safely remove drive causes segfault in libgobject and libXtst

Thank you for taking the time to report this bug and helping to make Ubuntu better. However, your crash report is either missing or challenging to deal with as a '.crash' file. Please follow these instructions to have apport report a new bug about your crash that can be dealt with by the automatic retracer.

 If you are running the Ubuntu Stable Release you might need to enable apport in /etc/default/apport and restart.

 If you are using Ubuntu with the Gnome desktop environment - launch nautilus and navigate to your /var/crash directory and double click on the crash report you wish to submit.

 If you are using Kubuntu or Xubuntu you can file the crash using /usr/share/apport/apport-qt --crash-file=/var/crash/_my_crash_report.crash in a terminal - where _my_crash_report.crash is the crash you would like to report.
 I'm closing this bug report since the process outlined above will automatically open a new bug report which can then dealt with more efficiently. Thanks in advance for your cooperation and understanding.

Alas, there isn't a relevant crash file in /var/crash for nautilus. Might it be elsewhere?

did you activate apport as described and triggered the crash again after doing the change?

you can use gdb to get a stacktrace otherwise

could you also give details on the device you eject there?

I was running the unstable (at least the RC) version of Karmic, so I assumed apport was running (it has been popping up with errors every now and again). But when I checked /etc/default/apport, it was disabled, so I have now enabled it.

I did an lsusb -vv on the devices I am ejecting (see attached file).

However, I haven't been able to trigger the problem again. If it happens again, maybe apport will capture it.

I am using the latest Karmic image (as of Nov. 9, 2009) and still experiencing this exact issue whenever I try to use ''safely remove drive'.

Some correction to my last comment, it does not happen every time though.

I'm also seeing this.
I seem to be able to reproduce it.
Turn on the external USB drive.
Open it in Nautilus to ensure it's mounted.
Drop into the command (guake rocks!) and browse into a folder on the drive.
Go to the desktop, select the drive and choice "Safely remove drive".
BANG, the desktop icons are gone and the desktop is dead.

Unmounting or "Safely remove" in Nautilus file manager window when the drive is in use on the command line will crash Nautilus.

Both of these issues will happen again and again until the command line in question is directed out of a folder on the drive, or of course the command line is closed down.

It looks like a drive busy issue. Nautilus doesn't seem to cope if the drive is in use by something other than itself.

@Joe: I tried reproducing it that way, but when I try to safely remove a drive that gnome-terminal is accessing, nautilus tells me it's being used (by bash) and then asks if I want to unmount it anyway. (If I say yes, unmount it anyway, it pops up the same window telling me it's being used and do I want to unmount it anyway again, but that's a different bug.)

mmmm

I tried gnome-terminal like you, and like you I see what I should.
But using guake instead, it has crashed out everytime.

2009/11/22 Rocko <email address hidden>

> @Joe: I tried reproducing it that way, but when I try to safely remove a
> drive that gnome-terminal is accessing, nautilus tells me it's being
> used (by bash) and then asks if I want to unmount it anyway. (If I say
> yes, unmount it anyway, it pops up the same window telling me it's being
> used and do I want to unmount it anyway again, but that's a different
> bug.)
>
> --
> safely remove drive causes segfault in libgobject and libXtst
> https://bugs.launchpad.net/bugs/462364
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “nautilus” package in Ubuntu: Invalid
>
> Bug description:
> Binary package hint: nautilus
>
> After I chose 'safely remove drive' from the right-click menu on Karmic's
> desktop, my desktop icons disappeared and the following was reported in
> kern.log:
>
>
> Oct 28 10:52:23 pegasus-karmic kernel: [ 2453.120163] hda-intel:
> azx_get_response timeout, switching to polling mode: last cmd=0x20171704
>
> Oct 28 11:38:42 pegasus-karmic kernel: [ 5231.893805] nautilus[3219]:
> segfault at 700000008 ip 00007f9415b34651 sp 00007fffad4ac5b0 error 4 in
> libgobject-2.0.so.0.2200.2[7f9415b25000+44000]
>
> Oct 28 11:39:06 pegasus-karmic kernel: [ 5256.348517] nautilus[10076]:
> segfault at 7f416c192770 ip 00007f416c192770 sp 00007fff3d5cde08 error 14 in
> libXtst.so.6.1.0[7f416d36c000+5000]
>
>
> I may have done this for two drives in rapid succession and the second
> 'safely remove drive' is what caused the segfault.
>
> I've seen this happen previously (ie the icons disappear after selecting
> safely remove drive).
>
> ProblemType: Bug
> Architecture: amd64
> CheckboxSubmission: 1bd8e90541d49b96c13cbfcc9baf103b
> CheckboxSystem: d00f84de8a555815fa1c4660280da308
> Date: Wed Oct 28 11:39:30 2009
> DistroRelease: Ubuntu 9.10
> NonfreeKernelModules: nvidia
> Package: nautilus 1:2.28.1-0ubuntu1
> ProcEnviron:
> PATH=(custom, user)
> LANG=en_AU.UTF-8
> SHELL=/bin/bash
> SourcePackage: nautilus
> Uname: Linux 2.6.32-020632rc5-generic x86_64
>

