[Pkg-bluetooth-maintainers] Bug#818920: bluez-tools: bt-agent segfault on pin-entry

Andreas Metzler ametzler at bebt.de
Tue Mar 22 18:20:29 UTC 2016


On 2016-03-22 Diederik de Haas <didi.debian at cknow.org> wrote:
> If you install libglib2.0-0-dbg and (optionally) libc6-dbg you'd likely get a 
> more useful backtrace.

there you go, for completeness sake I have also rebuilt bluez-tools with
DEB_BUILD_OPTIONS=nostrip.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
GNU gdb (Debian 7.10-1+b1) 7.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from bt-agent...done.
(gdb) run
Starting program: /usr/bin/bt-agent 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff5e0e700 (LWP 16238)]
[New Thread 0x7ffff560d700 (LWP 16239)]
Agent registered
Default agent requested
Device: debian/rules (00:1C:35:3E:3F:88)
Enter passkey: 
Program received signal SIGSEGV, Segmentation fault.
g_utf8_validate (
    str=str at entry=0x3837363534333231 <error: Cannot access memory at address 0x3837363534333231>, max_len=max_len at entry=-1, end=end at entry=0x0)
    at /build/glib2.0-2.46.2/./glib/gutf8.c:1655
1655	/build/glib2.0-2.46.2/./glib/gutf8.c: Datei oder Verzeichnis nicht gefunden.
(gdb) set pagination 0
(gdb) bt full
#0  0x00007ffff7b467e0 in g_utf8_validate (str=str at entry=0x3837363534333231 <error: Cannot access memory at address 0x3837363534333231>, max_len=max_len at entry=-1, end=end at entry=0x0) at /build/glib2.0-2.46.2/./glib/gutf8.c:1655
        p = <optimized out>
#1  0x00007ffff7b4a117 in g_variant_new_string (string=0x3837363534333231 <error: Cannot access memory at address 0x3837363534333231>) at /build/glib2.0-2.46.2/./glib/gvariant.c:1232
        _g_boolean_var_ = <optimized out>
#2  0x0000000000403de0 in _bt_agent_method_call_func (connection=<optimized out>, sender=sender at entry=0x7fffe8004210 ":1.20", object_path=object_path at entry=0x7fffe80041d0 "/org/blueztools", interface_name=interface_name at entry=0x7fffe8006c90 "org.bluez.Agent1", method_name=method_name at entry=0x7fffe8006f50 "RequestPinCode", parameters=parameters at entry=0x7fffe8005860, invocation=0x648ce0 [GDBusMethodInvocation], user_data=0x0) at lib/agent-helper.c:321
        error = 0x0
        device_obj = <optimized out>
        pin = 0x0
        ret = 0x3837363534333231 <error: Cannot access memory at address 0x3837363534333231>
        connection = <optimized out>
        object_path = 0x7fffe80041d0 "/org/blueztools"
        invocation = 0x648ce0 [GDBusMethodInvocation]
        parameters = 0x7fffe8005860
        method_name = 0x7fffe8006f50 "RequestPinCode"
        sender = 0x7fffe8004210 ":1.20"
        interface_name = 0x7fffe8006c90 "org.bluez.Agent1"
        user_data = 0x0
#3  0x00007ffff781baec in call_in_idle_cb (user_data=0x648ce0) at /build/glib2.0-2.46.2/./gio/gdbusconnection.c:4832
        invocation = 0x648ce0 [GDBusMethodInvocation]
        vtable = <optimized out>
        registration_id = <optimized out>
        subtree_registration_id = <optimized out>
        __func__ = "call_in_idle_cb"
#4  0x00007ffff7b15e8a in g_main_context_dispatch (context=0x63c9a0) at /build/glib2.0-2.46.2/./glib/gmain.c:3154
