When stopping opd using start-stop-daemon, opd never really stops. stracing the process, I get this: Process 23137 attached - interrupt to quit select(5, [4], NULL, NULL, {51, 429827}) = ? ERESTARTNOHAND (To be restarted) --- SIGTERM (Terminated) @ 0 (0) --- time(NULL) = 1244198412 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1892, ...}) = 0 writev(2, [{"opd[23137]: Terminating .. \n"..., 28}], 1) = 28 send(3, "<30>Jun 5 12:40:12 opd[23137]: T"..., 49, MSG_NOSIGNAL) = 49 socket(PF_FILE, SOCK_STREAM, 0) = 5 connect(5, {sa_family=AF_FILE, path="/var/run/sdp"...}, 110) = 0 send(5, "y\0\0\0\4\0\1\0\4"..., 9, 0) = 9 select(6, [5], NULL, NULL, {20, 0}) = 1 (in [5], left {19, 996601}) recv(5, "\200\0\0\0\2\0\0"..., 65535, 0) = 7 open("/dev/tty", O_RDWR|O_NOCTTY|O_NONBLOCK) = -1 ENXIO (No such device or address) writev(2, [{"*** glibc detected *** "..., 23}, {"opd: waiting for incomming OBEX c"..., 59}, {": "..., 2}, {"free(): invalid pointer"..., 23}, {": 0x"..., 4}, {"0804e1a0"..., 8}, {" ***\n"..., 5}], 7) = 124 open("/etc/ld.so.cache", O_RDONLY) = 6 fstat64(6, {st_mode=S_IFREG|0644, st_size=151179, ...}) = 0 mmap2(NULL, 151179, PROT_READ, MAP_PRIVATE, 6, 0) = 0xb7ef6000 close(6) = 0 open("/usr/lib/gcc/i686-pc-linux-gnu/4.3.2/libgcc_s.so.1", O_RDONLY) = 6 read(6, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\34\0\0004\0\0\0t"..., 512) = 512 mmap2(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0xb7b8c000 munmap(0xb7b8c000, 475136) = 0 munmap(0xb7d00000, 573440) = 0 mprotect(0xb7c00000, 135168, PROT_READ|PROT_WRITE) = 0 fstat64(6, {st_mode=S_IFREG|0644, st_size=50564, ...}) = 0 mmap2(NULL, 53768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0xb7d7e000 mmap2(0xb7d8a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 6, 0xb) = 0xb7d8a000 close(6) = 0 mprotect(0xb7d8a000, 4096, PROT_READ) = 0 munmap(0xb7ef6000, 151179) = 0 write(2, "======= Backtrace: =========\n"..., 29) = 29 writev(2, [{"/lib/libc.so.6"..., 14}, {"[0x"..., 3}, {"b7e013e4"..., 8}, {"]\n"..., 2}], 4) = 27 writev(2, [{"/lib/libc.so.6"..., 14}, {"("..., 1}, {"cfree"..., 5}, {"+0x"..., 3}, {"9c"..., 2}, {")"..., 1}, {"[0x"..., 3}, {"b7e02d3c"..., 8}, {"]\n"..., 2}], 9) = 39 writev(2, [{"/usr/lib/libbluetooth.so.2"..., 26}, {"("..., 1}, {"sdp_record_free"..., 15}, {"+0x"..., 3}, {"4c"..., 2}, {")"..., 1}, {"[0x"..., 3}, {"b7ee041c"..., 8}, {"]\n"..., 2}], 9) = 61 writev(2, [{"/usr/lib/libbluetooth.so.2"..., 26}, {"("..., 1}, {"sdp_device_record_unregister"..., 28}, {"+0x"..., 3}, {"43"..., 2}, {")"..., 1}, {"[0x"..., 3}, {"b7ee3a43"..., 8}, {"]\n"..., 2}], 9) = 74 writev(2, [{"/usr/lib/libbluetooth.so.2"..., 26}, {"("..., 1}, {"sdp_record_unregister"..., 21}, {"+0x"..., 3}, {"43"..., 2}, {")"..., 1}, {"[0x"..., 3}, {"b7ee3a93"..., 8}, {"]\n"..., 2}], 9) = 67 writev(2, [{"opd: waiting for incomming OBEX c"..., 59}, {"[0x"..., 3}, {"8049f34"..., 7}, {"]\n"..., 2}], 4) = 71 writev(2, [{"opd: waiting for incomming OBEX c"..., 59}, {"[0x"..., 3}, {"8049fc7"..., 7}, {"]\n"..., 2}], 4) = 71 writev(2, [{"[0x"..., 3}, {"b7f1b400"..., 8}, {"]\n"..., 2}], 3) = 13 writev(2, [{"/usr/lib/libopenobex.so.1"..., 25}, {"("..., 1}, {"OBEX_HandleInput"..., 16}, {"+0x"..., 3}, {"2d"..., 2}, {")"..., 1}, {"[0x"..., 3}, {"b7eed4bd"..., 8}, {"]\n"..., 2}], 9) = 61 writev(2, [{"opd: waiting for incomming OBEX c"..., 59}, {"[0x"..., 3}, {"804a977"..., 7}, {"]\n"..., 2}], 4) = 71 writev(2, [{"/lib/libc.so.6"..., 14}, {"("..., 1}, {"__libc_start_main"..., 17}, {"+0x"..., 3}, {"e5"..., 2}, {")"..., 1}, {"[0x"..., 3}, {"b7dac635"..., 8}, {"]\n"..., 2}], 9) = 51 writev(2, [{"opd: waiting for incomming OBEX c"..., 59}, {"[0x"..., 3}, {"80493b1"..., 7}, {"]\n"..., 2}], 4) = 71 write(2, "======= Memory map: ========\n"..., 29) = 29 open("/proc/self/maps", O_RDONLY) = 6 read(6, "08048000-0804d000 r-xp 00000000 0"..., 1024) = 1024 write(2, "08048000-0804d000 r-xp 00000000 0"..., 1024) = 1024 read(6, "000-b7ed3000 rw-p 0013c000 08:02 "..., 1024) = 928 write(2, "000-b7ed3000 rw-p 0013c000 08:02 "..., 928) = 928 read(6, ""..., 1024) = 0 close(6) = 0 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 tgkill(23137, 23137, SIGABRT) = 0 --- SIGABRT (Aborted) @ 0 (0) --- time(NULL) = 1244198412 futex(0xb7ed3140, FUTEX_WAIT, 2, NULL So it seems there is a memory corruption bug somewhere that glibc triggers on and it tries to recover. Unfortunamtely, that means opd doesn't die as it should. Reproducible: Always # epm -qa | egrep '(*blue*|glibc)' glibc-2.8_p20080602-r1 bluez-hcidump-1.42 bluez-libs-3.36 kdebluetooth-1.0_beta8-r2 bluez-utils-3.36 tv ~ #
emerge --info please.
