GNOME Bugzilla – Bug 670646
nautilus segfaults in gtk_ui_manager_new_merge_id()
Last modified: 2012-07-21 05:32:59 UTC
The bug has been reported on https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/925503 "nautilus 3.3.4 (but got duplicates with newer versions)
+ Trace 229718
that seems to still be an issue with nautilus 3.5.3 (or it could be an issue happening on upgrades, https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1018845 was reported today and the new nautilus was just uploaded earlier, so maybe the gtkbuilder file is changing under the running nautilus leading to the issue?)
I can reproduce at will, just by closing the nautilus window (when it's also managing the desktop). Here is what valgrind says when it happens (running nautilus from trunk): ... (nautilus:3667): Gtk-CRITICAL **: gtk_action_group_get_action: assertion `GTK_IS_ACTION_GROUP (action_group)' failed (nautilus:3667): Gtk-CRITICAL **: gtk_action_set_sensitive: assertion `GTK_IS_ACTION (action)' failed (nautilus:3667): Gtk-CRITICAL **: gtk_action_set_visible: assertion `GTK_IS_ACTION (action)' failed (nautilus:3667): GLib-GObject-CRITICAL **: g_object_set: assertion `G_IS_OBJECT (object)' failed ==3667== Invalid read of size 4 ==3667== at 0x413EB47: gtk_action_group_get_action (gtkactiongroup.c:802) ==3667== by 0x80B8344: real_update_menus (nautilus-view.c:8421) ==3667== by 0x80799BC: nautilus_icon_view_update_menus (nautilus-icon-view.c:1379) ==3667== by 0x80B4EE8: nautilus_view_update_menus (nautilus-view.c:713) ==3667== by 0x80B4F44: update_menus_timeout_callback (nautilus-view.c:3650) ==3667== by 0x4D21B7E: g_timeout_dispatch (gmain.c:4002) ==3667== by 0x4D20EA2: g_main_context_dispatch (gmain.c:2691) ==3667== by 0x4D2123F: g_main_context_iterate.isra.21 (gmain.c:3266) ==3667== by 0x4D21320: g_main_context_iteration (gmain.c:3327) ==3667== by 0x4BBEDBB: g_application_run (gapplication.c:1607) ==3667== by 0x8067B87: main (nautilus-main.c:103) ==3667== Address 0x12b8d3d8 is 0 bytes inside a block of size 44 free'd ==3667== at 0x402B06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==3667== by 0x4D26F7A: standard_free (gmem.c:98) ==3667== by 0x4D270EF: g_free (gmem.c:252) ==3667== by 0x4D3CA9A: g_slice_free1 (gslice.c:1111) ==3667== by 0x4CB8131: g_type_free_instance (gtype.c:1935) ==3667== by 0x4C995CA: g_object_unref (gobject.c:3036) ==3667== by 0x4D1DBF5: g_list_foreach (glist.c:942) ==3667== by 0x4D1DC41: g_list_free_full (glist.c:183) ==3667== by 0x43B5295: gtk_ui_manager_finalize (gtkuimanager.c:686) ==3667== by 0x4C99557: g_object_unref (gobject.c:3023) ==3667== by 0x80C4EAF: nautilus_window_finalize (nautilus-window.c:1382) ==3667== by 0x4C99557: g_object_unref (gobject.c:3023) ==3667== (nautilus:3667): Gtk-CRITICAL **: gtk_action_group_get_action: assertion `GTK_IS_ACTION_GROUP (action_group)' failed (nautilus:3667): Gtk-CRITICAL **: gtk_action_set_sensitive: assertion `GTK_IS_ACTION (action)' failed (nautilus:3667): Gtk-CRITICAL **: gtk_action_set_visible: assertion `GTK_IS_ACTION (action)' failed (nautilus:3667): GLib-GObject-CRITICAL **: g_object_set: assertion `G_IS_OBJECT (object)' failed ==3667== Invalid read of size 4 ==3667== at 0x80C58C1: nautilus_window_get_ui_manager (nautilus-window.c:2071) ==3667== by 0x80B6795: real_update_menus (nautilus-view.c:4561) ==3667== by 0x80799BC: nautilus_icon_view_update_menus (nautilus-icon-view.c:1379) ==3667== by 0x80B4EE8: nautilus_view_update_menus (nautilus-view.c:713) ==3667== by 0x80B4F44: update_menus_timeout_callback (nautilus-view.c:3650) ==3667== by 0x4D21B7E: g_timeout_dispatch (gmain.c:4002) ==3667== by 0x4D20EA2: g_main_context_dispatch (gmain.c:2691) ==3667== by 0x4D2123F: g_main_context_iterate.isra.21 (gmain.c:3266) ==3667== by 0x4D21320: g_main_context_iteration (gmain.c:3327) ==3667== by 0x4BBEDBB: g_application_run (gapplication.c:1607) ==3667== by 0x8067B87: main (nautilus-main.c:103) ==3667== Address 0x113df048 is 0 bytes inside a block of size 424 free'd ==3667== at 0x402B06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==3667== by 0x4D26F7A: standard_free (gmem.c:98) ==3667== by 