        dispatch = 0x7ffff7b12940 <g_idle_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x648ce0
        callback = 0x7ffff781ba00 <call_in_idle_cb>
        cb_funcs = <optimized out>
        cb_data = 0x7fffe8001170
        need_destroy = <optimized out>
        source = 0x7fffe8004130
        current = 0x646840
        i = 0
#5  0x00007ffff7b15e8a in g_main_context_dispatch (context=context at entry=0x63c9a0) at /build/glib2.0-2.46.2/./glib/gmain.c:3769
#6  0x00007ffff7b16230 in g_main_context_iterate (context=0x63c9a0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at /build/glib2.0-2.46.2/./glib/gmain.c:3840
        max_priority = 2147483647
        timeout = -1
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 1
        fds = 0x64f900
#7  0x00007ffff7b16552 in g_main_loop_run (loop=0x641730) at /build/glib2.0-2.46.2/./glib/gmain.c:4034
        __func__ = "g_main_loop_run"
#8  0x0000000000403120 in main (argc=1, argv=0x7fffffffe468) at bt-agent.c:276
        error = 0x0
        context = <optimized out>
        manager = 0x7fffe80062b0 [Manager]
        agent_manager = 0x7fffe8005ab0 [AgentManager]
        sa = {__sigaction_handler = {sa_handler = 0x41a390 <signal_handler>, sa_sigaction = 0x41a390 <signal_handler>}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0x0}
(gdb) info registers
rax            0x2	2
rbx            0x3837363534333231	4050765991979987505
rcx            0xa	10
rdx            0x0	0
rsi            0xffffffffffffffff	-1
rdi            0x3837363534333231	4050765991979987505
rbp            0x648ce0	0x648ce0
rsp            0x7fffffffe0a8	0x7fffffffe0a8
r8             0x0	0
r9             0x7ffff7fdd800	140737353996288
r10            0x27c	636
r11            0x7ffff7b4a100	140737349198080
r12            0x0	0
r13            0x7fffe8002e10	140737085713936
r14            0x7fffe8006c90	140737085729936
r15            0x7fffe8006f50	140737085730640
rip            0x7ffff7b467e0	0x7ffff7b467e0 <g_utf8_validate+272>
eflags         0x10286	[ PF SF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
(gdb) x/16i $pc
=> 0x7ffff7b467e0 <g_utf8_validate+272>:	movzbl (%rdi),%eax
   0x7ffff7b467e3 <g_utf8_validate+275>:	test   %al,%al
   0x7ffff7b467e5 <g_utf8_validate+277>:	jne    0x7ffff7b467fc <g_utf8_validate+300>
   0x7ffff7b467e7 <g_utf8_validate+279>:	jmp    0x7ffff7b46816 <g_utf8_validate+326>
   0x7ffff7b467e9 <g_utf8_validate+281>:	nopl   0x0(%rax)
   0x7ffff7b467f0 <g_utf8_validate+288>:	movzbl 0x1(%rcx),%eax
   0x7ffff7b467f4 <g_utf8_validate+292>:	lea    0x1(%rcx),%rdi
   0x7ffff7b467f8 <g_utf8_validate+296>:	test   %al,%al
   0x7ffff7b467fa <g_utf8_validate+298>:	je     0x7ffff7b46816 <g_utf8_validate+326>
   0x7ffff7b467fc <g_utf8_validate+300>:	test   %al,%al
   0x7ffff7b467fe <g_utf8_validate+302>:	mov    %rdi,%rcx
   0x7ffff7b46801 <g_utf8_validate+305>:	jns    0x7ffff7b467f0 <g_utf8_validate+288>
   0x7ffff7b46803 <g_utf8_validate+307>:	cmp    $0xdf,%al
   0x7ffff7b46805 <g_utf8_validate+309>:	ja     0x7ffff7b46830 <g_utf8_validate+352>
   0x7ffff7b46807 <g_utf8_validate+311>:	cmp    $0xc1,%al
   0x7ffff7b46809 <g_utf8_validate+313>:	jbe    0x7ffff7b46816 <g_utf8_validate+326>
(gdb) thread apply all backtrace

