Bug #3810
closedofono: Fix ocasional crash when running against osmo-gsm-tester
0%
Description
ofono crashes from time to time during run of whole battery of tests:
QMI translated = { [0] = '[ radio_interface = 'gsm' active_band_class = 'gsm-dcs-1800' active_channel = '868' ] '} ofonod[25650]: drivers/qmimodem/network-registration.c:event_notify() ofonod[25650]: drivers/qmimodem/network-registration.c:event_notify() rat 4 band 47 channel 868 ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 33 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "indication" QMI transaction = 0 QMI tlv_length = 21 QMI message = "Serving System" (0x0024) QMI TLV: QMI type = "Detailed Service Status" (0x22) QMI length = 5 QMI value = 00:03:04:01:00 QMI translated = [ status = 'none' capability = 'cs-ps' hdr_status = 'power-save' hdr_hybrid = 'yes' forbidden = 'no' ] QMI TLV: QMI type = "Data Service Capability" (0x11) QMI length = 1 QMI value = 00 QMI translated = {} QMI TLV: QMI type = "Serving System" (0x01) QMI length = 6 QMI value = 02:01:01:00:01:00 QMI translated = [ registration_state = 'not-registered-searching' cs_attach_state = 'attached' ps_attach_state = 'attached' selected_network = 'unknown' radio_interfaces = '{ [0] = 'none '}' ] ofonod[25650]: drivers/qmimodem/gprs.c:ss_info_notify() ofonod[25650]: drivers/qmimodem/gprs.c:handle_ss_info() ofonod[25650]: drivers/qmimodem/gprs.c:extract_ss_info() ofonod[25650]: drivers/qmimodem/gprs.c:extract_ss_info() radio in use 0 ofonod[25650]: src/gprs.c:ofono_gprs_status_notify() /gobi_8 status registered (1) ofonod[25650]: drivers/qmimodem/network-registration.c:ss_info_notify() ofonod[25650]: drivers/qmimodem/network-registration.c:extract_ss_info() ofonod[25650]: drivers/qmimodem/network-registration.c:extract_ss_info() serving system status 2 ofonod[25650]: drivers/qmimodem/network-registration.c:extract_ss_info() radio in use 0 ofonod[25650]: drivers/qmimodem/network-registration.c:extract_ss_info() lac -1 cellid -1 tech -1 ofonod[25650]: src/network.c:ofono_netreg_status_notify() /gobi_8 status 2 tech -1 lac -1 ci -1 ofonod[25650]: src/network.c:current_operator_callback() 0x5555559bfaa0, 0x555555a20fe0 ofonod[25650]: src/gprs.c:netreg_status_changed() 2 ofonod[25650]: src/gprs.c:gprs_netreg_update() attach: 0, driver_attached: 1 ofonod[25650]: drivers/qmimodem/gprs.c:qmi_set_attached() attached 0 ofonod[25650]: src/gprs.c:netreg_status_changed() 2 ofonod[25650]: src/gprs.c:gprs_netreg_update() attach: 0, driver_attached: 0 ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 364 QMI tlv_length = 4 QMI message = (0x0023) QMI TLV: QMI type = 0x10 QMI length = 1 QMI value = 02 ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 19 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 364 QMI tlv_length = 7 QMI message = (0x0023) QMI TLV: QMI type = 0x02 QMI length = 4 QMI value = 00:00:00:00 ofonod[25650]: drivers/qmimodem/gprs.c:attach_detach_cb() ofonod[25650]: src/gprs.c:gprs_attach_callback() /gobi_8 error = 0 ofonod[25650]: drivers/qmimodem/gprs.c:qmi_attached_status() ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 12 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 365 QMI tlv_length = 0 QMI message = "Get Serving System" (0x0024) ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 40 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 365 QMI tlv_length = 28 QMI message = "Get Serving System" (0x0024) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS QMI TLV: QMI type = "Detailed Service Status" (0x21) QMI length = 5 QMI value = 00:03:04:01:00 QMI translated = [ status = 'none' capability = 'cs-ps' hdr_status = 'power-save' hdr_hybrid = 'yes' forbidden = 'no' ] QMI TLV: QMI type = "Data Service Capability" (0x11) QMI length = 1 QMI value = 00 QMI translated = {} QMI TLV: QMI type = "Serving System" (0x01) QMI length = 6 QMI value = 02:01:01:00:01:00 QMI translated = [ registration_state = 'not-registered-searching' cs_attach_state = 'attached' ps_attach_state = 'attached' selected_network = 'unknown' radio_interfaces = '{ [0] = 'none '}' ] ofonod[25650]: drivers/qmimodem/gprs.c:get_ss_info_cb() ofonod[25650]: drivers/qmimodem/gprs.c:handle_ss_info() ofonod[25650]: drivers/qmimodem/gprs.c:extract_ss_info() ofonod[25650]: drivers/qmimodem/gprs.c:extract_ss_info() radio in use 0 ofonod[25650]: src/gprs.c:registration_status_cb() /gobi_8 error 0 status 1 ofonod[25650]: src/gprs.c:ofono_gprs_status_notify() /gobi_8 status registered (1) ofonod[25650]: src/modem.c:get_modem_property() modem 0x555555af6ce0 property SystemPath ofonod[25650]: src/gprs.c:gprs_netreg_update() attach: 0, driver_attached: 1 ofonod[25650]: drivers/qmimodem/gprs.c:qmi_set_attached() attached 0 ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 366 QMI tlv_length = 4 QMI message = (0x0023) QMI TLV: QMI type = 0x10 QMI length = 1 QMI value = 02 ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 19 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 366 QMI tlv_length = 7 QMI message = (0x0023) QMI TLV: QMI type = 0x02 QMI length = 4 QMI value = 00:00:00:00 ofonod[25650]: drivers/qmimodem/gprs.c:attach_detach_cb() ofonod[25650]: src/gprs.c:gprs_attach_callback() /gobi_8 error = 0 ofonod[25650]: drivers/qmimodem/gprs.c:qmi_attached_status() ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 12 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 367 QMI tlv_length = 0 QMI message = "Get Serving System" (0x0024) ofonod[25650]: src/gprs-provision.c:__ofono_gprs_provision_get_settings() Calling provisioning plugin 'Provisioning' ofonod[25650]: plugins/provision.c:provision_get_settings() Provisioning for MCC 901, MNC 70, SPN '(null)' ofonod[25650]: src/gprs-provision.c:__ofono_gprs_provision_get_settings() Calling provisioning plugin 'GPRS context provisioning' ofonod[25650]: plugins/file-provision.c:config_file_provision_get_settings() Finding settings for MCC 901, MNC 70, SPN '(null)' ofonod[25650]: plugins/file-provision.c:config_file_provision_get_settings() Not found. Result:-2 ofonod[25650]: Provisioning failed ofonod[25650]: src/gprs.c:add_context() Registering new context ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 40 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 367 QMI tlv_length = 28 QMI message = "Get Serving System" (0x0024) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS QMI TLV: QMI type = "Detailed Service Status" (0x21) QMI