search

linuxmint / nemo

File browser for Cinnamon
GNU General Public License v2.0
1.23k stars 299 forks source link

Segfault when accessing an Android device right after clicking "accept" on the Android device #3474

Open calestyo opened 3 weeks ago

calestyo commented 3 weeks ago

Distribution

Debian unstable

Package version

6.2.8-1

Frequency

Always

Bug description

Hey.

(I think none of the other segfault issues already reported are the same one than this.)

This is a long standing bug (since years):

Steps to reproduce

  1. I connect an Android device (it happens with all that I have, which use many different versions of Android) via USB
  2. usbguard asks me the first time whether I want to allow the device to be accessed (which I accept).
  3. I click on the tree-view item for the Android device in nemo.
  4. Then the Android device itself displays the pop up where it asks me whether I want to allow or reject the connection.
  5. Right when I accept that, nemo segfaults like so in the kernel log: 
    Oct 30 16:30:28 heisenberg kernel: nemo[729399]: segfault at 18 ip 00005652b336bdd4 sp 00007ffcb89f9f28 error 4 in nemo[e7dd4,5652b32b5000+106000] likely on CPU 12 (core 20, socket 0)
Oct 30 16:30:28 heisenberg kernel: Code: f6 e8 40 b6 f4 ff 48 89 df 5b e9 cf 12 f5 ff 0f 1f 80 00 00 00 00 c3 0f 1f 80 00 00 00 00 5b c3 66 0f 1f 44 00 00 f3 0f 1e fa <48> 8b 47 18 48 8b 10 48 8b 52 18 48 8b 3a 48 85 ff 74 09 48 8b 70
  6. Along with that, the first USB device, which I've accepted with usbguard above is removed from the kernel and a new one appears, for which usbguard asks me again, whether I want to accept it (to the kernel) or not. I accept it.
  7. If I then start a new nemo, I can click the Android device in that, and from then on it works (for that device and until I disconnect it).

Expected behavior

Don't crash the first time ;-)

Additional information

With debug symbols installed, I'd get the following backtrace right after the SIGSEV:

$ gdb nemo
GNU gdb (Debian 15.1-1) 15.1
Copyright (C) 2024 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from nemo...
Reading symbols from /usr/lib/debug/.build-id/84/207c4babdfd219ac42df26ef030bc3007785a1.debug...
(gdb) run
Starting program: /usr/bin/nemo 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff32006c0 (LWP 729919)]
[New Thread 0x7ffff28006c0 (LWP 729920)]
[New Thread 0x7ffff1e006c0 (LWP 729921)]

(nemo:729916): Gtk-WARNING **: 16:33:13.510: Failed to register client: GDBus.Error:org.gnome.SessionManager.AlreadyRegistered: Unable to register client
[New Thread 0x7ffff14006c0 (LWP 729922)]
[New Thread 0x7ffff0a006c0 (LWP 729923)]

(nemo:729916): Nemo-WARNING **: 16:33:13.525: Current gtk theme is not known to have nemo support (Adwaita) - checking...

(nemo:729916): Nemo-WARNING **: 16:33:13.550: The theme appears to have no nemo support.  Adding some...
[New Thread 0x7fffeaa006c0 (LWP 729925)]
[New Thread 0x7fffe96006c0 (LWP 729926)]
[New Thread 0x7fffe8c006c0 (LWP 729927)]
[New Thread 0x7fffdf6006c0 (LWP 729928)]
[Thread 0x7fffe96006c0 (LWP 729926) exited]
[Thread 0x7ffff0a006c0 (LWP 729923) exited]
[Thread 0x7fffdf6006c0 (LWP 729928) exited]
[Thread 0x7fffe8c006c0 (LWP 729927) exited]
[New Thread 0x7fffe8c006c0 (LWP 729949)]
[New Thread 0x7fffdf6006c0 (LWP 729961)]
[Thread 0x7fffe8c006c0 (LWP 729949) exited]

