Ubuntu
nautilus package

nautilus crashed with SIGSEGV in IA__g_slice_alloc()

Bug #401841 reported by Muelli
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nautilus (Ubuntu)
Fix Released
Medium
Ubuntu Desktop Bugs

Bug Description

Binary package hint: nautilus

I tried t o view a drive which is connected via Bluetooth through gvfs. Once I click on the mountpoint in nautilus, it crashes. It's perfectly reproducible.

ProblemType: Crash
Architecture: amd64
DistroRelease: Ubuntu 9.04
ExecutablePath: /usr/bin/nautilus
Package: nautilus 1:2.26.2-0ubuntu2
ProcCmdline: nautilus --no-desktop --browser
Signal: 11
SourcePackage: nautilus
StacktraceTop:
 IA__g_slice_alloc (mem_size=24)
 IA__g_list_prepend (list=0x3102560,
 g_key_file_add_key (key_file=0x303a8f0,
 g_key_file_flush_parse_buffer (key_file=0x303a8f0,
 g_key_file_parse_data (key_file=0x303a8f0,
Title: nautilus crashed with SIGSEGV in IA__g_slice_alloc()
Uname: Linux 2.6.28-13-generic x86_64
UserGroups: adm admin audio cdrom dialout dip floppy fuse kvm libvirtd lpadmin netdev plugdev powerdev scanner tty vboxusers video

Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :
Muelli (ubuntu-bugs-auftrags-killer)
visibility: private → public
Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt (retraced)

StacktraceTop:IA__g_slist_find_custom (list=0x2,
IA__g_slist_copy (list=0x20)
?? ()
?? ()
IA__g_hash_table_destroy (hash_table=0x1)

Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt (retraced)
Changed in nautilus (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Revision history for this message
Andres Mujica (andres.mujica) wrote :

muelli: can you check bug #395710 if you've got ubuntuone installed, try upgrading to the PPA version.

Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :

I don't have ubuntuone installed:

muelli@xbox:~$ apt-cache policy ubuntuone-client{,-gnome}
ubuntuone-client:
  Installed: (none)
  Candidate: 0.90.3-0ubuntu1
  Version table:
     0.90.3-0ubuntu1 0
        400 http://de.archive.ubuntu.com karmic/main Packages
ubuntuone-client-gnome:
  Installed: (none)
  Candidate: 0.90.3-0ubuntu1
  Version table:
     0.90.3-0ubuntu1 0
        400 http://de.archive.ubuntu.com karmic/main Packages
muelli@xbox:~$

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Hello Muelli. Could you please try to obtain a valgrind log following the instructions at https://wiki.ubuntu.com/Valgrind and attach the file to the bug report. This will greatly help us in tracking down your problem.

Changed in nautilus (Ubuntu):
assignee: nobody → Ubuntu Desktop Bugs (desktop-bugs)
status: New → Incomplete
Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :

Weird. I can't make it crash with the following command:

muelli@xbox:/tmp$ G_DEBUG=fatal_criticals G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log nautilus

(nautilus:8037): GLib-GIO-WARNING **: Could not initialize inotify

(nautilus:8037): GLib-GIO-WARNING **: Could not initialize inotify

** (nautilus:8037): WARNING **: Unable to add monitor: Not supported

(nautilus:8037): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed
fatal_criticals
>>> Here I try to connect to my bluetooth enabled device

(nautilus:8037): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

(nautilus:8037): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed
>>> Here I retried by pressing Ctrl+R
^CKilled
>>> It didn't crash, so I aborted it manually

muelli@xbox:/tmp$ G_DEBUG=fatal_criticals G_SLICE=always-malloc G_DEBUG=gc-friendly nautilus
** (nautilus:8163): WARNING **: Unable to add monitor: Not supported

>>> I connect to the phone
(nautilus:8163): GLib-GIO-CRITICAL **: g_file_info_get_name: assertion `G_IS_FILE_INFO (info)' failed

** (nautilus:8163): WARNING **: Got GFileInfo with NULL name in obex://[00:1E:3A:7F:17:F8]/, ignoring. This shouldn't happen unless the gvfs backend is broken.

(nautilus:8163): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed
Segmentation fault (core dumped)
muelli@xbox:/tmp$
>>> BOOM

Seems to be an error in more_files_callback...?

Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :

Reopening as the valgrind log has been provided

Changed in nautilus (Ubuntu):
status: Incomplete → New
Revision history for this message
Sebastien Bacher (seb128) wrote :

could you install gvfs-dbgsym and get a new log?

