Skip to content

Bug: Seg fault when deactivating rdk services caused by channel sharing in JSONRPCLink.h #2040

New issue
New issue
Open
Bug
Open
Bug: Seg fault when deactivating rdk services caused by channel sharing in JSONRPCLink.h#2040
Bug
Labels
bugSomething isn't working
@npoltorapavlo

Description

@npoltorapavlo
npoltorapavlo
opened on Dec 15, 2025

Problem/Opportunity

When deactivating rdk services there is a crash when destructing JSONRPC::LinkType:

Thread 7 "WorkerPool::Thr" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 11464.11577]
Downloading source file /usr/include/WPEFramework/core/Proxy.h
0xa7dd2c90 in WPEFramework::Core::ProxyType<WPEFramework::JSONRPC::LinkType<WPEFramework::Core::JSON::IElement>::CommunicationChannel>::~ProxyType (         
    this=0x214d214, __in_chrg=<optimized out>) at /usr/include/WPEFramework/core/Proxy.h:435

Crash address corresponds to _vptr.CommunicationChannel, unmapped:

(gdb) p $_siginfo._sifields._sigfault.si_addr
$9 = (void *) 0xaa293b44
(gdb) p *this
$11 = {_refCount = 0xa98bae64, _realObject = 0xa98ba978}
(gdb) p *this._realObject
$12 = {_vptr.CommunicationChannel = 0xaa293b20,...

When CommunicationChannel::Instance is called from library X, channelMap address is in library Y, and _vptr.CommunicationChannel address of returned channel is in library Z:

(gdb) p &channelMap
$31 = ...0xabc38c6c
(gdb) i symbol 0xabc38c6c
... /usr/lib/wpeframework/plugins/libWPEFrameworkY.so
(gdb) p *copy._realObject
$48 = {
  _vptr.CommunicationChannel = 0xa9823b20
(gdb) i symbol 0xa9823b20
... /usr/lib/wpeframework/plugins/libWPEFrameworkZ.so

If channel doesn't exist, channelMap returns a new channel with _vptr.CommunicationChannel address in the same library:

(gdb) p *_channel._realObject
$60 = {
  _vptr.CommunicationChannel = 0xaad83a40
(gdb) i symbol 0xaad83a40
vtable for ... + 8 in section .data.rel.ro of /usr/lib/wpeframework/plugins/libWPEFrameworkX.so

Looks like the problem relates to channel sharing in Thunder. Nothing prevents a library to unload and hence unload _vptr.CommunicationChannel of a channel being shared. Static channelMap instantiates once because there's one type - Core::ProxyMapType<string, JSONRPC::LinkType<Core::JSON::IElement>::CommunicationChannel>:

Thunder/Source/websocket/JSONRPCLink.h

Lines 206 to 213 in cc5d85b

static Core::ProxyType<CommunicationChannel> Instance(const Core::NodeId& remoteNode, const string& callsign, const string& query)
{
static Core::ProxyMapType<string, CommunicationChannel> channelMap;
string searchLine = remoteNode.HostAddress() + '@' + callsign;
return (channelMap.template Instance<CommunicationChannel>(searchLine, remoteNode, callsign, query));
}

Issue is specific to JSONRPC::LinkType/JSONRPC::SmartLinkType.

Steps to reproduce

Deactivate services that use JSONRPC::LinkType/JSONRPC::SmartLinkType.

Expected Behavior

No crash

Actual Behavior

Crash

Notes (Optional)

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions