Make sure the attribute, service and service attributes are not null before accessing them. The problem was seen with the following stack trace: 0 bluetoothd!gatt_db_attribute_get_service_data [gatt-db.c : 1648 + 0x0] rax = 0x0000000000000000 rdx = 0x00007ffce8cf70ec rcx = 0x0000000000000000 rbx = 0x0000000000000000 rsi = 0x00007ffce8cf70ee rdi = 0x00005a56611f05c0 rbp = 0x00007ffce8cf70d0 rsp = 0x00007ffce8cf70b0 r8 = 0x0000000000000000 r9 = 0x0000000000000050 r10 = 0x0000000000000073 r11 = 0x0000000000000246 r12 = 0x00005a56611cea10 r13 = 0x00005a56611efd90 r14 = 0x0000000000000000 r15 = 0x00005a565f3eed8d rip = 0x00005a565f48147e Found by: given as instruction pointer in context 1 bluetoothd!discovery_op_complete [gatt-client.c : 386 + 0x14] rbx = 0x00005a56611e9d30 rbp = 0x00007ffce8cf7120 rsp = 0x00007ffce8cf70e0 r12 = 0x00005a56611cea10 r13 = 0x00005a56611efd90 r14 = 0x00007ffce8cf70ec r15 = 0x00005a565f3eed8d rip = 0x00005a565f47a6bc Found by: call frame info 2 bluetoothd!discover_chrcs_cb [gatt-client.c : 1000 + 0xf] rbx = 0x0000000000000000 rbp = 0x00007ffce8cf71d0 rsp = 0x00007ffce8cf7130 r12 = 0x000000000000000a r13 = 0x00005a56611de920 r14 = 0x00005a56611cea10 r15 = 0x00007ffce8cf7188 rip = 0x00005a565f47b18a Found by: call frame info 3 bluetoothd!discovery_op_complete [gatt-helpers.c : 628 + 0xc] rbx = 0x00005a56611f0430 rbp = 0x00007ffce8cf71f0 rsp = 0x00007ffce8cf71e0 r12 = 0x00005a56611ea5a0 r13 = 0x00005a56611cd430 r14 = 0x00005a56611f0430 r15 = 0x00005a566119bc01 rip = 0x00005a565f47d60e Found by: call frame info 4 bluetoothd!discover_chrcs_cb [gatt-helpers.c : 1250 + 0xe] rbx = 0x00005a56611bf0f1 rbp = 0x00007ffce8cf7240 rsp = 0x00007ffce8cf7200 r12 = 0x00005a56611ea5a0 r13 = 0x00005a56611cd430 r14 = 0x00005a56611f0430 r15 = 0x00005a566119bc01 rip = 0x00005a565f47cc7a Found by: call frame info --- src/shared/gatt-db.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c index b44f7b5e9..2432bdfd4 100644 --- a/src/shared/gatt-db.c +++ b/src/shared/gatt-db.c @@ -513,6 +513,7 @@ bool gatt_db_remove_service(struct gatt_db *db, return false; service = attrib->service; + attrib->service = NULL; queue_remove(db->services, service); @@ -1605,7 +1606,7 @@ bool gatt_db_attribute_get_service_data(const struct gatt_db_attribute *attrib, struct gatt_db_service *service; struct gatt_db_attribute *decl; - if (!attrib) + if (!(attrib && attrib->service && attrib->service->attributes)) return false; service = attrib->service; -- 2.26.2.645.ge9eca65c58-goog