Segfault with iPhone 15 Pro Max with iOS 17.4.1

[pavel-odintsov]

Hello!

I hope you're doing well.

I'm trying to plug iPhone 15 Pro Max to my Ubuntu 24.04 LTS laptop (frame.work) via USB-C (official Apple cable) and it crashes with segmentation fault:

sudo dmesg|grep segfault
[ 9577.458336] usbmuxd[20374]: segfault at 18 ip 000073c6540a3239 sp 000073c652dff780 error 4 in libc.so.6[73c654028000+188000] likely on CPU 6 (core 3, socket 0)
[ 9581.460237] usbmuxd[20492]: segfault at 18 ip 00007605206a3239 sp 000076051f3ff780 error 4 in libc.so.6[760520628000+188000] likely on CPU 11 (core 5, socket 0)

Software versions:

dpkg -l |grep usbmux
ii  libusbmuxd6:amd64                              2.0.2-4build3                               amd64        USB multiplexor daemon for iPhone and iPod Touch devices - library
ii  usbmuxd                                        1.1.1-5~exp3ubuntu2                         amd64        USB multiplexor daemon for iPhone and iPod Touch devices

Output from daemon itself:

sudo journalctl -u usbmuxd -f 



May 08 14:17:37 framework systemd[1]: Started usbmuxd.service - Socket daemon for the usbmux protocol used by Apple devices.
May 08 14:17:37 framework usbmuxd[20347]: [14:17:37.296][3] usbmuxd v1.1.1 starting up
May 08 14:17:37 framework usbmuxd[20347]: [14:17:37.297][3] Successfully dropped privileges to 'usbmux'
May 08 14:17:37 framework usbmuxd[20347]: [14:17:37.297][3] Using libusb 1.0.27
May 08 14:17:37 framework usbmuxd[20347]: libusb: warning [op_get_configuration] device unconfigured
May 08 14:17:37 framework usbmuxd[20347]: libusb: error [op_get_active_config_descriptor] device unconfigured
May 08 14:17:37 framework usbmuxd[20347]: [14:17:37.302][3] Could not get old configuration descriptor for device 1-30: LIBUSB_ERROR_NOT_FOUND
May 08 14:17:37 framework usbmuxd[20347]: [14:17:37.365][3] Initialization complete
May 08 14:17:37 framework usbmuxd[20347]: [14:17:37.365][3] Enabled exit on SIGUSR1 if no devices are attached. Start a new instance with "--exit" to trigger.
May 08 14:17:37 framework usbmuxd[20347]: [14:17:37.366][3] Connecting to new device on location 0x1001e as ID 1
May 08 14:17:37 framework usbmuxd[20347]: [14:17:37.366][3] Connected to v2.0 device 1 on location 0x1001e with serial number 00008130-000439411E98001C
May 08 14:17:37 framework usbmuxd[20347]: [14:17:37.422][3] Removed device 1 on location 0x1001e
May 08 14:17:37 framework usbmuxd[20347]: [14:17:37.432][3] usbmuxd shutting down
May 08 14:17:37 framework usbmuxd[20347]: [14:17:37.533][3] Shutdown complete

May 08 14:17:38 framework systemd[1]: usbmuxd.service: Main process exited, code=dumped, status=11/SEGV
May 08 14:17:38 framework systemd[1]: usbmuxd.service: Failed with result 'core-dump'.

[pavel-odintsov]

I run it manually via gdb and replicated crash:

 sudo gdb /usr/sbin/usbmuxd
GNU gdb (Ubuntu 15.0.50.20240403-0ubuntu1) 15.0.50.20240403-git
Copyright (C) 2024 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/usbmuxd...
(No debugging symbols found in /usr/sbin/usbmuxd)
(gdb) run --user usbmux --systemd
Starting program: /usr/sbin/usbmuxd --user usbmux --systemd

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
warning: could not find '.gnu_debugaltlink' file for /lib/x86_64-linux-gnu/libcap.so.2
[14:49:01.446][3] usbmuxd v1.1.1 starting up
[14:49:01.449][3] Successfully dropped privileges to 'usbmux'
[14:49:01.449][3] Using libusb 1.0.27
[New Thread 0x7ffff74006c0 (LWP 27291)]
[14:49:01.455][3] Initialization complete
[14:49:01.455][3] Enabled exit on SIGUSR1 if no devices are attached. Start a new instance with "--exit" to trigger.





libusb: warning [op_get_configuration] device unconfigured
libusb: error [op_get_active_config_descriptor] device unconfigured
[14:49:20.416][3] Could not get old configuration descriptor for device 1-71: LIBUSB_ERROR_NOT_FOUND
[14:49:20.474][3] Connecting to new device on location 0x10047 as ID 1
[14:49:20.475][3] Connected to v2.0 device 1 on location 0x10047 with serial number 00008130-000439411E98001C
[New Thread 0x7ffff6a006c0 (LWP 27316)]

[New Thread 0x7ffff60006c0 (LWP 27349)]
[14:49:20.891][1] ERROR: Failed to read '/var/lib/lockdown/00008130-000439411E98001C.plist': No such file or directory
[14:49:21.168][3] Removed device 1 on location 0x10047
[Thread 0x7ffff60006c0 (LWP 27349) exited]

Thread 1 "usbmuxd" received signal SIGUSR1, User defined signal 1.
0x00007ffff7d1ba00 in __GI_ppoll (fds=0x555555575650, nfds=4, timeout=<optimised out>, sigmask=0x7fffffffe1f0)
    at ../sysdeps/unix/sysv/linux/ppoll.c:42
warning: 42	../sysdeps/unix/sysv/linux/ppoll.c: No such file or directory
(gdb) 

Backtrace:

(gdb) 
(gdb) bt
#0  0x00007ffff7d1ba00 in __GI_ppoll (fds=0x555555575650, nfds=4, timeout=<optimised out>, sigmask=0x7fffffffe1f0)
    at ../sysdeps/unix/sysv/linux/ppoll.c:42
#1  0x000055555555a22d in ?? ()
#2  0x00007ffff7c2a1ca in __libc_start_call_main (main=main@entry=0x5555555594e0, argc=argc@entry=4, 
    argv=argv@entry=0x7fffffffe468) at ../sysdeps/nptl/libc_start_call_main.h:58
#3  0x00007ffff7c2a28b in __libc_start_main_impl (main=0x5555555594e0, argc=4, argv=0x7fffffffe468, init=<optimised out>, 
    fini=<optimised out>, rtld_fini=<optimised out>, stack_end=0x7fffffffe458) at ../csu/libc-start.c:360
#4  0x000055555555c715 in ?? ()