Bug 479918 - gvfsd-gphoto2 segfaults "browsing" iPhone pictures
Summary: gvfsd-gphoto2 segfaults "browsing" iPhone pictures
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: gvfs
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Tomáš Bžatek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-01-14 00:54 UTC by Tom London
Modified: 2015-03-03 22:33 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-05-20 11:49:25 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Screenshot showing problems when selecting "gthumb" (187.63 KB, image/png)
2009-02-12 14:56 UTC, Tom London
no flags Details
"Dbus is not happy with your iPhone" window when gvfs-gphoto2 segfaults.... (13.09 KB, image/png)
2009-02-12 14:58 UTC, Tom London
no flags Details
Error popup when trying to open iPhone folder..... (10.26 KB, image/png)
2009-02-17 15:42 UTC, Tom London
no flags Details

Description Tom London 2009-01-14 00:54:57 UTC
Description of problem:
When I plug in my iPhone, I get the nice "picture icons" on the desktop for it.

Clicking down to the folder where there are pictures repeatedly crashes gvfsd-gphoto2. The nice camera icons vanish, and all I get is a segfault message in /var/log/messages:

Jan 13 16:29:35 tlondon kernel: gvfsd-gphoto2[16412]: segfault at 10 ip 00000039ac6093c4 sp 00007fff23b69a70 error 4 in libpthread-2.9.90.so[39ac600000+17000]

If I "gdb -p" before browsing, I get this backtrace:

(gdb) cont
Continuing.
[New Thread 0x7fe31e6b4910 (LWP 3631)]
[Thread 0x7fe31e6b4910 (LWP 3631) exited]
[New Thread 0x7fe31e6b4910 (LWP 3632)]
[Thread 0x7fe31e6b4910 (LWP 3632) exited]
[New Thread 0x7fe31e6b4910 (LWP 3633)]
[Thread 0x7fe31e6b4910 (LWP 3633) exited]
[New Thread 0x7fe31e6b4910 (LWP 3634)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fe31e6b4910 (LWP 3634)]
0x00000039aba788fe in malloc_consolidate () from /lib64/libc.so.6
(gdb) where
#0  0x00000039aba788fe in malloc_consolidate () from /lib64/libc.so.6
#1  0x00000039aba7abb1 in _int_malloc () from /lib64/libc.so.6
#2  0x00000039aba7cae8 in malloc () from /lib64/libc.so.6
#3  0x00000039ba6167da in gp_list_new () from /usr/lib64/libgphoto2.so.2
#4  0x00000039ba6127ef in gp_filesystem_number ()
   from /usr/lib64/libgphoto2.so.2
#5  0x00000039ba613a32 in ?? () from /usr/lib64/libgphoto2.so.2
#6  0x00000039ba613d7c in gp_filesystem_get_file ()
   from /usr/lib64/libgphoto2.so.2
#7  0x00000039ba60a815 in gp_camera_file_get () from /usr/lib64/libgphoto2.so.2
#8  0x000000000040b855 in dbus_message_append_args ()
#9  0x0000000000410e24 in dbus_message_append_args ()
#10 0x00000039ace62b47 in ?? () from /lib64/libglib-2.0.so.0
#11 0x00000039ace615b4 in ?? () from /lib64/libglib-2.0.so.0
#12 0x00000039ac6076da in start_thread () from /lib64/libpthread.so.0
#13 0x00000039abae644d in clone () from /lib64/libc.so.6
#14 0x0000000000000000 in ?? ()
(gdb) quit
The program is running.  Quit anyway (and detach it)? (y or n) y
Detaching from program: /usr/libexec/gvfsd-gphoto2, process 3440
[root@tlondon ~]#

Sorry, I didn't have the debuginfo package installed for the above. I will install and recreate.

Version-Release number of selected component (if applicable):
gvfs-gphoto2-1.1.3-4.fc11.x86_64

How reproducible:
Every time

Steps to Reproduce:
1. Plug in iPhone
2. Double click a few times to open directory with actual pictures
3. segfault.....
  
