[Pkg-utopia-maintainers] Bug#944461: upower: segfaults when trying to communicate with usbmuxd when iPhone is plugged in
Lorenz
dev at 4z2.de
Sun Nov 10 12:15:14 GMT 2019
Package: upower
Version: 0.99.11-1
Severity: important
Dear Maintainer,
when I have my (locked) iPhone plugged into my laptop, upower reproducibly
segfaults after five seconds. It is then automatically restarted by systemd,
but crashes again five seconds later. gdb was unable to produce a traceback for
the crashing thread, but strace produces:
> poll([{fd=3, events=POLLIN}, {fd=8, events=POLLIN}, {fd=10, events=POLLPRI},
{fd=11, events=POLLIN}], 4, 4014) = 0 (Timeout)
> stat("/var/run/usbmuxd", {st_mode=S_IFSOCK|0666, st_size=0, ...}) = 0
> socket(AF_UNIX, SOCK_STREAM, 0) = 12
> setsockopt(12, SOL_SOCKET, SO_SNDBUF, [131072], 4) = 0
> setsockopt(12, SOL_SOCKET, SO_RCVBUF, [131072], 4) = 0
> connect(12, {sa_family=AF_UNIX, sun_path="/var/run/usbmuxd"}, 110) = 0
> sendto(12, "\250\1\0\0\1\0\0\0\10\0\0\0\1\0\0\0", 16, MSG_NOSIGNAL, NULL, 0)
= 16
> sendto(12, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist
PUBLIC \"-//Apple//DTD PLIST 1.0//EN\"
\"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n<plist
version=\"1.0\">\n<dict>\n\t<key>ClientVersionString</key>\n\t<string>libusbmuxd
1.1.0</string>\n\t<key>MessageType</key>\n\t<string>ListDevices</string>\n\t<key>ProgName</key>\n\t<string>upowerd</string>\n\t<key>kLibUSBMuxVersion</key>\n\t<integer>3</integer>\n</dict>\n</plist>\n",
408, MSG_NOSIGNAL, NULL, 0) = 408
> select(13, [12], NULL, NULL, {tv_sec=5, tv_usec=0}) = 1 (in [12], left
{tv_sec=4, tv_usec=999994})
> recvfrom(12, "\f\3\0\0\1\0\0\0\10\0\0\0\1\0\0\0", 16, 0, NULL, NULL) = 16
> select(13, [12], NULL, NULL, {tv_sec=5, tv_usec=0}) = 1 (in [12], left
{tv_sec=4, tv_usec=999996})
> recvfrom(12, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist
PUBLIC \"-//Apple//DTD PLIST 1.0//EN\"
\"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n<plist
version=\"1.0\">\n<dict>\n\t<key>DeviceList</key>\n\t<array>\n\t\t<dict>\n\t\t\t<key>MessageType</key>\n\t\t\t<string>Attached</string>\n\t\t\t<key>DeviceID</key>\n\t\t\t<integer>1</integer>\n\t\t\t<key>Properties</key>\n\t\t\t<dict>\n\t\t\t\t<key>ConnectionSpeed</key>\n\t\t\t\t<integer>480000000</integer>\n\t\t\t\t<key>ConnectionType</key>\n\t\t\t\t<string>USB</string>\n\t\t\t\t<key>DeviceID</key>\n\t\t\t\t<integer>1</integer>\n\t\t\t\t<key>LocationID</key>\n\t\t\t\t<integer>196611</integer>\n\t\t\t\t<key>ProductID</key>\n\t\t\t\t<integer>4776</integer>\n\t\t\t\t<key>SerialNumber</key>\n\t\t\t\t<string>77...redacted</string>\n\t\t\t</dict>\n\t\t</dict>\n\t</array>\n</dict>\n</plist>\n",
764, 0, NULL, NULL) = 764
> close(12) = 0
> --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
> +++ killed by SIGSEGV +++
> [1] 7184 segmentation fault strace -s 1000 /usr/lib/upower/upowerd
Stopping usbmuxd prevents upowerd from crashing.
For completeness, here's what gdb manages to output (with upower-dbgsym and
libglib2.0-0-dbgsym installed):
> Thread 1 "upowerd" received signal SIGSEGV, Segmentation fault.
