Mantis Bugtracker

Простой вид комментарии ] расширенный вид ] история ] печать ]
Номер Категория Серьезность Воспроизводимость Создан Изменен
0000046 [obex-data-server] General авария всегда 2008-02-11 17:10 2008-06-19 15:05
Инициатор skirsdeda Видимость общая  
Ответственный skirsdeda
Приоритет высокий Решение решен  
Состояние закрыт   Версия продукта
Суть 0000046: segfault in ods-bluez
Подробности When repeatedly creating Sessions, after some time SEGFAULT occurs in one of ods-bluez functions. This is somehow related to dbus-glib. Probably, memory is not handled the way it should be when making D-Bus calls with call/begin_call/end_call.
Дополнительные сведения
Tэги Нет прикрепленных тэгов.
Вложенные файлы ? file icon wtf.sh [^] (96 bytes) 2008-03-02 17:48

- Связи
блокирует 0000099закрытskirsdeda 0.3.2 tracker 

-  Комментарии
(0000109)
hadess (инициатор)
2008-03-02 17:36

Do you have a backtrace of the crash, or a reproducer?
(0000110)
skirsdeda (администратор)
2008-03-02 17:55

I attach a script that I use to reproduce this bug, which simply repeatedly calls ods-session-test.py with some file. I reject all the files in my mobile (just to make it faster). Then after 50 or so sessions, ods segfaults somewhere in ods-bluez.c.

I had some backtraces, but they are different most of the time. The only thing consistent is that it happens in dbus-glib functions (e.g. end_call).
(0000122)
skirsdeda (администратор)
2008-03-04 01:18

Sample backtraces at http://pastebin.ca/893725 [^]
(0000202)
heston_james (инициатор)
2008-04-04 23:16

Ok, I'll try and take a look into this issue and see what I can do.

Of this is memory related then it may be a real mofo to track down, I'm not all that great at spotting memory assignment issues.

I'll give this some really thorough testing and see what happens.

Heston
(0000204)
heston_james (инициатор)
2008-04-05 00:09

Ok,

I've downloaded the test script that you attached and run it a few times and can confirm I'm able to reproduce the problem, however, it is giving me very mixed results. :-) :-s :-(

Sometimes when ODS crashes I simply get a 'segmentation fault' returned and the server exits which I'm guessing is the issue you have described above, however, on other occasions I get the following output.


** Message: closing connection
*** glibc detected *** obex-data-server: corrupted double-linked list: 0x08074478 ***
======= Backtrace: =========
/lib/libc.so.6[0xb7d41da5]
/lib/libc.so.6(__libc_malloc+0x8d)[0xb7d42ced]
/usr/lib/libbluetooth.so.2(sdp_extract_attr+0x1c2)[0xb7e38142]
/usr/lib/libbluetooth.so.2(sdp_extract_attr+0x107)[0xb7e38087]
/usr/lib/libbluetooth.so.2(sdp_extract_attr+0x107)[0xb7e38087]
/usr/lib/libbluetooth.so.2(sdp_extract_pdu+0xdc)[0xb7e3840c]
obex-data-server[0x804c794]
/usr/lib/libdbus-glib-1.so.2[0xb7e7f7af]
/usr/lib/libdbus-1.so.3[0xb7e596d1]
/usr/lib/libdbus-1.so.3[0xb7e493f3]
/usr/lib/libdbus-1.so.3(dbus_connection_dispatch+0x99)[0xb7e4af99]
/usr/lib/libdbus-glib-1.so.2[0xb7e7b8fd]
/usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x178)[0xb7ec67e8]
/usr/lib/libglib-2.0.so.0[0xb7ec9a3e]
/usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1e7)[0xb7ec9dc7]
obex-data-server[0x804d7ce]
/lib/libc.so.6(__libc_start_main+0xe0)[0xb7ceb450]
obex-data-server[0x804b8f1]
======= Memory map: ========
08048000-0805b000 r-xp 00000000 03:01 21177 /usr/local/bin/obex-data-server
0805b000-0805c000 rwxp 00012000 03:01 21177 /usr/local/bin/obex-data-server
0805c000-08096000 rwxp 0805c000 00:00 0 [heap]
b7b00000-b7b21000 rwxp b7b00000 00:00 0
b7b21000-b7c00000 ---p b7b21000 00:00 0
b7c63000-b7c6f000 r-xp 00000000 03:01 92742 /lib/libgcc_s.so.1
b7c6f000-b7c70000 rwxp 0000b000 03:01 92742 /lib/libgcc_s.so.1
b7c70000-b7c77000 r-xs 00000000 03:01 15493 /usr/lib/gconv/gconv-modules.cache
b7c77000-b7c79000 rwxp b7c77000 00:00 0
b7c79000-b7c7b000 r-xp 00000000 03:01 93731 /lib/libdl-2.7.so
b7c7b000-b7c7d000 rwxp 00001000 03:01 93731 /lib/libdl-2.7.so
b7c7d000-b7c91000 r-xp 00000000 03:01 93734 /lib/libnsl-2.7.so
b7c91000-b7c93000 rwxp 00013000 03:01 93734 /lib/libnsl-2.7.so
b7c93000-b7c95000 rwxp b7c93000 00:00 0
b7c95000-b7cbb000 r-xp 00000000 03:01 15974 /usr/lib/libpcre.so.3.12.1
b7cbb000-b7cbc000 rwxp 00025000 03:01 15974 /usr/lib/libpcre.so.3.12.1
b7cbc000-b7cd3000 r-xp 00000000 03:01 92937 /lib/libselinux.so.1
b7cd3000-b7cd5000 rwxp 00016000 03:01 92937 /lib/libselinux.so.1
b7cd5000-b7e1c000 r-xp 00000000 03:01 93728 /lib/libc-2.7.so
b7e1c000-b7e1d000 r-xp 00147000 03:01 93728 /lib/libc-2.7.so
b7e1d000-b7e1f000 rwxp 00148000 03:01 93728 /lib/libc-2.7.so
b7e1f000-b7e23000 rwxp b7e1f000 00:00 0
b7e23000-b7e2a000 r-xp 00000000 03:01 15711 /usr/local/lib/libopenobex.so.1.3.0
b7e2a000-b7e2b000 rwxp 00006000 03:01 15711 /usr/local/lib/libopenobex.so.1.3.0
b7e2b000-b7e3c000 r-xp 00000000 03:01 20032 /usr/lib/libbluetooth.so.2.9.4
b7e3c000-b7e3d000 rwxp 00011000 03:01 20032 /usr/lib/libbluetooth.so.2.9.4
b7e3d000-b7e72000 r-xp 00000000 03:01 20021 /usr/lib/libdbus-1.so.3.4.0
b7e72000-b7e74000 rwxp 00034000 03:01 20021 /usr/lib/libdbus-1.so.3.4.0
b7e74000-b7e8e000 r-xp 00000000 03:01 20472 /usr/lib/libdbus-glib-1.so.2.1.0
b7e8e000-b7e8f000 rwxp 0001a000 03:01 20472 /usr/lib/libdbus-glib-1.so.2.1.0
b7e8f000-b7f3c000 r-xp 00000000 03:01 20034 /usr/lib/libglib-2.0.so.0.1600.1
b7f3c000-b7f3d000 rwxp 000ad000 03:01 20034 /usr/lib/libglib-2.0.so.0.1600.1
b7f3d000-b7f78000 r-xp 00000000 03:01 20037 /usr/lib/libgobject-2.0.so.0.1600.1
b7f78000-b7f79000 rwxp 0003b000 03:01 20037 /usr/lib/libgobject-2.0.so.0.1600.1
b7f79000-b7f7a000 rwxp b7f79000 00:00 0
b7f7e000-b7f7f000 rwxp b7f7e000 00:00 0
b7f7f000-b7f9b000 r-xp 00000000 03:01 93725 /lib/ld-2.7.so
b7f9b000-b7f9d000 rwxp 0001b000 03:01 93725 /lib/ld-2.7.so
bfef3000-bff08000 rw-p bffeb000 00:00 0 [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso]
Aborted

