python-gammu icon indicating copy to clipboard operation
python-gammu copied to clipboard

Published 20 hours ago verified publisher icon gammu

Incoming SMS on a SIM800C USB modem will crash

Open ocalvo opened this issue 3 years ago • 6 comments

When using SMS callbacks with a SIM800C modem, the call to ReadDevice crash the process:

gammu/src/gammu.c:430

Fatal Python error: Segmentation fault

Current thread 0x00007fd295440700 (most recent call first):
  File "/mnt/s/dd/Repos/ha/core/homeassistant/components/sms/gateway.py", line 44 in sms_pull
  File "/mnt/s/dd/Repos/ha/core/venv/lib/python3.8/site-packages/python_gammu-3.2.3-py3.8-linux-x86_64.egg/gammu/worker.py", line 247 in run
  File "/usr/lib/python3.8/threading.py", line 932 in _bootstrap_inner
  File "/usr/lib/python3.8/threading.py", line 890 in _bootstrap

(gdb) backtrace
#0  0x00000000005f26bb in PyObject_Call ()
#1  0x00007fffe12601fb in CheckIncomingEvents (sm=0x7fffe061c030) at gammu/src/gammu.c:430
#2  0x00007fffe1262790 in StateMachine_ReadDevice (self=0x7fffe061c030, args=<optimized out>, kwds=<optimized out>)
    at gammu/src/gammu.c:893
#3  0x0000000000504939 in ?? ()
#4  0x000000000056acb6 in _PyEval_EvalFrameDefault ()
#5  0x000000000050b6fe in ?? ()
#6  0x000000000056fb87 in _PyEval_EvalFrameDefault ()
#7  0x00000000005f5956 in _PyFunction_Vectorcall ()
#8  0x000000000056acb6 in _PyEval_EvalFrameDefault ()
#9  0x00000000005f5956 in _PyFunction_Vectorcall ()
#10 0x000000000056acb6 in _PyEval_EvalFrameDefault ()
#11 0x00000000005f5956 in _PyFunction_Vectorcall ()
#12 0x000000000050b7f8 in ?? ()
#13 0x00000000005f2702 in PyObject_Call ()
#14 0x000000000065578c in ?? ()
#15 0x0000000000675d48 in ?? ()
#16 0x00007fffff586609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#17 0x00007fffff6c2293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb)

More info

(gdb) print *sm

$4 = {ob_base = {ob_refcnt = 5, ob_type = 0x7fffe127dca0 <StateMachineType>}, s = 0x7fffe0020010, DebugFile = 0x0,
  IncomingCallback = 0x0, SMSStatus = 0, MessageReference = 0, IncomingCallQueue = {0x0 <repeats 11 times>},
  IncomingSMSQueue = {0x0 <repeats 11 times>}, IncomingCBQueue = {0x0 <repeats 11 times>}, IncomingUSSDQueue = {
    0x0 <repeats 11 times>}, memory_entry_cache_type = 0, memory_entry_cache = 1, todo_entry_cache = 1,
  calendar_entry_cache = 1, mutex = 0x19534e0}

ocalvo avatar Sep 23 '21 03:09 ocalvo

Having stack trace from the segfault would help. Most likely this is actually an issue in the Gammu library.

nijel avatar Sep 23 '21 06:09 nijel

@nijel Where are the dumps? I have a system where I can repro this, but I dont know how to get the dump of stack trace.

ocalvo avatar Sep 23 '21 19:09 ocalvo

I know how to get a dump, but I can only do it from my production system, but that system contains too many secrets. I will try with a VM over the weekend.

ocalvo avatar Sep 24 '21 02:09 ocalvo

See https://wiki.archlinux.org/title/Debugging/Getting_traces#Getting_the_trace for guide to get trace from the core dump.

nijel avatar Sep 27 '21 07:09 nijel

See https://wiki.archlinux.org/title/Debugging/Getting_traces#Getting_the_trace for guide to get trace from the core dump.

I am using WSL 1.0 and it does not support core dumps. However I updated the issue with the callback info.

Gamma.c is referencing the null pointer of the callback function.

ocalvo avatar Oct 03 '21 06:10 ocalvo

Looking at https://github.com/home-assistant/core/pull/56552, the problem is probably in using Gammu functions from the callback, what is not safe. I'm not sure if this is somewhere documented, but it can definitely cause problems.

nijel avatar Oct 04 '21 07:10 nijel