Bug #908787 “nautilus crashed with SIGSEGV in g_str_hash()” : Bugs : nautilus package : Ubuntu

Revision history for this message

Tormod Volden (tormodvolden) wrote on 2011-12-26:

#1

Dependencies.txt Edit (4.8 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (804 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (52.3 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (794 bytes, text/plain; charset="utf-8")
Registers.txt Edit (465 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (2.2 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (4.4 KiB, text/plain; charset="utf-8")
usr_lib_nautilus.txt Edit (304 bytes, text/plain; charset="utf-8")

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-12-26:

#2

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nautilus (Ubuntu):
status:	New → Confirmed

Revision history for this message

Jason Conti (jconti) wrote on 2011-12-26:

#3

Download full text (5.9 KiB)

I can reproduce this in precise as well. Here is a slightly better backtrace:

1) gdb nautilus
2) run Computer://
3) Double click a partition in the nautilus window
4) Following backtrace:

(gdb) run Computer://
Starting program: /usr/bin/nautilus Computer://
[Thread debugging using libthread_db enabled]
[New Thread 0xb68feb70 (LWP 14782)]
[New Thread 0xb60fdb70 (LWP 14783)]
[New Thread 0xb58d3b70 (LWP 14784)]
Initializing nautilus-gdu extension

GLib-GObject-CRITICAL **: g_value_get_pointer: assertion `G_VALUE_HOLDS_POINTER (value)' failed

Program received signal SIGSEGV, Segmentation fault.
g_str_hash (v=0x0) at /build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c:1661
1661 /build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c: No such file or directory.
in /build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c
(gdb) bt
#0 g_str_hash (v=0x0)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c:1661
#1 0xb7374a38 in g_hash_table_lookup_node (hash_return=<synthetic pointer>,
    key=0x0, hash_table=0x8783ee8)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c:385
#2 g_hash_table_lookup (hash_table=0x8783ee8, key=0x0)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c:1058
#3 0xb50493b9 in gdu_pool_get_by_object_path (pool=0x832acf0, object_path=0x0)
    at gdu-pool.c:2217
#4 0xb50479b6 in device_changed_signal_handler (proxy=0x87e4090,
    object_path=0x0, user_data=0x832acf0) at gdu-pool.c:1528
#5 0xb7444f8a in g_cclosure_marshal_VOID__POINTER (closure=0x87ce5a0,
    return_value=0x0, n_param_values=2, param_values=0x87ec5c0,
    invocation_hint=0xbfffee90, marshal_data=0x0)
    at /build/buildd/glib2.0-2.31.4.tested/./gobject/gmarshal.c:609
#6 0xb502017a in marshal_dbus_message_to_g_marshaller (closure=0x87ce5a0,
    return_value=0x0, n_param_values=3, param_values=0x87d4048,
    invocation_hint=0xbfffee90, marshal_data=0x0) at dbus-gproxy.c:1734
#7 0xb7442dac in g_closure_invoke (closure=0x87ce5a0, return_value=0x0,
    n_param_values=3, param_values=0x87d4048, invocation_hint=0xbfffee90)
    at /build/buildd/glib2.0-2.31.4.tested/./gobject/gclosure.c:774
#8 0xb74540c5 in signal_emit_unlocked_R (node=0x82be698, detail=2861,
    instance=0x87e4090, emission_return=0x0, instance_and_params=0x87d4048)
    at /build/buildd/glib2.0-2.31.4.tested/./gobject/gsignal.c:3302
#9 0xb745b942 in g_signal_emit_valist (instance=0x87e4090, signal_id=220,
    detail=2861, var_args=0xbffff044 "")
    at /build/buildd/glib2.0-2.31.4.tested/./gobject/gsignal.c:3033
#10 0xb745bad3 in g_signal_emit (instance=0x87e4090, signal_id=220,
    detail=2861)
    at /build/buildd/glib2.0-2.31.4.tested/./gobject/gsignal.c:3090
#11 0xb5020820 in dbus_g_proxy_emit_remote_signal (message=0x8427ce0,
    proxy=<optimized out>) at dbus-gproxy.c:1787
#12 dbus_g_proxy_manager_filter (user_data=0x87c98d0, message=0x8427ce0,
    connection=<optimized out>) at dbus-gproxy.c:1354
#13 dbus_g_proxy_manager_filter (connection=0x87d0568, message=0x8427ce0,
    user_data=0x87c98d0) at dbus-gproxy.c:1195
#14 0xb693e441 in dbus_connection_dispatch ()
   from /lib/i386-linux-gnu/libdbus-1.so.3
#15 0xb50189ad in message_queue_dispatch (source=0x878fb98, call...