Thread 1 "nemo" received signal SIGSEGV, Segmentation fault.
nemo_file_is_desktop_directory (file=file@entry=0x0) at ../libnemo-private/nemo-file.c:1482
warning: 1482   ../libnemo-private/nemo-file.c: No such file or directory
(gdb) bt
#0  nemo_file_is_desktop_directory (file=file@entry=0x0) at ../libnemo-private/nemo-file.c:1482
#1  0x00005555555fcb6c in viewed_file_changed_callback (file=0x555555837f80, slot=0x555555b1fdc0) at ../src/nemo-window-manage-views.c:289
#2  0x00007ffff71cd9c0 in g_closure_invoke () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#3  0x00007ffff71e1d83 in ?? () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#4  0x00007ffff71e37a9 in ?? () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5  0x00007ffff71e9666 in g_signal_emit_valist () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#6  0x00007ffff71e9723 in g_signal_emit () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#7  0x0000555555645077 in nemo_file_emit_changed (file=0x555555837f80) at ../libnemo-private/nemo-file.c:7953
#8  0x0000555555622708 in nemo_directory_emit_change_signals (directory=0x5555561a73a0, changed_files=0x555555c06b70) at ../libnemo-private/nemo-directory.c:776
#9  0x0000555555622a19 in call_files_changed_common (directory=<optimized out>, file_list=<optimized out>) at ../libnemo-private/nemo-directory.c:870
#10 call_files_changed_unref_free_list (key=0x5555561a73a0, value=0x555555c06b70, user_data=<optimized out>) at ../libnemo-private/nemo-directory.c:889
#11 0x00007ffff70b1cd3 in g_hash_table_foreach () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x0000555555622f09 in nemo_directory_notify_files_removed (files=<optimized out>) at ../libnemo-private/nemo-directory.c:1158
#13 0x000055555567548d in nemo_file_changes_consume_changes (consume_all=consume_all@entry=1) at ../libnemo-private/nemo-file-changes-queue.c:314
#14 0x0000555555661c02 in call_consume_changes_idle_cb (not_used=<optimized out>) at ../libnemo-private/nemo-monitor.c:69
#15 0x00007ffff70c37df in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007ffff70c5a17 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007ffff70c6180 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x00007ffff7303445 in g_application_run () from /lib/x86_64-linux-gnu/libgio-2.0.so.0
#19 0x000055555558d186 in main (argc=1, argv=0x7fffffffdf88) at ../src/nemo-main.c:104
(gdb)

(That's not from the same run, as for which the kernel log message was generated, that I've cited above.)

In terms of kernel log, it looks like that:
Connecting the device:

Oct 30 16:45:59 heisenberg kernel: usb 4-1: new SuperSpeed USB device number 28 using xhci_hcd
Oct 30 16:45:59 heisenberg kernel: usb 4-1: New USB device found, idVendor=04e8, idProduct=6860, bcdDevice= c.00
Oct 30 16:45:59 heisenberg kernel: usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Oct 30 16:45:59 heisenberg kernel: usb 4-1: Product: SAMSUNG_Android
Oct 30 16:45:59 heisenberg kernel: usb 4-1: Manufacturer: SAMSUNG
Oct 30 16:45:59 heisenberg kernel: usb 4-1: SerialNumber: R3CN4013TZY
Oct 30 16:45:59 heisenberg kernel: usb 4-1: Device is not authorized for usage

next I accept it in usbguard: Oct 30 16:46:21 heisenberg kernel: cdc_acm 4-1:1.1: ttyACM0: USB ACM device Oct 30 16:46:21 heisenberg kernel: usb 4-1: authorized to connect

next I click on it within `nemo`, Android itself asks me whether I want to accept, which I do, and right after I get:

Oct 30 16:46:30 heisenberg kernel: usb 4-1: USB disconnect, device number 28 Oct 30 16:46:30 heisenberg kernel: nemo[730999]: segfault at 18 ip 00005617ca4dadd4 sp 00007ffee1fa7508 error 4 in nemo[e7dd4,5617ca424000+106000] likely on CPU 15 (core 23, socket 0) Oct 30 16:46:30 heisenberg kernel: Code: f6 e8 40 b6 f4 ff 48 89 df 5b e9 cf 12 f5 ff 0f 1f 80 00 00 00 00 c3 0f 1f 80 00 00 00 00 5b c3 66 0f 1f 44 00 00 f3 0f 1e fa <48> 8b 47 18 48 8b 10 48 8b 52 18 48 8b 3a 48 85 ff 74 09 48 8b 70 Oct 30 16:46:31 heisenberg kernel: usb 4-1: new SuperSpeed USB device number 29 using xhci_hcd Oct 30 16:46:31 heisenberg kernel: usb 4-1: New USB device found, idVendor=04e8, idProduct=6860, bcdDevice= c.00 Oct 30 16:46:31 heisenberg kernel: usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Oct 30 16:46:31 heisenberg kernel: usb 4-1: Product: SAMSUNG_Android Oct 30 16:46:31 heisenberg kernel: usb 4-1: Manufacturer: SAMSUNG Oct 30 16:46:31 heisenberg kernel: usb 4-1: SerialNumber: R3CN4013TZY Oct 30 16:46:31 heisenberg kernel: usb 4-1: Device is not authorized for usage

`usbguard` asks me for the "new" device (which I accept):

Oct 30 16:46:35 heisenberg kernel: cdc_acm 4-1:1.1: ttyACM0: USB ACM device Oct 30 16:46:35 heisenberg kernel: usb 4-1: authorized to connect

here I can now restart `nemo` and actually use the device until I'd disconnect it.