> 0x0000000000000000 in ?? ()
> (gdb) thread apply all bt full
>
> Thread 4 (Thread 0x7ffff60b6700 (LWP 6990)):
> #0 0x00007ffff7ad70a9 in syscall () at
../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
> #1 0x00007ffff7c953a2 in g_cond_wait_until (cond=cond at entry=0x5555555a6238,
mutex=mutex at entry=0x5555555a6230, end_time=end_time at entry=1083432033) at
../../../glib/gthread-posix.c:1470
> now = {tv_sec = 1068, tv_nsec = 432034098}
> span = {tv_sec = 14, tv_nsec = 999998902}
> sampled = 0
> res = <optimized out>
> success = <optimized out>
> #2 0x00007ffff7c1b4a1 in g_async_queue_pop_intern_unlocked
(queue=queue at entry=0x5555555a6230, wait=wait at entry=1,
end_time=end_time at entry=1083432033) at ../../../glib/gasyncqueue.c:422
> retval = <optimized out>
> __FUNCTION__ = "g_async_queue_pop_intern_unlocked"
> #3 0x00007ffff7c1ba92 in g_async_queue_timeout_pop (queue=0x5555555a6230,
timeout=timeout at entry=15000000) at ../../../glib/gasyncqueue.c:545
> end_time = 1083432033
> retval = <optimized out>
> __FUNCTION__ = "g_async_queue_timeout_pop"
> #4 0x00007ffff7c734a9 in g_thread_pool_wait_for_new_pool () at
../../../glib/gthreadpool.c:168
> pool = <optimized out>
> local_max_idle_time = 15000
> local_wakeup_thread_serial = <optimized out>
> last_wakeup_thread_serial = 0
> have_relayed_thread_marker = <optimized out>
> free_pool = <optimized out>
> task = <optimized out>
> pool = <optimized out>
> #5 0x00007ffff7c734a9 in g_thread_pool_thread_proxy (data=<optimized out>)
at ../../../glib/gthreadpool.c:365
> free_pool = <optimized out>
> task = <optimized out>
> pool = <optimized out>
> #6 0x00007ffff7c72d0d in g_thread_proxy (data=0x5555555aeca0) at
../../../glib/gthread.c:805
> thread = 0x5555555aeca0
> __FUNCTION__ = "g_thread_proxy"
> #7 0x00007ffff7baafb7 in start_thread (arg=<optimized out>) at
pthread_create.c:486
> ret = <optimized out>
> pd = <optimized out>
> now = <optimized out>
> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737321330432,
-1214051612260060498, 140737488346894, 140737488346895, 140737321330432,
140737321328320, 1214070204040983214, 1214068683123831470}, mask_was_saved =
0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0,
canceltype = 0}}}
> not_first_call = <optimized out>
> #8 0x00007ffff7adc2cf in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
>
> Thread 3 (Thread 0x7ffff68b7700 (LWP 6989)):
> #0 0x00007ffff7ad1d0f in __GI___poll (fds=0x5555555ce4b0, nfds=2,
timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
> resultvar = 18446744073709551100
> sc_cancel_oldtype = 0
> #1 0x00007ffff7c4a09e in g_main_context_poll (priority=<optimized out>,
n_fds=2, fds=0x5555555ce4b0, timeout=<optimized out>, context=0x5555555cd0b0)
at ../../../glib/gmain.c:4216
> ret = <optimized out>
> errsv = <optimized out>
> poll_func = 0x7ffff7c599e0 <g_poll>
> max_priority = 2147483647
> timeout = -1
> some_ready = <optimized out>
> nfds = 2
> allocated_nfds = <optimized out>
> fds = 0x5555555ce4b0
> #2 0x00007ffff7c4a09e in g_main_context_iterate (context=0x5555555cd0b0,
block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at
../../../glib/gmain.c:3912
> max_priority = 2147483647
> timeout = -1
> some_ready = <optimized out>
> nfds = 2
> allocated_nfds = <optimized out>
> fds = 0x5555555ce4b0
> #3 0x00007ffff7c4a403 in g_main_loop_run (loop=0x5555555cd1a0) at
../../../glib/gmain.c:4111
> __FUNCTION__ = "g_main_loop_run"
> #4 0x00007ffff7eb78f6 in gdbus_shared_thread_func (user_data=0x5555555b6dd0)
at ../../../gio/gdbusprivate.c:279
> data = 0x5555555b6dd0
> #5 0x00007ffff7c72d0d in g_thread_proxy (data=0x5555555ae4f0) at
../../../glib/gthread.c:805
> thread = 0x5555555ae4f0
> __FUNCTION__ = "g_thread_proxy"
> #6 0x00007ffff7baafb7 in start_thread (arg=<optimized out>) at
pthread_create.c:486
> ret = <optimized out>
> pd = <optimized out>
> now = <optimized out>
> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737329723136,
-1214051612260060498, 140737488344750, 140737488344751, 140737329723136,
140737329721024, 1214071305163223726, 1214068683123831470}, mask_was_saved =
0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0,
canceltype = 0}}}
> not_first_call = <optimized out>
> #7 0x00007ffff7adc2cf in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
>
> Thread 2 (Thread 0x7ffff70b8700 (LWP 6988)):
> #0 0x00007ffff7ad1d0f in __GI___poll (fds=0x5555555b8860, nfds=1,
timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
> resultvar = 18446744073709551100
> sc_cancel_oldtype = 0
> #1 0x00007ffff7c4a09e in g_main_context_poll (priority=<optimized out>,
n_fds=1, fds=0x5555555b8860, timeout=<optimized out>, context=0x5555555b9e90)
at ../../../glib/gmain.c:4216
> ret = <optimized out>
> errsv = <optimized out>
> poll_func = 0x7ffff7c599e0 <g_poll>
> max_priority = 2147483647
> timeout = -1
> some_ready = <optimized out>
> nfds = 1
> allocated_nfds = <optimized out>
> fds = 0x5555555b8860
> #2 0x00007ffff7c4a09e in g_main_context_iterate
(context=context at entry=0x5555555b9e90, block=block at entry=1,
dispatch=dispatch at entry=1, self=<optimized out>) at ../../../glib/gmain.c:3912
> max_priority = 2147483647
> timeout = -1
> some_ready = <optimized out>
> nfds = 1
> allocated_nfds = <optimized out>
> fds = 0x5555555b8860
> #3 0x00007ffff7c4a1bf in g_main_context_iteration (context=0x5555555b9e90,
may_block=may_block at entry=1) at ../../../glib/gmain.c:3978
> retval = <optimized out>
> #4 0x00007ffff7c4a211 in glib_worker_main (data=<optimized out>) at
../../../glib/gmain.c:5858
> #5 0x00007ffff7c72d0d in g_thread_proxy (data=0x5555555ae450) at
../../../glib/gthread.c:805
> thread = 0x5555555ae450
> __FUNCTION__ = "g_thread_proxy"
> #6 0x00007ffff7baafb7 in start_thread (arg=<optimized out>) at
pthread_create.c:486
> ret = <optimized out>
> pd = <optimized out>
> now = <optimized out>
> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737338115840,
-1214051612260060498, 140737488344782, 140737488344783, 140737338115840,
140737338113728, 1214068006091469486, 1214068683123831470}, mask_was_saved =
0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0,
canceltype = 0}}}
> not_first_call = <optimized out>
> #7 0x00007ffff7adc2cf in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
>
> Thread 1 (Thread 0x7ffff73f2840 (LWP 6984)):
> #0 0x0000000000000000 in ()
> #1 0x00007fffe800aa10 in ()
> #2 0x0000000000000000 in ()
Please let me know if there's any more information that would help.
Cheers,
Lorenz
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages upower depends on:
ii dbus 1.12.16-2
ii libc6 2.29-3
ii libglib2.0-0 2.62.2-3
ii libgudev-1.0-0 233-1
ii libimobiledevice6 1.2.1-6
ii libplist3 2.0.1~git20190104.3f96731-1
ii libupower-glib3 0.99.11-1
ii libusb-1.0-0 2:1.0.23-1
ii udev 242-8
Versions of packages upower recommends:
ii policykit-1 0.105-26
upower suggests no packages.
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list