GNOME Bugzilla – Bug 685933
Crash in disconnect_auth_ready
Last modified: 2012-10-11 10:25:23 UTC
Thread 0 *CRASHED* ( SIGSEGV @ 0x00000000 ) 0x7f3a62259310 [ModemManager] - mm-bearer-list.c:162] mm_bearer_list_foreach 0x7f3a62273ae7 [ModemManager] - mm-iface-modem-simple.c:893] disconnect_auth_ready 0x7f3a620bf676 [libgio-2.0.so.0.3000.2] - gsimpleasyncresult.c:749] g_simple_async_result_complete 0x7f3a6225a290 [ModemManager] - mm-base-modem.c:1015] authorize_ready 0x7f3a620bf676 [libgio-2.0.so.0.3000.2] - gsimpleasyncresult.c:749] g_simple_async_result_complete 0x7f3a620bf788 [libgio-2.0.so.0.3000.2] - gsimpleasyncresult.c:761] complete_in_idle_cb 0x7f3a61cd0f44 [libglib-2.0.so.0.3000.2] - gmain.c:2441] g_main_context_dispatch 0x7f3a61cd1597 [libglib-2.0.so.0.3000.2] - gmain.c:3089] g_main_context_iterate 0x7f3a61cd1b51 [libglib-2.0.so.0.3000.2] - gmain.c:3297] g_main_loop_run 0x7f3a6224a5b3 [ModemManager] - main.c:154] main 0x7f3a616eb41c [libc-2.15.so] - libc-start.c:234] __libc_start_main 0x7f3a6224a028 [ModemManager] + 0x0001b028] 0x7fff21e4cfff MMIfModemSimple should probably disconnect signal handlers (handle-connect, handle-disconnect, handle-get-status) when it is disposed. Other MM interfaces seem to have similar issues.
That's true; yes. When I developed this I just assumed that the signal handlers would get disconnected automatically when the skeleton is disposed. Which is true, but the problem here is that the skeleton may have a valid reference still around when the modem is being disposed, e.g. when there's an ongoing operation in the interface (so the skeleton really gets disposed some time after). I'll fix this by disconnecting all signal handlers in all interfaces when we unref the reference we keep in the modem object, that should fix it.
Wait... when we shutdown the interface we are setting the specific interface skeleton as NULL in the MmGdbusObject, effectively unexporting the interface from DBus. That alone should avoid getting a signal handler called, I assume. Ben, when you say other interfaces have similar issues, is it because you've seen issues or just assuming looking at the code? Maybe I'm wrong w.r.t to the paragraph above. This bug may also be likely be a race between getting the signal called, we call mm_base_modem_authorize(), then the interface gets shutdown, and then we end up looking at the bearer list which was already disposed. If so, that fix would be much easier.
I've seen a similar crash report before and it was not in the MMIfaceModemSimple. Unfortunately, I couldn't find the crash log anymore, so I'm not sure if they are the same issue.
The race condition in comment 2 could very well be the issue.
Thanks. I think I'll audit all the interfaces and make sure that all objects retrieved with g_object_get() gets checked against NULL.
Fixed in: commit c16bcdf68c0d1e2d027a5a44b7e3b4bf29d4aee3 Author: Aleksander Morgado <aleksander@lanedo.com> Date: Thu Oct 11 11:41:15 2012 +0200 core: make sure objects retrieved with g_object_get() are valid in the ifaces The interfaces usually retrieve objects (e.g. skeletons) from the Modem object using g_object_get(), but we didn't make sure that these objects were actually valid before using them. This should clean up errors happening when the modem gets unplugged and still some actions are ongoing. Please reopen if you still see the errors. This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.