length = 5 QMI value = 00:03:04:01:00 QMI translated = [ status = 'none' capability = 'cs-ps' hdr_status = 'power-save' hdr_hybrid = 'yes' forbidden = 'no' ] QMI TLV: QMI type = "Data Service Capability" (0x11) QMI length = 1 QMI value = 00 QMI translated = {} QMI TLV: QMI type = "Serving System" (0x01) QMI length = 6 QMI value = 02:01:01:00:01:00 QMI translated = [ registration_state = 'not-registered-searching' cs_attach_state = 'attached' ps_attach_state = 'attached' selected_network = 'unknown' radio_interfaces = '{ [0] = 'none '}' ] ofonod[25650]: drivers/qmimodem/gprs.c:get_ss_info_cb() ofonod[25650]: drivers/qmimodem/gprs.c:handle_ss_info() ofonod[25650]: drivers/qmimodem/gprs.c:extract_ss_info() ofonod[25650]: drivers/qmimodem/gprs.c:extract_ss_info() radio in use 0 ofonod[25650]: src/gprs.c:registration_status_cb() /gobi_8 error 0 status 1 ofonod[25650]: src/gprs.c:ofono_gprs_status_notify() /gobi_8 status registered (1) ofonod[25650]: drivers/qmimodem/gprs.c:qmi_set_attached() attached 0 ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 368 QMI tlv_length = 4 QMI message = (0x0023) QMI TLV: QMI type = 0x10 QMI length = 1 QMI value = 02 ofonod[25650]: src/modem.c:get_modem_property() modem 0x555555af6ce0 property AlwaysOnline ofonod[25650]: plugins/gobi.c:gobi_set_online() 0x555555af6ce0 offline ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "dms" QMI client = 20 QMI QMI: QMI flags = "none" QMI transaction = 369 QMI tlv_length = 4 QMI message = "Set Operating Mode" (0x002E) QMI TLV: QMI type = "Mode" (0x01) QMI length = 1 QMI value = 01 QMI translated = low-power ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 19 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 368 QMI tlv_length = 7 QMI message = (0x0023) QMI TLV: QMI type = 0x02 QMI length = 4 QMI value = 00:00:00:00 ofonod[25650]: drivers/qmimodem/gprs.c:attach_detach_cb() ofonod[25650]: src/gprs.c:gprs_attach_callback() /gobi_8 error = 0 ofonod[25650]: drivers/qmimodem/gprs.c:qmi_attached_status() ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 12 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 370 QMI tlv_length = 0 QMI message = "Get Serving System" (0x0024) ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 19 QMI flags = 0x80 QMI service = "dms" QMI client = 20 QMI QMI: QMI flags = "response" QMI transaction = 369 QMI tlv_length = 7 QMI message = "Set Operating Mode" (0x002E) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS ofonod[25650]: plugins/gobi.c:set_online_cb() ofonod[25650]: src/modem.c:modem_change_state() old state: 3, new state: 2 ofonod[25650]: src/modem.c:flush_atoms() ofonod[25650]: src/gprs.c:gprs_context_unregister() 0x5555559f3fc0, 0x555555a23700 ofonod[25650]: src/gprs.c:gprs_context_remove() atom: 0x5555559c52d0 ofonod[25650]: drivers/qmimodem/gprs-context.c:qmi_gprs_context_remove() ofonod[25650]: plugins/bluez5.c:bt_unregister_profile() Bluetooth: Unregistering profile /bluetooth/profile/dun_gw ofonod[25650]: src/gprs.c:gprs_unregister() 0x555555a23700 ofonod[25650]: src/network.c:__ofono_netreg_remove_status_watch() 0x5555559bfaa0 ofonod[25650]: src/gprs.c:gprs_remove() atom: 0x5555559e1210 ofonod[25650]: drivers/qmimodem/gprs.c:qmi_gprs_remove() ofonod[25650]: src/ussd.c:ussd_remove() atom: 0x5555559bee40 ofonod[25650]: drivers/qmimodem/ussd.c:qmi_ussd_remove() ofonod[25650]: drivers/qmimodem/netmon.c:qmi_netmon_remove() ofonod[25650]: src/sim.c:ofono_sim_remove_spn_watch() 0x555555a2f990 ofonod[25650]: src/network.c:netreg_remove() atom: 0x555555a32ca0 ofonod[25650]: drivers/qmimodem/network-registration.c:qmi_netreg_remove() ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "ctl" QMI client = 0 QMI QMI: QMI flags = "none" QMI transaction = 12 QMI tlv_length = 5 QMI message = "Release CID" (0x0023) QMI TLV: QMI type = "Release Info" (0x01) QMI length = 2 QMI value = 1A:01 QMI translated = [ service = 'wda' cid = '1' ] ofonod[25650]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 40 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 370 QMI tlv_length = 28 QMI message = "Get Serving System" (0x0024) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS QMI TLV: QMI type = "Detailed Service Status" (0x21) QMI length = 5 QMI value = 00:03:04:01:00 QMI translated = [ status = 'none' capability = 'cs-ps' hdr_status = 'power-save' hdr_hybrid = 'yes' forbidden = 'no' ] QMI TLV: QMI type = "Data Service Capability" (0x11) QMI length = 1 QMI value = 00 QMI translated = {} QMI TLV: QMI type = "Serving System" (0x01) QMI length = 6 QMI value = 02:01:01:00:01:00 QMI translated = [ registration_state = 'not-registered-searching' cs_attach_state = 'attached' ps_attach_state = 'attached' selected_network = 'unknown' radio_interfaces = '{ [0] = 'none '}' ] ofonod[25650]: drivers/qmimodem/gprs.c:get_ss_info_cb() ofonod[25650]: drivers/qmimodem/gprs.c:handle_ss_info() ofonod[25650]: drivers/qmimodem/gprs.c:extract_ss_info() ofonod[25650]: drivers/qmimodem/gprs.c:extract_ss_info() radio in use 0 Program received signal SIGSEGV, Segmentation fault. 0x000055555564ecbd in __ofono_atom_get_path (atom=0x5555559e1210) at src/modem.c:236 236 return atom->modem->path;
Files
Related issues
Updated by pespin about 5 years ago
# ofonod --version 1.23 with extra patches on top, see https://git.sysmocom.de/ofono/log/?h=osmo-gsm-tester
(gdb) l 231 return atom->data; 232 } 233 234 const char *__ofono_atom_get_path(struct ofono_atom *atom) 235 { 236 return atom->modem->path; 237 } 238 239 struct ofono_modem *__ofono_atom_get_modem(struct ofono_atom *atom) 240 { (gdb) bt #0 0x000055555564ecbd in __ofono_atom_get_path (atom=0x5555559e1210) at src/modem.c:236 #1 0x0000555555698727 in registration_status_cb (error=0x7fffffffdaac, status=1, data=0x555555a23700) at src/gprs.c:1680 #2 0x00005555555d89c9 in get_ss_info_cb (result=0x7fffffffdb00, user_data=0x555555ad1880) at drivers/qmimodem/gprs.c:298 #3 0x00005555555cf558 in service_send_callback (message=36, length=28, buffer=0x7fffffffdbfd, user_data=0x555555a2b8e0) at drivers/qmimodem/qmi.c:2286 #4 0x00005555555cc959 in handle_packet (device=0x555555a2c760, hdr=0x7fffffffdbf0, buf=0x7fffffffdbf6) at drivers/qmimodem/qmi.c:831 #5 0x00005555555ccafa in received_data (channel=0x555555998400, cond=G_IO_IN, user_data=0x555555a2c760) at drivers/qmimodem/qmi.c:880 #6 0x00007ffff7b0f6aa in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #7 0x00007ffff7b0fa60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #8 0x00007ffff7b0fd82 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #9 0x000055555564d91d in main (argc=1, argv=0x7fffffffe688) at src/main.c:306 (gdb) print atom->modem $1 = (struct ofono_modem *) 0x30 (gdb) print atom $2 = (struct ofono_atom *) 0x5555559e1210 (gdb) print *atom $3 = {type = 1436730880, modem_state = 21845, destruct = 0x555555a23e40, unregister = 0x0, data = 0x555555a23700, modem = 0x30}