Changed in nautilus (Ubuntu):
status: New → Incomplete
Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :

Sure:

muelli@xbox:/tmp$ G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log nautilus
(nautilus:19633): GLib-GIO-WARNING **: Could not initialize inotify

(nautilus:19633): GLib-GIO-WARNING **: Could not initialize inotify

** (nautilus:19633): WARNING **: Unable to add monitor: Not supported

(nautilus:19633): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed
^CKilled
muelli@xbox:/tmp$

==19633==
==19633== Invalid read of size 8
==19633== at 0x4B0848: more_files_callback (nautilus-directory-async.c:2146)
==19633== by 0x7049FE4: next_async_callback_wrapper (gfileenumerator.c:299)
==19633== by 0x7066BAB: complete_in_idle_cb (gsimpleasyncresult.c:600)
==19633== by 0x7E539FD: g_main_context_dispatch (gmain.c:1960)
==19633== by 0x7E573C7: g_main_context_iterate (gmain.c:2591)
==19633== by 0x7E57824: g_main_loop_run (gmain.c:2799)
==19633== by 0x6420376: gtk_main (gtkmain.c:1205)
==19633== by 0x442BC6: main (nautilus-main.c:518)
==19633== Address 0xdf62618 is 0 bytes inside a block of size 24 free'd
==19633== at 0x4C265AF: free (vg_replace_malloc.c:323)
==19633== by 0x7E71E11: g_slice_free_chain_with_offset (gslice.c:961)
==19633== by 0x70667E2: clear_op_res (gsimpleasyncresult.c:154)
==19633== by 0x70672E7: g_simple_async_result_set_op_res_gpointer (gsimpleasyncresult.c:396)
==19633== by 0xF1C828A: g_daemon_file_enumerator_next_files_finish (gdaemonfileenumerator.c:421)

Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :
Download full text (26.9 KiB)

muelli@xbox:/tmp$ G_SLICE=always-malloc G_DEBUG=fatal_criticals nautilus&[1] 20158
muelli@xbox:/tmp$ gdb -p
** (nautilus:20158): WARNING **: Unable to add monitor: Not supported

muelli@xbox:/tmp$ gdb -p `pgrep nautilus`
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Attaching to process 20158
Reading symbols from /usr/bin/nautilus...Reading symbols from /usr/lib/debug/usr/bin/nautilus...done.
done.
Reading symbols from /usr/lib/libSM.so.6...done.
Loaded symbols for /usr/lib/libSM.so.6
Reading symbols from /usr/lib/libICE.so.6...done.
Loaded symbols for /usr/lib/libICE.so.6
Reading symbols from /usr/lib/libnautilus-extension.so.1...Reading symbols from /usr/lib/debug/usr/lib/libnautilus-extension.so.1.1.0...done.
done.
Loaded symbols for /usr/lib/libnautilus-extension.so.1
Reading symbols from /usr/lib/libgnome-desktop-2.so.11...done.
Loaded symbols for /usr/lib/libgnome-desktop-2.so.11
Reading symbols from /usr/lib/liblaunchpad-integration.so.1...done.
Loaded symbols for /usr/lib/liblaunchpad-integration.so.1
Reading symbols from /usr/lib/libgthread-2.0.so.0...Reading symbols from /usr/lib/debug/usr/lib/libgthread-2.0.so.0.2103.0...done.
done.
Loaded symbols for /usr/lib/libgthread-2.0.so.0
Reading symbols from /usr/lib/libunique-1.0.so.0...done.
Loaded symbols for /usr/lib/libunique-1.0.so.0
Reading symbols from /usr/lib/libdbus-glib-1.so.2...done.
Loaded symbols for /usr/lib/libdbus-glib-1.so.2
Reading symbols from /usr/lib/libgailutil.so.18...done.
Loaded symbols for /usr/lib/libgailutil.so.18
Reading symbols from /usr/lib/libXrender.so.1...done.
Loaded symbols for /usr/lib/libXrender.so.1
Reading symbols from /usr/lib/libgtk-x11-2.0.so.0...Reading symbols from /usr/lib/debug/usr/lib/libgtk-x11-2.0.so.0.1704.0...done.
done.
Loaded symbols for /usr/lib/libgtk-x11-2.0.so.0
Reading symbols from /usr/lib/libgdk-x11-2.0.so.0...Reading symbols from /usr/lib/debug/usr/lib/libgdk-x11-2.0.so.0.1704.0...done.
done.
Loaded symbols for /usr/lib/libgdk-x11-2.0.so.0
Reading symbols from /usr/lib/libatk-1.0.so.0...Reading symbols from /usr/lib/debug/usr/lib/libatk-1.0.so.0.2609.1...done.
done.
Loaded symbols for /usr/lib/libatk-1.0.so.0
Reading symbols from /usr/lib/libgdk_pixbuf-2.0.so.0...Reading symbols from /usr/lib/debug/usr/lib/libgdk_pixbuf-2.0.so.0.1704.0...done.
done.
Loaded symbols for /usr/lib/libgdk_pixbuf-2.0.so.0
Reading symbols from /usr/lib/libgio-2.0.so.0...Reading symbols from /usr/lib/debug/usr/lib/libgio-2.0.so.0.2103.0...done.
done.
Loaded symbols for /usr/lib/libgio-2.0.so.0
Reading symbols from /usr/lib/libcairo.so.2...done.
Loaded symbols for /usr/lib/libcairo.so.2
Reading symbols from /usr/lib/libpango-1.0.so.0...Reading symbols from /usr/lib/debug/usr/lib/libpango-1.0.so.0.2400.1...done.
done.
Loaded symbols for /usr/lib/libpango-1.0.so.0
Reading symbols ...

