Hi Manuel, On Wed, Jul 28, 2010 at 9:46 PM, Manuel Naranjo <manuel@xxxxxxxxxxxx> wrote: > Luiz, > > Bad news it doesn't work, it keeps doing the same. This is the output > of bluetoothd -n -d: > bluetoothd[3572]: audio/manager.c:handle_uuid() server not enabled for > 0000110a-0000-1000-8000-00805f9b34fb (0x110a) > bluetoothd[3572]: audio/manager.c:handle_uuid() Found AV Target > bluetoothd[3572]: audio/control.c:control_init() Registered interface > org.bluez.Control on path /org/bluez/3572/hci0/dev_00_24_91_E4_E9_05 > bluetoothd[3572]: audio/manager.c:handle_uuid() Found AV Target > bluetoothd[3572]: src/device.c:btd_device_unref() 0x90f9e08: ref=2 > bluetoothd[3572]: src/device.c:btd_device_ref() 0x90f9e08: ref=3 > bluetoothd[3572]: src/device.c:search_cb() > /org/bluez/3572/hci0/dev_00_24_91_E4_E9_05: No service update > bluetoothd[3572]: src/device.c:btd_device_unref() 0x90f9e08: ref=2 > bluetoothd[3572]: src/adapter.c:session_unref() 0x90b2790: ref=0 > bluetoothd[3572]: src/adapter.c:session_remove() Discovery session > 0x90b2790 with :1.81 deactivated > bluetoothd[3572]: src/adapter.c:session_remove() Stopping discovery > bluetoothd[3572]: Stopping discovery > bluetoothd[3572]: src/device.c:btd_device_ref() 0x90adfd0: ref=2 > bluetoothd[3572]: Discovery session 0x90fe178 with :1.81 activated > bluetoothd[3572]: src/adapter.c:session_ref() 0x90fe178: ref=1 > bluetoothd[3572]: src/adapter.c:adapter_remove_connection() Removing > temporary device /org/bluez/3572/hci0/dev_C8_7E_75_DC_1E_86 > bluetoothd[3572]: src/device.c:device_remove() Removing device > /org/bluez/3572/hci0/dev_C8_7E_75_DC_1E_86 > bluetoothd[3572]: src/device.c:btd_device_unref() 0x90fc080: ref=1 > bluetoothd[3572]: src/device.c:btd_device_unref() 0x90fc080: ref=0 > bluetoothd[3572]: src/device.c:device_free() 0x90fc080 > bluetoothd[3572]: src/adapter.c:adapter_get_device() 00:05:4F:63:5A:E0 > bluetoothd[3572]: src/adapter.c:session_unref() 0x90fe178: ref=0 > bluetoothd[3572]: src/adapter.c:session_remove() Discovery session > 0x90fe178 with :1.81 deactivated > bluetoothd[3572]: src/adapter.c:session_remove() Stopping discovery > bluetoothd[3572]: Stopping discovery > bluetoothd[3572]: Discovery session 0x90b1e00 with :1.81 activated > bluetoothd[3572]: src/adapter.c:session_ref() 0x90b1e00: ref=1 > bluetoothd[3572]: <27>Jul 28 14:26:36 bluetoothd[3572]: : error > updating services: Host is down (112) > > > And this is the call trace during the crash: > + 4 0x80ac636 (from 0x80a9a28) device_remove_connection(): > /home/manuel/bluez/src/device.c:908 > + 5 0x80ac4ca (from 0x80ac753) device_set_connected(): > /home/manuel/bluez/src/device.c:875 > + 6 0x80b0d08 (from 0x80ac517) emit_property_changed(): > /home/manuel/bluez/src/dbus-common.c:266 > + 7 0x80b0a31 (from 0x80b0da4) append_variant(): > /home/manuel/bluez/src/dbus-common.c:195 > + 7 0x805005d (from 0x80b0db6) g_dbus_send_message(): > /home/manuel/bluez/gdbus/object.c:615 > + 4 0x80ae60e (from 0x80a9a55) device_get_address(): > /home/manuel/bluez/src/device.c:1654 > + 5 0x80aa5a4 (from 0x80ae639) bacpy(): > /home/manuel/bluez/./lib/bluetooth/bluetooth.h:132 > + 4 0x808a77f (from 0x80a9a6d) hci_req_queue_remove(): > /home/manuel/bluez/src/security.c:169 > + 4 0x80affea (from 0x80a9a78) device_is_authenticating(): > /home/manuel/bluez/src/device.c:2339 > + 4 0x80ae749 (from 0x80a9a9a) device_is_temporary(): > /home/manuel/bluez/src/device.c:1683 > + 1 0x808a82f (from 0x808cdb4) check_pending_hci_req(): > /home/manuel/bluez/src/security.c:186 > + 0 0x8094781 (from 0x2cddab) connect_cb(): /home/manuel/bluez/src/btio.c:138 > + 1 0x8094628 (from 0x80947be) check_nval(): > /home/manuel/bluez/src/btio.c:103 > + 1 0x8097b6e (from 0x8094849) bt_io_error_quark(): > /home/manuel/bluez/src/btio.c:1296 > + 1 0x8099523 (from 0x80948c1) connect_watch(): > /home/manuel/bluez/src/glib-helper.c:283 > + 2 0x80ae1c5 (from 0x809966f) browse_cb(): > /home/manuel/bluez/src/device.c:1540 > + 3 0x80adf2f (from 0x80ae312) search_cb(): > /home/manuel/bluez/src/device.c:1476 > + 4 0x8089ef6 (from 0x80adf90) error(): /home/manuel/bluez/src/log.c:47 > > > If you go through the code it fails in the line: > static void search_cb(sdp_list_t *recs, int err, gpointer user_data) > { > struct browse_req *req = user_data; > struct btd_device *device = req->device; > > if (err < 0) { > error("%s: error updating services: %s (%d)", > device->path, strerror(-err), -err); > goto send_reply; > } > > > It fails because device->path is not valid. > > My patch even though than ugly it worked. I know this is not the best > for upstream, but at least is something to start with. For some reason > either user_data or device is invalid when that callback gets. I guess I finally figure out what could be the source of your problems, we are not removing the watches when caching the session and since the context is already freed bt_cancel_discovery doesn't work. The attached patch should fix this problem, Im also reseting the internal data of the session by doing sdp_set_notify so if we are not closing the session it will then reset the callback and data to NULL. -- Luiz Augusto von Dentz Computer Engineer
From 204247e7ad5dad50ea25188022c725e36cbd6ef5 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz <luiz.dentz-von@xxxxxxxxx> Date: Thu, 29 Jul 2010 11:28:18 +0300 Subject: [PATCH] core: fix not removing watches when caching sdp session --- src/glib-helper.c | 19 ++++++++++--------- 1 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/glib-helper.c b/src/glib-helper.c index 41f5e3c..e75e270 100644 --- a/src/glib-helper.c +++ b/src/glib-helper.c @@ -156,6 +156,12 @@ static void search_context_cleanup(struct search_context *ctxt) { context_list = g_slist_remove(context_list, ctxt); + if (ctxt->io_id) + g_source_remove(ctxt->io_id); + + if (ctxt->session) + sdp_close(ctxt->session); + if (ctxt->destroy) ctxt->destroy(ctxt->user_data); @@ -204,7 +210,10 @@ static void search_completed_cb(uint8_t type, uint16_t status, } while (scanned < (ssize_t) size && bytesleft > 0); done: - cache_sdp_session(&ctxt->src, &ctxt->dst, ctxt->session); + if (sdp_set_notify(ctxt->session, NULL, NULL) == 0) { + cache_sdp_session(&ctxt->src, &ctxt->dst, ctxt->session); + ctxt->session = NULL; + } if (ctxt->cb) ctxt->cb(recs, err, ctxt->user_data); @@ -391,14 +400,6 @@ int bt_cancel_discovery(const bdaddr_t *src, const bdaddr_t *dst) return -ENODATA; ctxt = match->data; - if (!ctxt->session) - return -ENOTCONN; - - if (ctxt->io_id) - g_source_remove(ctxt->io_id); - - if (ctxt->session) - sdp_close(ctxt->session); search_context_cleanup(ctxt); return 0; -- 1.7.0.4