Actual results:


Expected results:


Additional info:

Comment 1 Tom London 2009-01-14 01:01:19 UTC
After installing debuginfo packages, I get something slightly different:

[Thread 0x7f1cb0071910 (LWP 4611) exited]

Program received signal SIGABRT, Aborted.
0x00000039aba32f55 in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) where
#0  0x00000039aba32f55 in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00000039aba34ac3 in abort () at abort.c:88
#2  0x00000039aba724e8 in __libc_message (do_abort=2, 
    fmt=0x39abb3c710 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#3  0x00000039aba77f78 in malloc_printerr (action=2, 
    str=0x39abb3c740 "munmap_chunk(): invalid pointer", 
    ptr=<value optimized out>) at malloc.c:5994
#4  0x00000039af632d43 in g_icon_to_string_tokenized (s=<value optimized out>, 
    icon=<value optimized out>) at gicon.c:206
#5  IA__g_icon_to_string (icon=<value optimized out>) at gicon.c:291
#6  0x00000031fa40da25 in _g_dbus_append_file_attribute ()
   from /usr/lib64/libgvfscommon.so.0
#7  0x00000031fa40db71 in _g_dbus_append_file_info ()
   from /usr/lib64/libgvfscommon.so.0
#8  0x0000000000414efc in dbus_message_append_args () at dbus-message.c:1485
#9  0x00000000004115d3 in dbus_message_append_args () at dbus-message.c:1485
#10 0x00000039ada0b82d in IA__g_closure_invoke (closure=0x9726a0, 
    return_value=0x0, n_param_values=1, param_values=0x9b6da0, 
    invocation_hint=0x7fffbcfa0dc0) at gclosure.c:767
#11 0x00000039ada222f4 in signal_emit_unlocked_R (node=0x97e410, detail=0, 
    instance=0x9bbb50, emission_return=0x0, instance_and_params=0x9b6da0)
---Type <return> to continue, or q <return> to quit---
    at gsignal.c:3282
#12 0x00000039ada23d09 in IA__g_signal_emit_valist (instance=0x9bbb50, 
    signal_id=<value optimized out>, detail=0, var_args=0x7fffbcfa0fa0)
    at gsignal.c:2977
#13 0x00000039ada24273 in IA__g_signal_emit (instance=0x11c3, signal_id=4547, 
    detail=6) at gsignal.c:3034
#14 0x00000000004090fd in dbus_message_append_args () at dbus-message.c:1485
#15 0x0000000000410dd4 in dbus_message_append_args () at dbus-message.c:1485
#16 0x000000000040d31b in dbus_message_append_args () at dbus-message.c:1485
#17 0x00000039ada0b82d in IA__g_closure_invoke (closure=0x97c610, 
    return_value=0x0, n_param_values=2, param_values=0x9d0380, 
    invocation_hint=0x7fffbcfa1250) at gclosure.c:767
#18 0x00000039ada22610 in signal_emit_unlocked_R (node=0x97b830, detail=0, 
    instance=0x97d0e0, emission_return=0x0, instance_and_params=0x9d0380)
    at gsignal.c:3244
#19 0x00000039ada23d09 in IA__g_signal_emit_valist (instance=0x97d0e0, 
    signal_id=<value optimized out>, detail=0, var_args=0x7fffbcfa1430)
    at gsignal.c:2977
#20 0x00000039ada24273 in IA__g_signal_emit (instance=0x11c3, signal_id=4547, 
    detail=6) at gsignal.c:3034
#21 0x000000000040f743 in dbus_message_append_args () at dbus-message.c:1485
#22 0x000000000040e499 in dbus_message_append_args () at dbus-message.c:1485
#23 0x00000039b560ef7b in dbus_connection_dispatch (connection=0x9cc4b0)
---Type <return> to continue, or q <return> to quit---
    at dbus-connection.c:4406
#24 0x0000000000419e45 in ?? ()
#25 0x00000039ace37bfb in g_main_dispatch (context=<value optimized out>)
    at gmain.c:1814
#26 IA__g_main_context_dispatch (context=0x9793c0) at gmain.c:2367
#27 0x00000039ace3b3bd in g_main_context_iterate (context=0x9793c0, block=1, 
    dispatch=1, self=<value optimized out>) at gmain.c:2448
#28 0x00000039ace3b8ed in IA__g_main_loop_run (loop=0x9799e0) at gmain.c:2656
#29 0x000000000040cff0 in dbus_message_append_args () at dbus-message.c:1485
#30 0x000000000040d24e in dbus_message_append_args () at dbus-message.c:1485
#31 0x00000039aba1e5c6 in __libc_start_main (
    main=0x40d200 <dbus_message_append_args+22072>, argc=4, 
    ubp_av=0x7fffbcfa1a78, init=0x41c070, fini=<value optimized out>, 
    rtld_fini=<value optimized out>, stack_end=0x7fffbcfa1a68)
    at libc-start.c:220
#32 0x0000000000407c09 in dbus_message_append_args () at dbus-message.c:1485
#33 0x00007fffbcfa1a68 in ?? ()
#34 0x000000000000001c in ?? ()
#35 0x0000000000000004 in ?? ()
#36 0x00007fffbcfa2d06 in ?? ()
#37 0x00007fffbcfa2d21 in ?? ()
#38 0x00007fffbcfa2d2b in ?? ()
#39 0x00007fffbcfa2d30 in ?? ()
---Type <return> to continue, or q <return> to quit---
#40 0x0000000000000000 in ?? ()
(gdb)

