touch-packages team mailing list archive

[Wouter Verhelst <wouter@xxxxxxxxxx>]

Public bug reported:

Hi,

When one plugs in a Vasco DP905v1.1 smart card reader before pcscd is
started and waits for a few moments, the green 'power' led on this
device will go off, indicating that the device is in low-power mode.
When this happens, due to an issue with the specific card reader model,
it seems to be impossible to revive the card reader without power-
cycling the USB bus.

This is especially annoying as the time between 'USB bus receives power'
and 'pcscd starts' is longer than the time it takes for the DP905v1.1 to
go to low-power mode on many systems, causing loss of functionality for
people who leave their smart card reader plugged in at boot time, and a
segfault when the most obvious way to fix the issue (remove the card
reader from the USB bus and plug it in again) is attempted. While the
loss of functionality could be considered a bug in the smart card
reader, not necessarily libudev's problem, the segfault is a different
matter.

When one then starts pcscd with the '-f' option (for 'foreground'), the
following information is printed to the console:

00000000 ccid_usb.c:790:ReadUSB() read failed (2/6): -7 Resource temporarily unavailable
05000798 ccid_usb.c:751:WriteUSB() write failed (2/6): -7 Resource temporarily unavailable
05000403 ccid_usb.c:751:WriteUSB() write failed (2/6): -7 Resource temporarily unavailable
00000027 ifdhandler.c:158:CreateChannelByNameOrChannel() failed
00000021 readerfactory.c:1020:RFInitializeReader() Open Port 0x200000 Failed (usb:1a44/0001:libudev:0:/dev/bus/usb/002/006)
00000009 readerfactory.c:312:RFAddReader() VASCO DP905v1.1 init failed.
00000126 hotplug_libudev.c:391:HPAddDevice() Failed adding USB device: VASCO DP905v1.1

At this point pcscd is stuck waiting, and removing the card reader
causes the segfault.

I installed a few debug symbols packages and recompiled pcscd with
DEB_BUILD_OPTIONS=nostrip in an effort to figure out some more
information, and have found the following:

At the point when the segfault happens, pcscd will have three threads running:
- The first thread is the main thread, which is usually in select()
- The second thread seems to be a helper thread of some sort; its stack backtrace contains no function symbols
- The third thread will always be in pcscd:hotplug_libudev.c, line 433:

  udev_enumerate_scan_devices(enumerate);

  going down the stack trace into libudev gets us:

#0  0x00007ffff72c5200 in __openat_nocancel (fd=-100, 
    file=0x7ffff5d228d0 "/sys/bus", oflag=591872, mode=0)
    at ../sysdeps/unix/sysv/linux/wordsize-64/../openat.c:93
#1  0x00007ffff7296935 in __opendirat (dfd=dfd@entry=-100, 
    name=name@entry=0x7ffff5d228d0 "/sys/bus")
    at ../sysdeps/posix/opendir.c:129
#2  0x00007ffff729697d in __opendir (name=name@entry=0x7ffff5d228d0 "/sys/bus")
    at ../sysdeps/posix/opendir.c:160
#3  0x00007ffff7bd0a02 in scan_dir (
    udev_enumerate=udev_enumerate@entry=0x7ffff0001670, 
    basedir=basedir@entry=0x7ffff7bd4d11 "bus", 
    subdir=subdir@entry=0x7ffff7bd4d09 "devices", 
    subsystem=subsystem@entry=0x0) at ../src/libudev/libudev-enumerate.c:742
#4  0x00007ffff7bd1280 in scan_devices_all (udev_enumerate=0x7ffff0001670)
    at ../src/libudev/libudev-enumerate.c:893
#5  udev_enumerate_scan_devices (
    udev_enumerate=udev_enumerate@entry=0x7ffff0001670)
    at ../src/libudev/libudev-enumerate.c:922
#6  0x000000000040e2d9 in HPRescanUsbBus (udev=udev@entry=0x629cb0)
    at hotplug_libudev.c:433
#7  0x000000000040e761 in HPEstablishUSBNotifications (udev=0x629cb0)
    at hotplug_libudev.c:595
#8  0x00007ffff75a7182 in start_thread (arg=0x7ffff5d23700)
    at pthread_create.c:312
#9  0x00007ffff72d3fbd in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Although this thread is always at the same location which makes me think
it seems to cause the segfault, I should note that it is in fact the
second thread which does so:

(gdb) thread 2
[Switching to thread 2 (Thread 4168)]
#0  0x00007ffff6533248 in ?? ()
(gdb) where
#0  0x00007ffff6533248 in ?? ()
#1  0x00007ffff6524700 in ?? ()
#2  0x0000000000000018 in ?? ()
#3  0x0000000100000005 in ?? ()
#4  0x0001000100000004 in ?? ()
#5  0x00007ffff6524700 in ?? ()
#6  0x00007ffff6524700 in ?? ()
#7  0x0000000000000000 in ?? ()

but as said, I'm not sure what to do with this.

After having figured out that it's somewhere inside libudev, I wanted to
file a bug with a crash report, but apparently I must've done something
wrong, because apport no longer seems to want to write crash reports on
this system. To make matters worse,  I also can't create a core dump
using 'ulimit -c unlimited'. If someone could help me fix that, I'll
happily submit a core dump if needed.

This problem has been observed on at least three machines, all running
trusty (some amd64, some i386).

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libudev1 204-5ubuntu20.5
ProcVersionSignature: Ubuntu 3.13.0-35.62-generic 3.13.11.6
Uname: Linux 3.13.0-35-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.3
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Sep  8 12:21:43 2014
InstallationDate: Installed on 2014-08-28 (11 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1366747

Title:
  libudev1 seems to cause a segfault in pcscd when a Vasco DP905v1.1
  smart card reader is inserted before pcscd is started

Status in “systemd” package in Ubuntu:
  New

Bug description:
  Hi,

  When one plugs in a Vasco DP905v1.1 smart card reader before pcscd is
  started and waits for a few moments, the green 'power' led on this
  device will go off, indicating that the device is in low-power mode.
  When this happens, due to an issue with the specific card reader
  model, it seems to be impossible to revive the card reader without
  power-cycling the USB bus.

  This is especially annoying as the time between 'USB bus receives
  power' and 'pcscd starts' is longer than the time it takes for the
  DP905v1.1 to go to low-power mode on many systems, causing loss of
  functionality for people who leave their smart card reader plugged in
  at boot time, and a segfault when the most obvious way to fix the
  issue (remove the card reader from the USB bus and plug it in again)
  is attempted. While the loss of functionality could be considered a
  bug in the smart card reader, not necessarily libudev's problem, the
  segfault is a different matter.

  When one then starts pcscd with the '-f' option (for 'foreground'),
  the following information is printed to the console:

  00000000 ccid_usb.c:790:ReadUSB() read failed (2/6): -7 Resource temporarily unavailable
  05000798 ccid_usb.c:751:WriteUSB() write failed (2/6): -7 Resource temporarily unavailable
  05000403 ccid_usb.c:751:WriteUSB() write failed (2/6): -7 Resource temporarily unavailable
  00000027 ifdhandler.c:158:CreateChannelByNameOrChannel() failed
  00000021 readerfactory.c:1020:RFInitializeReader() Open Port 0x200000 Failed (usb:1a44/0001:libudev:0:/dev/bus/usb/002/006)
  00000009 readerfactory.c:312:RFAddReader() VASCO DP905v1.1 init failed.
  00000126 hotplug_libudev.c:391:HPAddDevice() Failed adding USB device: VASCO DP905v1.1

  At this point pcscd is stuck waiting, and removing the card reader
  causes the segfault.