Changed in nautilus (Ubuntu):
status: Incomplete → New
Apport retracing service (apport)
tags: added: need-amd64-retrace
Apport retracing service (apport)
tags: removed: need-amd64-retrace
Revision history for this message
Rockwalrus (rockwalrus) wrote :

Upgrading gvfsd and related packages to the versions in Karmic fixed this problem for me.

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Muelli can you confirm that updating the gvfs packages fixes the issue? Thanks.

Changed in nautilus (Ubuntu):
status: New → Incomplete
Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :
Download full text (41.3 KiB)

Nope. Still crashes.
Actually, to reproduce I just need to click the Bluetooth icon in the upper right, select "Browse Files on Device", select my mobile and BOOM! nautilus crashes.
Apport collects the stacktrace atm, so I'll post you the link to the newly created bug.

Manually attaching gdb to nautilus gets this stacktrace:
 muelli@xbox:/tmp$ gdb nautilus
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) r --no-desktop
Starting program: /usr/bin/nautilus --no-desktop
[Thread debugging using libthread_db enabled]
[New Thread 0x7fc1d479a800 (LWP 27055)]
[New Thread 0x7fc1ca266910 (LWP 27059)]
[New Thread 0x7fc1c2616910 (LWP 27062)]

** (nautilus:27055): WARNING **: Unable to add monitor: Not supported
[Thread 0x7fc1ca266910 (LWP 27059) exited]
[New Thread 0x7fc1ca266910 (LWP 27063)]
[New Thread 0x7fc1c0def910 (LWP 27064)]
[New Thread 0x7fc1bbfff910 (LWP 27066)]
[New Thread 0x7fc1bb7fe910 (LWP 27067)]
[New Thread 0x7fc1baffd910 (LWP 27069)]
[Thread 0x7fc1baffd910 (LWP 27069) exited]
[Thread 0x7fc1bb7fe910 (LWP 27067) exited]
[Thread 0x7fc1bbfff910 (LWP 27066) exited]
[Thread 0x7fc1c2616910 (LWP 27062) exited]
[Thread 0x7fc1c0def910 (LWP 27064) exited]
[New Thread 0x7fc1c0def910 (LWP 27074)]
[Thread 0x7fc1ca266910 (LWP 27063) exited]
[New Thread 0x7fc1ca266910 (LWP 27075)]
[Thread 0x7fc1ca266910 (LWP 27075) exited]
[Thread 0x7fc1c0def910 (LWP 27074) exited]

[New Thread 0x7fc1c0def910 (LWP 27101)]
[New Thread 0x7fc1ca266910 (LWP 27102)]
[Thread 0x7fc1ca266910 (LWP 27102) exited]
[New Thread 0x7fc1ca266910 (LWP 27112)]
[Thread 0x7fc1c0def910 (LWP 27101) exited]

(nautilus:27055): GLib-GIO-CRITICAL **: g_file_info_get_name: assertion `G_IS_FILE_INFO (info)' failed

** (nautilus:27055): WARNING **: Got GFileInfo with NULL name in obex://[00:1E:3A:7F:17:F8]/, ignoring. This shouldn't happen unless the gvfs backend is broken.

