Return-Path: MIME-Version: 1.0 In-Reply-To: References: <2992e569-78e1-ea64-52b5-a2df11a6c948@message-id.googlemail.com> From: Luiz Augusto von Dentz Date: Mon, 29 May 2017 14:42:21 +0300 Message-ID: Subject: Re: [BUG] unit/test-gatt failure uninitialized pointer(?) To: Stefan Seyfried Cc: "linux-bluetooth@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org List-ID: Hi Stefan, On Mon, May 29, 2017 at 12:06 PM, Stefan Seyfried wrote: > On 29.05.2017 09:14, Stefan Seyfried wrote: >> I did not yet use valgrind inside the OBS build VM, but I can try to do that, that might give additional hints. > > /robustness/unkown-request - init > /robustness/unkown-request - setup > /robustness/unkown-request - setup complete > /robustness/unkown-request - run > ==12262== Invalid read of size 8 > ==12262== at 0x13FF29: timeout_cb (att.c:405) > ==12262== by 0x14C45C: timeout_callback (timeout-glib.c:34) > ==12262== by 0x4E86412: ??? (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E85994: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E85D57: ??? (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E86071: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x13FBAB: tester_run (tester.c:830) > ==12262== by 0x13C83D: main (test-gatt.c:4488) > ==12262== Address 0x5a9c970 is 32 bytes inside a block of size 192 free'd > ==12262== at 0x4C2D27B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==12262== by 0x1414EB: can_read_data (att.c:920) > ==12262== by 0x14C022: watch_callback (io-glib.c:170) > ==12262== by 0x4E85994: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E85D57: ??? (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E86071: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x13FBAB: tester_run (tester.c:830) > ==12262== by 0x13C83D: main (test-gatt.c:4488) > ==12262== Block was alloc'd at > ==12262== at 0x4C2C04F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==12262== by 0x13E90D: btd_malloc (util.c:45) > ==12262== by 0x14052E: bt_att_new (att.c:1000) > ==12262== by 0x13E3F1: create_context.constprop.27 (test-gatt.c:670) > ==12262== by 0x13ED57: run_callback (tester.c:415) > ==12262== by 0x4E85994: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E85D57: ??? (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E86071: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x13FBAB: tester_run (tester.c:830) > ==12262== by 0x13C83D: main (test-gatt.c:4488) > ==12262== > ==12262== Invalid read of size 8 > ==12262== at 0x13FF39: timeout_cb (att.c:408) > ==12262== by 0x14C45C: timeout_callback (timeout-glib.c:34) > ==12262== by 0x4E86412: ??? (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E85994: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E85D57: ??? (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E86071: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x13FBAB: tester_run (tester.c:830) > ==12262== by 0x13C83D: main (test-gatt.c:4488) > ==12262== Address 0x5a9c980 is 48 bytes inside a block of size 192 free'd > ==12262== at 0x4C2D27B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==12262== by 0x1414EB: can_read_data (att.c:920) > ==12262== by 0x14C022: watch_callback (io-glib.c:170) > ==12262== by 0x4E85994: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E85D57: ??? (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E86071: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x13FBAB: tester_run (tester.c:830) > ==12262== by 0x13C83D: main (test-gatt.c:4488) > ==12262== Block was alloc'd at > ==12262== at 0x4C2C04F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==12262== by 0x13E90D: btd_malloc (util.c:45) > ==12262== by 0x14052E: bt_att_new (att.c:1000) > ==12262== by 0x13E3F1: create_context.constprop.27 (test-gatt.c:670) > ==12262== by 0x13ED57: run_callback (tester.c:415) > ==12262== by 0x4E85994: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E85D57: ??? (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x4E86071: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.2) > ==12262== by 0x13FBAB: tester_run (tester.c:830) > ==12262== by 0x13C83D: main (test-gatt.c:4488) > ==12262== > > it does not crash under valgrind, but also does not finish, I aborted it with ctrl-C after a few minutes. > > It seems to hit a 30 seconds timeout btw, if that's of any use: > > abuild@susi:~/rpmbuild/BUILD/bluez-5.45> time unit/test-gatt >/dev/null > Segmentation fault (core dumped) > > real 0m30.061s > user 0m0.044s > sys 0m0.024s That test in specific does not do any request, it only respond so I think it is perhaps some of the previous test. Just confirm this you can run just /robustness/unkown-request test alone with: unit/test-gatt -p /robustness/unkown-request Btw, it may as well be that this problem has been around since the beginning but we only find out about it now with addition of more test which makes the entire set to be over 30 seconds on slow hosts. > Hope this sheds some light on the issue. > > Best regards, > > Stefan > -- > Stefan Seyfried > > "For a successful technology, reality must take precedence over > public relations, for nature cannot be fooled." -- Richard Feynman -- Luiz Augusto von Dentz