Debian Bug report logs - #943381
/usr/sbin/ModemManager: modemmanager segfaults when plugging an atusb

version graph

Package: modemmanager; Maintainer for modemmanager is DebianOnMobile Maintainers <debian-on-mobile-maintainers@alioth-lists.debian.net>; Source for modemmanager is src:modemmanager (PTS, buildd, popcon).

Reported by: Uwe Kleine-König <ukleinek@debian.org>

Date: Thu, 24 Oct 2019 06:12:02 UTC

Severity: normal

Found in version modemmanager/1.10.0-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, ukleinek@debian.org, Mathieu Trudel-Lapierre <mathieu.tl@gmail.com>:
Bug#943381; Package modemmanager. (Thu, 24 Oct 2019 06:12:05 GMT) (full text, mbox, link).

Acknowledgement sent to Uwe Kleine-König <ukleinek@debian.org>:
New Bug report received and forwarded. Copy sent to ukleinek@debian.org, Mathieu Trudel-Lapierre <mathieu.tl@gmail.com>. (Thu, 24 Oct 2019 06:12:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Uwe Kleine-König <ukleinek@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: /usr/sbin/ModemManager: modemmanager segfaults when plugging an atusb
Date: Thu, 24 Oct 2019 08:08:34 +0200
Package: modemmanager
Version: 1.10.0-1
Severity: normal
File: /usr/sbin/ModemManager

Hello,

when plugging in an atusb (http://shop.sysmocom.de/products/atusb) the
following is logged to the kernel log (dmesg):

	[39780.102012] usb 1-1: new full-speed USB device number 18 using xhci_hcd
	[39780.251752] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 0.01
	[39780.251756] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
	[39780.251759] usb 1-1: SerialNumber: 47303130343715181c16
	[39783.064299] usb 1-1: USB disconnect, device number 18
	[39783.371350] usb 1-1: new full-speed USB device number 19 using xhci_hcd
	[39783.526537] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice= 0.01
	[39783.526541] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
	[39783.526544] usb 1-1: SerialNumber: 47303130343715181c16
	[39783.530746] usb 1-1: ATUSB: AT86RF231 version 2
	[39783.530967] usb 1-1: Firmware: major: 0, minor: 3, hardware type: ATUSB (2)
	[39783.531506] usb 1-1: Firmware: build #132 Mo 28. Nov 16:20:35 CET 2016
	[39783.531815] usb 1-1: Read permanent extended address 10:e2:d5:ff:ff:00:02:42 from device
	[39783.567346] ModemManager[27151]: segfault at 0 ip 000055e520cbce6a sp 00007ffe15b75660 error 4 in ModemManager[55e520c08000+b7000]
	[39783.567351] Code: 4c 89 e7 e8 60 25 f5 ff 48 8b 45 18 48 8d 1d 0c 87 03 00 48 8b 38 e8 a5 b2 f4 ff b9 06 00 00 00 48 8d 3d ea 86 03 00 48 89 c6 <f3> a6 0f 97 c0 1c 00 84 c0 74 a0 31 db 48 89 d8 5b 5d 41 5c c3 90

The corresponding backtrace of modemmanager's segfault looks as follows:

	#0  0x000055e520cbce6a in kernel_device_get_driver (_self=<optimized out>) at kerneldevice/mm-kernel-device-udev.c:346
		self = 0x7fc194005660
		driver = 0x0
		subsys = <optimized out>
		name = 0x0
		__FUNCTION__ = "kernel_device_get_driver"
	#1  0x000055e520c15531 in add_port_driver (kernel_port=0x7fc194005660, self=0x7fc19c006d80) at mm-device.c:175
		driver = <optimized out>
		n_items = <optimized out>
		i = <optimized out>
		probe = <optimized out>
	#2  0x000055e520c15531 in mm_device_grab_port (self=0x7fc19c006d80, kernel_port=0x7fc194005660) at mm-device.c:175
		probe = <optimized out>
	#3  0x000055e520c13bfe in handle_uevent (client=<optimized out>, action=0x55e521e89c60 "add", device=<optimized out>, user_data=<optimized out>) at mm-base-manager.c:482
		self = 0x55e521e40240
		subsys = 0x55e521e72110 "net"
		name = 0x0
		kernel_device = 0x7fc194005660
		__FUNCTION__ = "handle_uevent"
	#4  0x00007fc1ab9878ee in ffi_call_unix64 () at ../src/x86/unix64.S:76
	#5  0x00007fc1ab9872bf in ffi_call (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>) at ../src/x86/ffi64.c:525
		classes = {X86_64_INTEGER_CLASS, 32766, 364337344, 32766}
		stack = <optimized out>
		argp = <optimized out>
		arg_types = <optimized out>
		gprcount = <optimized out>
		ssecount = <optimized out>
		ngpr = 1
		nsse = 0
		i = <optimized out>
		avn = <optimized out>
		ret_in_memory = <optimized out>
		reg_args = <optimized out>
	#6  0x00007fc1ac2f8482 in g_cclosure_marshal_generic () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
	#7  0x00007fc1ac2f7c8d in g_closure_invoke () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
	#8  0x00007fc1ac30b365 in  () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
	#9  0x00007fc1ac3142be in g_signal_emit_valist () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
	#10 0x00007fc1ac31497f in g_signal_emit () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
	#11 0x00007fc1ac885c14 in monitor_event (source=<optimized out>, condition=<optimized out>, data=0x55e521e36ca0) at gudev/gudevclient.c:103
	--Type <RET> for more, q to quit, c to continue without paging--
		client = 0x55e521e36ca0
		device = 0x55e521ea7160
		udevice = 0x55e521ea3e00
	#12 0x00007fc1ac215dd8 in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
	#13 0x00007fc1ac2161c8 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
	#14 0x00007fc1ac2164c2 in g_main_loop_run () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
	#15 0x000055e520c0f5af in main (argc=<optimized out>, argv=<optimized out>) at main.c:181
		inner = <optimized out>
		err = 0x0
		name_id = 1
		__FUNCTION__ = "main"

The problematic code looks as follows:

	    name = g_udev_device_get_name (self->priv->device);
	    if (!driver && strncmp (name, "rfcomm", 6) == 0)
		driver = "bluetooth";

. As can be seen from the backtrace above name is NULL. I didn't test with
1.10.4 but that code wasn't touched between 1.10.0 and 1.10.4.

Best regards
Uwe

-- System Information:
Debian Release: 10.1
  APT prefers stable
  APT policy: (700, 'stable'), (600, 'unstable'), (500, 'unstable-debug'), (500, 'stable-debug'), (500, 'oldstable-updates'), (500, 'oldstable'), (499, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages modemmanager depends on:
ii  libc6                  2.29-2
ii  libglib2.0-0           2.58.3-2+deb10u1
ii  libgudev-1.0-0         232-2
ii  libmbim-glib4          1.18.0-1
ii  libmbim-proxy          1.18.0-1
ii  libmm-glib0            1.10.0-1
ii  libpolkit-gobject-1-0  0.105-25
ii  libqmi-glib5           1.22.0-1.2
ii  libqmi-proxy           1.22.0-1.2
ii  libsystemd0            241-7~deb10u1

Versions of packages modemmanager recommends:
ii  usb-modeswitch  2.5.2+repack0-2

modemmanager suggests no packages.

-- no debconf information

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Dec 28 22:37:10 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.