Is this is same as what you have been seeing Skirdeda? or have I stumbled accross something else?

Heston.
(0000205)
skirsdeda (администратор)
2008-04-05 00:13

Yes, that's the same results...
(0000206)
heston_james (инициатор)
2008-04-05 00:21

Ok,

Its getting late and I need some sleep, I'll pick this issue up again tommorow morning and see if I can make any head way.
(0000207)
heston_james (инициатор)
2008-04-05 11:43

Right. I have done some more comprehensive testing this morning to try and narrow down where the problem is and I may possibly have some good news.

I started by testing as before but defining the channel for the remote device manualy like "opp:6", just to see if perhaps it was something in the SDP methods for ods-bluez which was causing the problem, however, the same issues seems to occur even when its not calling bluez to obtain a channel so no help there.

Now, I also built a python script which uses ods, and cycled it using the same style wtf.sh script and this does NOT cause a segfault. I have tested it using the python script and can create 300 or 400 sessions and the ods still doesnt crash and keeps on running exactly as expected.

Could this mean that the segfault is actualy caused by the ods-dbus-test.c file which you've been using to test with?
(0000317)
skirsdeda (администратор)
2008-06-18 00:21

This might be gone now (as a result of bad memory leaks fixing). Will test more thoroughly tommorow.
(0000320)
skirsdeda (администратор)
2008-06-18 18:35

fixed in svn rev 1545.

- история
Дата изменения Пользователь Поле Изменение
2008-02-11 17:10 skirsdeda Новый вопрос
2008-02-11 17:10 skirsdeda Состояние новый => назначен
2008-02-11 17:10 skirsdeda Ответственный => skirsdeda
2008-02-25 16:46 hadess Отслеживать: hadess
2008-02-25 22:36 skirsdeda Серьезность малая => авария
2008-03-01 01:27 skirsdeda Приоритет обычный => высокий
2008-03-02 17:04 skirsdeda Связь добавлена блокирует 0000058
2008-03-02 17:36 hadess Комментарий добавлен: 0000109
2008-03-02 17:48 skirsdeda Файл добавлен: wtf.sh
2008-03-02 17:55 skirsdeda Комментарий добавлен: 0000110
2008-03-04 01:18 skirsdeda Комментарий добавлен: 0000122
2008-04-04 23:16 heston_james Комментарий добавлен: 0000202
2008-04-05 00:09 heston_james Комментарий добавлен: 0000204
2008-04-05 00:13 skirsdeda Комментарий добавлен: 0000205
2008-04-05 00:21 heston_james Комментарий добавлен: 0000206
2008-04-05 11:43 heston_james Комментарий добавлен: 0000207
2008-06-02 16:14 skirsdeda Связь добавлена блокирует 0000099
2008-06-18 00:21 skirsdeda Комментарий добавлен: 0000317
2008-06-18 18:35 skirsdeda Состояние назначен => отработан
2008-06-18 18:35 skirsdeda Решение открыт => решен
2008-06-18 18:35 skirsdeda Комментарий добавлен: 0000320
2008-06-19 15:05 skirsdeda Состояние отработан => закрыт
2008-06-28 21:21 skirsdeda Связь удалена блокирует 0000058


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker