core: Fix segfault when detaching adapter When set PairableTimeout to non-zero and run bluetoothd, and then repeat attaching and detaching a bluetooth dongle, bluetoothd frequently do segfault as below: ==6583== Process terminating with default action of signal 11 (SIGSEGV) ==6583== Bad permissions for mapped region at address 0x4D3AC0 ==6583== at 0x4DBE27: mgmt_send (mgmt.c:592) ==6583== by 0x48FFC2: set_mode (adapter.c:601) ==6583== by 0x490471: pairable_timeout_handler (adapter.c:649) ==6583== by 0x50CDAB2: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2) ==6583== by 0x50CD049: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2) ==6583== by 0x50CD3EF: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2) ==6583== by 0x50CD711: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2) ==6583== by 0x40CD28: main (main.c:781) At another time, syslog and objdump of bluetoothd outputted below: Sep 14 13:43:46 fushimi bluetoothd[14192]: src/adapter.c:adapter_free() 0x2374350 Sep 14 13:44:08 fushimi bluetoothd[14192]: src/adapter.c:set_mode() sending set mode command for index 32749 Sep 14 13:44:09 fushimi bluetoothd[14192]: src/adapter.c:set_mode() sending set mode command for index 0 Sep 14 13:44:09 fushimi kernel: [18030.384367] bluetoothd[14192]: segfault at c0 ip 00000000004dbe31 sp 00007fff19f2ca40 error 4 in bluetoothd[400000+147000] if (mgmt->next_request_id < 1) 4dbe31: 8b 43 40 mov 0x40(%rbx),%eax 4dbe34: 48 83 05 9c 75 2f 00 addq $0x1,0x2f759c(%rip) # 7d33d8 <__gcov0.mgmt_send+0x18>

Diffstat

1 files changed, 7 insertions(+), 1 deletions(-)