After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 653042 - gvfsd-ftp crashed with SIGSEGV in g_io_stream_get_input_stream()
gvfsd-ftp crashed with SIGSEGV in g_io_stream_get_input_stream()
Status: RESOLVED FIXED
Product: gvfs
Classification: Core
Component: ftp backend
1.8.x
Other Linux
: Normal critical
: ---
Assigned To: gvfs-maint
gvfs-maint
: 664649 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2011-06-20 19:13 UTC by Pedro Villavicencio
Modified: 2015-03-11 23:20 UTC
See Also:
GNOME target: ---
GNOME version: 2.91/3.0

Attachments
ftp: Prevent segfault when unmounting (1.13 KB, patch)
2015-03-01 16:51 UTC, Ross Lagerwall 		committed Details | Review

Description Pedro Villavicencio 2011-06-20 19:13:06 UTC 
this report has been filed here:

https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/797253

"crashed while accessing a remote FTP site. The FTP site required a login (not anonymous FTP)."

".

+ Trace 227537

Thread 1 (Thread 15574)

  • #0 g_io_stream_get_input_stream
    at /build/buildd/glib2.0-2.28.6/./gio/giostream.c line 237
  • #1 g_vfs_ftp_dir_cache_lookup_entry
    at gvfsftpdircache.c line 168
  • #2 g_vfs_ftp_dir_cache_lookup_file_internal
    at gvfsftpdircache.c line 205
  • #3 g_vfs_ftp_dir_cache_lookup_file
    at gvfsftpdircache.c line 330
  • #4 do_query_info
    at gvfsbackendftp.c line 1045
  • #5 g_vfs_job_run
    at gvfsjob.c line 198
  • #6 g_thread_pool_thread_proxy
    at /build/buildd/glib2.0-2.28.6/./glib/gthreadpool.c line 319
  • #7 g_thread_create_proxy
    at /build/buildd/glib2.0-2.28.6/./glib/gthread.c line 1897
  • #8 start_thread
    at pthread_create.c line 304
  • #9 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 112
  • #10 ?? 






Comment 1


Pavel Šefránek





          2011-07-03 15:25:34 UTC
        



Also appears in Fedora 15/Gnome 3

Backtrace:

[New LWP 7857]
[New LWP 7850]
[New LWP 7852]
[New LWP 7848]
[Thread debugging using libthread_db enabled]
Core was generated by `/usr/libexec/gvfsd-ftp --spawner :1.4 /org/gtk/gvfs/exec_spaw/5'.
Program terminated with signal 11, Segmentation fault.




+
Trace
    227645










From        To          Syms Read   Shared Object Library
0x41581c60  0x4158d47c  Yes         /usr/lib/libgvfscommon.so.0
0x416d8040  0x416f1c7c  Yes         /lib/libexpat.so.1
0x41419c50  0x414d640c  Yes         /lib/libgio-2.0.so.0
0x413abfe0  0x413df72c  Yes         /lib/libgobject-2.0.so.0
0x413f5bd0  0x413f6d4c  Yes         /lib/libgmodule-2.0.so.0
0x4139ef30  0x413a070c  Yes         /lib/libgthread-2.0.so.0
0x415356a0  0x41564cfc  Yes         /lib/libdbus-1.so.3
0x411b95f0  0x411c4d3c  Yes         /lib/libpthread.so.0
0x411d9880  0x411dd39c  Yes         /lib/librt.so.1
0x4f8ba2f0  0x4f8cc40c  Yes         /usr/lib/libgnome-keyring.so.0
0x41279770  0x413173dc  Yes         /lib/libglib-2.0.so.0
0x42909a20  0x4290a42c  Yes         /lib/libutil.so.1
0x4103ed10  0x4115cc84  Yes         /lib/libc.so.6
0x411d1a60  0x411d2a8c  Yes         /lib/libdl.so.2
0x413845f0  0x4139464c  Yes         /lib/libresolv.so.2
0x4122f670  0x4123caac  Yes         /lib/libz.so.1
0x4124a490  0x4125bd9c  Yes         /lib/libselinux.so.1
0x41007850  0x4101eaff  Yes         /lib/ld-linux.so.2
0x4f818280  0x4f86b61c  Yes         /lib/libgcrypt.so.11
0x4f7a3630  0x4f7a3c3c  Yes         /lib/libgpg-error.so.0
0x41ca6760  0x41d19fdb  Yes         /usr/lib/libstdc++.so.6
0x411e6470  0x41201b4c  Yes         /lib/libm.so.6
0x41210f30  0x41227c5c  Yes         /lib/libgcc_s.so.1
0x00b682c0  0x00b698dc  Yes         /usr/lib/gio/modules/libgiognomeproxy.so
0x0029cdc0  0x002a0a8c  Yes         /usr/lib/gio/modules/libdconfsettings.so
0x0032da40  0x00334f3c  Yes         /lib/libnss_files.so.2
0x00b48810  0x00b4972c  Yes         /lib/libnss_mdns4_minimal.so.2
0x00344c00  0x00348d8c  Yes         /lib/libnss_dns.so.2
$1 = 0x0
$2 = 0x0
eax            0x0	0
ecx            0xb5800030	-1249902544
edx            0x0	0
ebx            0x80791ac	134713772
esp            0xb61ff24c	0xb61ff24c
ebp            0x876dae8	0x876dae8
esi            0x876dae8	142007016
edi            0x876daa0	142006944
eip            0x0	0
eflags         0x10246	[ PF ZF IF RF ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51
No function contains program counter for selected frame.






