urfkill crashed with SIGSEGV in g_bit_lock()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical System Image |
Fix Released
|
High
|
Unassigned | ||
urfkill (Ubuntu) |
Fix Released
|
High
|
Tony Espy | ||
urfkill (Ubuntu RTM) |
Fix Released
|
High
|
Tony Espy |
Bug Description
I ran into this crash while playing around with ofono restarts on krillin ( rtm image #106 ). Restarting ofono with the wrong device/number of SIM slots will trigger this crash:
Here's the backtrace from gdb:
(urfkilld:9481): GLib-GIO-CRITICAL **: g_dbus_
(urfkilld:9481): GLib-CRITICAL **: g_variant_
Program received signal SIGSEGV, Segmentation fault.
0xb6d938be in g_bit_lock () from /lib/arm-
(gdb) bt
#0 0xb6d938be in g_bit_lock () from /lib/arm-
#1 0xb6ddb8c6 in g_variant_
from /lib/arm-
#2 0xb6ddb904 in g_variant_
from /lib/arm-
#3 0x00019794 in ofono_get_modems_cb (source_
res=<optimized out>, user_data=0x3ce80) at urf-ofono-
#4 0xb6eeb970 in g_simple_
from /usr/lib/
#5 0xb6f34b7e in ?? () from /usr/lib/
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
This could be triggered by the fact that the proxy becomes invalid before the callback is made from the main thread loop. A simple validity check to ensure that the proxy is still valid before calling the finish call would probably solve this.
Steps to reproduce:
As root, run restart ofono on krillin without specifying the device or number of SIM slots.
Marking this as High, as this is a contrived scenario as normally the OFONO_RIL_DEVICE and OFONO_RIL_
Related branches
Changed in urfkill (Ubuntu): | |
importance: | Undecided → High |
assignee: | nobody → Tony Espy (awe) |
Changed in urfkill (Ubuntu): | |
status: | New → In Progress |
tags: | added: rtm14 |
Changed in urfkill (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in urfkill (Ubuntu RTM): | |
status: | New → Fix Committed |
assignee: | nobody → Tony Espy (awe) |
importance: | Undecided → High |
Changed in canonical-devices-system-image: | |
status: | Confirmed → Fix Released |
The problem is that when ofono disappears from the bus, ofono->proxy is unref'd and set to NULL. When get_modems_cb() is called it doesn't check ofono->proxy, and just blindly passes it to g_dbus_ proxy_call_ finish( ) which throws an assert as the proxy is invalid.
Fix proposed:
https:/ /github. com/cyphermox/ urfkill/ pull/17