Comment 0 for bug 1262340

ofono version: 1.12+bzr6848-0ubuntu1

This bug was reproduced while testing a new change to the modem power-on sequence logic. In order to reproduce, it's first necessary to stop both NetworkManager and disable the associated Telepathy mission-control account in order to prevent them from interfering with the test scenario. NM can be stopped via upstart. To disable the mission-control account, as the phablet user, run the following command:

$ mc-tool disable ofono/ofono/account0

To reproduce the crash ( as root ):

1. export PATH=/usr/share/ofono/scripts:$PATH
2. restart ofono
3. online-modem; offline-modem ( repeat until ofono crashes )

Ofono crashes in the function gril/gril.c:handle_response(), due to the following assert:

g_assert(count > 0);

This assert is ensuring that there's at least one pending response on the command_queue for which the incoming reply can be compared.

The reason this assert fires, is that there's a bug in the gril.c function ril_cancel_group(), which incorrectly frees a command associated with the given group, when in fact the command has already been sent. This was fixed in the nemo mobile code:

https://github.com/nemomobile-packages/ofono/commit/1266c212271e44db59aab2ef5d773b0afa015e48