Comment 2


Tomas Bzatek





          2011-07-22 16:46:59 UTC
        



(In reply to comment #1)
> Also appears in Fedora 15/Gnome 3
Can you please tell us how to reproduce this issue?






Comment 3


Pavel Šefránek





          2011-07-24 09:03:55 UTC
        



Cannot. Because when I start ftp connection from "Places->Connect to server" nautilus now opens FTP connections in web browser (i.e. google chrome) and not in Nautilus window. Don't know why.






Comment 4


Ross Lagerwall





          2015-02-28 21:14:13 UTC
        



*** Bug 664649 has been marked as a duplicate of this bug. ***






Comment 5


Ross Lagerwall





          2015-03-01 16:51:44 UTC
        



Created attachment 298216 [details] [review]
ftp: Prevent segfault when unmounting

If a job is waiting for a connection in
g_vfs_ftp_task_acquire_connection and the backend is force unmounted,
the queue is freed, and the function neither gets a connection nor
sets an error message which causes an issue later.

To fix this, set an error message if the queue is freed.






Comment 6


Ondrej Holy





          2015-03-03 14:18:14 UTC
        



This was reported also in Fedora downstream:
https://bugzilla.redhat.com/show_bug.cgi?id=1130172
https://bugzilla.redhat.com/show_bug.cgi?id=1124544






Comment 7


Ondrej Holy





          2015-03-03 14:30:30 UTC
        



Review of attachment 298216 [details] [review]:

Seems good, can I test it somehow?






Comment 8


Ross Lagerwall





          2015-03-04 23:14:17 UTC
        



I tested it by:
Forcing max_connections to one.
Mount a ftp site and wait for the ftp connection to become idle and unusable (you can set a short timeout on the ftp server).
Then run:
$ gvfs-ls ftp://../.. & gvfs-ls ftp://../..
so that at least one thread waits for a new connection in g_vfs_ftp_task_acquire_connection().

In another terminal, force unmount the backend and without the patch it will segfault with a similar backtrace.






Comment 9


Ondrej Holy





          2015-03-11 11:26:03 UTC
        



Review of attachment 298216 [details] [review]:

Please push it...

::: daemon/gvfsftptask.c
@@ +275,2 @@
   g_mutex_unlock (&ftp->mutex);
+

but the whitespace isn't necessary...






Comment 10


Ondrej Holy





          2015-03-11 11:27:29 UTC
        



Would be good to push it also at least for gnome-3-14...






Comment 11


Ross Lagerwall





          2015-03-11 23:20:00 UTC
        



Pushed to master as d603ba4983d249349e7384f31fd2ed921e65e869 and gnome-3-14 as 1ac59714428a8a4267396b45d62532f40fa77120. Thanks for the review.

The whitespace change was intentional to more clearly separate the locked section from the unlocked section.