Bug 591660 – nautilus crashed with SIGSEGV in gdu_device_get_object_path() on USB device eject

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 591660 - nautilus crashed with SIGSEGV in gdu_device_get_object_path() on USB device eject


Summary:	nautilus crashed with SIGSEGV in gdu_device_get_object_path() on USB device e...


Status:	RESOLVED OBSOLETE

Product:	gnome-disk-utility
Classification:	Core
Component:	libgdu
Version:	0.4
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	martin.pitt
QA Contact:	gnome-disk-utility-maint

URL:
Whiteboard:

Duplicates:	606293 609037 610628 635875 640049 643626 644366 647716 653452 672704 (view as bug list)
Depends on:
Blocks:

Reported:	2009-08-13 09:55 UTC by Sebastien Bacher
Modified:	2012-11-12 20:48 UTC

See Also:	https://launchpad.net/bugs/412237
GNOME target:	---
GNOME version:	---

Attachments
reproducer (1.39 KB, text/plain) 2012-03-23 16:16 UTC, Martin Pitt		Details
reproducer (1.82 KB, patch) 2012-03-23 16:34 UTC, Martin Pitt	none	Details \| Review
Fix crash when devices disappear during gdu_pool_new() (1.43 KB, patch) 2012-03-23 16:44 UTC, Martin Pitt	none	Details \| Review

Description Sebastien Bacher 2009-08-13 09:55:59 UTC

The bug has been opened on https://bugs.launchpad.net/bugs/412237

"gnome-disk-utility 0.4-0ubuntu1

after a system restart w/o closing any opened application some of them crashed

+ Trace 216910

#0 gdu_device_get_object_path
at gdu-device.c line 712
#1 ??
#2 __libc_start_main
at libc-start.c line 220
#3 ??

Comment 1 Javier Jardón (IRC: jjardon) 2009-08-17 00:31:23 UTC

Setting the importance to critical because this is a crash

Comment 2 Akhil Laddha 2010-01-07 10:42:31 UTC

*** Bug 606293 has been marked as a duplicate of this bug. ***

Comment 3 Akhil Laddha 2010-02-05 04:10:12 UTC

*** Bug 609037 has been marked as a duplicate of this bug. ***

Comment 4 Akhil Laddha 2010-02-22 04:32:49 UTC

*** Bug 610628 has been marked as a duplicate of this bug. ***

Comment 5 Fabio Durán Verdugo 2010-11-26 20:59:44 UTC

*** Bug 635875 has been marked as a duplicate of this bug. ***

Comment 6 Fabio Durán Verdugo 2011-01-29 05:01:40 UTC

*** Bug 640049 has been marked as a duplicate of this bug. ***

Comment 7 Fabio Durán Verdugo 2011-01-29 05:02:54 UTC

the last dup get a good trace.

Comment 8 Fabio Durán Verdugo 2011-03-02 02:24:52 UTC

*** Bug 643626 has been marked as a duplicate of this bug. ***

Comment 9 Cristian Aravena Romero 2011-03-10 01:00:53 UTC

Duplicate bug 644366 ?

Comment 10 André Klapper 2011-03-10 07:49:34 UTC

*** Bug 644366 has been marked as a duplicate of this bug. ***

Comment 11 Cristian Aravena Romero 2011-04-13 21:31:32 UTC

*** Bug 647716 has been marked as a duplicate of this bug. ***

Comment 12 André Klapper 2011-06-27 10:55:44 UTC

*** Bug 653452 has been marked as a duplicate of this bug. ***

Comment 13 Martin Pitt 2012-03-23 16:14:14 UTC

*** Bug 672704 has been marked as a duplicate of this bug. ***

Comment 14 Martin Pitt 2012-03-23 16:16:30 UTC

I'm currently looking at https://launchpad.net/bugs/916892 which exhibits this as well.

This happens in particular when using usb-creator, a tool to write iso images
to USB sticks. This sets up a loop device.

As the loop device is mounted to /tmp/..., what happens is that there is no
GVolume during the time it's mounted, as we hide stuff that's not in /media/ by
default.

On unmounting, the GVolume appears quickly, triggering a volume-added signal.
But it disappears immediately again as the underlying loop device is cleaned
up.

So while the volume-added signal handler is running, it gets to this code:

                device = _gdu_device_new_from_object_path (pool, object_path);

                g_hash_table_insert (pool->priv->object_path_to_device,
                                     (gpointer) gdu_device_get_object_path
(device),
                                     device);

I suppose at that time the underlying loop device is already history, and thus
_gdu_device_new_from_object_path() returns NULL, as the stack trace shows.

I looked into several of the dupes, and they all happen on unmount, so I'm fairly sure it's the very same race.

Comment 15 Martin Pitt 2012-03-23 16:16:59 UTC

Created attachment 210441 [details]
reproducer

This is a simple reproducer which just listens to volume-added and calls
gdu_pool_new().

gcc -o /tmp/gdu_pool_crash gdu_pool_crash.c -Wall -g -O0 `pkg-config --cflags
--libs glib-2.0 gio-2.0 gdu` && gdb /tmp/gdu_pool_crash

then run

sudo mkdir /tmp/d
while true; do sudo mount -o loop some_cd_image.iso /tmp/d; sudo umount /tmp/d;
done

This reproduces the crash eventually.

Comment 16 Martin Pitt 2012-03-23 16:34:56 UTC

Created attachment 210445 [details] [review]
reproducer

This reproducer is a bit more elaborate.

Comment 17 Martin Pitt 2012-03-23 16:44:07 UTC

Created attachment 210454 [details] [review]
Fix crash when devices disappear during gdu_pool_new()

Another case of "an hour to understand/reproduce the problem, a minute to fix"...

With this the extended reproducer with the endless mount/unmount loop now runs indefinitely without crashing, so the followup code in gdu_pool_new() seems to handle this fine.

Comment 18 David Zeuthen (not reading bugmail) 2012-11-12 20:48:31 UTC

This bug predates gnome-disk-utility 3.4 where everything was rewritten to use udisks2 and GDBus. Closing.