Bug 951167 - [abrt] libgpod-0.8.2-9.fc20: lockdownd_start_service: Process /usr/lib/udev/iphone-set-info was killed by signal 11 (SIGSEGV)
Summary: [abrt] libgpod-0.8.2-9.fc20: lockdownd_start_service: Process /usr/lib/udev/i...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: libgpod
Version: rawhide
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Bastien Nocera
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:71843da47e79b82d39f95397dc5...
: 961851 977437 1002211 (view as bug list)
Depends On:
Blocks: CVE-2013-2142
TreeView+ depends on / blocked
 
Reported: 2013-04-11 14:52 UTC by Alexandru Stoian
Modified: 2013-11-05 13:53 UTC (History)
14 users (show)

Fixed In Version: libgpod-0.8.3-1.fc18
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-09-13 01:07:54 UTC


Attachments (Terms of Use)
File: backtrace (16.14 KB, text/plain)
2013-04-11 14:52 UTC, Alexandru Stoian
no flags Details
File: cgroup (172 bytes, text/plain)
2013-04-11 14:52 UTC, Alexandru Stoian
no flags Details
File: core_backtrace (423 bytes, text/plain)
2013-04-11 14:52 UTC, Alexandru Stoian
no flags Details
File: dso_list (3.32 KB, text/plain)
2013-04-11 14:52 UTC, Alexandru Stoian
no flags Details
File: environ (845 bytes, text/plain)
2013-04-11 14:52 UTC, Alexandru Stoian
no flags Details
File: limits (1.29 KB, text/plain)
2013-04-11 14:52 UTC, Alexandru Stoian
no flags Details
File: maps (16.55 KB, text/plain)
2013-04-11 14:52 UTC, Alexandru Stoian
no flags Details
File: open_fds (176 bytes, text/plain)
2013-04-11 14:52 UTC, Alexandru Stoian
no flags Details
File: proc_pid_status (903 bytes, text/plain)
2013-04-11 14:52 UTC, Alexandru Stoian
no flags Details
File: var_log_messages (1.72 KB, text/plain)
2013-04-11 14:52 UTC, Alexandru Stoian
no flags Details

Description Alexandru Stoian 2013-04-11 14:52:04 UTC
Description of problem:
Plugging in an iPhone 5 triggers this an a few other segfaults.

Version-Release number of selected component:
libgpod-0.8.2-9.fc20

Additional info:
backtrace_rating: 4
cmdline:        /lib/udev/iphone-set-info
crash_function: lockdownd_start_service
executable:     /usr/lib/udev/iphone-set-info
kernel:         3.9.0-0.rc6.git0.1.fc20.x86_64
runlevel:       N 5
uid:            0
ureports_counter: 2

Truncated backtrace:
Thread no. 1 (3 frames)
 #0 lockdownd_start_service at lockdown.c:1518
 #1 iphone_write_sysinfo_extended at ipod-lockdown.c:153
 #2 write_sysinfo_extended at iphone-callout.c:21

Comment 1 Alexandru Stoian 2013-04-11 14:52:11 UTC
Created attachment 734263 [details]
File: backtrace

Comment 2 Alexandru Stoian 2013-04-11 14:52:17 UTC
Created attachment 734264 [details]
File: cgroup

Comment 3 Alexandru Stoian 2013-04-11 14:52:19 UTC
Created attachment 734265 [details]
File: core_backtrace

Comment 4 Alexandru Stoian 2013-04-11 14:52:24 UTC
Created attachment 734266 [details]
File: dso_list

Comment 5 Alexandru Stoian 2013-04-11 14:52:28 UTC
Created attachment 734267 [details]
File: environ

Comment 6 Alexandru Stoian 2013-04-11 14:52:30 UTC
Created attachment 734268 [details]
File: limits

Comment 7 Alexandru Stoian 2013-04-11 14:52:32 UTC
Created attachment 734269 [details]
File: maps

Comment 8 Alexandru Stoian 2013-04-11 14:52:46 UTC
Created attachment 734270 [details]
File: open_fds

Comment 9 Alexandru Stoian 2013-04-11 14:52:48 UTC
Created attachment 734271 [details]
File: proc_pid_status

Comment 10 Alexandru Stoian 2013-04-11 14:52:52 UTC
Created attachment 734272 [details]
File: var_log_messages

Comment 11 Christophe Fergeau 2013-07-09 15:42:24 UTC
This is fixed by http://sourceforge.net/p/gtkpod/libgpod/ci/e620b2fbdd818a4b32fa927875936ba0476952e5/tree/src/itdb_iphone.c?diff=0a3750d1b19183c6684ed998247b2a28fe1e6c5f

(scratch build with this patch at http://koji.fedoraproject.org/koji/taskinfo?taskID=5588005 )
I'll try to release libgpod 0.8.3 this week with this fix in.