Comment 2 Tom London 2009-01-28 17:45:58 UTC
Continues with gvfs*-1.1.4-2.fc11.x86_64:

[root@tlondon ~]# rpm -qa gvfs\*
gvfs-1.1.4-2.fc11.x86_64
gvfs-archive-1.1.4-2.fc11.x86_64
gvfs-smb-1.1.4-2.fc11.x86_64
gvfs-obexftp-1.1.4-2.fc11.x86_64
gvfs-fuse-1.1.4-2.fc11.x86_64
gvfs-gphoto2-1.1.4-2.fc11.x86_64
gvfs-debuginfo-1.1.4-2.fc11.x86_64
[root@tlondon ~]# 


Loaded symbols for /usr/lib64/libgphoto2/2.4.4/ptp2.so
0x00000039abadca16 in __poll (fds=0x1e00400, nfds=4, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:87
87	  int result = INLINE_SYSCALL (poll, 3, CHECK_N (fds, nfds), nfds, timeout);
(gdb) cont
Continuing.
[New Thread 0x7f0658be8910 (LWP 4669)]
[Thread 0x7f0658be8910 (LWP 4669) exited]
[New Thread 0x7f0658be8910 (LWP 4671)]
[Thread 0x7f0658be8910 (LWP 4671) exited]
[New Thread 0x7f0658be8910 (LWP 4672)]
[Thread 0x7f0658be8910 (LWP 4672) exited]
[New Thread 0x7f0658be8910 (LWP 4683)]
[Thread 0x7f0658be8910 (LWP 4683) exited]
[New Thread 0x7f0658be8910 (LWP 4687)]
[Thread 0x7f0658be8910 (LWP 4687) exited]
[New Thread 0x7f0658be8910 (LWP 4690)]
[Thread 0x7f0658be8910 (LWP 4690) exited]
[New Thread 0x7f0658be8910 (LWP 4693)]

