Ubuntu
gvfs package

gvfsd-gphoto2 crashed with SIGSEGV in __pthread_mutex_destroy()

Bug #968186 reported by Aspersieman on 2012-03-29

286

This bug affects 176 people

	Status	Importance	Assigned to
gvfs	Fix Released	High	gnome-bugs #673893
gvfs (Ubuntu)	Fix Released	High	Martin Pitt
Precise	Fix Released	High	Martin Pitt

Bug Description

I plugged in my Nokia 5800 to import the photos with Shotwell, something I do regularly, and received this bug.

My details:
1) Ubuntu 12.04
2) Shotwell 0.11.93
3) Nokia 5800

I would like to help with more information regarding this, if necessary, so let me know if it is needed.

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: gvfs-backends 1.11.5-1ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-20.33-generic 3.2.12
Uname: Linux 3.2.0-20-generic x86_64
ApportVersion: 1.95-0ubuntu1
Architecture: amd64
CrashCounter: 1
Date: Thu Mar 29 18:21:55 2012
ExecutablePath: /usr/lib/gvfs/gvfsd-gphoto2
ProcCmdline: /usr/lib/gvfs/gvfsd-gphoto2 --spawner :1.5 /org/gtk/gvfs/exec_spaw/8
ProcEnviron:
SHELL=/bin/bash
LANG=en_US.UTF-8
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: gvfs
Title: gvfsd-gphoto2 crashed with SIGSEGV in pthread_mutex_destroy()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo vboxusers

Tags:

Related branches

lp:ubuntu/quantal/gvfs

Revision history for this message

Aspersieman (aspersieman) wrote on 2012-03-29:

Dependencies.txt Edit (5.0 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (876 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (13.5 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (829 bytes, text/plain; charset="utf-8")
Registers.txt Edit (743 bytes, text/plain; charset="utf-8")
SegvAnalysis.txt Edit (272 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (1001 bytes, text/plain; charset="utf-8")
StacktraceTop.txt Edit (210 bytes, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (2.2 KiB, text/plain; charset="utf-8")

Revision history for this message

Apport retracing service (apport) wrote on 2012-03-29: Stacktrace.txt

Stacktrace.txt Edit (3.2 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2012-03-29: StacktraceTop.txt

StacktraceTop.txt Edit (441 bytes, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2012-03-29: ThreadStacktrace.txt

ThreadStacktrace.txt Edit (5.1 KiB, text/plain)

Changed in gvfs (Ubuntu):
importance:	Undecided → Medium
summary:	- gvfsd-gphoto2 crashed with SIGSEGV in pthread_mutex_destroy() + gvfsd-gphoto2 crashed with SIGSEGV in __pthread_mutex_destroy()
tags:	removed: need-amd64-retrace

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-04-10:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gvfs (Ubuntu):
status:	New → Confirmed

Sebastien Bacher (seb128) on 2012-04-10

Changed in gvfs (Ubuntu):
importance:	Medium → High
visibility:	private → public
Changed in gvfs (Ubuntu Precise):
assignee:	nobody → Canonical Desktop Team (canonical-desktop-team)

papukaija (papukaija) on 2012-04-11

tags:

added: i386

Revision history for this message

Martin Pitt (pitti) wrote on 2012-04-11:

This stack trace makes little sense. In do_mount(), we see that the gphoto2_backend is initialized:

gphoto2_backend = 0x9930e0

A few lines before release_device (gphoto2_backend) it even dereferences gphoto2_backend->camera, and that did not give a segfault, so at that point gphoto2_backend was still valid. But at this call, the stack trace claims

#2 0x00000000004058c5 in release_device (gphoto2_backend=0x0) at gvfsbackendgphoto2.c:621

This cannot be true, before line 621 release_device() derefs gphoto2_backend dozens of times. So that 0x0 is wrong.

Revision history for this message

Martin Pitt (pitti) wrote on 2012-04-11:

I think that gphoto2_backend->lock is also not NULL, as g_mutex_clear() derefs it: g_mutex_impl_free (mutex->p); it seems it's gphoto2_backend->lock->p which is NULL then, i. e. the mutex was not initialized properly.

The only access to this aside from the _lock()/_unlock() calls is in do_mount() line 1715, i. e. it gets initialized _after_ release_device() is called (which tries to free it again).

Changed in gvfs (Ubuntu Precise):
status:	Confirmed → In Progress
assignee:	Canonical Desktop Team (canonical-desktop-team) → Martin Pitt (pitti)

Revision history for this message

Martin Pitt (pitti) wrote on 2012-04-11:

I sent a patch to the upstream bug.

Changed in gvfs (Ubuntu Precise):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-04-11:

#10

This bug was fixed in the package gvfs - 1.12.0-0ubuntu4

---------------
gvfs (1.12.0-0ubuntu4) precise; urgency=low

* Add 07_gphoto2_mutex_init.patch: gphoto2: Initialize mutex early enough.
(LP: #968186)
-- Martin Pitt <email address hidden> Wed, 11 Apr 2012 12:18:11 +0200

Changed in gvfs (Ubuntu Precise):
status:	Fix Committed → Fix Released

Bug Watch Updater (bug-watch-updater) on 2012-04-11

Changed in gvfs:
importance:	Unknown → High
status:	Unknown → In Progress

Bug Watch Updater (bug-watch-updater) on 2012-04-13

Changed in gvfs:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

gnome-bugs #673893
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntugvfs package

gvfsd-gphoto2 crashed with SIGSEGV in __pthread_mutex_destroy()

Bug Description

Related branches

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
gvfs package