I tried gnome-terminal like you, and like you I see what I should.
But using guake instead, it has crashed out everytime.

I can confirm that - I just tried guake and nautilus does segfault (and it doesn't unmount the drive) if guake's current working directory is in the drive being removed.

Don't know if this helps, trying to get the source of glib2 that karmic uses, but here's the callstack I'm seeing when you crash Nautilus via "Safely Remove" on the drive in the "Computer" place.

??
??
_gio_marshal_VOID__STRING_BOXED_BOXED /build/buildd/glib2.0-2.22.2/gio/gio-marshal.c 278
g_type_class_meta_marshal
IA__g_closure_invoke
signal_emit_unlocked_R
IA__g_signal_emit_valist
IA__g_singal_emit_by_name
??
??
dbus_connection_dispatch
??
g_main_dispatch
IA__g_main_context_dispatch
g_main_context_iterate
IA__g_main_loop_run
gtk_main
main

Ok, had another chase to look. Brought in the rest of the debug symbols for the libs nautilus, and found the wonders of "apt-get source <package>"

The top of the stack missing from where I was before is:

pid_get_command_line
_gtk_mount_operation_lookup_info
add_pid_to_process_list_store
update_process_list_store
gtk_mount_operation_show_processes
_gio_marshal_VOID_STRING_BOXED_BOXED
...
...

The crash is on line 705 of gtkmountoperation-x11.c

"if (cmdline_contents[n] == '\0')"

this is the first use of cmdline_contents so my bet is it's still NULL. I'm guessing g_file_get_contents shouldn't have returned true and a NULL cmdline_contents.

I'll keep his bug posted on my progress.

could somebody use apport to open the crash bug?

It is "pid_get_command_line" in gtkmountoperation-x11.c, but it's not "cmdline_contents" but "cmdline_len" that is the problem.

"cmdline_len" is coming back from "g_file_get_contents" as 0.

There is then the loop:

for (n = 0; n < cmdline_len - 1; n++)

and "n" and "cmdline_len" are unsigned..... so -1 is 0xFFFFFFFF.

So you can just stick in a check before the for loop to check "cmdline_len" is greater than 0, and only do the loop if it is.

The next question of course is should "g_file_get_contents" be able to return a "cmdline_len" that is 0?
I'll put the standard nautilus and try apport.

Here's my 2 cents on this issue. I have a Sansa c250 mp3 player running Rockbox v 3.4. It has 2 Gb internal storage and a 4 Gb microsdhc card. The combination of Karmic stable and v3.4 of Rockbox is the first combo to recognize both (previously I had to eject the sd card and insert it into a separate reader). Nautilus shows as 'Rockbox Internal Storage: Sansa c250' and 'Rockbox SD Card Slot: 4.0 GB Filesystem', separate entries. It always crashed the desktop on right-click 'Safely Remove Drive' whether I had unmounted the drives or not. I logged on today to report this, and found this thread, so I enabled 'apport' as instructed to provide the requested crash data - and the desktop did NOT crash. First I unmounted both entries and 'safely removed', no problem. Then, I simply tried 'safely remove' while both were mounted - same result, no crash, both removed just fine.

I'm disappointed I couldn't add to this bug report, but happy that my issue seems to have resolved itself - I just wish I knew HOW.

I no longer seam to be able to reproduce this. With or without apport. Maybe an update I didn't notice fixed it....

Why is this bug invalid?

I'm experiencing the same problem on Ubuntu 9.10 64 bit. I'll try and post some more useful details later.

because a bug should be opened using apport

It's definitely not fixed, I just experienced it again. Unfortunately I didn't have apport enabled and I can't reproduce it again. I've permanently enabled apport so hopefully next time this happens I can get a new bug report for this.

I can confirm that in a Dell Studio 1735. It doesn't happen everytime but it happens. Any solution?

ZaHACKieL, are you using Ubuntu 9.10? I haven't had this problem since updating to 10.04. I never got it again after enabling apport in 9.10 either though, it seems to be a very rare occurrence.