I can reproduce this in precise as well. Here is a slightly better backtrace:

1) gdb nautilus
2) run Computer://
3) Double click a partition in the nautilus window
4) Following backtrace:

(gdb) run Computer://
Starting program: /usr/bin/nautilus Computer://
[Thread debugging using libthread_db enabled]
[New Thread 0xb68feb70 (LWP 14782)]
[New Thread 0xb60fdb70 (LWP 14783)]
[New Thread 0xb58d3b70 (LWP 14784)]
Initializing nautilus-gdu extension

GLib-GObject-CRITICAL **: g_value_get_pointer: assertion `G_VALUE_HOLDS_POINTER (value)' failed

Program received signal SIGSEGV, Segmentation fault.
g_str_hash (v=0x0) at /build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c:1661
1661	/build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c: No such file or directory.
	in /build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c
(gdb) bt
#0  g_str_hash (v=0x0)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c:1661
#1  0xb7374a38 in g_hash_table_lookup_node (hash_return=<synthetic pointer>, 
    key=0x0, hash_table=0x8783ee8)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c:385
#2  g_hash_table_lookup (hash_table=0x8783ee8, key=0x0)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/ghash.c:1058
#3  0xb50493b9 in gdu_pool_get_by_object_path (pool=0x832acf0, object_path=0x0)
    at gdu-pool.c:2217
#4  0xb50479b6 in device_changed_signal_handler (proxy=0x87e4090, 
    object_path=0x0, user_data=0x832acf0) at gdu-pool.c:1528
#5  0xb7444f8a in g_cclosure_marshal_VOID__POINTER (closure=0x87ce5a0, 
    return_value=0x0, n_param_values=2, param_values=0x87ec5c0, 
    invocation_hint=0xbfffee90, marshal_data=0x0)
    at /build/buildd/glib2.0-2.31.4.tested/./gobject/gmarshal.c:609
#6  0xb502017a in marshal_dbus_message_to_g_marshaller (closure=0x87ce5a0, 
    return_value=0x0, n_param_values=3, param_values=0x87d4048, 
    invocation_hint=0xbfffee90, marshal_data=0x0) at dbus-gproxy.c:1734
#7  0xb7442dac in g_closure_invoke (closure=0x87ce5a0, return_value=0x0, 
    n_param_values=3, param_values=0x87d4048, invocation_hint=0xbfffee90)
    at /build/buildd/glib2.0-2.31.4.tested/./gobject/gclosure.c:774
#8  0xb74540c5 in signal_emit_unlocked_R (node=0x82be698, detail=2861, 
    instance=0x87e4090, emission_return=0x0, instance_and_params=0x87d4048)
    at /build/buildd/glib2.0-2.31.4.tested/./gobject/gsignal.c:3302
#9  0xb745b942 in g_signal_emit_valist (instance=0x87e4090, signal_id=220, 
    detail=2861, var_args=0xbffff044 "")
    at /build/buildd/glib2.0-2.31.4.tested/./gobject/gsignal.c:3033
#10 0xb745bad3 in g_signal_emit (instance=0x87e4090, signal_id=220, 
    detail=2861)
    at /build/buildd/glib2.0-2.31.4.tested/./gobject/gsignal.c:3090
#11 0xb5020820 in dbus_g_proxy_emit_remote_signal (message=0x8427ce0, 
    proxy=<optimized out>) at dbus-gproxy.c:1787
#12 dbus_g_proxy_manager_filter (user_data=0x87c98d0, message=0x8427ce0, 
    connection=<optimized out>) at dbus-gproxy.c:1354
#13 dbus_g_proxy_manager_filter (connection=0x87d0568, message=0x8427ce0, 
    user_data=0x87c98d0) at dbus-gproxy.c:1195
#14 0xb693e441 in dbus_connection_dispatch ()
   from /lib/i386-linux-gnu/libdbus-1.so.3
#15 0xb50189ad in message_queue_dispatch (source=0x878fb98, callback=0, 
    user_data=0x0) at dbus-gmain.c:90
#16 0xb738528a in g_main_dispatch (context=0x81f3b80)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/gmain.c:2513
#17 g_main_context_dispatch (context=0x81f3b80)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/gmain.c:3050
#18 0xb7385695 in g_main_context_iterate (dispatch=1, block=-1220988880, 
    context=0x81f3b80, self=<optimized out>)
    user_data=0x0) at dbus-gmain.c:90
#16 0xb738528a in g_main_dispatch (context=0x81f3b80)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/gmain.c:2513
#17 g_main_context_dispatch (context=0x81f3b80)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/gmain.c:3050
#18 0xb7385695 in g_main_context_iterate (dispatch=1, block=-1220988880, 
    context=0x81f3b80, self=<optimized out>)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/gmain.c:3121
#19 g_main_context_iterate (context=0x81f3b80, block=-1220988880, dispatch=1, 
    self=<optimized out>)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/gmain.c:3058
#20 0xb7385771 in g_main_context_iteration (context=0x81f3b80, may_block=1)
    at /build/buildd/glib2.0-2.31.4.tested/./glib/gmain.c:3182
#21 0xb753862c in g_application_run (application=0x81c5c08, argc=2, 
    argv=0xbffff374)
    at /build/buildd/glib2.0-2.31.4.tested/./gio/gapplication.c:1548
#22 0x08067ae4 in ?? ()
#23 0xb7178113 in __libc_start_main (main=0x8067a20, argc=2, 
    ubp_av=0xbffff374, init=0x8158bd0, fini=0x8158c40, rtld_fini=0xb7feebc0, 
    stack_end=0xbffff36c) at libc-start.c:226
#24 0x08067b1d in ?? ()
Backtrace stopped: Not enough registers or memory available to unwind further