Program received signal SIGABRT, Aborted.
0x00000039aba32f55 in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install libgcc-4.3.2-7.x86_64
(gdb) where
#0  0x00000039aba32f55 in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00000039aba34ac3 in abort () at abort.c:88
#2  0x00000039aba724e8 in __libc_message (do_abort=2, 
    fmt=0x39abb3c710 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#3  0x00000039aba77f78 in malloc_printerr (action=2, 
    str=0x39abb3c7b0 "double free or corruption (fasttop)", 
    ptr=<value optimized out>) at malloc.c:5994
#4  0x00000039aba7a536 in __libc_free (mem=0x39abb32b60) at malloc.c:3625
#5  0x00000037ba258555 in IA__g_strfreev (str_array=0x1e2aa10)
    at gstrfuncs.c:2558
#6  0x0000003d1280db80 in _g_dbus_append_file_info (iter=0x7fff65b17f40, 
    info=0x1e16830) at gvfsdaemonprotocol.c:269
#7  0x0000000000414efc in create_reply (job=<value optimized out>, 
    connection=<value optimized out>, message=0x1e14ef0)
    at gvfsjobqueryinfo.c:197
#8  0x00000000004115d3 in send_reply (job=0x1e02ab0) at gvfsjobdbus.c:166
#9  0x00000037ba60b82d in IA__g_closure_invoke (closure=0x1dba6a0, 
    return_value=0x0, n_param_values=1, param_values=0x1dd5520, 
    invocation_hint=0x7fff65b18120) at gclosure.c:767
#10 0x00000037ba6222f4 in signal_emit_unlocked_R (node=0x1dc6410, detail=0, 
    instance=0x1e02ab0, emission_return=0x0, instance_and_params=0x1dd5520)
---Type <return> to continue, or q <return> to quit---
    at gsignal.c:3282
#11 0x00000037ba623d09 in IA__g_signal_emit_valist (instance=0x1e02ab0, 
    signal_id=<value optimized out>, detail=0, var_args=0x7fff65b18300)
    at gsignal.c:2977
#12 0x00000037ba624273 in IA__g_signal_emit (instance=0x10d2, signal_id=4306, 
    detail=6) at gsignal.c:3034
#13 0x00000000004090fd in try_query_info (backend=<value optimized out>, 
    job=0x1e02ab0, 
    filename=0x1e29570 "/store_00010002/DCIM/100APPLE/IMG_0060.JPG", 
    flags=<value optimized out>, info=0x1e16830, matcher=<value optimized out>)
    at gvfsbackendgphoto2.c:1867
#14 0x0000000000410dd4 in g_vfs_job_try (job=0x1e02ab0) at gvfsjob.c:216
#15 0x000000000040d31b in g_vfs_daemon_queue_job (daemon=0x1dc1c00, 
    job=0x1e02ab0) at gvfsdaemon.c:453
#16 0x00000037ba60b82d in IA__g_closure_invoke (closure=0x1dc4610, 
    return_value=0x0, n_param_values=2, param_values=0x1e16520, 
    invocation_hint=0x7fff65b185b0) at gclosure.c:767
#17 0x00000037ba622610 in signal_emit_unlocked_R (node=0x1dc3830, detail=0, 
    instance=0x1dc50e0, emission_return=0x0, instance_and_params=0x1e16520)
    at gsignal.c:3244
#18 0x00000037ba623d09 in IA__g_signal_emit_valist (instance=0x1dc50e0, 
    signal_id=<value optimized out>, detail=0, var_args=0x7fff65b18790)
    at gsignal.c:2977
---Type <return> to continue, or q <return> to quit---
#19 0x00000037ba624273 in IA__g_signal_emit (instance=0x10d2, signal_id=4306, 
    detail=6) at gsignal.c:3034
#20 0x000000000040f743 in backend_dbus_handler (connection=0x1dc7340, 
    message=0x1e14ef0, user_data=<value optimized out>) at gvfsbackend.c:587
#21 0x000000000040e499 in daemon_message_func (conn=0x1dc7340, 
    message=0x1e14ef0, data=0x1dc1c00) at gvfsdaemon.c:981
#22 0x00000039b560ef7b in dbus_connection_dispatch (connection=0x1dc7340)
    at dbus-connection.c:4406
#23 0x0000000000419e45 in message_queue_dispatch (
    source=<value optimized out>, callback=<value optimized out>, 
    user_data=<value optimized out>) at dbus-gmain.c:127
#24 0x00000037ba237d1b in g_main_dispatch (context=<value optimized out>)
    at gmain.c:1814
#25 IA__g_main_context_dispatch (context=0x1dc13c0) at gmain.c:2367
#26 0x00000037ba23b4dd in g_main_context_iterate (context=0x1dc13c0, block=1, 
    dispatch=1, self=<value optimized out>) at gmain.c:2448
#27 0x00000037ba23ba0d in IA__g_main_loop_run (loop=0x1dc19e0) at gmain.c:2656
#28 0x000000000040cff0 in daemon_main (argc=4, argv=<value optimized out>, 
    max_job_threads=1, default_type=0x41c183 "gphoto2", mountable_name=0x0, 
    first_type_name=<value optimized out>) at daemon-main.c:270
#29 0x000000000040d24e in main (argc=4, argv=0x7fff65b18dd8)
    at daemon-main-generic.c:39
(gdb) 
(gdb) quit
The program is running.  Quit anyway (and detach it)? (y or n) y
LND: Sending signal 6 to Thread 0x7f065daf8790 (LWP 4306)
Detaching from program: /usr/libexec/gvfsd-gphoto2, process 4306
[root@tlondon ~]#

Comment 3 Matthias Clasen 2009-01-30 06:03:45 UTC
May be fixed by 

2009-01-29  Alexander Larsson  <alexl>

        * common/gvfsicon.c:
        (g_vfs_icon_to_tokens):
        Dup string to avoid double free later.