Thread 3 (Thread 0x7ffff560d700 (LWP 16239)):
#0  0x00007ffff7233e4d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007ffff7b161cc in g_main_context_iterate (priority=2147483647, n_fds=2, fds=0x7fffe80010c0, timeout=<optimized out>, context=0x647a00) at /build/glib2.0-2.46.2/./glib/gmain.c:4135
#2  0x00007ffff7b161cc in g_main_context_iterate (context=0x647a00, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at /build/glib2.0-2.46.2/./glib/gmain.c:3835
#3  0x00007ffff7b16552 in g_main_loop_run (loop=0x647990) at /build/glib2.0-2.46.2/./glib/gmain.c:4034
#4  0x00007ffff782b396 in gdbus_shared_thread_func (user_data=0x6479d0) at /build/glib2.0-2.46.2/./gio/gdbusprivate.c:246
#5  0x00007ffff7b3c9c5 in g_thread_proxy (data=0x6498a0) at /build/glib2.0-2.46.2/./glib/gthread.c:778
#6  0x00007ffff6cce454 in start_thread (arg=0x7ffff560d700) at pthread_create.c:334
#7  0x00007ffff723cedd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 2 (Thread 0x7ffff5e0e700 (LWP 16238)):
#0  0x00007ffff7233e4d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007ffff7b161cc in g_main_context_iterate (priority=2147483647, n_fds=1, fds=0x7ffff00008e0, timeout=<optimized out>, context=0x647270) at /build/glib2.0-2.46.2/./glib/gmain.c:4135
#2  0x00007ffff7b161cc in g_main_context_iterate (context=context at entry=0x647270, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at /build/glib2.0-2.46.2/./glib/gmain.c:3835
#3  0x00007ffff7b162dc in g_main_context_iteration (context=0x647270, may_block=may_block at entry=1) at /build/glib2.0-2.46.2/./glib/gmain.c:3901
#4  0x00007ffff7b16319 in glib_worker_main (data=<optimized out>) at /build/glib2.0-2.46.2/./glib/gmain.c:5672
#5  0x00007ffff7b3c9c5 in g_thread_proxy (data=0x649850) at /build/glib2.0-2.46.2/./glib/gthread.c:778
#6  0x00007ffff6cce454 in start_thread (arg=0x7ffff5e0e700) at pthread_create.c:334
#7  0x00007ffff723cedd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7ffff7fdd800 (LWP 16234)):
#0  0x00007ffff7b467e0 in g_utf8_validate (str=str at entry=0x3837363534333231 <error: Cannot access memory at address 0x3837363534333231>, max_len=max_len at entry=-1, end=end at entry=0x0) at /build/glib2.0-2.46.2/./glib/gutf8.c:1655
#1  0x00007ffff7b4a117 in g_variant_new_string (string=0x3837363534333231 <error: Cannot access memory at address 0x3837363534333231>) at /build/glib2.0-2.46.2/./glib/gvariant.c:1232
#2  0x0000000000403de0 in _bt_agent_method_call_func (connection=<optimized out>, sender=sender at entry=0x7fffe8004210 ":1.20", object_path=object_path at entry=0x7fffe80041d0 "/org/blueztools", interface_name=interface_name at entry=0x7fffe8006c90 "org.bluez.Agent1", method_name=method_name at entry=0x7fffe8006f50 "RequestPinCode", parameters=parameters at entry=0x7fffe8005860, invocation=0x648ce0 [GDBusMethodInvocation], user_data=0x0) at lib/agent-helper.c:321
#3  0x00007ffff781baec in call_in_idle_cb (user_data=0x648ce0) at /build/glib2.0-2.46.2/./gio/gdbusconnection.c:4832
#4  0x00007ffff7b15e8a in g_main_context_dispatch (context=0x63c9a0) at /build/glib2.0-2.46.2/./glib/gmain.c:3154
#5  0x00007ffff7b15e8a in g_main_context_dispatch (context=context at entry=0x63c9a0) at /build/glib2.0-2.46.2/./glib/gmain.c:3769
#6  0x00007ffff7b16230 in g_main_context_iterate (context=0x63c9a0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at /build/glib2.0-2.46.2/./glib/gmain.c:3840
#7  0x00007ffff7b16552 in g_main_loop_run (loop=0x641730) at /build/glib2.0-2.46.2/./glib/gmain.c:4034
#8  0x0000000000403120 in main (argc=1, argv=0x7fffffffe468) at bt-agent.c:276
(gdb) qzuit
A debugging session is active.

	Inferior 1 [process 16234] will be killed.

Quit anyway? (y or n) y


More information about the Pkg-bluetooth-maintainers mailing list