(nautilus:27055): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fc1d479a800 (LWP 27055)]
IA__g_slice_alloc (mem_size=24)
    at /build/buildd/glib2.0-2.22.0/glib/gslice.c:474
474 /build/buildd/glib2.0-2.22.0/glib/gslice.c: No such file or directory.
 in /build/buildd/glib2.0-2.22.0/glib/gslice.c
(gdb)
(gdb)
(gdb) t a a bt full

Thread 13 (Thread 0x7fc1ca266910 (LWP 27112)):
#0 0x00007fc1cff6882d in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib/libpthread.so.0
No symbol table info available.
#1 0x00007fc1d3758602 in g_cond_timed_wait_posix_impl (cond=0x2505314,
    entered_mutex=0x80, abs_time=<value optimized out>)
    at /build/buildd/glib2.0-2.22.0/gthread/gthread-posix.c:242
 result = <value optimized out>
 end_time = {tv_sec = 1254495620, tv_nsec = 199279000}
 timed_out = <value optimized out>
 __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl"
#2 0x00007fc1d11770bf in g_as...

Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :

Reopening as I have answered whether it's fixed.
muelli@xbox:~$ apt-cache policy gvfsd nautilus gvfs
nautilus:
  Installed: 1:2.26.2-0ubuntu2
  Candidate: 1:2.26.2-0ubuntu2
  Version table:
     1:2.28.0-0ubuntu3 0
        400 http://de.archive.ubuntu.com karmic/main Packages
 *** 1:2.26.2-0ubuntu2 0
        500 http://de.archive.ubuntu.com jaunty-updates/main Packages
        100 /var/lib/dpkg/status
     1:2.26.2-0ubuntu1 0
        500 http://de.archive.ubuntu.com jaunty/main Packages
gvfs:
  Installed: 1.2.2-0ubuntu2
  Candidate: 1.2.2-0ubuntu2
  Version table:
     1.4.0-0ubuntu1 0
        400 http://de.archive.ubuntu.com karmic/main Packages
 *** 1.2.2-0ubuntu2 0
        500 http://de.archive.ubuntu.com jaunty-updates/main Packages
        100 /var/lib/dpkg/status
     1.2.2-0ubuntu1 0
        500 http://de.archive.ubuntu.com jaunty/main Packages
W: Unable to locate package gvfsd
muelli@xbox:~$

Changed in nautilus (Ubuntu):
status: Incomplete → New
Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :
Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :

I eventually realized that we're talking about upgrading to karmic packages. So given that there might be a fix available, will that be backported to Jaunty?

I upgraded gvfs, nautilus and the stuff it automatically pulls.
muelli@xbox:/tmp$ apt-cache policy nautilus gvfs
nautilus:
  Installed: 1:2.28.0-0ubuntu3
  Candidate: 1:2.28.0-0ubuntu3
  Version table:
 *** 1:2.28.0-0ubuntu3 0
        400 http://de.archive.ubuntu.com karmic/main Packages
        100 /var/lib/dpkg/status
     1:2.26.2-0ubuntu2 0
        500 http://de.archive.ubuntu.com jaunty-updates/main Packages
     1:2.26.2-0ubuntu1 0
        500 http://de.archive.ubuntu.com jaunty/main Packages
gvfs:
  Installed: 1.4.0-0ubuntu1
  Candidate: 1.4.0-0ubuntu1
  Version table:
 *** 1.4.0-0ubuntu1 0
        400 http://de.archive.ubuntu.com karmic/main Packages
        100 /var/lib/dpkg/status
     1.2.2-0ubuntu2 0
        500 http://de.archive.ubuntu.com jaunty-updates/main Packages
     1.2.2-0ubuntu1 0
        500 http://de.archive.ubuntu.com jaunty/main Packages
muelli@xbox:/tmp$

It doesn't crash in these versions.

So I guess it's either search for the fix to backport or WONTFIX for Jaunty.

Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :

The in commet #14 promised report is bug 440727,

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Right, it's difficult for the team to backport a fix if we don't know where is it, will leave this open for now, please comment when you have the time to test the same on Karmic, thanks Muelli.

Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :

Hey Pedro :)

As I was saying I tested it with the Karmic packages. It doesn't crash.

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Let's close the bug then, thanks Muelli.

Changed in nautilus (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.