Oct 30 16:46:39 heisenberg kernel: usb 4-1: USB disconnect, device number 29



Thanks,
Chris.
rmunn commented 3 weeks ago

Similar issue here, but slightly different symptoms. When I first plug in my phone (a Samsung Galaxy A15, though I've seen this happen on many other phones), a nemo window auto-opens with the path mtp://SAMSUNG_SAMSUNG_Android_R5CX60B36EX/ and the name "SAMSUNG Android" in the Devices list. At the same time (give or take a second), a notification pops up on my Samsung asking "Allow access to phone data? Deny / Allow".

If I press Allow or Deny, nemo segfaults, and I also get a dialog popping up that says, "Unable to open a folder for SAMSUNG Android. Object does not exist at path "/org/gtk/vfs/mount/1"." (Same error message that people are getting in #2663, but I agree that this seems to be a different bug than that one as nobody in that thread is reporting a segfault). When I re-run nemo, the phone is there, mounted and ready to access data.

However, if I first eject the device in nemo, without unplugging it, and then press Allow on the phone notification, I bypass the segfaulting code. The "SAMSUNG Android" entry under Devices briefly disappears, then it reappears mounted and ready to access data, with no error messages or segfaults.

Here are my dmesg logs from the nemo crash (I unplugged and re-plugged the phone twice in a row, so you'll see two crashes): 
[133232.439390] usb 1-4: new high-speed USB device number 16 using xhci_hcd
[133232.566838] usb 1-4: New USB device found, idVendor=04e8, idProduct=6860, bcdDevice= 2.23
[133232.566842] usb 1-4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[133232.566844] usb 1-4: Product: SAMSUNG_Android
[133232.566845] usb 1-4: Manufacturer: SAMSUNG
[133232.566847] usb 1-4: SerialNumber: R5CX60B36EX
[133232.572014] cdc_acm 1-4:1.1: ttyACM0: USB ACM device
[133233.141909] pci 0000:3b:00.0: enabling device (0000 -> 0002)
[133233.142682] xhci_hcd 0000:3b:00.0: xHCI Host Controller
[133233.142688] xhci_hcd 0000:3b:00.0: new USB bus registered, assigned bus number 3
[133233.143951] xhci_hcd 0000:3b:00.0: hcc params 0x200077c1 hci version 0x110 quirks 0x0000000200009810
[133233.144669] xhci_hcd 0000:3b:00.0: xHCI Host Controller
[133233.144674] xhci_hcd 0000:3b:00.0: new USB bus registered, assigned bus number 4
[133233.144678] xhci_hcd 0000:3b:00.0: Host supports USB 3.1 Enhanced SuperSpeed
[133233.144732] usb usb3: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.08
[133233.144735] usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[133233.144738] usb usb3: Product: xHCI Host Controller
[133233.144740] usb usb3: Manufacturer: Linux 6.8.0-48-generic xhci-hcd
[133233.144742] usb usb3: SerialNumber: 0000:3b:00.0
[133233.145128] hub 3-0:1.0: USB hub found
[133233.145146] hub 3-0:1.0: 2 ports detected
[133233.146609] usb usb4: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 6.08
[133233.146613] usb usb4: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[133233.146615] usb usb4: Product: xHCI Host Controller
[133233.146616] usb usb4: Manufacturer: Linux 6.8.0-48-generic xhci-hcd
[133233.146618] usb usb4: SerialNumber: 0000:3b:00.0
[133233.146808] hub 4-0:1.0: USB hub found
[133233.146823] hub 4-0:1.0: 2 ports detected
[133234.389662] pci_bus 0000:06: Allocating resources
[133234.389684] pci_bus 0000:3b: Allocating resources
[133242.680988] usb 1-4: USB disconnect, device number 16
[133242.805511] nemo[1313138]: segfault at 18 ip 00005ca47caea1e8 sp 00007ffd26567f70 error 4 in nemo[5ca47ca6a000+10b000] likely on CPU 3 (core 3, socket 0)
[133242.805523] Code: ac 00 00 00 41 89 c5 e8 b6 36 04 00 85 c0 75 12 45 85 ed 0f 84 41 01 00 00 45 85 f6 0f 85 38 01 00 00 4c 89 e7 e8 e8 a9 03 00 <48> 8b 78 18 49 89 c5 e8 dc 48 08 00 4c 89 ef 41 89 c6 e8 d1 a6 03
[133243.038360] usb 1-4: new high-speed USB device number 17 using xhci_hcd
[133243.165360] usb 1-4: New USB device found, idVendor=04e8, idProduct=6860, bcdDevice= 2.23
[133243.165396] usb 1-4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[133243.165398] usb 1-4: Product: SAMSUNG_Android
[133243.165400] usb 1-4: Manufacturer: SAMSUNG
[133243.165401] usb 1-4: SerialNumber: R5CX60B36EX
[133243.170517] cdc_acm 1-4:1.1: ttyACM0: USB ACM device
[133309.183745] usb 1-4: USB disconnect, device number 17
[133312.475548] usb 1-4: new high-speed USB device number 18 using xhci_hcd
[133312.604043] usb 1-4: New USB device found, idVendor=04e8, idProduct=6860, bcdDevice= 2.23
[133312.604050] usb 1-4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[133312.604053] usb 1-4: Product: SAMSUNG_Android
[133312.604055] usb 1-4: Manufacturer: SAMSUNG
[133312.604057] usb 1-4: SerialNumber: R5CX60B36EX
[133312.608129] cdc_acm 1-4:1.1: ttyACM0: USB ACM device
[133314.403046] usb 1-4: USB disconnect, device number 18
[133314.520178] nemo[3519750]: segfault at 18 ip 000057493213d1e8 sp 00007fff86ac1e80 error 4 in nemo[5749320bd000+10b000] likely on CPU 5 (core 5, socket 0)
[133314.520199] Code: ac 00 00 00 41 89 c5 e8 b6 36 04 00 85 c0 75 12 45 85 ed 0f 84 41 01 00 00 45 85 f6 0f 85 38 01 00 00 4c 89 e7 e8 e8 a9 03 00 <48> 8b 78 18 49 89 c5 e8 dc 48 08 00 4c 89 ef 41 89 c6 e8 d1 a6 03
[133314.742521] usb 1-4: new high-speed USB device number 19 using xhci_hcd
[133314.870752] usb 1-4: New USB device found, idVendor=04e8, idProduct=6860, bcdDevice= 2.23
[133314.870758] usb 1-4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[133314.870759] usb 1-4: Product: SAMSUNG_Android
[133314.870761] usb 1-4: Manufacturer: SAMSUNG
[133314.870762] usb 1-4: SerialNumber: R5CX60B36EX
[133314.877826] cdc_acm 1-4:1.1: ttyACM0: USB ACM device

