Crashing connmand

REPRODUCIBILITY: no, I have no idea howto reproduce it, but it is happening twice a day on my phone
BUILD ID = 4.2.0.21
HARDWARE: Sony Xperia 10 II
UI LANGUAGE: cs
REGRESSION: not sure

DESCRIPTION:

I have enabled coredumps on my device and today I noticed that some of the coredumps are created by connman daemon (connmand process).

ACTUAL RESULT:

connmand is crashing for some reason.

GDB stacktrace:

[root@Xperia ]# gdb /usr/sbin/connmand core.5085
...

Core was generated by `/usr/sbin/connmand -n -W nl80211 --nobacktrace --systemd --noplugin=wifi'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __GI___libc_free (mem=0x3900000017) at malloc.c:3102
3102      p = mem2chunk (mem);


(gdb) bt full
#0  __GI___libc_free (mem=0x3900000017) at malloc.c:3102
        ar_ptr = <optimized out>
        p = <optimized out>
        hook = 0x0
        __x = <optimized out>
#1  0x0000007326c9ae1c in g_free (mem=<optimized out>) at ../glib/gmem.c:199
No locals.
#2  0x0000000000477670 in keyfile_free (data=0x2cf261f0) at src/storage.c:729
        record = 0x2cf261f0
        __FUNCTION__ = "keyfile_free"
#3  0x00000000004991f0 in cleanup_inotify_cb (data=0x2cf26340) at src/inotify.c:222
        cb = 0x2cf26340
#4  0x0000007326cb3b24 in g_slist_foreach (list=<optimized out>, list@entry=0x2cef4ac0, func=0x4991d0 <cleanup_inotify_cb>, user_data=user_data@entry=0x0) at ../glib/gslist.c:885
        next = 0x0
#5  0x0000007326cb3b58 in g_slist_free_full (list=0x2cef4ac0, free_func=<optimized out>) at ../glib/gslist.c:198
No locals.
#6  0x0000000000499240 in cleanup_inotify (user_data=0x2cf26210) at src/inotify.c:230
        inotify = 0x2cf26210
        inotify = <optimized out>
#7  connman_inotify_unref (data=0x2cf26210) at src/inotify.c:68
        i = <optimized out>
#8  0x0000007326c8114c in g_hash_table_remove_all_nodes (hash_table=0x2ceebc60, notify=<optimized out>, destruction=<optimized out>) at ../glib/ghash.c:707
        i = 1
        key = <optimized out>
        value = 0x2cf26210
        old_size = 8
        old_keys = 0x2d005550
        old_values = 0x2cfe1350
        old_hashes = 0x2cfe4520
        old_have_big_keys = 1
        old_have_big_values = 0
#9  0x0000007326c82dc4 in g_hash_table_remove_all_nodes (destruction=0, notify=1, hash_table=0x2ceebc60) at ../glib/ghash.c:1884
        i = <optimized out>
        key = <optimized out>
        value = <optimized out>
        old_keys = <optimized out>
        old_values = <optimized out>
        old_hashes = <optimized out>
        old_size = <optimized out>
        old_have_big_keys = <optimized out>
        old_have_big_values = <optimized out>
        i = <optimized out>
        key = <optimized out>
        value = <optimized out>
        old_size = <optimized out>
        old_keys = <optimized out>
        old_values = <optimized out>
        old_hashes = <optimized out>
        old_have_big_keys = <optimized out>
        old_have_big_values = <optimized out>
#10 g_hash_table_remove_all (hash_table=0x2ceebc60) at ../glib/ghash.c:1884
        __func__ = "g_hash_table_remove_all"
        _g_boolean_var_ = <optimized out>
#11 0x0000007326c82e10 in g_hash_table_destroy (hash_table=0x2ceebc60) at ../glib/ghash.c:1487
        __func__ = "g_hash_table_destroy"
#12 0x00000000004997a0 in __connman_inotify_cleanup () at src/inotify.c:296
        __FUNCTION__ = "__connman_inotify_cleanup"
#13 0x0000000000417d34 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:1040
        context = <optimized out>
        error = 0x0
        conn = 0x2cf1c670
        err = {name = 0x0, message = 0x0, dummy1 = 1, dummy2 = 0, dummy3 = 0, dummy4 = 0, dummy5 = 0, padding1 = 0x0}
        signal = 1
        __FUNCTION__ = "main"
(gdb) info threads
  Id   Target Id                      Frame 
* 1    Thread 0x7326389010 (LWP 4882) __GI___libc_free (mem=0x3900000017) at malloc.c:3102
  2    Thread 0x7325db0010 (LWP 4983) 0x0000007326834780 in __GI___poll (fds=0x73180118a0, nfds=2, timeout=<optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:41
  3    Thread 0x73261b2010 (LWP 4980) 0x0000007326834780 in __GI___poll (fds=0x2cf475b0, nfds=1, timeout=<optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:41

ADDITIONAL INFORMATION:

Connman version on my device is 1.32+git162. It is planned to switch to upstream version? 1.32 was released 5 years already and cleanup_inotify_cb don’t exists anymore in current codebase…

Should I dig deeper? Or it is known issue?

1 Like

I think that cleanup_inotify_cb is sailfish specific and it never have been existed on upstream.