usbhid-ups driver segfaults on discovery of UPS

Bug #1483615 reported by davis on 2015-08-11
32
This bug affects 6 people
Affects Status Importance Assigned to Milestone
nut (Ubuntu)
Medium
Unassigned

Bug Description

Reposted from http://ubuntuforums.org/showthread.php?t=2290204

Now with full cmdlines, gdb and valgrind sessions attached

I'm installing and hoping to configure NUT on a remote machine attached to an APC UPS CS-210 via USB.
I've aptitude updated (everything) and installed NUT:

root@barnbox:~# dpkg -l nut-\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-================================-=====================-=====================-=====================================================================
ii nut-cgi 2.7.1-1ubuntu1 amd64 network UPS tools - web interface
ii nut-client 2.7.1-1ubuntu1 amd64 network UPS tools - clients
un nut-hal-drivers <none> <none> (no description available)
un nut-ipmi <none> <none> (no description available)
un nut-monitor <none> <none> (no description available)
ii nut-server 2.7.1-1ubuntu1 amd64 network UPS tools - core system
un nut-snmp <none> <none> (no description available)
un nut-xml <none> <none> (no description available)

I've done the very basic-level config of the UPS driver as hinted at here: http://www.networkupstools.org/docs/man/usbhid-ups.html

root@barnbox:~# tail -n 7 /etc/nut/ups.conf

[apc]
        driver = usbhid-ups
        port = auto
        desc = "APC Back-UPS"
    bus="001" # these lines make no difference to the outcome
    vendor="051d"

Now, although I can start nut, it can't connect to the usbhid-ups driver, and I get this error in dmesg:

[ 2128.229552] usbhid-ups[3003]: segfault at 0 ip 00007fd96720e48c sp 00007ffcaa1e0b78 error 4 in libc-2.19.so[7fd9670cd000+1bb000]

In case it's useful, I have these versions of libusb installed:

root@barnbox:~# dpkg -l libusb\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-================================-=====================-=====================-=====================================================================
ii libusb-0.1-4:amd64 2:0.1.12-23.3ubuntu1 amd64 userspace USB programming library
ii libusb-1.0-0:amd64 2:1.0.17-1ubuntu2 amd64 userspace USB programming library
un libusb0 <none> <none> (no description available)
ii libusbmuxd2 1.0.8-2ubuntu1 amd64 USB multiplexor daemon for iPhone and iPod Touch devices - library

and my system version is:

 root@barnbox:~# lsb_release -a ; uname -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Codename: trusty
Linux barnbox 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

My aim is to get this machine communicating successfully with the UPS, and shutting down on power failure. However, I can't even communicate with the UPS:

root@barnbox:~# upsc apc
Init SSL without certificate database
Error: Driver not connected

Does anyone know why or how to start fixing this?

Thanks

USB listing and the results of running the driver manually:

root@barnbox:~# lsusb && /lib/nut/usbhid-ups -u nut -a apc -x bus=001 -x vendorid=051d -x productid=0002 -DDDD
Bus 002 Device 004: ID 0424:4030 Standard Microsystems Corp.
Bus 002 Device 003: ID 0424:2660 Standard Microsystems Corp.
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 051d:0002 American Power Conversion Uninterruptible Power Supply
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Network UPS Tools - Generic HID driver 0.38 (2.7.1)
USB communication driver 0.32
   0.000000 debug level is '4'
   0.000438 upsdrv_initups...
   0.030198 Checking device (1D6B/0003) (005/001)
   0.030470 - VendorID: 1d6b
   0.030485 - ProductID: 0003
   0.030497 - Manufacturer: unknown
   0.030508 - Product: unknown
   0.030518 - Serial Number: unknown
   0.030529 - Bus: 005
   0.030539 Trying to match device
   0.030558 Device does not match - skipping
   0.030688 Checking device (1D6B/0002) (004/001)
   0.030817 - VendorID: 1d6b
   0.030834 - ProductID: 0002
   0.030845 - Manufacturer: unknown
   0.030857 - Product: unknown
   0.030868 - Serial Number: unknown
   0.030879 - Bus: 004
   0.030889 Trying to match device
   0.030902 Device does not match - skipping
   0.030935 Checking device (1D6B/0001) (003/001)
   0.054114 - VendorID: 1d6b
   0.054183 - ProductID: 0001
   0.054195 - Manufacturer: unknown
   0.054206 - Product: unknown
   0.054217 - Serial Number: unknown
   0.054228 - Bus: 003
   0.054239 Trying to match device
   0.054256 Device does not match - skipping
   0.062061 Checking device (0424/4030) (002/004)
   0.062107 - VendorID: 0424
   0.062120 - ProductID: 4030
   0.062132 - Manufacturer: unknown
   0.062143 - Product: unknown
   0.062154 - Serial Number: unknown
   0.062164 - Bus: 002
   0.062175 Trying to match device
   0.062187 Device does not match - skipping
   0.062201 Checking device (0424/2660) (002/003)
   0.062218 - VendorID: 0424
   0.062230 - ProductID: 2660
   0.062240 - Manufacturer: unknown
   0.062251 - Product: unknown
   0.062261 - Serial Number: unknown
   0.062272 - Bus: 002
   0.062282 Trying to match device
   0.062293 Device does not match - skipping
   0.062307 Checking device (8087/0024) (002/002)
   0.062323 - VendorID: 8087
   0.062336 - ProductID: 0024
   0.062346 - Manufacturer: unknown
   0.062357 - Product: unknown
   0.062367 - Serial Number: unknown
   0.062378 - Bus: 002
   0.062388 Trying to match device
   0.062399 Device does not match - skipping
   0.062418 Checking device (1D6B/0002) (002/001)
   0.062437 - VendorID: 1d6b
   0.062450 - ProductID: 0002
   0.062461 - Manufacturer: unknown
   0.062472 - Product: unknown
   0.062483 - Serial Number: unknown
   0.062493 - Bus: 002
   0.062503 Trying to match device
   0.062515 Device does not match - skipping
   0.062528 Checking device (051D/0002) (001/003)
   0.062547 - VendorID: 051d
   0.062559 - ProductID: 0002
   0.062570 - Manufacturer: unknown
   0.062580 - Product: unknown
   0.062591 - Serial Number: unknown
   0.062601 - Bus: 001
   0.062612 Trying to match device
Segmentation fault (core dumped)
root@barnbox:~#

davis (davis65536) wrote :
davis (davis65536) wrote :
davis (davis65536) wrote :
davis (davis65536) wrote :
Robie Basak (racb) on 2015-08-11
Changed in nut (Ubuntu):
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nut (Ubuntu):
status: New → Confirmed
Charles Lepple (clepple) wrote :

@davis65536: I think we might have a lead on this. Are you running in a VM?

https://github.com/networkupstools/nut/issues/258

The APC portion of usbhid-ups expects that if it can open the device, it can read the string descriptors. Your system is printing "unknown" for the Manufacturer, Product and Serial Number lines for your UPS. IMHO this is also a bug elsewhere (libusb, kernel or hypervisor?) since the Product string is the easiest way to distinguish between the various 051d:0002 USB devices, though I agree that the driver should be more robust.

Can you see the APC vendor string if you run "lsusb -vvv -d051d:" as root?

davis (davis65536) wrote :
Download full text (6.3 KiB)

Hi Charles,

I can see your thinking, but no, this isn't a VM, nor is the kernel I'm using a Hypervisor - it's a plain old machine:

root@barnbox:~# grep -i hyper /proc/cpuinfo
root@barnbox:~#

I updated the machine with apt-get (again) and I also updated the machine's BIOS. Prior to doing the updates I tried the lsusb command and it worked:

root@barnbox:~# lsusb -vvv -d051d:

Bus 001 Device 003: ID 051d:0002 American Power Conversion Uninterruptible Power Supply
Device Descriptor:
  bLength 18
  bDescriptorType 1
  bcdUSB 1.10
  bDeviceClass 0 (Defined at Interface level)
  bDeviceSubClass 0
  bDeviceProtocol 0
  bMaxPacketSize0 8
  idVendor 0x051d American Power Conversion
  idProduct 0x0002 Uninterruptible Power Supply
  bcdDevice 0.06
  iManufacturer 3 American Power Conversion
  iProduct 1 Back-UPS CS 350 FW:807.q10 .I USB FW:q10
  iSerial 2 4B1419P32390
  bNumConfigurations 1
  Configuration Descriptor:
    bLength 9
    bDescriptorType 2
    wTotalLength 34
    bNumInterfaces 1
    bConfigurationValue 1
    iConfiguration 0
    bmAttributes 0xe0
      Self Powered
      Remote Wakeup
    MaxPower 2mA
    Interface Descriptor:
      bLength 9
      bDescriptorType 4
      bInterfaceNumber 0
      bAlternateSetting 0
      bNumEndpoints 1
      bInterfaceClass 3 Human Interface Device
      bInterfaceSubClass 0 No Subclass
      bInterfaceProtocol 0 None
      iInterface 0
        HID Device Descriptor:
          bLength 9
          bDescriptorType 33
          bcdHID 1.10
          bCountryCode 33 US
          bNumDescriptors 1
          bDescriptorType 34 Report
          wDescriptorLength 1217
         Report Descriptors:
           ** UNAVAILABLE **
      Endpoint Descriptor:
        bLength 7
        bDescriptorType 5
        bEndpointAddress 0x81 EP 1 IN
        bmAttributes 3
          Transfer Type Interrupt
          Synch Type None
          Usage Type Data
        wMaxPacketSize 0x0006 1x 6 bytes
        bInterval 100
Device Status: 0x0000
  (Bus Powered)
root@barnbox:~#

However, weirdly, since doing the update, usbhid-ups no longer segfaults - it still doesn't work, but it's interesting

Annoyingly, I never ran the intermediate stages, so I don't know which change made the difference (I suppose it could be HP's firmware doing something funky, but I doubt it...):

I believe this usbhid-ups command should match the UPS, but it appears to skip it:

root@barnbox:~# /lib/nut/usbhid-ups -u nut -a apc -x bus=001 -x vendorid=051D -x productid=0002 -DDDD
Network UPS Tools - Generic HID driver 0.38 (2.7.1)
USB communication driver 0.32
   0.000000 debug level is '4'
   0.000409 upsdrv_initups...
   0.022724 Checking device (1D6B/0003) (005/001)
   0.023048 - ...

Read more...

Charles Lepple (clepple) wrote :

Since you only have one UPS, I would recommend removing the extra "-x" options (this prevents problems down the road if a new kernel assigns a different bus number). I believe the regex matcher is case-sensitive, so the "051D" does not match.

Interestingly enough, we did have another recent unreproducible report of an APC-related segfault that cleared up after a reboot: https://github.com/networkupstools/nut/issues/252 but it would be interesting to find out why the string descriptors are sometimes not available.

davis (davis65536) wrote :

Hi Charles,

Thanks. I think that solved it:

root@barnbox:~# tail -n 7 /etc/nut/ups.conf && /lib/nut/usbhid-ups -u nut -a apc

[apc]
        driver = usbhid-ups
        port = auto
        desc = "APC Back-UPS"
        #bus="001"
        #vendor="051d"
Network UPS Tools - Generic HID driver 0.38 (2.7.1)
USB communication driver 0.32
Using subdriver: APC HID 0.95
root@barnbox:~#

FWIW when I report this original bug I did reboot, update, reboot and re-test just to be sure it still existed... I really *did* try to narrow it down!

Thanks anyway... now to go back to the UPS config as planned!

I wonder if https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812604 is related?

I also see a segfault on discovering the UPS, with an APC Back-UPS ES attached.

Charles Lepple (clepple) wrote :

@william-gallaf, likely related.

While the patch mentioned in comment #6 above will prevent the segfault, it also prevents the driver from determining whether some APC workarounds need to be applied:

https://github.com/networkupstools/nut/blob/master/drivers/apc-hid.c#L40

Which size Back-UPS ES do you have?

Does "lsusb -vvv" ever not print the iProduct string?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.