We'll get that in rawhide next week with the next release.

Comment 4 Tom London 2009-02-12 14:56:54 UTC
Created attachment 331692 [details]
Screenshot showing problems when selecting "gthumb"

Testing with gvfs-gphoto2-1.1.5-1.fc11.x86_64 seems to work better. but still crashes after some use.

I can browse to the "photos" folder, and then display each of them, but if I click on the "open gthumb viewer" button, gvfs-gphoto2 seems to terminate quickly (gdb says "Program terminated normally"), but I get an error window on top of gthumb (see attachment).  Also, the desktop icons for the iPhone vanish.

If I normally close these windows, unplug the iphone and then plug it in again, gvfs-gphoto2 segfaults:

Feb 12 06:49:07 tlondon kernel: usb 1-1: new high speed USB device using ehci_hcd and address 8
Feb 12 06:49:07 tlondon kernel: usb 1-1: New USB device found, idVendor=05ac, idProduct=1292
Feb 12 06:49:07 tlondon kernel: usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Feb 12 06:49:07 tlondon kernel: usb 1-1: Product: iPhone
Feb 12 06:49:07 tlondon kernel: usb 1-1: Manufacturer: Apple Inc.
Feb 12 06:49:07 tlondon kernel: usb 1-1: SerialNumber: 99a21bf8a8f65a1ca270e055cd379af92555df60
Feb 12 06:49:07 tlondon kernel: usb 1-1: configuration #1 chosen from 3 choices
Feb 12 06:49:08 tlondon kernel: gvfsd-gphoto2[5012]: segfault at 10 ip 0000003e74609414 sp 00007fff39a30aa0 error 4 in libpthread-2.9.90.so[3e74600000+17000]

I also get a "dbus is not happy" popup that I'll attach below.

I'm not sure how to gdb this dynamic process.

If I enable coredumps systemwide, where would this core be located?

Comment 5 Tom London 2009-02-12 14:58:18 UTC
Created attachment 331693 [details]
"Dbus is not happy with your iPhone" window when gvfs-gphoto2 segfaults....

Can't plug in iPhone a second time.....

Comment 6 Matthias Clasen 2009-02-12 15:17:22 UTC
cc'ing the right people.

Comment 7 Tom London 2009-02-12 15:36:38 UTC
Well, I thought I enabled system-wide core dumps (by commenting the "ulimit -S -c 0" line in /etc/profile, and then rebooted.

Took me 10 insert/unplug/reinsert attempts to get it to segfault again:

usb 1-1: new high speed USB device using ehci_hcd and address 15
usb 1-1: New USB device found, idVendor=05ac, idProduct=1292
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: iPhone
usb 1-1: Manufacturer: Apple Inc.
usb 1-1: SerialNumber: 99a21bf8a8f65a1ca270e055cd379af92555df60
usb 1-1: configuration #1 chosen from 3 choices
usb 1-1: USB disconnect, address 15
usb 1-1: new high speed USB device using ehci_hcd and address 16
usb 1-1: New USB device found, idVendor=05ac, idProduct=1292
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: iPhone
usb 1-1: Manufacturer: Apple Inc.
usb 1-1: SerialNumber: 99a21bf8a8f65a1ca270e055cd379af92555df60
usb 1-1: configuration #1 chosen from 3 choices
gvfsd-gphoto2[4429]: segfault at 10 ip 0000003e74609414 sp 00007fff5b44d350 error 4 in libpthread-2.9.90.so[3e74600000+17000]

But, alas, I cannot find the core file anywhere....  Guessing I didn't really enable them "system-wide"....

Comment 8 Tom London 2009-02-17 15:42:40 UTC
Created attachment 332232 [details]
Error popup when trying to open iPhone folder.....

