src/device: Fix bluetoothd crash DUT was trying to connect with carkit and due to some reason connection got aborted. SDP search got error and browse request was freed but device->browse is still pointing to freed memory. During clean up bluez removes all device and while removing it find reference to browse_req and it tries to free again which leads to the crash. Assign NULL to device browse_req before freeing the browse_req. Log: bluetooth: src/service.c:change_state() 0xb700a650: device XX:XX:XX:XX:XX:XX profile a2dp-sink state changed: connecting -> disconnected (-11) bluetooth: src/device.c:device_profile_connected() a2dp-sink Resource temporarily unavailable (11) bluetooth: src/device.c:device_profile_connected() returning response to :1.300 bluetooth: src/device.c:device_browse_sdp() bluetooth: src/device.c:browse_request_free() --Browse req is freed but device->browse is still pointing to freed memory -- While turning OFF freeing each devices: bluetoothd[2024]: src/adapter.c:adapter_remove() Removing adapter /org/bluez/hci0 bluetoothd[2024]: src/device.c:device_remove() Removing device /org/bluez/hci0/dev_XX_XX_XX_XX_XX_XX bluetoothd[2024]: src/device.c:browse_request_cancel() (gdb) 0 0xb6f981ae in queue_remove_if (queue=0xb7007d70, function=0xb6f9a319 <match_disconn_id>, user_data=0xb7001ae0) at src/shared/queue.c:289 1 0xb6f9a87a in bt_att_unregister_disconnect (att=<optimized out>, id=<optimized out>) at src/shared/att.c:1161 2 0xb6f81bf6 in attio_cleanup (device=0xb6d4d810) at src/device.c:742 3 0xb6f81c3c in browse_request_cancel (req=0xb6fe3038) at src/device.c:777 4 0xb6f87066 in device_remove (device=0xb700ac00, remove_stored=0) at src/device.c:5238 5 0xb6f6b80c in adapter_remove (adapter=adapter@entry=0xb6fff2f0) at src/adapter.c:7822 6 0xb6f79068 in adapter_cleanup () at src/adapter.c:11707

Diffstat

1 files changed, 1 insertions(+), 0 deletions(-)