[PATCH 0/3] a crash related to NULL physdev

Ben Chan benchan at chromium.org
Thu Feb 23 19:45:26 UTC 2017 

Hi Aleksander and Dan,

We've seen a few crashes in the field with the following signature:

  Thread 0 CRASHED [SIGSEGV @ 0x00000000 ] MAGIC SIGNATURE THREAD
  0xf53ff5e8  (libglib-2.0.so.0.3600.4 -ghash.c:1732 )  g_str_hash
  0xf53fe8c7  (libglib-2.0.so.0.3600.4 -ghash.c:365 ) g_hash_table_lookup
  0xb953c3bd  (ModemManager -mm-base-manager.c:130 )  device_removed
  0xb953cc9f  (ModemManager -mm-base-manager.c:408 )  handle_uevent
  0xf54c535f  (libgobject-2.0.so.0.3600.4 -gclosure.c:777 ) g_closure_invoke
  0xf54d6fc7  (libgobject-2.0.so.0.3600.4 -gsignal.c:3584 ) signal_emit_unlocked_R
  0xf54d7baf  (libgobject-2.0.so.0.3600.4 -gsignal.c:3328 ) g_signal_emit_valist
  0xf54d7fa5  (libgobject-2.0.so.0.3600.4 -gsignal.c:3384 ) g_signal_emit
  0xf5623819  (libgudev-1.0.so.0.2.0 -gudevclient.c:104 ) monitor_event
  0xf540cc51  (libglib-2.0.so.0.3600.4 -gmain.c:3054 )  g_main_context_dispatch
  0xf540cfa5  (libglib-2.0.so.0.3600.4 -gmain.c:3701 )  g_main_context_iterate
  0xf540d2c5  (libglib-2.0.so.0.3600.4 -gmain.c:3895 )  g_main_loop_run
  0xb9539dad  (ModemManager -main.c:180 ) main
  0xf52d687d  (libc-2.23.so -libc-start.c:289 ) __libc_start_main
  0xb9539bf3  (ModemManager + 0x0001cbf3 )  _start
  0xb95b0fbf  (ModemManager -elf-init.c:87 )  __libc_csu_init
  0xf56dbe43  (ld-2.23.so + 0x0000be43 )  _dl_sort_fini
  0xb9539bbf  (ModemManager + 0x0001cbbf )  _init

The crash happens when mm-kernel-device-udev.c:find_physical_gudevdevice()
fails to find the physical device, which eventually leads to a NULL
`physdev_uid' being passed to g_hash_table_lookup() in
mm-base-manager.cc:find_device_by_physdev_uid(). Without much information about
the device that triggered the udev event, I suspect it's a tty or net device
exposed by a SDIO device.

The attached patches handle the issue from two different perspectives. The
first patch updates mm-kernel-device-udev.c:find_physical_gudevdevice() to
handle a SDIO device, which should likely reduce the chance that a NULL
`physdev_uid' is propagated to mm-base-manager.cc:find_device_by_physdev_uid().
And to make sure ModemManager doesn't crash in case we miss some other types of
device, the second patch makes MMBaseManager handles NULL `physdev_uid' more
gracefully. When modifying find_physical_gudevdevice(), I thought that the code
could be simplified a bit, which is done by the third patch. I keep the third
patch separate mainly because I'm not sure if I've missed anything. Please feel
free to ignore the third patch if it doesn't make sense, or squash it into the
second if you prefer.

Thanks,
Ben

Ben Chan (3):
  kernel-device: handle SDIO device in find_physical_gudevdevice
  base-manager: handle NULL physical device more gracefully
  kernel-device: simplify handling of platform/pci/pnp/sdio parent

 src/kerneldevice/mm-kernel-device-udev.c | 19 ++++++-------------
 src/mm-base-manager.c                    | 10 ++++++++--
 2 files changed, 14 insertions(+), 15 deletions(-)

-- 
2.11.0.483.g087da7b7c-goog

More information about the ModemManager-devel mailing list