I am also convinced that the bug is not inside the pcscd. It could be inside libifd-cyberjack6 or libusb. Please help investigating it.
The exact HW I am using is this device: http://www.reiner- sct.com/produkte/chipkartenleser/cyberjack_secoder.html?pEl=2 To reproduce the bug let the device unconnecting and start the pcscd deamon with options "-d -f". Connect the device, disconnect the device and reconnect. I compiled the source packages in order to investigate the bug a little deeper on my own. When the device is connected the first time a bunch of threads are spawned where 2 will last for longer time. The 2 mentioned threads have the IDs 5+6. (gdb) info thr Id Target Id Frame 6 Thread 0x7ffff555d700 (LWP 19617) "pcscd" 0x00007ffff75aab9d in nanosleep () at ../sysdeps/unix/syscall-template.S:81 5 Thread 0x7ffff5d5e700 (LWP 19616) "pcscd" 0x00007ffff72c2fbd in poll () at ../sysdeps/unix/syscall-template.S:81 2 Thread 0x7ffff71d4700 (LWP 19581) "pcscd" 0x00007ffff72c7c33 in select () at ../sysdeps/unix/syscall-template.S:81 * 1 Thread 0x7ffff7fcf740 (LWP 19580) "pcscd" 0x00007ffff72c7c33 in select () at ../sysdeps/unix/syscall-template.S:81 Thead with ID 5 will cause the crash later on: Looking into the call stack show the following: (gdb) thr 5 [Switching to thread 5 (Thread 0x7ffff5d5e700 (LWP 19616))] #0 0x00007ffff72c2fbd in poll () at ../sysdeps/unix/syscall-template.S:81 81 ../sysdeps/unix/syscall-template.S: No such file or directory. (gdb) bt #0 0x00007ffff72c2fbd in poll () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007ffff658d248 in poll (__timeout=-1, __nfds=2, __fds=0x7ffff5d5def0) at /usr/include/x86_64-linux-gnu/bits/poll2.h:46 #2 linux_udev_event_thread_main (arg=<optimized out>) at ../../libusb/os/linux_udev.c:175 #3 0x00007ffff75a3182 in start_thread (arg=0x7ffff5d5e700) at pthread_create.c:312 #4 0x00007ffff72d030d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 When disconnecting the device the thread with ID5 is gone while the one with ID5 is still present but in a strange state. info threads Id Target Id Frame 5 Thread 0x7ffff5d5e700 (LWP 19616) "pcscd" 0x00007ffff72c2fbd in poll () at ../sysdeps/unix/syscall-template.S:81 2 Thread 0x7ffff71d4700 (LWP 19581) "pcscd" 0x00007ffff72c7c33 in select () at ../sysdeps/unix/syscall-template.S:81 * 1 Thread 0x7ffff7fcf740 (LWP 19580) "pcscd" 0x00007ffff72c7c33 in select () at ../sysdeps/unix/syscall-template.S:81 (gdb) thr 5 [Switching to thread 5 (Thread 0x7ffff5d5e700 (LWP 19616))] #0 0x00007ffff72c2fbd in poll () at ../sysdeps/unix/syscall-template.S:81 81 ../sysdeps/unix/syscall-template.S: No such file or directory. (gdb) bt #0 0x00007ffff72c2fbd in poll () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007ffff658d248 in ?? () #2 0x00007ffff7590868 in __elf_set___libc_thread_subfreeres_element___rpc_thread_destroy__ () #3 0x00007ffff7590860 in __elf_set___libc_thread_subfreeres_element_res_thread_freeres__ () from /lib/x86_64-linux-gnu/libc.so.6 #4 0x0000000100000006 in ?? () #5 0x0000000100000005 in ?? () #6 0x00007ffff5d5e700 in ?? () #7 0x00007ffff5d5e700 in ?? () #8 0x0000000000000000 in ?? () The thread seems to be in destruction but is still waiting inside poll for something. Perhaps some hook (pthread_cleanup_push)? In Task List it has still an priority, so it's no zombie. When I reconnect the device the pcscd crashed after some seconds. This is the stack trace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff658d248 in ?? () (gdb) bt #0 0x00007ffff658d248 in ?? () #1 0x00007ffff7590868 in __elf_set___libc_thread_subfreeres_element___rpc_thread_destroy__ () #2 0x00007ffff7590860 in __elf_set___libc_thread_subfreeres_element_res_thread_freeres__ () from /lib/x86_64-linux-gnu/libc.so.6 #3 0x0000000100000006 in ?? () #4 0x0001000100000005 in ?? () #5 0x00007ffff5d5e700 in ?? () #6 0x00007ffff5d5e700 in ?? () #7 0x0000000000000000 in ?? () (gdb) info threads Id Target Id Frame * 5 Thread 0x7ffff5d5e700 (LWP 19616) "pcscd" 0x00007ffff658d248 in ?? () 2 Thread 0x7ffff71d4700 (LWP 19581) "pcscd" 0x00007ffff72c7c33 in select () at ../sysdeps/unix/syscall-template.S:81 1 Thread 0x7ffff7fcf740 (LWP 19580) "pcscd" 0x00007ffff72c7c33 in select () at ../sysdeps/unix/syscall-template.S:81 The poll returned and while returning the segfault is beeing generated. The thread itself stucks inside libusb. Perhaps the error is inside libusb. I have not the project knowledge to get deeper into it. ** Package changed: pcsc-lite (Ubuntu) => pcsc-cyberjack (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296288 Title: pcscd crashes when disconnecting / reconnecting USB device To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcsc-cyberjack/+bug/1296288/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