Comment 12 Christophe Fergeau 2013-07-09 15:43:41 UTC
*** Bug 961851 has been marked as a duplicate of this bug. ***

Comment 13 Christophe Fergeau 2013-07-09 15:54:46 UTC
(In reply to Christophe Fergeau from comment #11)
> This is fixed by
> http://sourceforge.net/p/gtkpod/libgpod/ci/
> e620b2fbdd818a4b32fa927875936ba0476952e5/tree/src/itdb_iphone.
> c?diff=0a3750d1b19183c6684ed998247b2a28fe1e6c5f
> 

Make that http://sourceforge.net/p/gtkpod/libgpod/ci/e620b2fbdd818a4b32fa927875936ba0476952e5/

Comment 14 Ken Dubrick 2013-07-16 17:34:29 UTC
Trying to add music library...160gb

reporter:       libreport-2.1.5
backtrace_rating: 4
cmdline:        /lib/udev/iphone-set-info
crash_function: lockdownd_start_service
executable:     /usr/lib/udev/iphone-set-info
kernel:         3.9.9-302.fc19.i686
package:        libgpod-0.8.2-9.fc19
reason:         Process /usr/lib/udev/iphone-set-info was killed by signal 11 (SIGSEGV)
runlevel:       N 5
uid:            0

Comment 15 David Timms 2013-08-12 11:41:09 UTC
plugged in iphone 4s while rhythmbox is running

reporter:       libreport-2.1.6
backtrace_rating: 4
cmdline:        /lib/udev/iphone-set-info
crash_function: lockdownd_start_service
executable:     /usr/lib/udev/iphone-set-info
kernel:         3.10.4-300.fc19.x86_64
package:        libgpod-0.8.2-9.fc19
reason:         Process /usr/lib/udev/iphone-set-info was killed by signal 11 (SIGSEGV)
runlevel:       unknown
uid:            0

Comment 16 benjaminfogel 2013-08-19 06:50:29 UTC
Plugged in my ipod. Then ran 'dmesg' and the error appeared there.

reporter:       libreport-2.1.6
backtrace_rating: 4
cmdline:        /lib/udev/iphone-set-info
crash_function: lockdownd_start_service
executable:     /usr/lib/udev/iphone-set-info
kernel:         3.10.6-200.fc19.x86_64
package:        libgpod-0.8.2-9.fc19
reason:         Process /usr/lib/udev/iphone-set-info was killed by signal 11 (SIGSEGV)
runlevel:       N 5
uid:            0

Comment 17 Alan Hamilton 2013-08-24 02:17:54 UTC
I'm getting this too, normally when the computer wakes and has an iPod attached.

It looks like iphone_write_sysinfo_extended() in ipod-lockdown.c in libgpod is calling iphone_write_sysinfo_extended() in lockdown.c in libimobiledevices.

It's passing a pointer to a uint16_t but the function is expecting a pointer to  lockdownd_service_descriptor_t and that's what's causing the crash.

        uint16_t afcport = 0;
...
        if (LOCKDOWN_E_SUCCESS != lockdownd_start_service(client, "com.apple.afc", &afcport)) {

... lockdown_start_service is
lockdownd_error_t lockdownd_start_service(lockdownd_client_t client, const char *identifier, lockdownd_service_descriptor_t *service)
...
       if (*service) {
                // reset fields if service descriptor is reused
                (*service)->port = 0;
                (*service)->ssl_enabled = 0; // CRASH!!!
        }

Unfortunately I'm not familiar with what it's trying to to, but it's clearly calling lockdownd_start_service() with the wrong parameter.

Comment 18 Christophe Fergeau 2013-08-26 10:13:29 UTC
This is fixed upstream by http://sourceforge.net/p/gtkpod/libgpod/ci/e620b2fbdd818a4b32fa927875936ba0476952e5/ which I really need to backport to the fedora package /o\

Comment 19 Szymon Stasik 2013-08-28 14:19:55 UTC
after applying the patch from Comment 18 now gtkpod/banshee and other apps libgpod based apps freeze when iPhone device is connected. It's not even possible to such process them since dfunct process is left

Comment 20 Szymon Stasik 2013-08-28 15:03:53 UTC
I've found using strace that gtkpod freezes on:

access("/run/user/1000/gvfs/smb-share:server=file,share=public,user=_myusername_/iTunes_Control", F_OK <unfinished ...>

Comment 21 Szymon Stasik 2013-08-28 15:23:02 UTC
so another bugs that seem needed to be fixed to allow iTunes access:

https://bugzilla.redhat.com/show_bug.cgi?id=977437
https://bugs.archlinux.org/task/35490

Comment 22 Christophe Fergeau 2013-09-04 11:41:58 UTC
*** Bug 1002211 has been marked as a duplicate of this bug. ***

Comment 23 Fedora Update System 2013-09-04 12:32:09 UTC
libgpod-0.8.3-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/libgpod-0.8.3-1.fc20

Comment 24 Fedora Update System 2013-09-04 12:42:55 UTC
libgpod-0.8.3-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/libgpod-0.8.3-1.fc19

Comment 25 Fedora Update System 2013-09-04 12:56:29 UTC
libgpod-0.8.3-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/libgpod-0.8.3-1.fc18

Comment 26 Fedora Update System 2013-09-05 01:32:36 UTC
Package libgpod-0.8.3-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libgpod-0.8.3-1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-15789/libgpod-0.8.3-1.fc18
then log in and leave karma (feedback).

Comment 27 Fedora Update System 2013-09-13 01:07:54 UTC
libgpod-0.8.3-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 28 Fedora Update System 2013-09-13 01:09:18 UTC
libgpod-0.8.3-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 29 Fedora Update System 2013-09-22 23:59:23 UTC
libgpod-0.8.3-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 30 Peter Robinson 2013-11-05 13:52:38 UTC
*** Bug 970175 has been marked as a duplicate of this bug. ***

Comment 31 Peter Robinson 2013-11-05 13:53:30 UTC
*** Bug 977437 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.