Updated by pespin about 5 years ago
- File core.25650.gz core.25650.gz added
Attaching compressed gzip core file
Updated by pespin about 5 years ago
│16:58:19 denkenz | Seems like a bug in the QMI driver. You have removed the gprs atom yet the callback is still processed │16:58:36 denkenz | My guess is that the outstanding requests are not getting canceled │16:59:20 denkenz | This has been discussed before on the mailing list, nobody bothered to fix it │17:12:47 pespin | denkenz: do you have some pointer to those discussions in ml? │17:14:45 denkenz | Jonas Bonn had a thread about this, but it must have been like a year ago │17:15:08 denkenz | Don’t recall exactly now, search the archives for his qmi_service refactoring proposals │17:16:05 denkenz | Between my replies and his code it should be pretty obvious what is causing this and how to fix it │17:45:20 pespin | denkenz: this one? https://lists.ofono.org/pipermail/ofono/2017-October/017694.html │17:47:12 denkenz | don’t think so │17:48:54 denkenz | https://lists.ofono.org/pipermail/ofono/2018-March/018082.html │17:49:05 denkenz | Probably that one, or around then anyway │17:55:06 pespin | https://lists.ofono.org/pipermail/ofono/2017-October/017699.html seems related too │17:57:30 denkenz | But I think that problem had a patch applied for it │17:57:50 denkenz | The request-not-being-canceled-when-atom-is-destroyed was never fixed │17:58:12 denkenz | That requires core work inside qmi_device / qmi_service │17:58:37 denkenz | And Jonas went off into la-la land when he made his RFC │17:59:11 denkenz | It was all fine and addressed the issues, but too different architecturally to what the rest of oFono does
https://lists.ofono.org/pipermail/ofono/2017-October/017694.html
https://lists.ofono.org/pipermail/ofono/2017-October/017699.html
https://lists.ofono.org/pipermail/ofono/2018-March/018082.html
Updated by pespin about 5 years ago
It crashed again:
ofonod[2946]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 19 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 373 QMI tlv_length = 7 QMI message = (0x0023) QMI TLV: QMI type = 0x02 QMI length = 4 QMI value = 00:00:00:00 ofonod[2946]: drivers/qmimodem/gprs.c:attach_detach_cb() ofonod[2946]: src/gprs.c:gprs_attach_callback() /gobi_3 error = 0 ofonod[2946]: drivers/qmimodem/gprs.c:qmi_attached_status() ofonod[2946]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 12 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 374 QMI tlv_length = 0 QMI message = "Get Serving System" (0x0024) ofonod[2946]: src/gprs-provision.c:__ofono_gprs_provision_get_settings() Calling provisioning plugin 'Provisioning' ofonod[2946]: plugins/provision.c:provision_get_settings() Provisioning for MCC 901, MNC 70, SPN '(null)' ofonod[2946]: src/gprs-provision.c:__ofono_gprs_provision_get_settings() Calling provisioning plugin 'GPRS context provisioning' ofonod[2946]: plugins/file-provision.c:config_file_provision_get_settings() Finding settings for MCC 901, MNC 70, SPN '(null)' ofonod[2946]: plugins/file-provision.c:config_file_provision_get_settings() Not found. Result:-2 ofonod[2946]: Provisioning failed ofonod[2946]: src/gprs.c:add_context() Registering new context ofonod[2946]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 40 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 374 QMI tlv_length = 28 QMI message = "Get Serving System" (0x0024) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS QMI TLV: QMI type = "Detailed Service Status" (0x21) QMI length = 5 QMI value = 00:03:04:01:00 QMI translated = [ status = 'none' capability = 'cs-ps' hdr_status = 'power-save' hdr_hybrid = 'yes' forbidden = 'no' ] QMI TLV: QMI type = "Data Service Capability" (0x11) QMI length = 1 QMI value = 00 QMI translated = {} QMI TLV: QMI type = "Serving System" (0x01) QMI length = 6 QMI value = 02:01:01:00:01:00 QMI translated = [ registration_state = 'not-registered-searching' cs_attach_state = 'attached' ps_attach_state = 'attached' selected_network = 'unknown' radio_interfaces = '{ [0] = 'none '}' ] ofonod[2946]: drivers/qmimodem/gprs.c:get_ss_info_cb() ofonod[2946]: drivers/qmimodem/gprs.c:handle_ss_info() ofonod[2946]: drivers/qmimodem/gprs.c:extract_ss_info() ofonod[2946]: drivers/qmimodem/gprs.c:extract_ss_info() radio in use 0 ofonod[2946]: src/gprs.c:registration_status_cb() /gobi_3 error 0 status 1 ofonod[2946]: src/gprs.c:ofono_gprs_status_notify() /gobi_3 status registered (1) ofonod[2946]: drivers/qmimodem/gprs.c:qmi_set_attached() attached 0 ofonod[2946]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 375 QMI tlv_length = 4 QMI message = (0x0023) QMI TLV: QMI type = 0x10 QMI length = 1 QMI value = 02 ofonod[2946]: src/modem.c:get_modem_property() modem 0x5555559f8700 property AlwaysOnline ofonod[2946]: plugins/gobi.c:gobi_set_online() 0x5555559f8700 offline ofonod[2946]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "dms" QMI client = 87 QMI QMI: QMI flags = "none" QMI transaction = 376 QMI tlv_length = 4 QMI message = "Set Operating Mode" (0x002E) QMI TLV: QMI type = "Mode" (0x01) QMI length = 1 QMI value = 01 QMI translated = low-power ofonod[2946]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 19 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 375 QMI tlv_length = 7 QMI message = (0x0023) QMI TLV: QMI type = 0x02 QMI length = 4 QMI value = 00:00:00:00 ofonod[2946]: drivers/qmimodem/gprs.c:attach_detach_cb() ofonod[2946]: src/gprs.c:gprs_attach_callback() /gobi_3 error = 0 ofonod[2946]: drivers/qmimodem/gprs.c:qmi_attached_status() ofonod[2946]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 12 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 377 QMI tlv_length = 0 QMI message = "Get Serving System" (0x0024) ofonod[2946]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 19 QMI flags = 0x80 QMI service = "dms" QMI client = 87 QMI QMI: QMI flags = "response" QMI transaction = 376 QMI tlv_length = 7 QMI message = "Set Operating