Hi Luiz, I just test your fix! It is working perfectly \o/. I will probably add a kind of watchdog to check that Bluetoothd is always alive on my device to reset it in case of failure just in case. Is it possible that this crash happened when a mobile app tried to connect to my embedded device? Or is it possible that this issue impacts the cache service/charac feature? I am not sure to fully understand the perimeter of the issue. We have a problem with the cache update for a few weeks. Basically the problem is that mobile app is doing request on bad characteristics after firmware update with new characteristic available. The problem was already present but very very rare. On my last firmware update, it is more frequent. It is like the mobile app is using the old UUID mapping. The issue happened after Bluez update from 5.52 to 5.54. But we are not sure that the issue is related to Bluez. It can also be related to the phone. It is weird also because the issue happened only with Android and IOS is just fine. Thank you for your quick fix and reply! Le mer. 3 juin 2020 à 23:06, Luiz Augusto von Dentz <luiz.dentz@xxxxxxxxx> a écrit : > > Hi Arthur, > > On Wed, Jun 3, 2020 at 11:22 AM Arthur Lambert > <lambertarthur22@xxxxxxxxx> wrote: > > > > Hi Luiz, > > thanks for your reply! > > > > Sorry I am lazy and stupid. I know that your next question will be > > around symbol... > > > > After removing the binary strip option and enable debug symbol : > > > > bluetoothd[246]: src/device.c:device_svc_resolved() > > /org/bluez/hci0/dev_80_32_53_37_58_A6 err -5 > > bluetoothd[246]: src/device.c:gatt_debug() Read By Grp Type - start: > > 0x00bb end: 0xffff > > bluetoothd[246]: src/device.c:gatt_debug() Read By Grp Type - start: > > 0x0001 end: 0xffff > > bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start: > > 0x0001 end: 0x00ba > > bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start: > > 0x0001 end: 0x00ba > > bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start: > > 0x002a end: 0x00ba > > bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start: > > 0x0053 end: 0x00ba > > bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start: > > 0x007a end: 0x00ba > > bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start: > > 0x00a3 end: 0x00ba > > bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start: > > 0x00ba end: 0x00ba > > bluetoothd[246]: src/device.c:gatt_debug() Read By Type - start: > > 0x0001 end: 0xffff > > bluetoothd[246]: src/gatt-database.c:db_hash_read_cb() Database Hash read > > ==246== Invalid read of size 1 > > ==246== at 0x4831BA4: memcpy (vg_replace_strmem.c:1035) > > ==246== by 0x87F3B: read_by_type_read_complete_cb (gatt-server.c:392) > > ==246== by 0x892AB: pending_read_result (gatt-db.c:145) > > ==246== by 0x8B2FB: gatt_db_attribute_read_result (gatt-db.c:1866) > > ==246== by 0x3AB0B: db_hash_read_cb (gatt-database.c:1156) > > ==246== by 0x8B1AB: gatt_db_attribute_read (gatt-db.c:1825) > > ==246== by 0x87DB7: process_read_by_type (gatt-server.c:482) > > ==246== by 0x8854F: read_by_type_cb (gatt-server.c:559) > > ==246== by 0x81727: handle_notify (att.c:966) > > ==246== by 0x81873: can_read_data (att.c:1057) > > ==246== by 0x8B91B: watch_callback (io-glib.c:170) > > ==246== by 0x488A413: g_main_context_dispatch (in > > /usr/lib/libglib-2.0.so.0.5600.3) > > ==246== Address 0x0 is not stack'd, malloc'd or (recently) free'd > > ==246== > > ==246== > > ==246== Process terminating with default action of signal 11 (SIGSEGV) > > ==246== Access not within mapped region at address 0x0 > > ==246== at 0x4831BA4: memcpy (vg_replace_strmem.c:1035) > > ==246== by 0x87F3B: read_by_type_read_complete_cb (gatt-server.c:392) > > ==246== by 0x892AB: pending_read_result (gatt-db.c:145) > > ==246== by 0x8B2FB: gatt_db_attribute_read_result (gatt-db.c:1866) > > ==246== by 0x3AB0B: db_hash_read_cb (gatt-database.c:1156) > > ==246== by 0x8B1AB: gatt_db_attribute_read (gatt-db.c:1825) > > ==246== by 0x87DB7: process_read_by_type (gatt-server.c:482) > > ==246== by 0x8854F: read_by_type_cb (gatt-server.c:559) > > ==246== by 0x81727: handle_notify (att.c:966) > > ==246== by 0x81873: can_read_data (att.c:1057) > > ==246== by 0x8B91B: watch_callback (io-glib.c:170) > > ==246== by 0x488A413: g_main_context_dispatch (in > > /usr/lib/libglib-2.0.so.0.5600.3) > > ==246== If you believe this happened as a result of a stack > > ==246== overflow in your program's main thread (unlikely but > > ==246== possible), you can try to increase the size of the > > ==246== main thread stack using the --main-stacksize= flag. > > ==246== The main thread stack size used in this run was 8388608. > > /usr/bin/bluetoothd: can't resolve symbol '__libc_freeres' > > > > is it the crypto error that you expect? > > Could you share a sha1 commit or a link to the patch to test the potential fix? > > Ive just pushed the fix: > > commit 41a5413023fa85bc711d461eb736a0624542df2d > Author: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> > Date: Wed Jun 3 10:31:59 2020 -0700 > > gatt: Fix possible crash when unable to generate hash > > > -- > Luiz Augusto von Dentz -- - Arthur LAMBERT
