Ubuntu
usb-modeswitch package

usb_modeswitch_[2193]: segfault at 8 ip 00007eff40eab681 sp 00007fff6a785f58 error 4 in libc-2.13.so[7eff40e29000+195000]

Bug #824147 reported by mrl586
70
This bug affects 11 people
Affects Status Importance Assigned to Milestone
usb-modeswitch (Ubuntu)
Fix Released
High
Mathieu Trudel-Lapierre

Bug Description

mrl586@COMPAQ:~$ lsb_release -rd
Description: Ubuntu oneiric (development branch)
Release: 11.10
mrl586@COMPAQ:~$ apt-cache policy usb-modeswitch
usb-modeswitch:
  Asennettu: 1.1.9-1ubuntu2
  Ehdokas: 1.1.9-1ubuntu2
  Versiotaulukko:
 *** 1.1.9-1ubuntu2 0
        500 http://archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
        100 /var/lib/dpkg/status

Usb-modeswich segfault when I plug in Huawei E353 to computer.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: usb-modeswitch 1.1.9-1ubuntu2
ProcVersionSignature: Ubuntu 3.0.0-8.10-generic 3.0.1
Uname: Linux 3.0.0-8-generic x86_64
Architecture: amd64
Date: Wed Aug 10 22:33:44 2011
InstallationMedia: Kubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427)
SourcePackage: usb-modeswitch
UpgradeStatus: Upgraded to oneiric on 2011-07-23 (18 days ago)

Related branches

lp:~cyphermox/ubuntu/oneiric/usb-modeswitch/lp824147
Steve Langasek: Needs Fixing
Diff: 142 lines (+45/-20)
5 files modified
debian/changelog (+11/-0)
debian/patches/03_use_udev_specifics.patch (+16/-4)
debian/patches/dispatcher-c-rewrite.patch (+10/-8)
usb_modeswitch.sh (+2/-4)
usb_modeswitch_dispatcher.c (+6/-4)
Revision history for this message
mrl586 (mrl586) wrote :
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Hi,

In this kind of case you should also have a crash report under /var/crash. Could you please verify if there is a file starting in _usr_sbin_usb_modeswitch_dispatcher_* ? It should contain a crash dump which will be useful in debugging this problem. If such a file exists, please use the following command to file a new bug with its details:

apport-bug /var/crash/<crash file>

Thanks!

Changed in usb-modeswitch (Ubuntu):
status: New → Incomplete
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Actually, let's give this another shot in case: if you just reconnect the device, does it then switch properly or is this happening every single time?

Revision history for this message
mrl586 (mrl586) wrote :

This happening always if use it without mobile partner. But if I have mobile partner installed, I can't see this segfault.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

What is this mobile partner?

Revision history for this message
mrl586 (mrl586) wrote :

It is management program (and maybe driver) for Huawei E353 stick.

Revision history for this message
mrl586 (mrl586) wrote :

Another user from Ubuntu Finland can confirm this bug. He uses Huawei E367.

Changed in usb-modeswitch (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
ourasi (ourasi) wrote :

I can confirm.

Same segfault happens also with Nokia CS-15 modem and Mobile Partner doesn't solve that.
E 367 and CS-15 are segaulting also if I install usb-modeswitch 1.1.9 to Mint 10 (with backported libpipeline1).

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Could you try to modify the file in /lib/udev/usb_modeswitch, and change the third line from the end to:

exec ltrace /usr/sbin/usb_modeswitch_dispatcher "$@" >/tmp/ltrace.txt 2>&1 &

(take a backup of the file first).

Then try to connect the dongle again (without the Mobile Partner of course); and attach /tmp/ltrace.txt to this bug report when it crashes. This should tell us more about where things break.

Thanks in advance!

Changed in usb-modeswitch (Ubuntu):
importance: Undecided → High
status: Confirmed → Incomplete
Revision history for this message
mrl586 (mrl586) wrote :
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Hasn't this run not crashed? Please make sure you don't re-run usb-modeswitch before attaching the ltrace log; since it will get overwritten every time the binary runs. If you run usb-modeswitch once and it segfaults, copy the file immediately to some other place if you need a working 3G device to connect to the internet at attach the file to this bug...

Revision history for this message
Rodrigo Tobar (rtobarc) wrote :

I'm also affected by this bug. I replaced the line with

exec ltrace /usr/sbin/usb_modeswitch_dispatcher "$@" >/tmp/ltrace-$(date).txt 2>&1 &

to avoid name clashes, and, as Mathieu observed, the process exited normally (meaning that the usb modem got switched, modemmanager recognized it, and network-manager was able to use it). I'm attaching the last trace file for you to see, although now I'm not sure if it's useful or not.

Revision history for this message
Rodrigo Tobar (rtobarc) wrote :
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Well, I won't be able to get anything fixed unless we catch one such occurrence (with the ltrace log) when the modeswitch application is crashing (therefore writing its message segfault in syslog). Again, this one appears to be ending succesfully, so not much to do with it...

Unless I'm missing a part here? For the run for which you attached the log, do you also see a "segfault in 8 ..." line in syslog?

Revision history for this message
mrl586 (mrl586) wrote :

I think that latest udev update solved this problem on oneiric.

Revision history for this message
Rodrigo Tobar (rtobarc) wrote :

After trying several things out, I realized that only changing the invocation to:

exec /usr/sbin/usb_modeswitch_dispatcher "$@" > /dev/null 2>&1 &

definitely solves the problem.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

was it still "exec tclsh" ?

Revision history for this message
Rodrigo Tobar (rtobarc) wrote :

no, this was on 3rd line from the end of /lib/udev/usb_modeswitch, originally:

exec /usr/sbin/usb_modeswitch_dispatcher "$@" 2>/dev/null &

, now

exec /usr/sbin/usb_modeswitch_dispatcher "$@" >/dev/null 2>&1 &

Revision history for this message
Mauricio Pretto (pretto) wrote :

Hi Mathieu,

I have reported the bug https://bugs.launchpad.net/bugs/827679 , let me know if you think it's related as Rodrigo pointed and if you want me to provide some logs for you.

Revision history for this message
ourasi (ourasi) wrote :

I can confirm, that line

exec /usr/sbin/usb_modeswitch_dispatcher "$@" > /dev/null 2>&1 &

in /lib/udev/usb_modeswitch

solved segfault problem with Huawei E367 and Nokia CS-15 modems

tested in Linux Mint 10 and 11

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Well, I'll need to look this up, because I can't comprehend why this would make it fail ;)

Regardless, it looks correct, so no sense in blocking on that, I'll prepare an upload.

Revision history for this message
Stefano Rivera (stefanor) wrote :

I just got this on my oneiric machine. My mirror only updates once a day, so I haven't tried this udev people speak of, but here's what I've found.
Enabling logging in /etc/usb_modeswitch.conf supresses the bug.
Got this with ltrace:

__asprintf_chk(0x608328, 1, 0x405c11, 0x405c47, 0x405c35) = 43
realloc(NULL, 16) = 0x0233bea0
access("/usr/share/usb_modeswitch/config"..., 0) = 0
pipeline_new_command_args(0x405c66, 0x405c61, 0x2328b20, 0, 0x6d5f6273752f6572) = 0x23268b0
pipeline_want_out(0x23268b0, 0xffffffff, 1, 0, 0x6168732f7273752f) = 0x23268b0
pipeline_start(0x23268b0, 0xffffffff, 1, 0, 0x6168732f7273752f) = 1
pipeline_readline(0x23268b0, 0x233bec0, 1, -1, 24107) = 0
__strdup(0, 0x233bf00, -4096, -1, 99 <unfinished ...>
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++

Revision history for this message
Stefano Rivera (stefanor) wrote :

Here's another run, got the stderr, and ltrace output. If I try to catch stdout, it looks like it doesn't segfault.

Revision history for this message
Stefano Rivera (stefanor) wrote :
Revision history for this message
Stefano Rivera (stefanor) wrote :

Got it in gdb:
 backtrace full
#0 0x0000000000401d88 in main (argc=<optimized out>, argv=<optimized out>) at usb_modeswitch_dispatcher.c:339
        reg = {buffer = 0x0, allocated = 0, used = 0, syntax = 0, fastmap = 0x0, translate = 0x0, re_nsub = 0, can_be_null = 0, regs_allocated = 0, fastmap_accurate = 0,
          no_sub = 0, not_bol = 0, not_eol = 0, newline_anchor = 0}
        match = {{rm_so = 0, rm_eo = 0}, {rm_so = 0, rm_eo = 0}, {rm_so = 0, rm_eo = 0}}
        val = <optimized out>
        tmpval = <optimized out>
        tmp = <optimized out>
        bus_id = '\000' <repeats 4095 times>
        kernel_name = <optimized out>
        dev_top = "1-3", '\000' <repeats 4092 times>
        udev_args = <optimized out>
        msg = <optimized out>
        sys_dir = <optimized out>
        fname = <optimized out>
        selected_config = <optimized out>
        line = '\000' <repeats 88 times>"\372, .\336\367\377\177", '\000' <repeats 75 times>"\200, \001\000\000\000\000\000\004y\001\000\000\000\000\000\004y\001", '\000' <repeats 13 times>, "\005\000\000\000\000\000\000\000\000p!\000\000\000\000\000\000\220!\000\000\000\000\000\224\202!\000\000\000\000\000\070\304!\000\000\000\000\000\000p\001\000\000\000\000\000\003", '\000' <repeats 175 times>, "(\232\375\367\377\177\000\000/\000\000\000\000\000\000\000Mt\336\367\377\177\000\000\000\000\000\000\000\000\000\000\017\000\000\000\000\000\000\000&\000\000\000\000\000\000\000\001", '\000' <repeats 23 times>, "0\331\377\377\377\177\000\000\271p\336\367\377\177\000\000\001\000\000\000\000\000\000\000P\232\375\367\377\177\000\000\060\331\377\377\377\177\000\000H-\336\367\377\177", '\000' <repeats 26 times>, "4\274\336\367\377\177\000\000\000\000\000\000\000\000\000\000\373"...
        i = <optimized out>
        scsi_needed = 0
        no_data = <optimized out>
        counter = <optimized out>
        no_driver_loading = <optimized out>
        found_ok = <optimized out>
        p = <optimized out>
        sleep_500 = {tv_sec = 0, tv_nsec = 500000000}
        rc = <optimized out>
        path_glob = {gl_pathc = 0, gl_pathv = 0x0, gl_offs = 0, gl_flags = 0, gl_closedir = 0, gl_readdir = 0, gl_opendir = 0, gl_lstat = 0, gl_stat = 0}
        glob_status = <optimized out>
        dev_list = <optimized out>
        dev_list2 = <optimized out>
        len = <optimized out>

Mathieu Trudel-Lapierre (cyphermox)
Changed in usb-modeswitch (Ubuntu):
status: Incomplete → In Progress
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Revision history for this message
cuc (cuc+) wrote :

the fix proposed in post #20 fixed the problem for me (ZTE MF180 HDSPA USBStick) - no more segfaults

Revision history for this message
Bartosz Porosinski (porosin) wrote :

I can confirm that fix proposed by ourasi in post #20 works for my Option GlobeSurfer iCON HSUPA USBStick.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package usb-modeswitch - 1.1.9-1ubuntu3

---------------
usb-modeswitch (1.1.9-1ubuntu3) oneiric; urgency=low

  * debian/patches/dispatcher-c-rewrite.patch: fix crash in failing to match
    devices with config lists before SCSI attributes are checked.
    (LP: #824147)
  * debian/patches/03_use_udev_specifics.patch: avoid failing if
    usb_modeswitch gets called with --symlink in udev by removing the tclsh
    call; also redirect all output from these calls to /dev/null (we don't
    need it anyway).
 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 22 Aug 2011 11:19:11 -0400

Changed in usb-modeswitch (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Rodrigo Tobar (rtobarc) wrote :

I think this issue has come back to life in 12.04. I updated to pangolin a week ago, and yesterday, after a dist-upgrade, I started to suffer this same problem. The solution I posted on #18 solves the problem again.

My usb-modeswitch version is 1.2.0+repack0-1ubuntu1

Revision history for this message
jan2ary (jan2ary) wrote :

Same for me: reproduced in 12.04 (with ZTE MF626 it breaks connectivity through gsm modem) and fix from comment #18 is worked for me.

usb-modeswitch version is 1.2.0+repack0-1ubuntu1

$ uname -a
Linux uanote0106 3.2.0-10-generic #17-Ubuntu SMP Thu Jan 19 19:04:20 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Revision history for this message
Dan N. (xdanieln) wrote :

Same for me, too.
Reproduced in 12.04 with Huawei E1750.
Fix from comment #18 is worked for me, too.

usb-modeswitch version 1.2.0+repack0-1ubuntu1

$ uname -a
Linux io2 3.2.0-11-generic #19-Ubuntu SMP Wed Jan 25 22:03:06 UTC 2012 i686 i686 i386 GNU/Linux

Revision history for this message
Andrei Lisin (terranium) wrote :

reproduced with alcatel ot-x220s
usb-modeswitch version 1.2.3+repack0-1ubuntu3 (quantal)

Revision history for this message
Andrei Lisin (terranium) wrote :

and of usb_modeswitch skript was
exec 1<&- 2<&- 5<&- 7<&-
(
 . /lib/udev/hotplug.functions
 wait_for_file /usr/sbin/usb_modeswitch_dispatcher
 exec usb_modeswitch_dispatcher --switch-mode $1 $0 >>/dev/null 2>&1 &
 exit 0
) &
exit 0

became:
exec 1<&- 2<&- 5<&- 7<&-
(
 . /lib/udev/hotplug.functions
 wait_for_file /usr/sbin/usb_modeswitch_dispatcher
 exec ltrace /usr/sbin/usb_modeswitch_dispatcher --switch-mode $1 $0 >/tmp/ltrace.txt 2>&1 &
 exit 0
) &
exit 0

ltrace is attached

workaround that I have: I created an udev rule
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0017", RUN+="/sbin/modprobe usbserial vendor=0x1bbb product=0x0017"
and it works

Revision history for this message
Andrei Lisin (terranium) wrote :

You said "correct the "search" for modprobe to properly figure out whether it's available from PATH." and looks like now it fails at strdup(getenv("PATH"));

Revision history for this message
Andrei Lisin (terranium) wrote :

I changed the line
PATH=/sbin:/usr/sbin:$PATH
to
export PATH=/sbin:/usr/sbin:$PATH

and now it works.

For some reason the PATH variable was not passed to the dispatcher.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.