Mode" (0x002E) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS ofonod[2946]: plugins/gobi.c:set_online_cb() ofonod[2946]: src/modem.c:modem_change_state() old state: 3, new state: 2 ofonod[2946]: src/modem.c:flush_atoms() ofonod[2946]: src/gprs.c:gprs_context_unregister() 0x555555acb6f0, 0x5555559c2850 ofonod[2946]: src/gprs.c:gprs_context_remove() atom: 0x555555acb730 ofonod[2946]: drivers/qmimodem/gprs-context.c:qmi_gprs_context_remove() ofonod[2946]: src/gprs.c:gprs_unregister() 0x5555559c2850 ofonod[2946]: src/network.c:__ofono_netreg_remove_status_watch() 0x555555a45d60 ofonod[2946]: src/gprs.c:gprs_remove() atom: 0x5555559c2900 ofonod[2946]: drivers/qmimodem/gprs.c:qmi_gprs_remove() ofonod[2946]: src/ussd.c:ussd_remove() atom: 0x555555a86ce0 ofonod[2946]: drivers/qmimodem/ussd.c:qmi_ussd_remove() ofonod[2946]: drivers/qmimodem/netmon.c:qmi_netmon_remove() ofonod[2946]: src/sim.c:ofono_sim_remove_spn_watch() 0x555555a78e00 ofonod[2946]: src/network.c:netreg_remove() atom: 0x5555559ca730 ofonod[2946]: drivers/qmimodem/network-registration.c:qmi_netreg_remove() ofonod[2946]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "ctl" QMI client = 0 QMI QMI: QMI flags = "none" QMI transaction = 12 QMI tlv_length = 5 QMI message = "Release CID" (0x0023) QMI TLV: QMI type = "Release Info" (0x01) QMI length = 2 QMI value = 1A:01 QMI translated = [ service = 'wda' cid = '1' ] ofonod[2946]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "ctl" QMI client = 0 QMI QMI: QMI flags = "none" QMI transaction = 13 QMI tlv_length = 5 QMI message = "Release CID" (0x0023) QMI TLV: QMI type = "Release Info" (0x01) QMI length = 2 QMI value = 09:04 QMI translated = [ service = 'voice' cid = '4' ] ofonod[2946]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 40 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 377 QMI tlv_length = 28 QMI message = "Get Serving System" (0x0024) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS QMI TLV: QMI type = "Detailed Service Status" (0x21) QMI length = 5 QMI value = 00:03:04:01:00 QMI translated = [ status = 'none' capability = 'cs-ps' hdr_status = 'power-save' hdr_hybrid = 'yes' forbidden = 'no' ] QMI TLV: QMI type = "Data Service Capability" (0x11) QMI length = 1 QMI value = 00 QMI translated = {} QMI TLV: QMI type = "Serving System" (0x01) QMI length = 6 QMI value = 02:01:01:00:01:00 QMI translated = [ registration_state = 'not-registered-searching' cs_attach_state = 'attached' ps_attach_state = 'attached' selected_network = 'unknown' radio_interfaces = '{ [0] = 'none '}' ] ofonod[2946]: drivers/qmimodem/gprs.c:get_ss_info_cb() ofonod[2946]: drivers/qmimodem/gprs.c:handle_ss_info() ofonod[2946]: drivers/qmimodem/gprs.c:extract_ss_info() ofonod[2946]: drivers/qmimodem/gprs.c:extract_ss_info() radio in use 0 Program received signal SIGSEGV, Segmentation fault. 0x000055555564ecbd in __ofono_atom_get_path (atom=0x5555559c2900) at src/modem.c:236 236 return atom->modem->path;
(gdb) l 231 return atom->data; 232 } 233 234 const char *__ofono_atom_get_path(struct ofono_atom *atom) 235 { 236 return atom->modem->path; 237 } 238 239 struct ofono_modem *__ofono_atom_get_modem(struct ofono_atom *atom) 240 { (gdb) bt #0 0x000055555564ecbd in __ofono_atom_get_path (atom=0x5555559c2900) at src/modem.c:236 #1 0x0000555555698727 in registration_status_cb (error=0x7fffffffdaac, status=1, data=0x5555559c2850) at src/gprs.c:1680 #2 0x00005555555d89c9 in get_ss_info_cb (result=0x7fffffffdb00, user_data=0x5555559bf660) at drivers/qmimodem/gprs.c:298 #3 0x00005555555cf558 in service_send_callback (message=36, length=28, buffer=0x7fffffffdbfd, user_data=0x5555559ea3d0) at drivers/qmimodem/qmi.c:2286 #4 0x00005555555cc959 in handle_packet (device=0x5555559ec800, hdr=0x7fffffffdbf0, buf=0x7fffffffdbf6) at drivers/qmimodem/qmi.c:831 #5 0x00005555555ccafa in received_data (channel=0x5555559edd90, cond=G_IO_IN, user_data=0x5555559ec800) at drivers/qmimodem/qmi.c:880 #6 0x00007ffff7b0f6aa in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #7 0x00007ffff7b0fa60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #8 0x00007ffff7b0fd82 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #9 0x000055555564d91d in main (argc=1, argv=0x7fffffffe688) at src/main.c:306 (gdb) print atom $1 = (struct ofono_atom *) 0x5555559c2900 (gdb) print *atom $2 = {type = 1436297504, modem_state = 21845, destruct = 0x55555569b83a <gprs_remove>, unregister = 0x0, data = 0x5555559c2850, modem = 0x390} (gdb) bt full #0 0x000055555564ecbd in __ofono_atom_get_path (atom=0x5555559c2900) at src/modem.c:236 No locals. #1 0x0000555555698727 in registration_status_cb (error=0x7fffffffdaac, status=1, data=0x5555559c2850) at src/gprs.c:1680 __ofono_debug_desc = {name = 0x0, file = 0x5555556fb69f "src/gprs.c", flags = 1} gprs = 0x5555559c2850 __FUNCTION__ = "registration_status_cb" #2 0x00005555555d89c9 in get_ss_info_cb (result=0x7fffffffdb00, user_data=0x5555559bf660) at drivers/qmimodem/gprs.c:298 e = {type = OFONO_ERROR_TYPE_NO_ERROR, error = 0} cbd = 0x5555559bf660 gprs = 0x5555559c2850 cb = 0x5555556986e5 <registration_status_cb> status = 1 __FUNCTION__ = "get_ss_info_cb" #3 0x00005555555cf558 in service_send_callback (message=36, length=28, buffer=0x7fffffffdbfd, user_data=0x5555559ea3d0) at drivers/qmimodem/qmi.c:2286 data = 0x5555559ea3d0 result_code = 0x7fffffffdc00 len = 4 result = {message = 36, result = 0, error = 0, data = 0x7fffffffdbfd, length = 28} #4 0x00005555555cc959 in handle_packet (device=0x5555559ec800, hdr=0x7fffffffdbf0, buf=0x7fffffffdbf6) at drivers/qmimodem/qmi.c:831 req = 0x5555559bf150 message = 36 length = 28 data = 0x7fffffffdbfd #5 0x00005555555ccafa in received_data (channel=0x5555559edd90, cond=G_IO_IN, user_data=0x5555559ec800) at drivers/qmimodem/qmi.c:880 len = 41 device = 0x5555559ec800 hdr = 0x7fffffffdbf0 buf = "\001(\000\200\003\003\002y\001$\000\034\000\002\004\000\000\000\000\000!\005\000\000\003\004\001\000\021\001\000\000\001\006\000\002\001\001\000\001\000\224\365\366\377\177\000\000@\334\377\377\377\177\000\000\223\003\211\367\377\177\000\000P\336\377\377\377\177\000\000\020\000\000\000\060\000\000\000\350\334\377\377\377\177\000\000\020\000\000\000\060\000\000\000\020\335\377\377\377\177\000\000\320\340\377\377", '\000' <repeats 16 times>, "\377\177\000\000\000\000\000\000\000\000\000\000\377\377\377\377\377\377\377\377\000\000\000\000\377\177\000\000-\000\000\000\377\177\000\000\200ěUUU\000\000\000\000\000\000\377\177\000\000\000\000\000\000\000\000\000\000i\001\000\000\377\177\000\000`\335\377\377\377\177\000\000\000\000\000\000\000\000\000\000"... bytes_read = 41 offset = 0 #6 0x00007ffff7b0f6aa in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #7 0x00007ffff7b0fa60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #8 0x00007ffff7b0fd82 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #9 0x000055555564d91d in main (argc=1, argv=0x7fffffffe688) at src/main.c:306 context = 0x55555596ae00 err = 0x0 conn = 0x55555596c8d0 error = {name = 0x0, message = 0x0, dummy1 = 1, dummy2 = 0, dummy3 = 0, dummy4 = 0, dummy5 = 0, padding1 = 0x0} signal = 1
