Bug 951167

Summary: [abrt] libgpod-0.8.2-9.fc20: lockdownd_start_service: Process /usr/lib/udev/iphone-set-info was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Alexandru Stoian <herk>
Component: libgpodAssignee: Bastien Nocera <bnocera>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: alanh, benjaminfogel, bnocera, bperkins, cfergeau, chkr, ciekawy, dtimms, jlieskov, joel, kdubrick, nathaniel, selinux, timwa1
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:71843da47e79b82d39f95397dc585eba8dd2ab39
Fixed In Version: libgpod-0.8.3-1.fc18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-13 01:07:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 970172    
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Alexandru Stoian 2013-04-11 14:52:04 UTC 
Description of problem:
Plugging in an iPhone 5 triggers this an a few other segfaults.

Version-Release number of selected component:
libgpod-0.8.2-9.fc20

Additional info:
backtrace_rating: 4
cmdline:        /lib/udev/iphone-set-info
crash_function: lockdownd_start_service
executable:     /usr/lib/udev/iphone-set-info
kernel:         3.9.0-0.rc6.git0.1.fc20.x86_64
runlevel:       N 5
uid:            0
ureports_counter: 2

Truncated backtrace:
Thread no. 1 (3 frames)
 #0 lockdownd_start_service at lockdown.c:1518
 #1 iphone_write_sysinfo_extended at ipod-lockdown.c:153
 #2 write_sysinfo_extended at iphone-callout.c:21
Comment 1 Alexandru Stoian 2013-04-11 14:52:11 UTC 
Created attachment 734263 [details]
File: backtrace
Comment 2 Alexandru Stoian 2013-04-11 14:52:17 UTC 
Created attachment 734264 [details]
File: cgroup
Comment 3 Alexandru Stoian 2013-04-11 14:52:19 UTC 
Created attachment 734265 [details]
File: core_backtrace
Comment 4 Alexandru Stoian 2013-04-11 14:52:24 UTC 
Created attachment 734266 [details]
File: dso_list
Comment 5 Alexandru Stoian 2013-04-11 14:52:28 UTC 
Created attachment 734267 [details]
File: environ
Comment 6 Alexandru Stoian 2013-04-11 14:52:30 UTC 
Created attachment 734268 [details]
File: limits
Comment 7 Alexandru Stoian 2013-04-11 14:52:32 UTC 
Created attachment 734269 [details]
File: maps
Comment 8 Alexandru Stoian 2013-04-11 14:52:46 UTC 
Created attachment 734270 [details]
File: open_fds
Comment 9 Alexandru Stoian 2013-04-11 14:52:48 UTC 
Created attachment 734271 [details]
File: proc_pid_status
Comment 10 Alexandru Stoian 2013-04-11 14:52:52 UTC 
Created attachment 734272 [details]
File: var_log_messages
Comment 11 Christophe Fergeau 2013-07-09 15:42:24 UTC 
This is fixed by http://sourceforge.net/p/gtkpod/libgpod/ci/e620b2fbdd818a4b32fa927875936ba0476952e5/tree/src/itdb_iphone.c?diff=0a3750d1b19183c6684ed998247b2a28fe1e6c5f

(scratch build with this patch at http://koji.fedoraproject.org/koji/taskinfo?taskID=5588005 )
I'll try to release libgpod 0.8.3 this week with this fix in.
Comment 12 Christophe Fergeau 2013-07-09 15:43:41 UTC 
*** Bug 961851 has been marked as a duplicate of this bug. ***
Comment 13 Christophe Fergeau 2013-07-09 15:54:46 UTC 
(In reply to Christophe Fergeau from comment #11)
> This is fixed by
> http://sourceforge.net/p/gtkpod/libgpod/ci/
> e620b2fbdd818a4b32fa927875936ba0476952e5/tree/src/itdb_iphone.
> c?diff=0a3750d1b19183c6684ed998247b2a28fe1e6c5f
> 

Make that http://sourceforge.net/p/gtkpod/libgpod/ci/e620b2fbdd818a4b32fa927875936ba0476952e5/
Comment 14 Ken Dubrick 2013-07-16 17:34:29 UTC 
Trying to add music library...160gb

reporter:       libreport-2.1.5
backtrace_rating: 4
cmdline:        /lib/udev/iphone-set-info
crash_function: lockdownd_start_service
executable:     /usr/lib/udev/iphone-set-info
kernel:         3.9.9-302.fc19.i686
package:        libgpod-0.8.2-9.fc19
reason:         Process /usr/lib/udev/iphone-set-info was killed by signal 11 (SIGSEGV)
runlevel:       N 5
uid:            0
Comment 15 David Timms 2013-08-12 11:41:09 UTC 
plugged in iphone 4s while rhythmbox is running

reporter:       libreport-2.1.6
backtrace_rating: 4
cmdline:        /lib/udev/iphone-set-info
crash_function: lockdownd_start_service
executable:     /usr/lib/udev/iphone-set-info
kernel:         3.10.4-300.fc19.x86_64
package:        libgpod-0.8.2-9.fc19
reason:         Process /usr/lib/udev/iphone-set-info was killed by signal 11 (SIGSEGV)
runlevel:       unknown
uid:            0
Comment 16 benjaminfogel 2013-08-19 06:50:29 UTC 
Plugged in my ipod. Then ran 'dmesg' and the error appeared there.