Notice these lines in particular:

[133242.680988] usb 1-4: USB disconnect, device number 16
[133242.805511] nemo[1313138]: segfault at 18 ip 00005ca47caea1e8 sp 00007ffd26567f70 error 4 in nemo[5ca47ca6a000+10b000] likely on CPU 3 (core 3, socket 0)
[133242.805523] Code: ac 00 00 00 41 89 c5 e8 b6 36 04 00 85 c0 75 12 45 85 ed 0f 84 41 01 00 00 45 85 f6 0f 85 38 01 00 00 4c 89 e7 e8 e8 a9 03 00 <48> 8b 78 18 49 89 c5 e8 dc 48 08 00 4c 89 ef 41 89 c6 e8 d1 a6 03
[133243.038360] usb 1-4: new high-speed USB device number 17 using xhci_hcd

That was not me unplugging and plugging in my phone; that was me clicking on Allow on the phone's popup dialog. Something in the software/firmware stack caused the kernel to see the phone as being unplugged and then plugged back in with new permissions, and that registered as device 16 disconnecting and device 17 (the same phone) connecting 350ms later.

Later on, you'll see device 17 disconnect (this is when I did actually unplug my phone from the USB cable) and device 18 connect three seconds later (that was me plugging it back in). That caused my phone to display another "Deny/Allow" popup. When I tapped "Allow", the following happened:

[133314.403046] usb 1-4: USB disconnect, device number 18
[133314.520178] nemo[3519750]: segfault at 18 ip 000057493213d1e8 sp 00007fff86ac1e80 error 4 in nemo[5749320bd000+10b000] likely on CPU 5 (core 5, socket 0)
[133314.520199] Code: ac 00 00 00 41 89 c5 e8 b6 36 04 00 85 c0 75 12 45 85 ed 0f 84 41 01 00 00 45 85 f6 0f 85 38 01 00 00 4c 89 e7 e8 e8 a9 03 00 <48> 8b 78 18 49 89 c5 e8 dc 48 08 00 4c 89 ef 41 89 c6 e8 d1 a6 03
[133314.742521] usb 1-4: new high-speed USB device number 19 using xhci_hcd

Same behavior (device 18 disconnects, device 19 immediately connects), and same segfault. Different IP and SP registers, but same code, with the same <48> marked off in angle brackets.

This is, I think, the root of the problem. When I click "Allow" on the device, the kernel registers a disconnect and immediate reconnect — and if nemo believes the phone to be mounted, then it segfaults.

Remember that if I eject (unmount) the phone first without unplugging it, and then tap Allow, the "SAMSUNG Android" device disappears and reappears (very fast, I barely see it flicker off and then it's back) and it automounts correctly. So the problem involves the phone "disappearing" while nemo had it mounted; if nemo did not have it mounted, then the problem doesn't manifest itself.