Crash when ofono is respawning fast

Bug #1392397 reported by Alfonso Sanchez-Beato
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
urfkill (Ubuntu)
Fix Released
High
Alfonso Sanchez-Beato

Bug Description

To reproduce:

RTM image #159, Krillin.

# stop ofono
# start ofono OFONO_RIL_DEVICE=mtk

This makes ofono crash and respawn as the number of SIM slots is not specified, and 1 is used for that number instead of 2.

Backtrace is:

#0 set_online_cb (source_object=<optimized out>, res=0x48240, user_data=<optimized out>)
    at urf-device-ofono.c:194
#1 0xb6ee9970 in g_simple_async_result_complete (simple=0x48240)
    at /build/buildd/glib2.0-2.41.5/./gio/gsimpleasyncresult.c:763
#2 0xb6f32b7e in reply_cb (connection=<optimized out>, res=<optimized out>, user_data=0x48240)
    at /build/buildd/glib2.0-2.41.5/./gio/gdbusproxy.c:2623
#3 0xb6ee9970 in g_simple_async_result_complete (simple=0xb5802530)
    at /build/buildd/glib2.0-2.41.5/./gio/gsimpleasyncresult.c:763
#4 0xb6f2a74e in g_dbus_connection_call_done (source=<optimized out>, result=<optimized out>,
    user_data=0x56218) at /build/buildd/glib2.0-2.41.5/./gio/gdbusconnection.c:5502
#5 0xb6ee9970 in g_simple_async_result_complete (simple=0x5aeb8)
    at /build/buildd/glib2.0-2.41.5/./gio/gsimpleasyncresult.c:763
#6 0xb6ee99b6 in complete_in_idle_cb (data=<optimized out>)
    at /build/buildd/glib2.0-2.41.5/./gio/gsimpleasyncresult.c:775
#7 0xb6dafe78 in g_main_dispatch (context=0x39eb8)
    at /build/buildd/glib2.0-2.41.5/./glib/gmain.c:3064
#8 g_main_context_dispatch (context=context@entry=0x39eb8)
    at /build/buildd/glib2.0-2.41.5/./glib/gmain.c:3663
#9 0xb6db00fc in g_main_context_iterate (context=0x39eb8, block=block@entry=1,
    dispatch=dispatch@entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.41.5/./glib/gmain.c:3734
#10 0xb6db0398 in g_main_loop_run (loop=0x39ff8) at /build/buildd/glib2.0-2.41.5/./glib/gmain.c:3928
#11 0x000140dc in main (argc=1, argv=0xbefff504) at urf-main.c:276

Revision history for this message
Alfonso Sanchez-Beato (alfonsosanchezbeato) wrote :

It looks like two nested calls to urf-device-ofono.c:set_soft() provokes this. The second call to set_soft() is made before the callback for the first call has been invoked. Apparently this provokes that the callback for the second one is invoked after the call to the object's dispose().

I think that the fact that we are using the same GCancellable object in both calls makes that the call to g_object_unref() for the DBus proxy in dispose() does not cancel the second callback, so it gets called in the end, but the modem object has already been destroyed.

Revision history for this message
Alfonso Sanchez-Beato (alfonsosanchezbeato) wrote :

The reason for the two calls to set_soft() can be found in bug #1379807. Probable the best way to solve this crash and avoid future issues is to remove the double call, which will make urfkill more robust.

Tony Espy (awe)
Changed in urfkill (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Alfonso Sanchez-Beato (alfonsosanchezbeato)
Changed in urfkill (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.