With newer packages, I get regression:

gvfs-archive-1.1.6-1.fc11.x86_64
gvfs-debuginfo-1.1.5-1.fc11.x86_64
gvfs-fuse-1.1.6-1.fc11.x86_64
gvfs-1.1.6-1.fc11.x86_64
gvfs-gphoto2-1.1.6-1.fc11.x86_64
gvfs-smb-1.1.6-1.fc11.x86_64
gvfs-obexftp-1.1.6-1.fc11.x86_64


Feb 17 07:36:13 tlondon kernel: usb 1-1: new high speed USB device using ehci_hcd and address 7
Feb 17 07:36:13 tlondon kernel: usb 1-1: New USB device found, idVendor=05ac, idProduct=1292
Feb 17 07:36:13 tlondon kernel: usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Feb 17 07:36:13 tlondon kernel: usb 1-1: Product: iPhone
Feb 17 07:36:13 tlondon kernel: usb 1-1: Manufacturer: Apple Inc.
Feb 17 07:36:13 tlondon kernel: usb 1-1: SerialNumber: 99a21bf8a8f65a1ca270e055cd379af92555df60
Feb 17 07:36:13 tlondon kernel: usb 1-1: configuration #1 chosen from 3 choices
Feb 17 07:36:13 tlondon pulseaudio[3255]: module-hal-detect.c: D-Bus error while parsing HAL data: org.freedesktop.Hal.NoSuchProperty: No property info.capabilities on device with id /org/freedesktop/Hal/devices/usb_device_5ac_1292_99a21bf8a8f65a1ca270e055cd379af92555df60

and "The folder contents could not be displayed"; "Operation not supported"

I get a nice icon on the desktop, but nothing good happens if I try to open/etc.

Comment 9 Tom London 2009-02-17 15:51:53 UTC
Interestingly, right clicking on the "iPhone camera" icon shows the "Paste into Folder" menu item flashing on and off about 10 times per second.....

Comment 10 Bastien Nocera 2009-02-17 16:43:21 UTC
David has patches for the "reading off the iPhone" problem, they're on the gvfs and nautilus lists.

As for the "Paste into folder" menu item flashing, it was already in the GNOME bugzilla. See:
http://bugzilla.gnome.org/show_bug.cgi?id=357468#c7

But it might have regressed. Tomas, should we open a new bug?

Comment 11 Tom London 2009-03-12 22:49:15 UTC
Getting similar with gvfs-gphoto2-1.1.8-2.fc11.x86_64

Mar 12 15:47:33 tlondon kernel: gvfsd-gphoto2[14632] general protection ip:41011d sp:7fff21466860 error:0 in gvfsd-gphoto2[400000+24000]

I'll try to attach debugger and get stack trace.

Comment 12 Tom London 2009-03-12 23:04:07 UTC
Here's the gdb trace:

Program received signal SIGSEGV, Segmentation fault.
0x000000000041011d in unsubscribe (monitor=<value optimized out>, 
    subscriber=0x1c0af30) at gvfsmonitor.c:159
159	  monitor->priv->subscribers = g_list_remove (monitor->priv->subscribers, subscriber);
(gdb) where
#0  0x000000000041011d in unsubscribe (monitor=<value optimized out>, 
    subscriber=0x1c0af30) at gvfsmonitor.c:159
#1  0x0000000000410319 in vfs_monitor_message_callback (connection=0x1bf2c10, 
    message=0x1c07e10, user_data=<value optimized out>) at gvfsmonitor.c:234
#2  0x000000000040e63c in daemon_message_func (conn=0x1bf2c10, 
    message=0x1c07e10, data=0x1bb1000) at gvfsdaemon.c:981
#3  0x0000003894a105de in dbus_connection_dispatch (connection=0x1bf2c10)
    at dbus-connection.c:4406
#4  0x000000000041a0e5 in message_queue_dispatch (
    source=<value optimized out>, callback=<value optimized out>, 
    user_data=<value optimized out>) at dbus-gmain.c:127
#5  0x00007f2a7dbb411e in g_main_context_dispatch ()
   from /lib64/libglib-2.0.so.0
#6  0x00007f2a7dbb7878 in ?? () from /lib64/libglib-2.0.so.0
#7  0x00007f2a7dbb7d15 in g_main_loop_run () from /lib64/libglib-2.0.so.0
#8  0x000000000040d2ee in daemon_main (argc=<value optimized out>, 
    argv=<value optimized out>, max_job_threads=<value optimized out>, 
    default_type=0x41cc23 "gphoto2", mountable_name=<value optimized out>, 
    first_type_name=0x41cc23 "gphoto2") at daemon-main.c:290
#9  0x000000000040d57c in main (argc=4, argv=0x7fff8673c118)
    at daemon-main-generic.c:39
(gdb) list
154	  g_free (subscriber->id);
155	  g_free (subscriber->object_path);
156	  g_free (subscriber);
157	  g_object_unref (monitor);
158	  
159	  monitor->priv->subscribers = g_list_remove (monitor->priv->subscribers, subscriber);
160	  
161	}
162	
163	static DBusHandlerResult
(gdb)

