Crashing connmand

REPRODUCIBILITY: no, I have no idea howto reproduce it, but it is happening twice a day on my phone
BUILD ID = 4.2.0.21
HARDWARE: Sony Xperia 10 II
UI LANGUAGE: cs
REGRESSION: not sure

DESCRIPTION:

I have enabled coredumps on my device and today I noticed that some of the coredumps are created by connman daemon (connmand process).

ACTUAL RESULT:

connmand is crashing for some reason.

GDB stacktrace:

[root@Xperia ]# gdb /usr/sbin/connmand core.5085
...

Core was generated by `/usr/sbin/connmand -n -W nl80211 --nobacktrace --systemd --noplugin=wifi'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __GI___libc_free (mem=0x3900000017) at malloc.c:3102
3102      p = mem2chunk (mem);


(gdb) bt full
#0  __GI___libc_free (mem=0x3900000017) at malloc.c:3102
        ar_ptr = <optimized out>
        p = <optimized out>
        hook = 0x0
        __x = <optimized out>
#1  0x0000007326c9ae1c in g_free (mem=<optimized out>) at ../glib/gmem.c:199
No locals.
#2  0x0000000000477670 in keyfile_free (data=0x2cf261f0) at src/storage.c:729
        record = 0x2cf261f0
        __FUNCTION__ = "keyfile_free"
#3  0x00000000004991f0 in cleanup_inotify_cb (data=0x2cf26340) at src/inotify.c:222
        cb = 0x2cf26340
#4  0x0000007326cb3b24 in g_slist_foreach (list=<optimized out>, list@entry=0x2cef4ac0, func=0x4991d0 <cleanup_inotify_cb>, user_data=user_data@entry=0x0) at ../glib/gslist.c:885
        next = 0x0
#5  0x0000007326cb3b58 in g_slist_free_full (list=0x2cef4ac0, free_func=<optimized out>) at ../glib/gslist.c:198
No locals.
#6  0x0000000000499240 in cleanup_inotify (user_data=0x2cf26210) at src/inotify.c:230
        inotify = 0x2cf26210
        inotify = <optimized out>
#7  connman_inotify_unref (data=0x2cf26210) at src/inotify.c:68
        i = <optimized out>
#8  0x0000007326c8114c in g_hash_table_remove_all_nodes (hash_table=0x2ceebc60, notify=<optimized out>, destruction=<optimized out>) at ../glib/ghash.c:707
        i = 1
        key = <optimized out>
        value = 0x2cf26210
        old_size = 8
        old_keys = 0x2d005550
        old_values = 0x2cfe1350
        old_hashes = 0x2cfe4520
        old_have_big_keys = 1
        old_have_big_values = 0
#9  0x0000007326c82dc4 in g_hash_table_remove_all_nodes (destruction=0, notify=1, hash_table=0x2ceebc60) at ../glib/ghash.c:1884
        i = <optimized out>
        key = <optimized out>
        value = <optimized out>
        old_keys = <optimized out>
        old_values = <optimized out>
        old_hashes = <optimized out>
        old_size = <optimized out>
        old_have_big_keys = <optimized out>
        old_have_big_values = <optimized out>
        i = <optimized out>
        key = <optimized out>
        value = <optimized out>
        old_size = <optimized out>
        old_keys = <optimized out>
        old_values = <optimized out>
        old_hashes = <optimized out>
        old_have_big_keys = <optimized out>
        old_have_big_values = <optimized out>
#10 g_hash_table_remove_all (hash_table=0x2ceebc60) at ../glib/ghash.c:1884
        __func__ = "g_hash_table_remove_all"
        _g_boolean_var_ = <optimized out>
#11 0x0000007326c82e10 in g_hash_table_destroy (hash_table=0x2ceebc60) at ../glib/ghash.c:1487
        __func__ = "g_hash_table_destroy"
#12 0x00000000004997a0 in __connman_inotify_cleanup () at src/inotify.c:296
        __FUNCTION__ = "__connman_inotify_cleanup"
#13 0x0000000000417d34 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:1040
        context = <optimized out>
        error = 0x0
        conn = 0x2cf1c670
        err = {name = 0x0, message = 0x0, dummy1 = 1, dummy2 = 0, dummy3 = 0, dummy4 = 0, dummy5 = 0, padding1 = 0x0}
        signal = 1
        __FUNCTION__ = "main"
(gdb) info threads
  Id   Target Id                      Frame 
* 1    Thread 0x7326389010 (LWP 4882) __GI___libc_free (mem=0x3900000017) at malloc.c:3102
  2    Thread 0x7325db0010 (LWP 4983) 0x0000007326834780 in __GI___poll (fds=0x73180118a0, nfds=2, timeout=<optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:41
  3    Thread 0x73261b2010 (LWP 4980) 0x0000007326834780 in __GI___poll (fds=0x2cf475b0, nfds=1, timeout=<optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:41

ADDITIONAL INFORMATION:

Connman version on my device is 1.32+git162. It is planned to switch to upstream version? 1.32 was released 5 years already and cleanup_inotify_cb don’t exists anymore in current codebase…

Should I dig deeper? Or it is known issue?

1 Like

I think that cleanup_inotify_cb is sailfish specific and it never have been existed on upstream.

One known issue that was fixed for 4.3.0 was that connman was crashing when shutting down. That was fixed over here Fix SIGSEGV at shutdown by LaakkonenJussi · Pull Request #9 · sailfishos/connman · GitHub

Backtrace at least looks the same. Have you tried with a more recent OS version?

It really seems to be fixed. I didn’t see connman crash with SFOS 4.5.0.24.