Updated by pespin about 5 years ago
Another one:
ofonod[9110]: drivers/qmimodem/gprs-context.c:qmi_gprs_context_remove() ofonod[9110]: src/gprs.c:gprs_unregister() 0x555555a022a0 ofonod[9110]: src/network.c:__ofono_netreg_remove_status_watch() 0x555555acd920 ofonod[9110]: src/gprs.c:gprs_remove() atom: 0x555555a02350 ofonod[9110]: drivers/qmimodem/gprs.c:qmi_gprs_remove() ofonod[9110]: src/ussd.c:ussd_remove() atom: 0x555555ab49c0 ofonod[9110]: drivers/qmimodem/ussd.c:qmi_ussd_remove() ofonod[9110]: drivers/qmimodem/netmon.c:qmi_netmon_remove() ofonod[9110]: src/sim.c:ofono_sim_remove_spn_watch() 0x555555ae36a0 ofonod[9110]: src/network.c:netreg_remove() atom: 0x555555acda70 ofonod[9110]: drivers/qmimodem/network-registration.c:qmi_netreg_remove() ofonod[9110]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "ctl" QMI client = 0 QMI QMI: QMI flags = "none" QMI transaction = 12 QMI tlv_length = 5 QMI message = "Release CID" (0x0023) QMI TLV: QMI type = "Release Info" (0x01) QMI length = 2 QMI value = 1A:01 QMI translated = [ service = 'wda' cid = '1' ] ofonod[9110]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "ctl" QMI client = 0 QMI QMI: QMI flags = "none" QMI transaction = 13 QMI tlv_length = 5 QMI message = "Release CID" (0x0023) QMI TLV: QMI type = "Release Info" (0x01) QMI length = 2 QMI value = 09:04 QMI translated = [ service = 'voice' cid = '4' ] ofonod[9110]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 94 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 372 QMI tlv_length = 82 QMI message = "Get Serving System" (0x0024) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS QMI TLV: QMI type = "MNC PCS Digit Include Status" (0x27) QMI length = 5 QMI value = 85:03:46:00:00 QMI translated = [ mcc = '901' mnc = '70' includes_pcs_digit = 'no' ] QMI TLV: QMI type = "Call Barring Status" (0x25) QMI length = 8 QMI value = 00:00:00:00:00:00:00:00 QMI translated = [ cs_status = 'normal-only' ps_status = 'normal-only' ] QMI TLV: QMI type = "Detailed Service Status" (0x21) QMI length = 5 QMI value = 02:03:04:01:00 QMI translated = [ status = 'available' capability = 'cs-ps' hdr_status = 'power-save' hdr_hybrid = 'yes' forbidden = 'no' ] QMI TLV: QMI type = "DTM Support" (0x20) QMI length = 1 QMI value = 00 QMI translated = no QMI TLV: QMI type = "CID 3GPP" (0x1d) QMI length = 4 QMI value = 0C:23:00:00 QMI translated = 8972 QMI TLV: QMI type = "LAC 3GPP" (0x1c) QMI length = 2 QMI value = 0C:23 QMI translated = 8972 QMI TLV: QMI type = "Roaming Indicator List" (0x15) QMI length = 3 QMI value = 01:04:01 QMI translated = { [0] = '[ radio_interface = 'gsm' roaming_indicator = 'off' ] '} QMI TLV: QMI type = "Current PLMN" (0x12) QMI length = 5 QMI value = 85:03:46:00:00 QMI translated = [ mcc = '901' mnc = '70' description = '' ] QMI TLV: QMI type = "Data Service Capability" (0x11) QMI length = 2 QMI value = 01:01 QMI translated = { [0] = 'gprs '} QMI TLV: QMI type = "Roaming Indicator" (0x10) QMI length = 1 QMI value = 01 QMI translated = off QMI TLV: QMI type = "Serving System" (0x01) QMI length = 6 QMI value = 01:01:01:02:01:04 QMI translated = [ registration_state = 'registered' cs_attach_state = 'attached' ps_attach_state = 'attached' selected_network = '3gpp' radio_interfaces = '{ [0] = 'gsm '}' ] ofonod[9110]: drivers/qmimodem/gprs.c:get_ss_info_cb() ofonod[9110]: drivers/qmimodem/gprs.c:handle_ss_info() ofonod[9110]: drivers/qmimodem/gprs.c:extract_ss_info() ofonod[9110]: drivers/qmimodem/gprs.c:extract_ss_info() radio in use 4 Program received signal SIGSEGV, Segmentation fault. 0x000055555564ecbd in __ofono_atom_get_path (atom=0x555555a02350) at src/modem.c:236 236 return atom->modem->path; (gdb)
(gdb) bt #0 0x000055555564ecbd in __ofono_atom_get_path (atom=0x555555a02350) at src/modem.c:236 #1 0x0000555555698727 in registration_status_cb (error=0x7fffffffdaac, status=1, data=0x555555a022a0) at src/gprs.c:1680 #2 0x00005555555d89c9 in get_ss_info_cb (result=0x7fffffffdb00, user_data=0x555555a387c0) at drivers/qmimodem/gprs.c:298 #3 0x00005555555cf558 in service_send_callback (message=36, length=82, buffer=0x7fffffffdbfd, user_data=0x5555559d0af0) at drivers/qmimodem/qmi.c:2286 #4 0x00005555555cc959 in handle_packet (device=0x5555559c78d0, hdr=0x7fffffffdbf0, buf=0x7fffffffdbf6) at drivers/qmimodem/qmi.c:831 #5 0x00005555555ccafa in received_data (channel=0x555555a24b90, cond=G_IO_IN, user_data=0x5555559c78d0) at drivers/qmimodem/qmi.c:880 #6 0x00007ffff7b0f6aa in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #7 0x00007ffff7b0fa60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #8 0x00007ffff7b0fd82 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #9 0x000055555564d91d in main (argc=1, argv=0x7fffffffe688) at src/main.c:306 (gdb) print atom $1 = (struct ofono_atom *) 0x555555a02350 (gdb) print *atom $2 = {type = 1436558192, modem_state = 21845, destruct = 0x55555569b83a <gprs_remove>, unregister = 0xffffffff, data = 0x555555a022a0, modem = 0xe0} (gdb) bt full #0 0x000055555564ecbd in __ofono_atom_get_path (atom=0x555555a02350) at src/modem.c:236 No locals. #1 0x0000555555698727 in registration_status_cb (error=0x7fffffffdaac, status=1, data=0x555555a022a0) at src/gprs.c:1680 __ofono_debug_desc = {name = 0x0, file = 0x5555556fb69f "src/gprs.c", flags = 1} gprs = 0x555555a022a0 __FUNCTION__ = "registration_status_cb" #2 0x00005555555d89c9 in get_ss_info_cb (result=0x7fffffffdb00, user_data=0x555555a387c0) at drivers/qmimodem/gprs.c:298 e = {type = OFONO_ERROR_TYPE_NO_ERROR, error = 0} cbd = 0x555555a387c0 gprs = 0x555555a022a0 cb = 0x5555556986e5 <registration_status_cb> status = 1 __FUNCTION__ = "get_ss_info_cb" #3 0x00005555555cf558 in service_send_callback (message=36, length=82, buffer=0x7fffffffdbfd, user_data=0x5555559d0af0) at drivers/qmimodem/qmi.c:2286 data = 0x5555559d0af0 result_code = 0x7fffffffdc00 len = 4 result = {message = 36, result = 0, error = 0, data = 0x7fffffffdbfd, length = 82} #4 0x00005555555cc959 in handle_packet (device=0x5555559c78d0, hdr=0x7fffffffdbf0, buf=0x7fffffffdbf6) at drivers/qmimodem/qmi.c:831 req = 0x5555559d28f0 message = 36 length = 82 data = 0x7fffffffdbfd #5 0x00005555555ccafa in received_data (channel=0x555555a24b90, cond=G_IO_IN, user_data=0x5555559c78d0) at drivers/qmimodem/qmi.c:880 len = 95 device = 0x5555559c78d0 hdr = 0x7fffffffdbf0 buf = "\001^\000\200\003\003\002t\001$\000R\000\002\004\000\000\000\000\000'\005\000\205\003F\000\000%\b\000\000\000\000\000\000\000\000\000!