Comment 13 Alexander Larsson 2009-03-13 09:19:16 UTC
Ouch. This is a crash in some recently added code.
Fixing.

Comment 14 Tom London 2009-03-13 14:18:32 UTC
Not sure its useful, but the "use case" here is:

1. plug in iPhone
2. hit cancel in the popup offering to run photo importer
3. open/browse mounted iPhone (by right clicking on desktop icon, select open/browse).
4. open up a few "sub folders" until photo thumbnails are displayed
5. view one (or more) photos (by double clicking) on thumbnail
6. start closing iPhone "folders"

Should fault after one or more "closing folders"

Comment 15 Tom London 2009-03-18 14:54:00 UTC
Uhh... sort of good news.... sort of.

With gvfs-gphoto2-1.2.0-1.fc11.x86_64, the above "script" no long seems to cause a segfault.  

But, I noticed the following after I closed all the iPhone "browse" windows, unmounted (via the desktop icon), unplugged the phone, and then "replugged":

Mar 18 07:47:15 tlondon kernel: usb 1-1: USB disconnect, address 6
Mar 18 07:47:18 tlondon kernel: usb 1-1: new high speed USB device using ehci_hcd and address 7
Mar 18 07:47:18 tlondon kernel: usb 1-1: New USB device found, idVendor=05ac, idProduct=1292
Mar 18 07:47:18 tlondon kernel: usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Mar 18 07:47:18 tlondon kernel: usb 1-1: Product: iPhone
Mar 18 07:47:18 tlondon kernel: usb 1-1: Manufacturer: Apple Inc.
Mar 18 07:47:18 tlondon kernel: usb 1-1: SerialNumber: 99a21bf8a8f65a1ca270e055cd379af92555df60
Mar 18 07:47:18 tlondon kernel: usb 1-1: configuration #1 chosen from 3 choices
Mar 18 07:47:18 tlondon pulseaudio[4297]: module-hal-detect.c: D-Bus error while parsing HAL data: org.freedesktop.Hal.NoSuchProperty: No property info.capabilities on device with id /org/freedesktop/Hal/devices/usb_device_5ac_1292_99a21bf8a8f65a1ca270e055cd379af92555df60
Mar 18 07:47:19 tlondon kernel: gvfsd-gphoto2[6879]: segfault at 10 ip 000000388ba08df1 sp 00007fffb0408200 error 4 in libpthread-2.9.90.so[388ba00000+17000]
Mar 18 07:48:06 tlondon kernel: usb 1-1: USB disconnect, address 7

I'm not sure how to track this down, since it seems to produce no core dump (at least none that I could locate, even though I have this in my rc.local):

ulimit -S -c unlimited > /dev/null 2>&1

And, I don't think I can "gdb grab" the process, since it appears and dies too quickly.

Suggestions?

Comment 16 Tom London 2009-03-18 14:55:43 UTC
BTW, the segfault described in #15 doesn't happen all the time. Unplugging and replugging again 'worked'.

Comment 17 Tom London 2009-05-19 21:16:00 UTC
I can no longer reproduce this.

Close?

Comment 18 Tomáš Bžatek 2009-05-20 11:49:25 UTC
Closing for the time being, if the problem appears again, please reopen this bugreport. There was number of changes in gvfs since this issue was first reported.


Note You need to log in before you can comment on or make changes to this bug.