double free or corruption (fasttop)

[mm108]

I have been trying for a while to use this pygattlib library. I have tried the same from this repo as well.

I have followed all the steps exactly as mentioned in the documentation. I tried this on a Raspberry Pi 3, and also a Raspberry Pi Zero W running RASPBIAN STRETCH LITE (Kernel version:4.9). Also I tried building/running this using both Python 2.7.13 as well as Python 3.4.3 but I keep getting the same error when running any of the example scripts. The make and make install went through fine after fixing some issues related to missing libraries. I even tried this on a fresh install of Raspbian Stretch Lite and again the same error. I tried asking for a solution on bitbucket but then it seems there are others who posted the same question and there has been no answers. I ran a hcidump in another window and I can see some connection happening but then again there is this error

root@test00001:/opt/pygattlib# sudo python /opt/pygattlib/examples/receive_notification.py 50:65:83:xx:xx:xx
Connecting... *** Error in `python': double free or corruption (fasttop): 0xb5702a00 ***

And here is result of running hcidump

root@test00001:~# sudo hcidump -t
HCI sniffer - Bluetooth packet analyzer ver 5.43
device: hci0 snap_len: 1500 filter: 0xffffffff
2018-03-04 06:52:08.449046 < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7
    type 0x00 (passive)
    interval 60.000ms window 30.000ms
    own address: 0x00 (Public) policy: white list only
2018-03-04 06:52:08.450275 > HCI Event: Command Complete (0x0e) plen 4
    LE Set Scan Parameters (0x08|0x000b) ncmd 1
    status 0x00
2018-03-04 06:52:08.450390 < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2
    value 0x01 (scanning enabled)
    filter duplicates 0x01 (enabled)
2018-03-04 06:52:08.452264 > HCI Event: Command Complete (0x0e) plen 4
    LE Set Scan Enable (0x08|0x000c) ncmd 1
    status 0x00
2018-03-04 06:52:12.420233 > HCI Event: LE Meta Event (0x3e) plen 42
    LE Advertising Report
      ADV_IND - Connectable undirected advertising (0)
      bdaddr 50:65:83:xx:xx:xx (Public)
      Flags: 0x06
      Unknown type 0xff with 25 bytes data
      RSSI: -69
2018-03-04 06:52:12.420417 < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2
    value 0x00 (scanning disabled)
    filter duplicates 0x00 (disabled)
2018-03-04 06:52:12.428258 > HCI Event: Command Complete (0x0e) plen 4
    LE Set Scan Enable (0x08|0x000c) ncmd 1
    status 0x00
2018-03-04 06:52:12.428420 < HCI Command: LE Create Connection (0x08|0x000d) plen 25
    bdaddr 50:65:83:xx:xx:xx type 0
    interval 96 window 96 initiator_filter 0
    own_bdaddr_type 0 min_interval 40 max_interval 56
    latency 0 supervision_to 42 min_ce 0 max_ce 0
2018-03-04 06:52:12.436258 > HCI Event: Command Status (0x0f) plen 4
    LE Create Connection (0x08|0x000d) status 0x00 ncmd 1
2018-03-04 06:52:14.475543 < HCI Command: LE Create Connection Cancel (0x08|0x000e) plen 0
2018-03-04 06:52:14.478236 > HCI Event: Command Complete (0x0e) plen 4
    LE Create Connection Cancel (0x08|0x000e) ncmd 1
2018-03-04 06:52:14.492218 > HCI Event: LE Meta Event (0x3e) plen 19
    LE Connection Complete
      status 0x02 handle 0, role master
      bdaddr 00:00:00:00:00:00 (Public)

The sample code ( to connect ) that I am running is this

from __future__ import print_function

import sys
from gattlib import GATTRequester

class JustConnect(object):
    def __init__(self, address):
        self.requester = GATTRequester(address, False)
        self.connect()

    def connect(self):
        print("Connecting...", end=' ')
        sys.stdout.flush()

        self.requester.connect(True)
        print("OK!")

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print("Usage: {} <addr>".format(sys.argv[0]))
        sys.exit(1)

    JustConnect(sys.argv[1])
    print("Done.")

Even the other scripts seems to exhibit the same behaviour

I just did a gdb backtrace and here is the result

root@test00001:/opt/pygattlib/examples# gdb --args python connect.py 50:65:83:10:b2:e7
GNU gdb (Raspbian 7.12-6) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from python...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/python connect.py 50:65:83:10:b2:e7
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
[New Thread 0xb6103470 (LWP 601)]
Connecting... *** Error in `/usr/bin/python': double free or corruption (fasttop): 0xb5802a00 ***

Thread 2 "python" received signal SIGABRT, Aborted.
[Switching to Thread 0xb6103470 (LWP 601)]
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) backtrace
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0xb6da1824 in __GI_abort () at abort.c:89
#2  0xb6ddaf78 in __libc_message (do_abort=do_abort@entry=2, fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:175
#3  0xb6de1ad4 in malloc_printerr (action=<optimized out>, str=0xb6e94120 "double free or corruption (fasttop)", ptr=<optimized out>,
    ar_ptr=<optimized out>) at malloc.c:5049
#4  0xb6de2514 in _int_free (av=0xb5800010, p=0xb58029f8, have_lock=<optimized out>) at malloc.c:3905
#5  0xb63d42c4 in g_error_free () from /lib/arm-linux-gnueabihf/libglib-2.0.so.0
#6  0xb63d4600 in g_clear_error () from /lib/arm-linux-gnueabihf/libglib-2.0.so.0
#7  0xb64f9e84 in connect_cb (io=0x449678, cond=<optimized out>, user_data=0x4496c0) at src/bluez/btio/btio.c:234
#8  0xb63eafe8 in g_main_context_dispatch () from /lib/arm-linux-gnueabihf/libglib-2.0.so.0
#9  0xb63eb3b8 in ?? () from /lib/arm-linux-gnueabihf/libglib-2.0.so.0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb)

[matthewelse]

Hi @m-menon - I might struggle to have time to look at this properly any time soon because of uni work, but I'll see if I can find some time. I'll let you know once I manage to replicate the behaviour.

[mm108]

hi @matthewelse, thanks a lot. I am trying in a few ways to narrow in on the problem. But I wanted to let you know that it isn't super urgent. So please only if you have some spare time after the uni work. I'll post an update if I hit on a clue. Thanks once again.