Portage 2.1.6.11 (default/linux/x86/2008.0/desktop, gcc-4.3.2, glibc-2.8_p20080602-r1, 2.6.30-rc6 i686) ================================================================= System uname: Linux-2.6.30-rc6-i686-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_5600+-with-glibc2.0 Timestamp of tree: Tue, 02 Jun 2009 19:00:17 +0000 distcc 3.1 i686-pc-linux-gnu [enabled] ccache version 2.4 [disabled] app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7-r1, 2.1.7 dev-lang/python: 2.4.4-r13, 2.5.4-r2 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.2-r1 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon64 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=athlon64 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distcc distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LDFLAGS="-Wl,-O1" LINGUAS="en en_GB sv sv_SE" MAKEOPTS="-j4 -l3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext 7zip X a52 aac aalib acl acpi administrator adns aften aio akode alisp alsa amarok amr amrnb amrwb animgif ao aotuv ares arts aspell audacious audiofile autoipd automount autostart avahi bash-completion bdf bidi bittorrent bl bluetooth bookmarks branding bzip2 cairo cdda cddb cdio cdparanoia cdr cli console consolekit corefonts cpudetection cracklib crciprec crypt css cups curl daap dbus dc1394 dga dirac directv divx dmi dri dts dv dvb dvd dvdr dvdread dynscaler eds emboss enca encode esd evo exif extrafilters faac faad fam fame fbcon festival ffmpeg fftw firefox flac font-server fontconfig fortran freebox ftp gdbm geoip gif gimp gmedia gnome gnutls gphoto2 gpm gsm gstreamer gtk hal hardcoded-tables httpd iconv id3 id3tag ilbc imagemagick imap imlib ipv6 irda irmc isdnlog jack java jbig jpeg jpeg2k kde ladspa lame lcd lcms libass libcaca libnotify libsamplerate libv4l2 libvisual lirc live lm_sensors logrotate lzo mad matroska md5sum mdnsresponder-compat midi mikmod mixer mjpeg mmx mmxext mng modplug mp2 mp3 mp4 mpd mpeg mplayer mudflap musepack mysql nas ncurses nemesi network network-cron nfs nls nptl nptlonly nsplugin ogg openal opengl openmp pam pcre pdf perl png pnm ppds pppd pulseaudio pvr python qt3 qt3support qt4 quicktime radio rar readline realmedia reflection rss rtc rtsp scanner schroedinger sdl sdl-image se_swedb seamless-hbars sensord session shout smartcard smp sndfile sound speedo speex spell spl srt sse sse2 ssl ssse3 startup-notification stream svg svgz sysfs syslog t1lib taglib tagwriting tcpd teletext theora threads tiff tivo tk transcode truetype tv tv_check tv_combiner tv_pick_cgi tvtime twolame type1 unicode upnp usb v4l v4l2 vcd vcdinfo vcdx vdr vhook vhosts vidix vim-syntax vlm vorbis webdav win32codecs wma wmf wmp wxwindows x264 x86 xanim xext xft xine xinerama xmame xml xorg xosd xulrunner xv xvid xvmc yv12 zip zlib zoran zvbi" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" DVB_CARDS="tda1004x" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="imon ncurses" LINGUAS="en en_GB sv sv_SE" LIRC_DEVICES="imon" USERLAND="GNU" VIDEO_CARDS="radeon radeonhd" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Created attachment 265627 [details, diff] Make obex_record free()able. The issue looks like an attempt to free an address which wasn't dynamically allocated: When terminating, opd calls sdp_record_unregister from BlueZ, which after unregistering the service, frees the record used to describe it. And it's that record which is a regular variable, and has not been malloc()ed. I'm attaching a patch which seems to fix the issue here: it changes obex_record to be a pointer variable, and uses sdp_record_alloc() from BlueZ to allocate the record, thus making it freeable. (I also removed some initialization steps, which are already done by sdp_record_alloc().) I hope this patch fixes Anders' issue. If the patch looks like the right way to go, I suppose bip_record needs to be changed in the same way - although I can do it in the patch too, I don't have hardware to test if BIP works after the changes (I've not even heard of BIP before), and I'd hate breaking it for someone else.
Is this still needed? Project is completely dead since 2005 and I can't find any distribution still supplying it
The last time I've saved this package back in 2010 I dug up the required patches from OLD mandrake .srpm. It was back then we migrated from BlueZ 3 to BlueZ 4. Kill with fire!
No doubt this is an useful utility, it provides something I don't think I've seen provided by any other tool: running an OBEX push server from the commandline, with no need for DE or DE-like full-featured GUI tools. But, OTOH, IIRC this is not even able to work in other architectures and, as this bug proves, the code has issues. The project itself is dead, or at least nobody has been applying patches to fix issues like this one. I guess I have to agree with Samuli in this one. Kill it. If someone has the time and experience to fix this, that person can always start (and maintain) a fork, which would likely provide Gentoo developers with the kind of active upstream this package needs to have in order to track all the changes Bluez decides to do once in a while.
dropped