reporter:       libreport-2.1.6
backtrace_rating: 4
cmdline:        /lib/udev/iphone-set-info
crash_function: lockdownd_start_service
executable:     /usr/lib/udev/iphone-set-info
kernel:         3.10.6-200.fc19.x86_64
package:        libgpod-0.8.2-9.fc19
reason:         Process /usr/lib/udev/iphone-set-info was killed by signal 11 (SIGSEGV)
runlevel:       N 5
uid:            0
Comment 17 Alan Hamilton 2013-08-24 02:17:54 UTC 
I'm getting this too, normally when the computer wakes and has an iPod attached.

It looks like iphone_write_sysinfo_extended() in ipod-lockdown.c in libgpod is calling iphone_write_sysinfo_extended() in lockdown.c in libimobiledevices.

It's passing a pointer to a uint16_t but the function is expecting a pointer to  lockdownd_service_descriptor_t and that's what's causing the crash.

        uint16_t afcport = 0;
...
        if (LOCKDOWN_E_SUCCESS != lockdownd_start_service(client, "com.apple.afc", &afcport)) {

... lockdown_start_service is
lockdownd_error_t lockdownd_start_service(lockdownd_client_t client, const char *identifier, lockdownd_service_descriptor_t *service)
...
       if (*service) {
                // reset fields if service descriptor is reused
                (*service)->port = 0;
                (*service)->ssl_enabled = 0; // CRASH!!!
        }

Unfortunately I'm not familiar with what it's trying to to, but it's clearly calling lockdownd_start_service() with the wrong parameter.
Comment 18 Christophe Fergeau 2013-08-26 10:13:29 UTC 
This is fixed upstream by http://sourceforge.net/p/gtkpod/libgpod/ci/e620b2fbdd818a4b32fa927875936ba0476952e5/ which I really need to backport to the fedora package /o\
Comment 19 Szymon Stasik 2013-08-28 14:19:55 UTC 
after applying the patch from Comment 18 now gtkpod/banshee and other apps libgpod based apps freeze when iPhone device is connected. It's not even possible to such process them since dfunct process is left
Comment 20 Szymon Stasik 2013-08-28 15:03:53 UTC 
I've found using strace that gtkpod freezes on:

access("/run/user/1000/gvfs/smb-share:server=file,share=public,user=_myusername_/iTunes_Control", F_OK <unfinished ...>
Comment 21 Szymon Stasik 2013-08-28 15:23:02 UTC 
so another bugs that seem needed to be fixed to allow iTunes access:

https://bugzilla.redhat.com/show_bug.cgi?id=977437
https://bugs.archlinux.org/task/35490
Comment 22 Christophe Fergeau 2013-09-04 11:41:58 UTC 
*** Bug 1002211 has been marked as a duplicate of this bug. ***
Comment 23 Fedora Update System 2013-09-04 12:32:09 UTC 
libgpod-0.8.3-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/libgpod-0.8.3-1.fc20
Comment 24 Fedora Update System 2013-09-04 12:42:55 UTC 
libgpod-0.8.3-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/libgpod-0.8.3-1.fc19
Comment 25 Fedora Update System 2013-09-04 12:56:29 UTC 
libgpod-0.8.3-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/libgpod-0.8.3-1.fc18
Comment 26 Fedora Update System 2013-09-05 01:32:36 UTC 
Package libgpod-0.8.3-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libgpod-0.8.3-1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-15789/libgpod-0.8.3-1.fc18
then log in and leave karma (feedback).
Comment 27 Fedora Update System 2013-09-13 01:07:54 UTC 
libgpod-0.8.3-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 28 Fedora Update System 2013-09-13 01:09:18 UTC 
libgpod-0.8.3-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 29 Fedora Update System 2013-09-22 23:59:23 UTC 
libgpod-0.8.3-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 30 Peter Robinson 2013-11-05 13:52:38 UTC 
*** Bug 970175 has been marked as a duplicate of this bug. ***
Comment 31 Peter Robinson 2013-11-05 13:53:30 UTC 
*** Bug 977437 has been marked as a duplicate of this bug. ***