\005\000\002\003\004\001\000 \001\000\000\035\004\000\f#\000\000\034\002\000\f#\025\003\000\001\004\001\022\005\000\205\003F\000\000\021\002\000\001\001\020\001\000\001\001\006\000\001\001\001\002\001\004\000\v\000\000\000\000\000\000\000H#\255UUU\000\000W\000\000\000\000\000\000\000 .\254\367\377\177", '\000' <repeats 11 times>, "\020M,\327\275\364jP\336\377\377\377\177\000\000\371\000\211\367\377\177\000\000P\336\377\377\377\177\000\000\371\000\211\367\377\177\000\000r\000\000\000\000\000\000\000P\021\211\367\377\177\000\000\060\335\377\377\377\177\000\000x"... bytes_read = 95 offset = 0 #6 0x00007ffff7b0f6aa in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #7 0x00007ffff7b0fa60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #8 0x00007ffff7b0fd82 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #9 0x000055555564d91d in main (argc=1, argv=0x7fffffffe688) at src/main.c:306 context = 0x55555596ae00 err = 0x0 conn = 0x55555596c8d0 error = {name = 0x0, message = 0x0, dummy1 = 1, dummy2 = 0, dummy3 = 0, dummy4 = 0, dummy5 = 0, padding1 = 0x0} signal = 1
Updated by pespin about 5 years ago
Another one (this one looks slightly different):
ofonod[4855]: drivers/qmimodem/gprs-context.c:pkt_status_notify() ofonod[4855]: drivers/qmimodem/gprs-context.c:pkt_status_notify() conn status 1 ofonod[4855]: drivers/qmimodem/gprs-context.c:pkt_status_notify() ip family 4 ofonod[4855]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 94 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 377 QMI tlv_length = 82 QMI message = "Get Serving System" (0x0024) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS QMI TLV: QMI type = "MNC PCS Digit Include Status" (0x27) QMI length = 5 QMI value = 85:03:46:00:00 QMI translated = [ mcc = '901' mnc = '70' includes_pcs_digit = 'no' ] QMI TLV: QMI type = "Call Barring Status" (0x25) QMI length = 8 QMI value = 00:00:00:00:00:00:00:00 QMI translated = [ cs_status = 'normal-only' ps_status = 'normal-only' ] QMI TLV: QMI type = "Detailed Service Status" (0x21) QMI length = 5 QMI value = 02:03:04:01:00 QMI translated = [ status = 'available' capability = 'cs-ps' hdr_status = 'power-save' hdr_hybrid = 'yes' forbidden = 'no' ] QMI TLV: QMI type = "DTM Support" (0x20) QMI length = 1 QMI value = 00 QMI translated = no QMI TLV: QMI type = "CID 3GPP" (0x1d) QMI length = 4 QMI value = DB:23:00:00 QMI translated = 9179 QMI TLV: QMI type = "LAC 3GPP" (0x1c) QMI length = 2 QMI value = DB:23 QMI translated = 9179 QMI TLV: QMI type = "Roaming Indicator List" (0x15) QMI length = 3 QMI value = 01:04:01 QMI translated = { [0] = '[ radio_interface = 'gsm' roaming_indicator = 'off' ] '} QMI TLV: QMI type = "Current PLMN" (0x12) QMI length = 5 QMI value = 85:03:46:00:00 QMI translated = [ mcc = '901' mnc = '70' description = '' ] QMI TLV: QMI type = "Data Service Capability" (0x11) QMI length = 2 QMI value = 01:01 QMI translated = { [0] = 'gprs '} QMI TLV: QMI type = "Roaming Indicator" (0x10) QMI length = 1 QMI value = 01 QMI translated = off QMI TLV: QMI type = "Serving System" (0x01) QMI length = 6 QMI value = 01:01:01:02:01:04 QMI translated = [ registration_state = 'registered' cs_attach_state = 'attached' ps_attach_state = 'attached' selected_network = '3gpp' radio_interfaces = '{ [0] = 'gsm '}' ] ofonod[4855]: drivers/qmimodem/gprs.c:get_ss_info_cb() ofonod[4855]: drivers/qmimodem/gprs.c:handle_ss_info() ofonod[4855]: drivers/qmimodem/gprs.c:extract_ss_info() ofonod[4855]: drivers/qmimodem/gprs.c:extract_ss_info() radio in use 4 ofonod[4855]: src/gprs.c:registration_status_cb() /gobi_9 error 0 status 1 ofonod[4855]: src/gprs.c:ofono_gprs_status_notify() /gobi_9 status registered (1) ofonod[4855]: drivers/qmimodem/gprs.c:qmi_set_attached() attached 0 ofonod[4855]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 378 QMI tlv_length = 4 QMI message = (0x0023) QMI TLV: QMI type = 0x10 QMI length = 1 QMI value = 02 ofonod[4855]: src/modem.c:get_modem_property() modem 0x555555acc980 property AlwaysOnline ofonod[4855]: plugins/gobi.c:gobi_set_online() 0x555555acc980 offline ofonod[4855]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "dms" QMI client = 156 QMI QMI: QMI flags = "none" QMI transaction = 379 QMI tlv_length = 4 QMI message = "Set Operating Mode" (0x002E) QMI TLV: QMI type = "Mode" (0x01) QMI length = 1 QMI value = 01 QMI translated = low-power ofonod[4855]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 19 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 378 QMI tlv_length = 7 QMI message = (0x0023) QMI TLV: QMI type = 0x02 QMI length = 4 QMI value = 00:00:00:00 ofonod[4855]: drivers/qmimodem/gprs.c:attach_detach_cb() ofonod[4855]: src/gprs.c:gprs_attach_callback() /gobi_9 error = 0 ofonod[4855]: drivers/qmimodem/gprs.c:qmi_attached_status() ofonod[4855]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 12 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 380 QMI tlv_length = 0 QMI message = "Get Serving System" (0x0024) ofonod[4855]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 19 QMI flags = 0x80 QMI service = "dms" QMI client = 156 QMI QMI: QMI flags = "response" QMI transaction = 379 QMI tlv_length = 7 QMI message = "Set Operating Mode" (0x002E) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS ofonod[4855]: plugins/gobi.c:set_online_cb() ofonod[4855]: src/modem.c:modem_change_state() old state: 3, new state: 2 ofonod[4855]: src/modem.c:flush_atoms() ofonod[4855]: src/gprs.c:gprs_context_unregister() 0x555555acbb30, 0x555555ae4b50 ofonod[4855]: src/gprs.c:gprs_context_remove() atom: 0x555555acbb70 ofonod[4855]: drivers/qmimodem/gprs-context.c:qmi_gprs_context_remove() ofonod[4855]: plugins/bluez5.c:bt_unregister_profile() Bluetooth: Unregistering profile /bluetooth/profile/dun_gw ofonod[4855]: src/gprs.c:gprs_unregister() 0x555555ae4b50 ofonod[4855]: src/network.c:__ofono_netreg_remove_status_watch() 0x5555559cc3f0 ofonod[4855]: src/gprs.c:gprs_remove() atom: 0x555555ae4c00 ofonod[4855]: drivers/qmimodem/gprs.c:qmi_gprs_remove() ofonod[4855]: src/ussd.c:ussd_remove() atom: 0x555555a87210 ofonod[4855]: drivers/qmimodem/ussd.c:qmi_ussd_remove() ofonod[4855]: drivers/qmimodem/netmon.c:qmi_netmon_remove() ofonod[4855]: src/sim.c:ofono_sim_remove_spn_watch() 0x555555ad8e40 ofonod[4855]: src/network.c:netreg_remove() atom: 0x5555559cc500 ofonod[4855]: drivers/qmimodem/network-registration.c:qmi_netreg_remove() ofonod[4855]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "ctl" QMI client = 0 QMI QMI: QMI flags = "none" QMI transaction = 12 QMI tlv_length = 5 QMI message = "Release CID" (0x0023) QMI TLV: QMI type = "Release Info" (0x01) QMI length = 2 QMI value = 1A:01 QMI translated = [ service = 'wda' cid = '1' ] ofonod[4855]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "ctl" QMI client = 0 QMI QMI: QMI flags = "none" QMI transaction = 13 QMI tlv_length = 5 QMI message = "Release CID" (0x0023) QMI TLV: QMI type = "Release Info" (0x01) QMI length = 2 QMI value = 09:04 QMI translated = [ service = 'voice' cid = '4' ] ofonod[4855]: UnregisterProfile() replied an error: org.freedesktop.DBus.Error.ServiceUnknown, The name org.bluez was not provided by any .service files ofonod[4855]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 94 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 380 QMI tlv_length = 82 QMI message = "Get Serving System" (0x0024) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS QMI TLV: QMI type = "MNC PCS Digit Include Status" (0x27) QMI length = 5 QMI value = 85:03:46:00:00 QMI translated = [ mcc = '901' mnc = '70' includes_pcs_digit = 'no' ] QMI TLV: QMI type = "Call Barring Status" (0x25) QMI length = 8 QMI value = 00:00:00:00:00:00:00:00 QMI translated = [ cs_status = 'normal-only' ps_status = 'normal-only' ] QMI TLV: QMI type = "Detailed Service Status" (0x21) QMI length = 5 QMI value = 02:03:04:01:00 QMI translated = [ status = 'available' capability = 'cs-ps' hdr_status = 'power-save' hdr_hybrid = 'yes' forbidden = 'no' ] QMI TLV: QMI type = "DTM Support" (0x20) QMI length = 1 QMI value = 00 QMI translated = no QMI TLV: QMI type = "CID 3GPP" (0x1d) QMI length = 4 QMI value = DB:23:00:00 QMI translated = 9179 QMI TLV: QMI type = "LAC 3GPP" (0x1c) QMI length = 2 QMI value = DB:23 QMI translated = 9179 QMI TLV: QMI type = "Roaming Indicator List" (0x15) QMI length = 3 QMI value = 01:04:01 QMI translated = { [0] = '[ radio_interface = 'gsm' roaming_indicator = 'off' ] '} QMI TLV: QMI type = "Current PLMN" (0x12) QMI length = 5 QMI value = 85:03:46:00:00 QMI translated = [ mcc = '901' mnc = '70' description = '' ] QMI TLV: QMI type = "Data Service Capability" (0x11) QMI length = 2 QMI value = 01:01 QMI translated = { [0] = 'gprs '} QMI TLV: QMI type = "Roaming Indicator" (0x10) QMI length = 1 QMI value = 01 QMI translated = off QMI TLV: QMI type = "Serving System" (0x01) QMI length = 6 QMI value = 01:01:01:02:01:04 QMI translated = [ registration_state = 'registered' cs_attach_state = 'attached' ps_attach_state = 'attached' selected_network = '3gpp' radio_interfaces = '{ [0] = 'gsm '}' ] ofonod[4855]: drivers/qmimodem/gprs.c:get_ss_info_cb() ofonod[4855]: drivers/qmimodem/gprs.c:handle_ss_info() ofonod[4855]: drivers/qmimodem/gprs.c:extract_ss_info() ofonod[4855]: drivers/qmimodem/gprs.c:extract_ss_info() radio in use 4 ofonod[4855]: src/gprs.c:registration_status_cb() /gobi_9 error 0 status 1 ofonod[4855]: src/gprs.c:ofono_gprs_status_notify() /gobi_9 status registered (1) ofonod[4855]: drivers/qmimodem/gprs.c:qmi_set_attached() attached 0 Program received signal SIGSEGV, Segmentation fault. 0x00005555555d889f in qmi_set_attached (gprs=0x555555ae4b50, attached=0, cb=0x5555556987c6 <gprs_attach_callback>, user_data=0x555555ae4b50) at drivers/qmimodem/gprs.c:269 269 if (qmi_service_send(data->nas, QMI_NAS_ATTACH_DETACH, param,
(gdb) bt #0 0x00005555555d889f in qmi_set_attached (gprs=0x555555ae4b50, attached=0, cb=0x5555556987c6 <gprs_attach_callback>, user_data=0x555555ae4b50) at drivers/qmimodem/gprs.c:269 #1 0x000055555569a999 in ofono_gprs_status_notify (gprs=0x555555ae4b50, status=1) at src/gprs.c:2651 #2 0x0000555555698783 in registration_status_cb (error=0x7fffffffdaac, status=1, data=0x555555ae4b50) at src/gprs.c:1686 #3 0x00005555555d89c9 in get_ss_info_cb (result=0x7fffffffdb00, user_data=0x55555596d110) at drivers/qmimodem/gprs.c:298 #4 0x00005555555cf558 in service_send_callback (message=36, length=82, buffer=0x7fffffffdbfd, user_data=0x555555a841d0) at drivers/qmimodem/qmi.c:2286 #5 0x00005555555cc959 in handle_packet (device=0x5555559f8f70, hdr=0x7fffffffdbf0, buf=0x7fffffffdbf6) at drivers/qmimodem/qmi.c:831 #6 0x00005555555ccafa in received_data (channel=0x555555aab400, cond=G_IO_IN, user_data=0x5555559f8f70) at drivers/qmimodem/qmi.c:880 #7 0x00007ffff7b0f6aa in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #8 0x00007ffff7b0fa60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #9 0x00007ffff7b0fd82 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #10 0x000055555564d91d in main (argc=1, argv=0x7fffffffe688) at src/main.c:306 (gdb) l 264 265 param = qmi_param_new_uint8(QMI_NAS_PARAM_ATTACH_ACTION, action); 266 if (!param) 267 goto error; 268 269 if (qmi_service_send(data->nas, QMI_NAS_ATTACH_DETACH, param, 270 attach_detach_cb, cbd, g_free) > 0) 271 return; 272 273 qmi_param_free(param); $1 = (struct gprs_data *) 0x0 (gdb) print cbd $2 = (struct cb_data *) 0x555555975190 (gdb) print *cbd $3 = {cb = 0x5555556987c6 <gprs_attach_callback>, data = 0x555555ae4b50, user = 0x0} (gdb) print *gprs $4 = {contexts = 0x7ffff72abc38 <main_arena+312>, attached = 1437477888, driver_attached = 21845, roaming_allowed = 0, powered = 0, suspended = 0, status = 1, flags = 1, bearer = 0, suspend_timeout = 0, pid_map = 0x0, last_context_id = 1, cid_map = 0x0, netreg_status = 1, netreg = 0x0, netreg_watch = 0, status_watch = 0, settings = 0x0, imsi = 0x0, pending = 0x0, context_drivers = 0x0, driver = 0x555555948f20 <driver>, driver_data = 0x0, atom = 0x555555ae4c00, spn_watch = 0}
gprs->driver_data = 0x0 but we still try to access it. Probably it was set to NULL in qmi_gprs_remove().
