GNOME Bugzilla – Bug 336051
Expand/contract folder, then double click == crash
Last modified: 2007-10-19 22:07:49 UTC
Steps to reproduce: 1. Launch Nautilus in browser (non spatial) mode, so that new folders are opened in the same window. 2. Expand and then contract a folder. 3. Double click on that same folder to open it will result in an instant crash. Stack trace: Other information: Your documentation on how to retrieve a stack traces does not include instructions on how to handle something like nautilus, which when called just spawns a new window from the existing process. This should be easily reproducible for a developer anyhow. It doesn't happen *every* time on my box, but it does almost every time.
Thanks for your bug report! I'm unable to reproduce this here on my machine. We still need a stack trace to handle this. For launching Nautilus in debug mode, you'll have to enter gnome-session-remove nautilus export NAUTILUS_DEBUG="1" nautilus in a terminal. This will ensure that it doesn't spawn into background.
Ok, after more testing... it looks like I can only get it to happen when expanding/contracting on an NFS mounted filesystem. Can you reproduce that? ------------------------------- [hubick@CHWorkstation ~]$ gnome-session-remove nautilus Removing 'nautilus' from the session (gnome-session-remove:16054): GLib-CRITICAL **: g_shell_parse_argv: assertion `command_line != NULL' failed [hubick@CHWorkstation ~]$ export NAUTILUS_DEBUG="1" [hubick@CHWorkstation ~]$ nautilus --no-desktop --browser ** (nautilus:16256): CRITICAL **: g_sequence_ptr_get_data: assertion `ptr != NULL' failed [hubick@CHWorkstation ~]$ nautilus --no-desktop --browser ** (nautilus:16320): CRITICAL **: g_sequence_ptr_get_data: assertion `ptr != NULL' failed [hubick@CHWorkstation ~]$ nautilus --no-desktop --browser ** (nautilus:16338): CRITICAL **: g_sequence_ptr_get_data: assertion `ptr != NULL' failed [hubick@CHWorkstation ~]$ nautilus --no-desktop --browser ** (nautilus:16361): WARNING **: file already in tree (parent_ptr: (nil))!!! ** (nautilus:16361): WARNING **: file already in tree (parent_ptr: (nil))!!! ... ** (nautilus:16361): WARNING **: file already in tree (parent_ptr: (nil))!!! ** (nautilus:16361): WARNING **: file already in tree (parent_ptr: 0x8e74ea8)!!! ** (nautilus:16361): CRITICAL **: g_sequence_ptr_get_data: assertion `ptr != NULL' failed [hubick@CHWorkstation ~]$ nautilus --no-desktop --browser ** (nautilus:16429): CRITICAL **: g_sequence_ptr_get_data: assertion `ptr != NULL' failed [hubick@CHWorkstation ~]$ nautilus --no-desktop --browser ** (nautilus:16444): WARNING **: file already in tree (parent_ptr: (nil))!!! ** (nautilus:16444): WARNING **: file already in tree (parent_ptr: (nil))!!! ** (nautilus:16444): WARNING **: file already in tree (parent_ptr: (nil))!!! ** (nautilus:16444): WARNING **: file already in tree (parent_ptr: (nil))!!! ** (nautilus:16444): WARNING **: file already in tree (parent_ptr: (nil))!!! ** (nautilus:16444): CRITICAL **: g_sequence_ptr_get_data: assertion `ptr != NULL' failed [hubick@CHWorkstation ~]$ nautilus --no-desktop --browser ** (nautilus:16490): WARNING **: file already in tree (parent_ptr: (nil))!!! ** (nautilus:16490): CRITICAL **: g_sequence_ptr_get_data: assertion `ptr != NULL' failed [hubick@CHWorkstation ~]$ ------------------------------- [hubick@CHWorkstation ~]$ gdb nautilus GNU gdb Red Hat Linux (6.3.0.0-1.122rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols found) Using host libthread_db library "/lib/libthread_db.so.1". (gdb) run --no-desktop --browser Starting program: /usr/bin/nautilus --no-desktop --browser Reading symbols from shared object read from target memory...(no debugging symbols found)...done. Loaded system supplied DSO at 0x495000 (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) ... (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1208714720 (LWP 16283)] (no debugging symbols found) (no debugging symbols found) ... (no debugging symbols found) [New Thread -1235035232 (LWP 16286)] (no debugging symbols found) ... (no debugging symbols found) (no debugging symbols found) [New Thread 26602400 (LWP 16287)] [New Thread 37092256 (LWP 16288)] [New Thread 79285152 (LWP 16289)] [New Thread 47582112 (LWP 16290)] [New Thread 68762528 (LWP 16291)] [New Thread 127163296 (LWP 16292)] Program received signal SIG33, Real-time event 33. [Switching to Thread 127163296 (LWP 16292)] 0x00495402 in __kernel_vsyscall () (gdb) cont Continuing. [Thread 127163296 (LWP 16292) exited] Program received signal SIG33, Real-time event 33. [Switching to Thread 68762528 (LWP 16291)] 0x00495402 in __kernel_vsyscall () (gdb) cont Continuing. Program received signal SIG33, Real-time event 33. [Switching to Thread 47582112 (LWP 16290)] 0x00495402 in __kernel_vsyscall () (gdb) cont Continuing. [Thread 47582112 (LWP 16290) exited] Program received signal SIG33, Real-time event 33. [Switching to Thread 79285152 (LWP 16289)] 0x00495402 in __kernel_vsyscall () (gdb) cont Continuing. [Thread 79285152 (LWP 16289) exited] [Thread 68762528 (LWP 16291) exited] Program received signal SIG33, Real-time event 33. [Switching to Thread 37092256 (LWP 16288)] 0x00495402 in __kernel_vsyscall () (gdb) cont Continuing. Program received signal SIG33, Real-time event 33. [Switching to Thread 26602400 (LWP 16287)] 0x00495402 in __kernel_vsyscall () (gdb) cont Continuing. [Thread 26602400 (LWP 16287) exited] Program received signal SIG33, Real-time event 33. [Switching to Thread -1235035232 (LWP 16286)] 0x00495402 in __kernel_vsyscall () (gdb) cont Continuing. [Thread 37092256 (LWP 16288) exited] ------------------------------- At this point gdb just sits there, but no window comes up If I hit Ctrl+C I then get: ------------------------------- Program received signal SIGINT, Interrupt.
+ Trace 67253
Thread NaN (LWP 16283)
So, now I needinfo on what other info you need, and how I can help get it. Thanks.
Confirming. A part of the problem seems to be that subdirectories are added twice (cf. bug 45063).
Created attachment 62105 [details] [review] Proposed patch The problem seems to be that sometimes, a file is added both to the list of changed and the list of the added files. The attached patch should fix this issue. Maybe you could try out whether it reduces/fixes the crashes? There are probably still issues to resolve, but it is a good start.
Note to myself and other developers: dequeue_pending_idle_callback sometimes refs the file right above the code (in the if file != NULL condition), although it is not added to changed_files. nautilus_directory_find_file_by_name doesn't add a ref, but the additional ref seems to be superfluous and might create leaks.
Nice catch! It's on HEAD: * libnautilus-private/nautilus-directory-async.c: (dequeue_pending_idle_callback): Never add a file to both the added_files and changed_files lists. Don't ref an existing file without adding it to the changed_file list. (#336051) Patch from Christian Neumair <chris@gnome-de.org>
So it turns out this wasn't such a good idea after all - it caused bug 348097. It's reverted on HEAD.
Did you investigate how this happened? From reading attachment 62105 [details] [review] just the inner codepath is relevant for new files, so how could the event be ignored? Just a wild guess: The subsequent if (directory->details->directory_loaded) { statement removes confirmed files, which seems to be the case when they're added so we miss the last few files.
*** Bug 340912 has been marked as a duplicate of this bug. ***
I tracked down the reason the initial fix caused problems with adds and fixed it. What happened was that the new file got a changed event instead of an add event when it was first added. This was because the file already existed in the directory when we got to dequeue_pending_idle_callback due to a previous call to nautilus_file_get(). I commited this, and I now don't get any warning from the listview about things being added twice. However, I can still reproduce the initially reported crash on expand/contract and then open, so this bug isn't fixed.
The real fix was a simple protection against destruction/removal in the change_dummy_row_callback timeout.
*** Bug 355758 has been marked as a duplicate of this bug. ***
*** Bug 342016 has been marked as a duplicate of this bug. ***
*** Bug 372161 has been marked as a duplicate of this bug. ***
*** Bug 381814 has been marked as a duplicate of this bug. ***
*** Bug 362012 has been marked as a duplicate of this bug. ***
*** Bug 397202 has been marked as a duplicate of this bug. ***
*** Bug 429511 has been marked as a duplicate of this bug. ***
*** Bug 430854 has been marked as a duplicate of this bug. ***
*** Bug 367040 has been marked as a duplicate of this bug. ***
*** Bug 465090 has been marked as a duplicate of this bug. ***