0x4D270EF: g_free (gmem.c:252) ==3667== by 0x4D3CA9A: g_slice_free1 (gslice.c:1111) ==3667== by 0x4CB8131: g_type_free_instance (gtype.c:1935) ==3667== by 0x4C995CA: g_object_unref (gobject.c:3036) ==3667== by 0x425BB7C: gtk_main_do_event (gtkmain.c:1613) ==3667== by 0x45E4FDB: _gdk_event_emit (gdkevents.c:69) ==3667== by 0x4612CE7: gdk_event_source_dispatch (gdkeventsource.c:358) ==3667== by 0x4D20EA2: g_main_context_dispatch (gmain.c:2691) ==3667== by 0x4D2123F: g_main_context_iterate.isra.21 (gmain.c:3266) ==3667== by 0x4D21320: g_main_context_iteration (gmain.c:3327) ==3667== ** (nautilus:3667): CRITICAL **: nautilus_window_get_ui_manager: assertion `NAUTILUS_IS_WINDOW (window)' failed (nautilus:3667): Gtk-CRITICAL **: gtk_ui_manager_remove_ui: assertion `GTK_IS_UI_MANAGER (manager)' failed (nautilus:3667): Gtk-CRITICAL **: gtk_ui_manager_remove_action_group: assertion `GTK_IS_UI_MANAGER (manager)' failed ==3667== Invalid read of size 4 ==3667== at 0x43B5D74: gtk_ui_manager_new_merge_id (gtkuimanager.c:1427) ==3667== by 0x8127FB9: nautilus_ui_prepare_merge_ui (nautilus-ui-utilities.c:56) ==3667== by 0x80B67DB: real_update_menus (nautilus-view.c:4566) ==3667== by 0x80799BC: nautilus_icon_view_update_menus (nautilus-icon-view.c:1379) ==3667== by 0x80B4EE8: nautilus_view_update_menus (nautilus-view.c:713) ==3667== by 0x80B4F44: update_menus_timeout_callback (nautilus-view.c:3650) ==3667== by 0x4D21B7E: g_timeout_dispatch (gmain.c:4002) ==3667== by 0x4D20EA2: g_main_context_dispatch (gmain.c:2691) ==3667== by 0x4D2123F: g_main_context_iterate.isra.21 (gmain.c:3266) ==3667== by 0x4D21320: g_main_context_iteration (gmain.c:3327) ==3667== by 0x4BBEDBB: g_application_run (gapplication.c:1607) ==3667== by 0x8067B87: main (nautilus-main.c:103) ==3667== Address 0xc is not stack'd, malloc'd or (recently) free'd ==3667== ==3667== ==3667== Process terminating with default action of signal 11 (SIGSEGV) ==3667== Access not within mapped region at address 0xC ==3667== at 0x43B5D74: gtk_ui_manager_new_merge_id (gtkuimanager.c:1427) ==3667== by 0x8127FB9: nautilus_ui_prepare_merge_ui (nautilus-ui-utilities.c:56) ==3667== by 0x80B67DB: real_update_menus (nautilus-view.c:4566) ==3667== by 0x80799BC: nautilus_icon_view_update_menus (nautilus-icon-view.c:1379) ==3667== by 0x80B4EE8: nautilus_view_update_menus (nautilus-view.c:713) ==3667== by 0x80B4F44: update_menus_timeout_callback (nautilus-view.c:3650) ==3667== by 0x4D21B7E: g_timeout_dispatch (gmain.c:4002) ==3667== by 0x4D20EA2: g_main_context_dispatch (gmain.c:2691) ==3667== by 0x4D2123F: g_main_context_iterate.isra.21 (gmain.c:3266) ==3667== by 0x4D21320: g_main_context_iteration (gmain.c:3327) ==3667== by 0x4BBEDBB: g_application_run (gapplication.c:1607) ==3667== by 0x8067B87: main (nautilus-main.c:103) ==3667== If you believe this happened as a result of a stack ==3667== overflow in your program's main thread (unlikely but ==3667== possible), you can try to increase the size of the ==3667== main thread stack using the --main-stacksize= flag. ==3667== The main thread stack size used in this run was 8388608. ==3667== ==3667== HEAP SUMMARY: ==3667== in use at exit: 14,599,296 bytes in 89,906 blocks ==3667== total heap usage: 1,581,539 allocs, 1,491,633 frees, 215,669,398 bytes allocated ...
I downgraded to 3.5.1 (the -0ubuntu6 build) and it's not crashing, even after a few hours, with all the other libs & deps still up-to-date, while 3.5.[23] and master are all easily crashing. So the problem is between 3.5.1 and 3.5.2, or so it seems.
Do you run trunk patched or the upstream trunk (just to rule out distro patches impact)? It's weird because 3.5.1 to 3.5.2 has almost not commit, not sure which change created the issue (it seemed like gtk,a11y support enabled)
distro packages for the releases, and ricotz ppa for trunk builds (which are only incremental builds on top of the distro builds).
the recent issues are due to http://git.gnome.org/browse/gtk+/commit/?id=325cf071d1b6de55eac2a97d8f38558efda17807 "GtkNotebook: Maintain invariants during tab dnd"
*** Bug 680109 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 680349 ***