Updated by pespin about 5 years ago
Another one
ofonod[29461]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 12 QMI flags = 0x00 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "none" QMI transaction = 370 QMI tlv_length = 0 QMI message = "Get Serving System" (0x0024) ofonod[29461]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 19 QMI flags = 0x80 QMI service = "dms" QMI client = 132 QMI QMI: QMI flags = "response" QMI transaction = 369 QMI tlv_length = 7 QMI message = "Set Operating Mode" (0x002E) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS ofonod[29461]: plugins/gobi.c:set_online_cb() ofonod[29461]: src/modem.c:modem_change_state() old state: 3, new state: 2 ofonod[29461]: src/modem.c:flush_atoms() ofonod[29461]: src/gprs.c:gprs_context_unregister() 0x555555abdea0, 0x5555559bb800 ofonod[29461]: src/gprs.c:gprs_context_remove() atom: 0x555555abdee0 ofonod[29461]: drivers/qmimodem/gprs-context.c:qmi_gprs_context_remove() ofonod[29461]: plugins/bluez5.c:bt_unregister_profile() Bluetooth: Unregistering profile /bluetooth/profile/dun_gw ofonod[29461]: src/gprs.c:gprs_unregister() 0x5555559bb800 ofonod[29461]: src/network.c:__ofono_netreg_remove_status_watch() 0x5555559cb050 ofonod[29461]: src/gprs.c:gprs_remove() atom: 0x5555559bb8b0 ofonod[29461]: drivers/qmimodem/gprs.c:qmi_gprs_remove() ofonod[29461]: src/ussd.c:ussd_remove() atom: 0x5555559fa250 ofonod[29461]: drivers/qmimodem/ussd.c:qmi_ussd_remove() ofonod[29461]: drivers/qmimodem/netmon.c:qmi_netmon_remove() ofonod[29461]: src/sim.c:ofono_sim_remove_spn_watch() 0x555555a85110 ofonod[29461]: src/network.c:netreg_remove() atom: 0x5555559efae0 ofonod[29461]: drivers/qmimodem/network-registration.c:qmi_netreg_remove() ofonod[29461]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "ctl" QMI client = 0 QMI QMI: QMI flags = "none" QMI transaction = 12 QMI tlv_length = 5 QMI message = "Release CID" (0x0023) QMI TLV: QMI type = "Release Info" (0x01) QMI length = 2 QMI value = 1A:01 QMI translated = [ service = 'wda' cid = '1' ] ofonod[29461]: drivers/qmimodem/qmibridge.c:ask_qmi() _REQ: QMI QMUX: QMI length = 16 QMI flags = 0x00 QMI service = "ctl" QMI client = 0 QMI QMI: QMI flags = "none" QMI transaction = 13 QMI tlv_length = 5 QMI message = "Release CID" (0x0023) QMI TLV: QMI type = "Release Info" (0x01) QMI length = 2 QMI value = 09:04 QMI translated = [ service = 'voice' cid = '4' ] ofonod[29461]: drivers/qmimodem/qmibridge.c:ask_qmi() READ: QMI QMUX: QMI length = 40 QMI flags = 0x80 QMI service = "nas" QMI client = 3 QMI QMI: QMI flags = "response" QMI transaction = 370 QMI tlv_length = 28 QMI message = "Get Serving System" (0x0024) QMI TLV: QMI type = "Result" (0x02) QMI length = 4 QMI value = 00:00:00:00 QMI translated = SUCCESS QMI TLV: QMI type = "Detailed Service Status" (0x21) QMI length = 5 QMI value = 00:03:04:01:00 QMI translated = [ status = 'none' capability = 'cs-ps' hdr_status = 'power-save' hdr_hybrid = 'yes' forbidden = 'no' ] QMI TLV: QMI type = "Data Service Capability" (0x11) QMI length = 1 QMI value = 00 QMI translated = {} QMI TLV: QMI type = "Serving System" (0x01) QMI length = 6 QMI value = 02:01:01:00:01:00 QMI translated = [ registration_state = 'not-registered-searching' cs_attach_state = 'attached' ps_attach_state = 'attached' selected_network = 'unknown' radio_interfaces = '{ [0] = 'none '}' ] ofonod[29461]: drivers/qmimodem/gprs.c:get_ss_info_cb() ofonod[29461]: drivers/qmimodem/gprs.c:handle_ss_info() ofonod[29461]: drivers/qmimodem/gprs.c:extract_ss_info() ofonod[29461]: drivers/qmimodem/gprs.c:extract_ss_info() radio in use 0 Program received signal SIGSEGV, Segmentation fault. 0x000055555564ecbd in __ofono_atom_get_path (atom=0x5555559bb8b0) at src/modem.c:236 236 return atom->modem->path; (gdb)
(gdb) bt #0 0x000055555564ecbd in __ofono_atom_get_path (atom=0x5555559bb8b0) at src/modem.c:236 #1 0x0000555555698727 in registration_status_cb (error=0x7fffffffdaac, status=1, data=0x5555559bb800) at src/gprs.c:1680 #2 0x00005555555d89c9 in get_ss_info_cb (result=0x7fffffffdb00, user_data=0x555555973020) at drivers/qmimodem/gprs.c:298 #3 0x00005555555cf558 in service_send_callback (message=36, length=28, buffer=0x7fffffffdbfd, user_data=0x555555a77e40) at drivers/qmimodem/qmi.c:2286 #4 0x00005555555cc959 in handle_packet (device=0x5555559bc780, hdr=0x7fffffffdbf0, buf=0x7fffffffdbf6) at drivers/qmimodem/qmi.c:831 #5 0x00005555555ccafa in received_data (channel=0x5555559f04f0, cond=G_IO_IN, user_data=0x5555559bc780) at drivers/qmimodem/qmi.c:880 #6 0x00007ffff7b0f6aa in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #7 0x00007ffff7b0fa60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #8 0x00007ffff7b0fd82 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #9 0x000055555564d91d in main (argc=1, argv=0x7fffffffe688) at src/main.c:306 (gdb) print *atom $1 = {type = 1437326848, modem_state = 21845, destruct = 0x55555569b83a <gprs_remove>, unregister = 0x0, data = 0x5555559bb800, modem = 0xe0} (gdb) bt full #0 0x000055555564ecbd in __ofono_atom_get_path (atom=0x5555559bb8b0) at src/modem.c:236 No locals. #1 0x0000555555698727 in registration_status_cb (error=0x7fffffffdaac, status=1, data=0x5555559bb800) at src/gprs.c:1680 __ofono_debug_desc = {name = 0x0, file = 0x5555556fb69f "src/gprs.c", flags = 1} gprs = 0x5555559bb800 __FUNCTION__ = "registration_status_cb" #2 0x00005555555d89c9 in get_ss_info_cb (result=0x7fffffffdb00, user_data=0x555555973020) at drivers/qmimodem/gprs.c:298 e = {type = OFONO_ERROR_TYPE_NO_ERROR, error = 0} cbd = 0x555555973020 gprs = 0x5555559bb800 cb = 0x5555556986e5 <registration_status_cb> status = 1 __FUNCTION__ = "get_ss_info_cb" #3 0x00005555555cf558 in service_send_callback (message=36, length=28, buffer=0x7fffffffdbfd, user_data=0x555555a77e40) at drivers/qmimodem/qmi.c:2286 data = 0x555555a77e40 result_code = 0x7fffffffdc00 len = 4 result = {message = 36, result = 0, error = 0, data = 0x7fffffffdbfd, length = 28} #4 0x00005555555cc959 in handle_packet (device=0x5555559bc780, hdr=0x7fffffffdbf0, buf=0x7fffffffdbf6) at drivers/qmimodem/qmi.c:831 req = 0x5555559fa090 message = 36 length = 28 data = 0x7fffffffdbfd #5 0x00005555555ccafa in received_data (channel=0x5555559f04f0, cond=G_IO_IN, user_data=0x5555559bc780) at drivers/qmimodem/qmi.c:880 len = 41 device = 0x5555559bc780 hdr = 0x7fffffffdbf0 buf = "\001(\000\200\003\003\002r\001$\000\034\000\002\004\000\000\000\000\000!\005\000\000\003\004\001\000\021\001\000\000\001\006\000\002\001\001\000\001\000\000\000\000\034\000\000\000C\334\377\377\377\177\000\000P\334\377\377\377\177\000\000\000\000\000\000\000\000\000\000\060\032\211\367\377\177\000\000\350\334\377\377\377\177\000\000\000\350^\243\215\244\313\063\000\000\000\000\000\000\000\000\000\350^\243\215\244\313\063\360\335\377\377\377\177\000\000\360\335\377\377\377\177\000\000\002\000\000\000\000\000\000\000\371\004\211\367\377\177\000\000\360\335\377\377\377\177\000\000\223\003\211\367\377\177\000\000\026ݖUUU\000\000\034\036\211\367\377\177\000\000\000\335\377\377\377\177\000\000\340\334\377\377\377\177\000\000\330\334\377\377\377\177\000\000\001"... bytes_read = 41 offset = 0 #6 0x00007ffff7b0f6aa in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #7 0x00007ffff7b0fa60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #8 0x00007ffff7b0fd82 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #9 0x000055555564d91d in main (argc=1, argv=0x7fffffffe688) at src/main.c:306 context = 0x55555596ae00 err = 0x0 conn = 0x55555596c8d0 error = {name = 0x0, message = 0x0, dummy1 = 1, dummy2 = 0, dummy3 = 0, dummy4 = 0, dummy5 = 0, padding1 = 0x0} signal = 1
Updated by pespin about 5 years ago
I updated osmo-gsm-tester ofono branch on top of current ofono master (9cba079221cee5c4abd5f828911ee563c8874f75). I'm running some load on it now to see how it behaves and see if the bug is still present.
Updated by pespin almost 5 years ago
- Status changed from New to Closed
Crash didn't show up anymore after we updated our branch on top of current ofono master (after ofono 1.28). Closing the ticket.
Updated by pespin almost 5 years ago
- Related to Bug #2738: ofono: crash during tests added