The NULL object_path above when libgdu receives the DeviceChanged signal from udisks seems to be the cause, but interestingly, running:

dbus-monitor --system "type='signal',sender='org.freedesktop.UDisks',interface='org.freedesktop.UDisks'"

I get:

signal sender=org.freedesktop.DBus -> dest=:1.81 serial=2 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameAcquired
   string ":1.81"
signal sender=:1.54 -> dest=(null destination) serial=389 path=/org/freedesktop/UDisks; interface=org.freedesktop.UDisks; member=DeviceJobChanged
   object path "/org/freedesktop/UDisks/devices/sda4"
   boolean true
   string "FilesystemMount"
   uint32 1000
   boolean false
   double -1
signal sender=:1.54 -> dest=(null destination) serial=393 path=/org/freedesktop/UDisks; interface=org.freedesktop.UDisks; member=DeviceChanged
   object path "/org/freedesktop/UDisks/devices/sda4"
signal sender=:1.54 -> dest=(null destination) serial=395 path=/org/freedesktop/UDisks; interface=org.freedesktop.UDisks; member=DeviceJobChanged
   object path "/org/freedesktop/UDisks/devices/sda4"
   boolean false
   string ""
   uint32 0
   boolean false
   double -1

So the object path would seem to be non-NULL when udisks emits it. Strange.

Revision history for this message

Jason Conti (jconti) wrote on 2011-12-29:

#4

Found the problem, it is actually caused by ubuntuone-client (specifically libsyncdaemon). Due to a recent change from bug #859635 , the library is registering a dbus message marshaller for VOID__POINTER, however the type registered is actually VOID__BOXED, which happens to be the same type as DeviceChanged from UDisks (DBusGObjectPath is a boxed type). So there is an unnecessary (it is a standard type, and just maps to g_cclosure_marshal_VOID__POINTER anyway) and incorrect entry in the marshal_table of dbus-glib, and we get the error message as above:

GLib-GObject-CRITICAL **: g_value_get_pointer: assertion `G_VALUE_HOLDS_POINTER (value)' failed

when g_cclosure_marshal_VOID__POINTER is called, and then everything dies because object_path is NULL.

I think the best fix to this would be to just remove the marshaller registration in ubuntuone-client/libsyncdaemon/syncdaemon-authentication.c. (tested a rebuild with it commented out and no crash, but I don't use ubuntuone so didn't test any of that code, but again, it should be unnecessary since it just maps to a standard marshaller).

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-12-29:

#5

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntuone-client (Ubuntu):
status:	New → Confirmed

Sebastien Bacher (seb128) on 2012-01-02

Changed in ubuntuone-client (Ubuntu):
assignee:	nobody → Rodney Dawes (dobey)

Sebastien Bacher (seb128) on 2012-01-02

Changed in ubuntuone-client (Ubuntu):
importance:	Undecided → High
Changed in nautilus (Ubuntu):
status:	Confirmed → Invalid
Changed in ubuntuone-client (Ubuntu):
status:	Confirmed → Triaged

Revision history for this message

Sebastien Bacher (seb128) wrote on 2012-01-02:

#6

bug #908261 is a duplicate (will close it once it's retraced)

Ubuntu One Auto Pilot (otto-pilot) on 2012-01-03

Changed in ubuntuone-client:
status:	New → Fix Committed

dobey (dobey) on 2012-01-03

Changed in ubuntuone-client (Ubuntu):
milestone:	none → precise-alpha-2

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-01-04:

#7

This bug was fixed in the package ubuntuone-client - 2.99.1-0ubuntu1

---------------
ubuntuone-client (2.99.1-0ubuntu1) precise; urgency=low

  * New upstream release.
    - Avoid using hint files with size 0. (LP: #825366)
    - Use g_return_if_fail to avoid NULL for important args (LP: #908805)
    - Don't register a new VOID__POINTER marshaller for dbus as it breaks now
      (LP: #908787, LP: #908261)
  * debian/watch:
    - Point at the release milestone
-- Rodney Dawes <email address hidden> Wed, 04 Jan 2012 09:44:36 -0500

Changed in ubuntuone-client (Ubuntu):
status:	Triaged → Fix Released

Ubuntu
nautilus package

nautilus crashed with SIGSEGV in g_str_hash()

Bug Description

Related branches

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to	Milestone
Ubuntu One Client	Status tracked in Trunk
Stable-3-0	Fix Released	High	dobey	Ubuntu One Client 2.99.1
Trunk	Fix Released	High	dobey
nautilus (Ubuntu)	Invalid	Undecided	Unassigned
ubuntuone-client (Ubuntu)	Fix Released	High	dobey	Ubuntu precise-alpha-2

Ubuntunautilus package

nautilus crashed with SIGSEGV in g_str_hash()

Bug Description

Related branches

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
nautilus package