  I installed a few debug symbols packages and recompiled pcscd with
  DEB_BUILD_OPTIONS=nostrip in an effort to figure out some more
  information, and have found the following:

  At the point when the segfault happens, pcscd will have three threads running:
  - The first thread is the main thread, which is usually in select()
  - The second thread seems to be a helper thread of some sort; its stack backtrace contains no function symbols
  - The third thread will always be in pcscd:hotplug_libudev.c, line 433:

    udev_enumerate_scan_devices(enumerate);

    going down the stack trace into libudev gets us:

  #0  0x00007ffff72c5200 in __openat_nocancel (fd=-100, 
      file=0x7ffff5d228d0 "/sys/bus", oflag=591872, mode=0)
      at ../sysdeps/unix/sysv/linux/wordsize-64/../openat.c:93
  #1  0x00007ffff7296935 in __opendirat (dfd=dfd@entry=-100, 
      name=name@entry=0x7ffff5d228d0 "/sys/bus")
      at ../sysdeps/posix/opendir.c:129
  #2  0x00007ffff729697d in __opendir (name=name@entry=0x7ffff5d228d0 "/sys/bus")
      at ../sysdeps/posix/opendir.c:160
  #3  0x00007ffff7bd0a02 in scan_dir (
      udev_enumerate=udev_enumerate@entry=0x7ffff0001670, 
      basedir=basedir@entry=0x7ffff7bd4d11 "bus", 
      subdir=subdir@entry=0x7ffff7bd4d09 "devices", 
      subsystem=subsystem@entry=0x0) at ../src/libudev/libudev-enumerate.c:742
  #4  0x00007ffff7bd1280 in scan_devices_all (udev_enumerate=0x7ffff0001670)
      at ../src/libudev/libudev-enumerate.c:893
  #5  udev_enumerate_scan_devices (
      udev_enumerate=udev_enumerate@entry=0x7ffff0001670)
      at ../src/libudev/libudev-enumerate.c:922
  #6  0x000000000040e2d9 in HPRescanUsbBus (udev=udev@entry=0x629cb0)
      at hotplug_libudev.c:433
  #7  0x000000000040e761 in HPEstablishUSBNotifications (udev=0x629cb0)
      at hotplug_libudev.c:595
  #8  0x00007ffff75a7182 in start_thread (arg=0x7ffff5d23700)
      at pthread_create.c:312
  #9  0x00007ffff72d3fbd in clone ()
      at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

  Although this thread is always at the same location which makes me
  think it seems to cause the segfault, I should note that it is in fact
  the second thread which does so:

  (gdb) thread 2
  [Switching to thread 2 (Thread 4168)]
  #0  0x00007ffff6533248 in ?? ()
  (gdb) where
  #0  0x00007ffff6533248 in ?? ()
  #1  0x00007ffff6524700 in ?? ()
  #2  0x0000000000000018 in ?? ()
  #3  0x0000000100000005 in ?? ()
  #4  0x0001000100000004 in ?? ()
  #5  0x00007ffff6524700 in ?? ()
  #6  0x00007ffff6524700 in ?? ()
  #7  0x0000000000000000 in ?? ()

  but as said, I'm not sure what to do with this.

  After having figured out that it's somewhere inside libudev, I wanted
  to file a bug with a crash report, but apparently I must've done
  something wrong, because apport no longer seems to want to write crash
  reports on this system. To make matters worse,  I also can't create a
  core dump using 'ulimit -c unlimited'. If someone could help me fix
  that, I'll happily submit a core dump if needed.

  This problem has been observed on at least three machines, all running
  trusty (some amd64, some i386).

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: libudev1 204-5ubuntu20.5
  ProcVersionSignature: Ubuntu 3.13.0-35.62-generic 3.13.11.6
  Uname: Linux 3.13.0-35-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.3
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Mon Sep  8 12:21:43 2014
  InstallationDate: Installed on 2014-08-28 (11 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1366747/+subscriptions