Bug 834359 - Lenovo X220 fails to suspend with segfault at upowerd
Summary: Lenovo X220 fails to suspend with segfault at upowerd
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: libimobiledevice
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Peter Robinson
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 836399 836764 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-21 16:10 UTC by Radoslav Husar
Modified: 2013-07-09 15:48 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-10-09 14:38:17 UTC
Type: Bug


Attachments (Terms of Use)

Description Radoslav Husar 2012-06-21 16:10:33 UTC
Description of problem:
[21204.246410] usb 2-1.2: new high-speed USB device number 3 using ehci_hcd
[21204.336535] usb 2-1.2: New USB device found, idVendor=05ac, idProduct=12a0
[21204.336544] usb 2-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[21204.336551] usb 2-1.2: Product: iPhone
[21204.336555] usb 2-1.2: Manufacturer: Apple Inc.
[21204.336559] usb 2-1.2: SerialNumber: 5f69d3a91b28fe9ede1b472a05e3a376c3782706
[21204.935242] ipheth 2-1.2:4.2: Apple iPhone USB Ethernet device attached
[21204.935847] usbcore: registered new interface driver ipheth
[21204.956043] ADDRCONF(NETDEV_UP): eth0: link is not ready
[21205.399472] upowerd[1183]: segfault at 0 ip 0000003fa5906720 sp 00007fff8334c838 error 4 in libc-2.15.so[3fa5800000+1ac000]
[21205.858743] iphone-set-info[11628]: segfault at 0 ip 0000003fa5906720 sp 00007fff3e732608 error 4 in libc-2.15.so[3fa5800000+1ac000]
[28726.921884] upowerd[13819]: segfault at 0 ip 0000003fa5906720 sp 00007fffefbb7398 error 4 in libc-2.15.so[3fa5800000+1ac000]
[28750.074393] upowerd[13857]: segfault at 0 ip 0000003fa5906720 sp 00007fffe605c2e8 error 4 in libc-2.15.so[3fa5800000+1ac000]
[28792.211545] upowerd[13965]: segfault at 0 ip 0000003fa5906720 sp 00007fffdc1271c8 error 4 in libc-2.15.so[3fa5800000+1ac000]


Version-Release number of selected component (if applicable):
LATEST

How reproducible:
Suspend F17 on x220.

Steps to Reproduce:
1.
2.
3.
  
Actual results:
segfault, screen is locked

Expected results:
Suspended computer

Additional info:

Comment 1 Richard Hughes 2012-06-25 06:50:03 UTC
Can you get a backtrace please. Thanks.

Comment 2 Nadim Kobeissi 2012-06-30 02:55:09 UTC
Not sure if this helps, but this problem doesn't occur on a ThinkPad X230.

Comment 3 Alan Hamilton 2012-07-01 20:42:21 UTC
It appears to be this bug:
http://libiphone.lighthouseapp.com/projects/27916/tickets/265-userpref_get_config_dir-segfaults-when-home-is-undefined

When an iOS device is connected, upowerd pulls in libimobiledevice. If  XDG_CONFIG_HOME is not set in the environment, it tries to copy the value of HOME instead. However, in the systemd environment, HOME is null and strcpy() causes a SEGV. It isn't checking if HOME is null.

This isn't specific to the Thinkad; it should happen on any system with an iOS device plugged in. libimobiledevice needs to be updated to correctly handle a null HOME.

Here's the backtrace from F17:

#0  __stpcpy_chk () at ../sysdeps/x86_64/strcpy_chk.S:71
#1  0x00007f9c643f225c in strcpy (__src=<optimized out>, __dest=
    0x7f9c64602600 "") at /usr/include/bits/string3.h:105
#2  userpref_get_config_dir () at userpref.c:128
#3  userpref_get_config_dir () at userpref.c:105
#4  0x00007f9c643f25d4 in userpref_get_host_id (host_id=host_id@entry=
    0x7fff05ef3fb0) at userpref.c:406
#5  0x00007f9c643f5c1d in lockdownd_client_new_with_handshake (
    device=<optimized out>, client=client@entry=0x7fff05ef4058, 
    label=label@entry=0x41bb5d "upower") at lockdown.c:717
#6  0x0000000000412cbb in up_device_idevice_coldplug (device=
    0x11473e0 [UpDeviceIdevice]) at up-device-idevice.c:105
#7  0x000000000040b6ab in up_device_coldplug (device=device@entry=
    0x11473e0 [UpDeviceIdevice], daemon=<optimized out>, 
    native=<optimized out>) at up-device.c:548
#8  0x0000000000411861 in up_backend_device_new (native=
    0x113b720 [GUdevDevice], backend=0x112e4f0 [UpBackend]) at up-backend.c:128
#9  up_backend_device_add (backend=backend@entry=0x112e4f0 [UpBackend], native=
    0x113b720 [GUdevDevice]) at up-backend.c:229
#10 0x00000000004120db in up_backend_coldplug (backend=0x112e4f0 [UpBackend], 
    daemon=daemon@entry=0x1122010 [UpDaemon]) at up-backend.c:324
#11 0x0000000000408e0f in up_daemon_startup (daemon=daemon@entry=
    0x1122010 [UpDaemon]) at up-daemon.c:753
#12 0x0000000000406d77 in main (argc=1, argv=0x7fff05ef4408) at up-main.c:289

Comment 4 Nadim Kobeissi 2012-07-02 01:54:00 UTC
I previously filed a similar bug which describes the same iPhone issue on a ThinkPad X230: https://bugzilla.redhat.com/show_bug.cgi?id=836399

Comment 5 Richard Hughes 2012-07-02 07:57:56 UTC
This is a bug in lockdownd.

Comment 6 Richard Hughes 2012-07-02 08:12:58 UTC
*** Bug 836399 has been marked as a duplicate of this bug. ***

Comment 7 Nadim Kobeissi 2012-07-03 23:02:18 UTC
Any ETA for a fix?

Comment 8 Peter Robinson 2012-07-03 23:26:14 UTC
I'm not sure what lockdownd is and what it has with libimobiledevice tbh

Comment 9 Richard Hughes 2012-07-04 07:01:13 UTC
(In reply to comment #8)
> I'm not sure what lockdownd is and what it has with libimobiledevice tbh

It's a library for accessing Apple hardware.

Comment 10 Radoslav Husar 2012-07-16 08:19:48 UTC
The analysis of the problem is correct, the problem is indeed when iOS device is connected. Thanks guys.

Comment 11 Mengxuan Xia 2012-08-05 02:30:06 UTC
Is there any walkaround for this?

Comment 12 Mengxuan Xia 2012-08-05 02:34:51 UTC
On my laptop. upowerd crashes. I loss battery indication. Also loss the ability to suspend the laptop.
Aug  4 22:20:05 THINK-MX upowerd[4739]: (upowerd:4739): UPower-Linux-WARNING **: energy_full (48.190000) is greater than energy_full_design (47.520000)
Aug  4 22:20:06 THINK-MX kernel: [ 1671.609524] upowerd[4739]: segfault at 0 ip 0000003d3fb06700 sp 00007fff94d74838 error 4 in libc-2.15.so[3d3fa00000+1ac000]
Aug  4 22:20:06 THINK-MX abrtd: Directory 'ccpp-2012-08-04-22:20:06-4739' creation detected
Aug  4 22:20:06 THINK-MX abrt[4759]: Saved core dump of pid 4739 (/usr/libexec/upowerd) to /var/spool/abrt/ccpp-2012-08-04-22:20:06-4739 (18333696 bytes)
Aug  4 22:20:06 THINK-MX systemd[1]: upower.service: main process exited, code=dumped, status=11
Aug  4 22:20:06 THINK-MX systemd[1]: Unit upower.service entered failed state.
Aug  4 22:20:06 THINK-MX abrtd: Duplicate: core backtrace
Aug  4 22:20:06 THINK-MX abrtd: DUP_OF_DIR: /var/spool/abrt/ccpp-2012-08-04-21:24:22-867
Aug  4 22:20:06 THINK-MX abrtd: Problem directory is a duplicate of /var/spool/abrt/ccpp-2012-08-04-21:24:22-867
Aug  4 22:20:06 THINK-MX abrtd: Deleting problem directory ccpp-2012-08-04-22:20:06-4739 (dup of ccpp-2012-08-04-21:24:22-867)

Comment 13 Alan Hamilton 2012-08-05 04:40:16 UTC
You can add the HOME environment to the unit file /usr/lib/systemd/system/upower.service:

[Unit]
Description=Daemon for power management

[Service]
Type=dbus
BusName=org.freedesktop.UPower
# ###Workaround, %h is systemd's user's home
Environment=HOME=%h
ExecStart=/usr/libexec/upowerd

[Install]
# We pull this in by graphical.target instead of waiting for the bus
# activation, to speed things up a little: gdm uses this anyway so it is nice
# if it is already around when gdm wants to use it and doesn't have to wait for
# it.
WantedBy=graphical.target


After editing you need to either reboot or run "systemctl --system daemon-reload" and "systemctl start upower.service".

Incorporating the upstream fix is the ultimate solution, of course.

Comment 14 Mengxuan Xia 2012-08-05 13:43:09 UTC
Alan,

With Environment=HOME=%h which I think gives HOME=/root, It causes iphone-set-info to crash due to https://bugzilla.redhat.com/show_bug.cgi?id=733701

Nevertheless, it keeps upowerd from crashing.

Comment 15 Fedora Update System 2012-09-05 10:39:05 UTC
libimobiledevice-1.1.4-4.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/libimobiledevice-1.1.4-4.fc18

Comment 16 Gwyn Ciesla 2012-09-05 10:52:46 UTC
Can we have this update for f17 as well?  This bug is against that release, and I'd personally love seeing it fixed there, as I use it.

Comment 17 Gwyn Ciesla 2012-09-07 17:58:51 UTC
Bastien, will we see this libimobiledevice update for f17?

Comment 18 Mengxuan Xia 2012-09-12 22:14:34 UTC
Jon, I took the src.rpm from f18 update and patched f17 rpm by my self. You can try to do this for the moment as it seems the maintainer is currently not available.

Comment 19 Gwyn Ciesla 2012-09-13 12:30:44 UTC
I may do that short term.  Bastien, also, I'm a provenpackager and could do this for you if you'd like asssistance.

Comment 20 Bastien Nocera 2012-09-13 13:39:20 UTC
I did my best to try and compile the package for Fedora 17, but got hit by:
http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets/285-cant-compile-cython-bindings

I'd personally nuke the Cython bindings, nothing useful uses them.

Comment 21 Gwyn Ciesla 2012-09-13 13:45:46 UTC
Changelog says that was disabled in -3, so I'd think -4 should work.

Comment 22 Gwyn Ciesla 2012-09-19 16:11:59 UTC
I tried this on 17, and it builds and fixes that crash.  It exposed a crash in gtkpod, but that's good.  I'll commit and build tomorrow unless you object, or approve sooner.

Comment 23 Fedora Update System 2012-09-20 12:59:52 UTC
libimobiledevice-1.1.4-4.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/libimobiledevice-1.1.4-4.fc17

Comment 24 Alan Hamilton 2012-09-21 17:38:18 UTC
The new build fixes it for me. Thanks!

Comment 25 Fedora Update System 2012-09-22 00:10:29 UTC
Package libimobiledevice-1.1.4-4.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libimobiledevice-1.1.4-4.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-14503/libimobiledevice-1.1.4-4.fc17
then log in and leave karma (feedback).

Comment 26 Peter Robinson 2012-10-09 14:38:17 UTC
This has been pushed to stable

Comment 27 Christophe Fergeau 2013-07-09 15:48:21 UTC
*** Bug 836764 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.