D8E19: bt_uhid_destroy (uhid.c:509) by 0x1591F5: uhid_disconnect (device.c:183) Fixes: bluez/bluez#815
Id replay structured has been allocated it shall be set back to NULL after calling uhid_replay_free otherwise it may cause the following crash: Invalid read of size 1 at 0x1D8FC4: bt_uhid_record (uhid.c:116) by 0x1D912C: uhid_read_handler (uhid.c:158) by 0x201A64: watch_callback (io-glib.c:157) by 0x48D4198: g_main_dispatch.lto_priv.0 (gmain.c:3344) by 0x49333BE: UnknownInlinedFun (gmain.c:4152) by 0x49333BE: g_main_context_iterate_unlocked.isra.0 (gmain.c:4217) by 0x48D4DC6: g_main_loop_run (gmain.c:4419) by 0x2020F4: mainloop_run (mainloop-glib.c:66) by 0x20254B: mainloop_run_with_signal (mainloop-notify.c:188) by 0x12D6D4: main (main.c:1456) Address 0x53ae9c0 is 0 bytes inside a block of size 40 free'd at 0x48468CF: free (vg_replace_malloc.c:985) by 0x1D8E19: uhid_replay_free (uhid.c:68) by 0x1D8E19: uhid_replay_free (uhid.c:59) by 0x1D8E19: bt_uhid_destroy (uhid.c:509) by 0x1591F5: uhid_disconnect (device.c:183) Fixes: bluez#815
@serfreeman1337 any chance to test the changes above? |
Looks good. bluetoothd no longer crashes |
backtrace 1
backtrace 2
backtrace 3
backtrace 4
backtrace 4 related log:
The text was updated successfully, but these errors were encountered: