Crash in mm_log_object_get_id
Hi All,
I recently encountered a ModemManager segfault within the 'mm_log_object_get_id' function. It appears that a QMI indication was received and is associated with a bearer that no longer exists. The logging function attempts to read the id of a bearer that has recently been deleted and segfaults.
2023-11-23T22:53:47.974052+0000 dut-tp1-p3 ModemManager[549]: <debug> [1700780027.973888] [modem1] user request to disconnect modem (all bearers)
2023-11-23T22:53:48.177766+0000 dut-tp1-p3 ModemManager[549]: <debug> [1700780028.177620] [modem1/bearer4] removing from bus
2023-11-23T22:53:51.313188+0000 dut-tp1-p3 ModemManager[549]: <debug> [1700780031.312888] [/dev/cdc-wdm0] received message...
<<<<<< RAW:
<<<<<< length = 20
<<<<<< data = 01:13:00:80:01:13:04:22:00:8C:00:07...
2023-11-23T22:53:51.314538+0000 dut-tp1-p3 kernel: ModemManager[549]: segfault at 10 ip 000000000050503f sp 00007fffdf128230 error 4 in ModemManager[449000+d5000]
2023-11-23T22:53:51.314757+0000 dut-tp1-p3 kernel: Code: 8b 60 08 4d 85 e4 74 0b 5b 4c 89 e0 5d 41 5c c3 0f 1f 00 48 89 c3 e8 30 ff ff ff 48 8b 7d 00 48 89 c6 e8 84 5d f4 ff 48 89 ef <ff> 50 10 48 8b 33 49 89 c4 48 85 f6 74 23 48 89 c2 48 8d 3d a8 75
2023-11-23T22:53:51.313300+0000 dut-tp1-p3 ModemManager[549]: <debug> [1700780031.313266] [/dev/cdc-wdm0] received generic indication (translated)...
<<<<<< QMUX:
<<<<<< length = 19
<<<<<< flags = 0x80
<<<<<< service = "wds"
<<<<<< client = 19
<<<<<< QMI:
<<<<<< flags = "indication"
<<<<<< transaction = 34
<<<<<< tlv_length = 7
<<<<<< message = "Extended Ip Config" (0x008C)
<<<<<< TLV:
<<<<<< type = "Changed IP Configuration" (0x10)
<<<<<< length = 4
<<<<<< value = 00:20:00:00
<<<<<< translated = mtu
2023-11-23T22:53:51.350892+0000 dut-tp1-p3 systemd[1]: Created slice Slice /system/systemd-coredump.
2023-11-23T22:53:51.363703+0000 dut-tp1-p3 systemd[1]: Started Process Core Dump (PID 13110/UID 0).
2023-11-23T22:54:00.302669+0000 dut-tp1-p3 systemd-coredump[13115]: Process 549 (ModemManager) of user 0 dumped core.
Module linux-vdso.so.1 with build-id e2ecc514eeba7dac1084517d3bda3bcbff4a22fd
Module libmm-plugin-altair-lte.so with build-id edbea84670811c94e84a48a9a204a2bfb3ffe671
Module libmm-plugin-anydata.so with build-id 7068192a8f79e8523c0737b9fecabf1c0abc1b69
Module libmm-plugin-broadmobi.so with build-id 80fb7812be346c2e025c5e57bf0fd70d4765524c
Module libmm-plugin-cinterion.so with build-id 789d5e2276b98b536ec45ab3fecf2a57c8218b6e
Module libmm-plugin-dlink.so with build-id f220e7b905e503b42452cc919becdc1f23445e7e
Module libmm-plugin-ericsson-mbm.so with build-id 382ac7d6160f4cac9ab6532d80b857e95d233c03
Module libmm-plugin-fibocom.so with build-id 766addbb38fc2f205f5451d509327d6ba5eb2a97
Module libmm-plugin-generic.so with build-id 0d96955d786543ecfcaf620d27263c2af5a6537e
Module libmm-plugin-gosuncn.so with build-id ff343b6c77b5ba6fccd6048a228684d45f8027e0
Module libmm-plugin-haier.so with build-id 5bf170f9fe37f0858803a0f9a672aa2727fc0d66
Module libmm-plugin-huawei.so with build-id 6b492437f53903cf82a6f04eaf872cdfe574aa87
Module libmm-plugin-intel.so with build-id 39a6e4cf0e317642c044e5753acf885ca2ff658f
Module libmm-plugin-iridium.so with build-id bacbf779127e33bd81d787e01fe6c31de1146e28
Module libmm-plugin-linktop.so with build-id 92d52e98fae67986793d95150c4164d13413bf1f
Module libmm-plugin-longcheer.so with build-id 7eda94d5cb2623d9fc0f2dc1c454052e696b7816
Module libmm-plugin-motorola.so with build-id 738af7aa882fb3932af5223e5bdeecc4a1abbc3f
Module libmm-plugin-mtk.so with build-id 316df8eff11f3fcb7909ae5e204484b55e615891
Module libmm-plugin-nokia-icera.so with build-id 8a3f1aaf9f67064a3d98c5caf2131aed75e33b0e
Module libmm-plugin-nokia.so with build-id c04aa89f61ca0993bec2d26e78956520f3b16ae2
Module libmm-plugin-novatel-lte.so with build-id 9c59b04945455ccf08d8055c0e8c0f516979d8cf
Module libmm-plugin-novatel.so with build-id 6eee96a65e46d7b8a89ec6bbbc836ffe7be96969
Module libmm-plugin-option-hso.so with build-id d07b578cb4246f09a0e82ee32e5b7ad373adab08
Module libmm-plugin-option.so with build-id 368ed97e70021b024b4ec610913d364461e5325f
Module libmm-plugin-pantech.so with build-id ef4cf06708b8055db8987fe3f5e71636e12bce6f
Module libmm-plugin-qcom-soc.so with build-id 548294b4fc389b09d8a5b38cb6dceb131e8e07c9
Module libmm-plugin-quectel.so with build-id 1d37258ab67bb7e177edfc45f71ffdf8d518531c
Module libmm-plugin-samsung.so with build-id 1f9752e472e82fe6eace330b99593bd0a83a33f8
Module libmm-plugin-sierra-legacy.so with build-id 02cda8d0964e1a3bd5c12b0881e4fa511542c415
Module libmm-plugin-sierra.so with build-id 7748b87c3365340b49997688a46e38907a2c6e1c
Module libmm-plugin-simtech.so with build-id 02cee392b3bfffba770fdf3f1a9006b1f398b308
Module libmm-plugin-telit.so with build-id e5df3752eb53b9a959af0514d93646eeab531e90
Module libmm-plugin-thuraya.so with build-id 605536ac2b1d24ab7bbf1e35163d9659743b62a3
Module libmm-plugin-tplink.so with build-id e1033c4df9821de3a328cfef898d9cc819679cb2
Module libmm-plugin-ublox.so with build-id e0113c171fc491475c22839e99c9d4c31c30fe56
Module libmm-plugin-via.so with build-id abb7f10eea44b359f2ebe21901a7128e72fcc8e0
Module libmm-plugin-wavecom.so with build-id 71bac0ebf35ce3e507049988c40b5215968afee5
Module libmm-plugin-x22x.so with build-id 599f4eaf2c28d9f9759549ff53cf8338ab8984af
Module libmm-plugin-zte.so with build-id cf2be82a3549ff13a108c38472593e37a298b208
Module libmm-shared-icera.so with build-id c3e8796b621e2b35f3a1f0a7b3829da91ab74857
Module libmm-shared-novatel.so with build-id e2ff4e63b123868bf31d4161c46d918f747ec1ef
Module libmm-shared-option.so with build-id 18da7367b085bf189a521a7437129f7ee3c4d422
Module libmm-shared-sierra.so with build-id 8179f01f3b970e344a94eabedfc8237692adc8d7
Module libmm-shared-telit.so with build-id 67c94f28fe184cc1c7395b5a37728fed40e07643
Module libmm-shared-xmm.so with build-id c7e37f923f362e7aceefd0fad01872f706a7f7d5
Module ISO8859-1.so with build-id 36cb25e453272614027b2b7507ae90f91a3be7a0
Module libpthread.so.0 with build-id 20eb81d57976169907f3c456a05a6d63d334ff05
Module libblkid.so.1 with build-id 4f9a88db983aff058c0954393df352c87e61d8ab
Module ld-linux-x86-64.so.2 with build-id 6628481cb1ffa61fe73f3f64a9939924dfe8c6bd
Module libcap.so.2 with build-id b7797e4b45e18f50d0c7638700a184a8e7808b49
Module liblzma.so.5 with build-id 91701daa1adfe3ec7ffee27bfcb6405bd9858852
Module libudev.so.1 with build-id a2d2d8f786b87b672ecdb52567356184f42e1bee
Module libffi.so.8 with build-id c9318e396b159fd2fe253ee25da09b80b338d84c
Module libmount.so.1 with build-id f80693b11d0a29f7e09e7281087ac03734745b73
