Re: SEGFAULT on sim_remove()

Thu, 29 Mar 2018 04:24:07 -0700 

Hi Denis,

I've been investigating for the reason of the SIGSEGV signal.

Valgrind tells me that I'm reading an already-freed sector.

I've added some debug information in:

- src/sim.c:sim_remove: see below

- src/simfs.c:sim_fs_context_free: freed sim_context

- src/simfs.c:sim_fs_op_free: freed sim_fs_op and sim_fs_op::context pointer


Here is the sim_remove function called when disabling the gemalto's plugin

static void sim_remove(struct ofono_atom *atom)
{
    struct ofono_sim *sim = __ofono_atom_get_data(atom);

    DBG("atom: %p", atom);

    if (sim == NULL)
        return;

    if (sim->driver != NULL && sim->driver->remove != NULL)
        sim->driver->remove(sim);

    sim_free_state(sim);

    DBG("simfs"); // added
    sim_fs_free(sim->simfs);
    sim->simfs = NULL;
    DBG("simfs_isim"); // added
    sim_fs_free(sim->simfs_isim);
    sim->simfs_isim = NULL;

    g_free(sim);
}

I've launched Ofono with valgrind (I've added comments to the logs):
ofonod[30124]: src/sim.c:sim_remove() atom: 0x4e81d88
ofonod[30124]: src/simfs.c:sim_fs_context_free() 0x4e868f8
ofonod[30124]: src/simfs.c:sim_fs_context_free() 0x4ef6a08
ofonod[30124]: src/simfs.c:sim_fs_op_free() 0x4ef6a08, 0x3c, context: 0x4eb7fb0 
ofonod[30124]: src/simfs.c:sim_fs_context_free() 0x4ef6b38
ofonod[30124]: src/simfs.c:sim_fs_op_free() 0x4ef6b38, 0x3c, context: 0x4eb7fb0 ofonod[30124]: src/simfs.c:sim_fs_context_free() **0x4eb7fb0** // -> This is freed in sim_free_state(sim); ofonod[30124]: src/sim.c:sim_remove() simfs // -> Going in sim_fs_free(sim->simfs); 
ofonod[30124]: src/simfs.c:sim_fs_free() 0x4e845a8
ofonod[30124]: src/simfs.c:sim_fs_op_free() 0x4ef67a8, 0x3c, context: **0x4eb7fb0** // Already freed 
==30124== Invalid read of size 4
==30124==    at 0xE39A0: sim_fs_op_free (simfs.c:99) // -> line: struct sim_fs *fs = node->context->fs; ==30124==    by 0x48B0303: g_queue_foreach (in /usr/lib/libglib-2.0.so.0.3800.2) 
==30124==  Address **0x4eb7fb0** is 0 bytes inside a block of size 8 free'd
==30124==    at 0x4835760: free (in /usr/lib/valgrind/vgpreload_memcheck-arm-linux.so) 
==30124==
ofonod[30124]: src/sim.c:sim_remove() simfs_isim
ofonod[30124]: src/simfs.c:sim_fs_free() (nil)

What do you think about this?

Best regards,
Gabriel
_______________________________________________
ofono mailing list
ofono@ofono.org
https://lists.ofono.org/mailman/listinfo/ofono

Reply via email to