Ubuntu
urfkill package

urfkill crashed with SIGSEGV in g_bit_lock()

Bug #1381818 reported by Tony Espy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical System Image
Fix Released
High
Unassigned
Canonical System Image ww51-2014
urfkill (Ubuntu)
Fix Released
High
Tony Espy
urfkill (Ubuntu RTM)
Fix Released
High
Tony Espy

Bug Description

I ran into this crash while playing around with ofono restarts on krillin ( rtm image #106 ). Restarting ofono with the wrong device/number of SIM slots will trigger this crash:

Here's the backtrace from gdb:

(urfkilld:9481): GLib-GIO-CRITICAL **: g_dbus_proxy_call_finish_internal: assertion 'G_IS_DBUS_PROXY (proxy)' failed

(urfkilld:9481): GLib-CRITICAL **: g_variant_get_type_string: assertion 'value != NULL' failed

Program received signal SIGSEGV, Segmentation fault.
0xb6d938be in g_bit_lock () from /lib/arm-linux-gnueabihf/libglib-2.0.so.0
(gdb) bt
#0 0xb6d938be in g_bit_lock () from /lib/arm-linux-gnueabihf/libglib-2.0.so.0
#1 0xb6ddb8c6 in g_variant_n_children ()
   from /lib/arm-linux-gnueabihf/libglib-2.0.so.0
#2 0xb6ddb904 in g_variant_get_child_value ()
   from /lib/arm-linux-gnueabihf/libglib-2.0.so.0
#3 0x00019794 in ofono_get_modems_cb (source_object=<optimized out>,
    res=<optimized out>, user_data=0x3ce80) at urf-ofono-manager.c:170
#4 0xb6eeb970 in g_simple_async_result_complete ()
   from /usr/lib/arm-linux-gnueabihf/libgio-2.0.so.0
#5 0xb6f34b7e in ?? () from /usr/lib/arm-linux-gnueabihf/libgio-2.0.so.0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

This could be triggered by the fact that the proxy becomes invalid before the callback is made from the main thread loop. A simple validity check to ensure that the proxy is still valid before calling the finish call would probably solve this.

Steps to reproduce:

As root, run restart ofono on krillin without specifying the device or number of SIM slots.

Marking this as High, as this is a contrived scenario as normally the OFONO_RIL_DEVICE and OFONO_RIL_NUM_SIM_SLOTS should be set when calling 'start' or 'restart' ofono from the command-line.

Tags: rtm14
Tony Espy (awe)
Changed in urfkill (Ubuntu):
importance: Undecided → High
assignee: nobody → Tony Espy (awe)
Tony Espy (awe)
Changed in urfkill (Ubuntu):
status: New → In Progress
tags: added: rtm14
Revision history for this message
Tony Espy (awe) wrote :

The problem is that when ofono disappears from the bus, ofono->proxy is unref'd and set to NULL. When get_modems_cb() is called it doesn't check ofono->proxy, and just blindly passes it to g_dbus_proxy_call_finish() which throws an assert as the proxy is invalid.

Fix proposed:

https://github.com/cyphermox/urfkill/pull/17

Tony Espy (awe)
Changed in urfkill (Ubuntu):
status: In Progress → Fix Committed
Tony Espy (awe)
Changed in urfkill (Ubuntu RTM):
status: New → Fix Committed
assignee: nobody → Tony Espy (awe)
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package urfkill - 0.6.0~20141020.151220.1dc6cf4-0ubuntu1

---------------
urfkill (0.6.0~20141020.151220.1dc6cf4-0ubuntu1) vivid; urgency=medium

  * New release snapshot:
    - UrfOfonoManager: check NULL proxy (LP: #1381818)
    - UrfOfonoManager: Fix ofono re-start case (SIGABRT with reg_id > 0)
      (LP: #1346685)
 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 11 Nov 2014 13:18:15 -0500

Changed in urfkill (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

This isn't landed in RTM yet...

Changed in urfkill (Ubuntu RTM):
status: Fix Committed → In Progress
Revision history for this message
Pat McGowan (pat-mcgowan) wrote :

Approved to land with 1346685 - one line null check

Changed in canonical-devices-system-image:
importance: Undecided → High
milestone: none → ww51-2014
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package urfkill - 0.6.0~20141020.151220.1dc6cf4~rtm-0ubuntu1

---------------
urfkill (0.6.0~20141020.151220.1dc6cf4~rtm-0ubuntu1) 14.09; urgency=medium

  * New release snapshot:
    - UrfOfonoManager: check NULL proxy (LP: #1381818)
    - UrfOfonoManager: Fix ofono re-start case (SIGABRT with reg_id > 0)
      (LP: #1346685)
 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 11 Nov 2014 13:18:15 -0500

Changed in urfkill (Ubuntu RTM):
status: In Progress → Fix Released
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.