Module libz.so.1 with build-id 53aed00f9ff7cbdd8071103ddfe415457b4fa0ad
Module libpcre.so.1 with build-id da96707e5fe42aa1261d0f0beb0cf92f84def3f0
Module libc.so.6 with build-id 294fbc4941b1a737154da3b4d15071acf39075e6
Module libsystemd.so.0 with build-id 868d8083683f8dad2c78a09f0919c6754cc2a894
Module libgudev-1.0.so.0 with build-id 08daf8296fb2f293b64bcb621070e8d8a8d7d281
Module libqmi-glib.so.5 with build-id 8f34c627bbc528df57a36ff1d43862038fb0eab9
Module libgobject-2.0.so.0 with build-id 78b882b0e42de9da1588fef6e5c12c84ee7900ec
Module libgio-2.0.so.0 with build-id edebe3c5d724f91fbf1c49cf989b48cabddaaaa6
Module libglib-2.0.so.0 with build-id 819583d6899d0ff65635ddfda00ea4b31a098605
Module libgmodule-2.0.so.0 with build-id a51366f571efcc06ac661fdfbde6dce1abd94d5a
Module libmm-glib.so.0 with build-id 4dd0bb98155e38ff32f8a1f763fb7a063b6a9e4e
Module ModemManager with build-id 899e5feb21cf8e9683ff82e9d432bd22e01df898
Stack trace of thread 549:
#0 0x000000000050503f mm_log_object_get_id (ModemManager + 0x10503f)
#1 0x0000000000504924 _mm_log (ModemManager + 0x104924)
#2 0x00000000004c0a93 extended_ip_config_indication_received (ModemManager + 0xc0a93)
#3 0x00007f914ca3fe8a g_cclosure_marshal_VOID__BOXEDv (libgobject-2.0.so.0 + 0x18e8a)
#4 0x00007f914ca3d389 _g_closure_invoke_va (libgobject-2.0.so.0 + 0x16389)
#5 0x00007f914ca54614 g_signal_emit_valist (libgobject-2.0.so.0 + 0x2d614)
#6 0x00007f914ca54812 g_signal_emit (libgobject-2.0.so.0 + 0x2d812)
#7 0x00007f914c8c2ef8 process_indication (libqmi-glib.so.5 + 0x20bef8)
#8 0x00007f914c752552 process_indication_idle (libqmi-glib.so.5 + 0x9b552)
#9 0x00007f914ccb4283 g_main_context_dispatch (libglib-2.0.so.0 + 0x51283)
#10 0x00007f914ccb45e0 g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0x515e0)
#11 0x00007f914ccb489b g_main_loop_run (libglib-2.0.so.0 + 0x5189b)
#12 0x0000000000452dc6 main (ModemManager + 0x52dc6)
#13 0x00007f914c3f353b __libc_start_call_main (libc.so.6 + 0x2d53b)
#14 0x00007f914c3f35f0 __libc_start_main (libc.so.6 + 0x2d5f0)
#15 0x0000000000452fc5 _start (ModemManager + 0x52fc5)
Stack trace of thread 586:
#0 0x00007f914c4c225f __poll (libc.so.6 + 0xfc25f)
#1 0x00007f914ccb457e g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0x5157e)
#2 0x00007f914ccb468f g_main_context_iteration (libglib-2.0.so.0 + 0x5168f)
#3 0x00007f914ccb46d1 glib_worker_main (libglib-2.0.so.0 + 0x516d1)
#4 0x00007f914ccdc4dd g_thread_proxy (libglib-2.0.so.0 + 0x794dd)
#5 0x00007f914c44ede2 start_thread (libc.so.6 + 0x88de2)
#6 0x00007f914c4ce7a0 __clone3 (libc.so.6 + 0x1087a0)
Stack trace of thread 603:
#0 0x00007f914c4c225f __poll (libc.so.6 + 0xfc25f)
#1 0x00007f914ccb457e g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0x5157e)
#2 0x00007f914ccb489b g_main_loop_run (libglib-2.0.so.0 + 0x5189b)
#3 0x00007f914cb9a866 gdbus_shared_thread_func (libgio-2.0.so.0 + 0x115866)
#4 0x00007f914ccdc4dd g_thread_proxy (libglib-2.0.so.0 + 0x794dd)
#5 0x00007f914c44ede2 start_thread (libc.so.6 + 0x88de2)
#6 0x00007f914c4ce7a0 __clone3 (libc.so.6 + 0x1087a0)
ELF object binary architecture: AMD x86-64
2023-11-23T22:54:00.322025+0000 dut-tp1-p3 systemd[1]: systemd-coredump@0-13110-0.service: Deactivated successfully.Other details
- Modem model : Sierra Wireless EM7565
- ModemManager version : 1.20.6
- libqmi version : 1.32.4