Ubuntu
libdbusmenu package

nautilus crashed with SIGSEGV in image_notify_cb()

Bug #724202 reported by Matt Zimmerman on 2011-02-24

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	DBus Menu	Invalid	Low	Unassigned
	libdbusmenu (Ubuntu)	Invalid	Medium	Unassigned

Bug Description

Binary package hint: nautilus

Similar to bug 722932, bug 723989, etc.

Probably a dbusmenu issue.

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: nautilus 1:2.32.2.1-0ubuntu6
ProcVersionSignature: Ubuntu 2.6.38-4.31-generic 2.6.38-rc5
Uname: Linux 2.6.38-4-generic x86_64
Architecture: amd64
Date: Thu Feb 24 09:14:27 2011
ExecutablePath: /usr/bin/nautilus
ProcCmdline: nautilus
ProcCwd: /home/mdz
ProcEnviron:
LANGUAGE=en_GB:en
LANG=en_GB.UTF-8
LC_MESSAGES=en_GB.utf8
SHELL=/bin/zsh
SegvAnalysis:
Segfault happened at: 0x7f16f236dd28 <g_type_check_instance_cast+104>: movzbl 0x16(%rcx),%eax
PC (0x7f16f236dd28) ok
source "0x16(%rcx)" (0x7f1600000016) not located in a known VMA region (needed readable region)!
destination "%eax" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: nautilus
StacktraceTop:
g_type_check_instance_cast (type_instance=0x2718810, iface_type=33672672) at /build/buildd/glib2.0-2.28.1/./gobject/gtype.c:3991
?? () from /usr/lib/libdbusmenu-gtk.so.3
?? ()
g_value_peek_pointer (value=0x1) at /build/buildd/glib2.0-2.28.1/./gobject/gvalue.c:316
?? ()
Title: nautilus crashed with SIGSEGV in g_type_check_instance_cast()
UserGroups: adm admin audio cdrom dialout fuse kvm libvirtd lpadmin plugdev sambashare video
usr_lib_nautilus: nautilus 1:2.32.2.1-0ubuntu6ubuntuone-client-gnome 1.5.4-0ubuntu1ubuntuone-client-gnome 1.5.4-0ubuntu1file-roller 2.32.1-0ubuntu3evince 2.32.0-0ubuntu10seahorse-plugins 2.30.1-3ubuntu2brasero 2.32.1-0ubuntu2deja-dup 17.90-0ubuntu3ubuntuone-client-gnome 1.5.4-0ubuntu1deja-dup 17.90-0ubuntu3deja-dup 17.90-0ubuntu3gnome-disk-utility 2.32.1-0ubuntu4nautilus-share 0.7.2-14ubuntu1totem 2.32.0-0ubuntu9nautilus-sendto 2.32.0-0ubuntu1quickly-ubuntu-template 11.03.1-0ubuntu2

Tags:

Revision history for this message

Matt Zimmerman (mdz) wrote on 2011-02-24:

Dependencies.txt Edit (5.2 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (1.2 KiB, text/plain; charset="utf-8")
GConfNonDefault.txt Edit (1.1 KiB, text/plain; charset="utf-8")
ProcMaps.txt Edit (71.5 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (816 bytes, text/plain; charset="utf-8")
Registers.txt Edit (770 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (805 bytes, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (2.9 KiB, text/plain; charset="utf-8")
XsessionErrors.txt Edit (73.6 KiB, text/plain; charset="utf-8")

Revision history for this message

Matt Zimmerman (mdz) wrote on 2011-02-24:

This one happened while I was installing updates this morning

Revision history for this message

Apport retracing service (apport) wrote on 2011-02-24:

StacktraceTop:
g_type_check_instance_cast (
image_notify_cb (widget=0x2718810,
?? ()
g_value_peek_pointer (value=0x1)
?? ()

Revision history for this message

Apport retracing service (apport) wrote on 2011-02-24: Stacktrace.txt

Stacktrace.txt Edit (922 bytes, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2011-02-24: ThreadStacktrace.txt

ThreadStacktrace.txt Edit (4.3 KiB, text/plain)

Changed in nautilus (Ubuntu):
importance:	Undecided → Medium
tags:	removed: need-amd64-retrace

Matt Zimmerman (mdz) on 2011-02-24

visibility:

private → public

Revision history for this message

Sebastien Bacher (seb128) wrote on 2011-02-24: Re: nautilus crashed with SIGSEGV in g_type_check_instance_cast()

Thanks, seems slightly different from the other ones so keeping it for now, having a stacktrace with libdbusmenu-glib,gtk debug symbols would be nice if you still have the .crash

affects:	nautilus (Ubuntu) → libdbusmenu (Ubuntu)
Changed in libdbusmenu (Ubuntu):
assignee:	nobody → Chris Coulson (chrisccoulson)
summary:	- nautilus crashed with SIGSEGV in g_type_check_instance_cast() + nautilus crashed with SIGSEGV in image_notify_cb()

Revision history for this message

Sebastien Bacher (seb128) wrote on 2011-02-24:

Updating the title, this crash is in call from image_notify_cb() not from the theme_changed_cb() as others

Revision history for this message

Matt Zimmerman (mdz) wrote on 2011-02-24:

From a local debugging session:

(gdb) bt full
#0 0x00007f16f236dd28 in g_type_check_instance_cast (type_instance=0x2718810,
    iface_type=33672672) at /build/buildd/glib2.0-2.28.1/./gobject/gtype.c:3991
        node = 0x7f1600000000
        iface = 0x7fff464e4b50
        is_instantiatable = <value optimised out>
        check = <value optimised out>
#1 0x00007f16efdcba9e in image_notify_cb (widget=0x2718810,
    pspec=<value optimised out>, data=0x2026120)
    at /build/buildd/libdbusmenu-0.3.98/./libdbusmenu-gtk/parser.c:690
        mi = 0x2026120
#2 0x0000000002026120 in ?? ()
No symbol table info available.
#3 0x00007f16f2370a05 in g_value_peek_pointer (value=0x1)
    at /build/buildd/glib2.0-2.28.1/./gobject/gvalue.c:316
        value_table = <value optimised out>
        __PRETTY_FUNCTION__ = "g_value_peek_pointer"
#4 0x00007f16e004c620 in ?? ()
No symbol table info available.
#5 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb)

<mdz> seb128, stack frame #2 has the same address as the data= parameter to the callback
that doesn't seem right
#1 0x00007f16efdcba9e in image_notify_cb (widget=0x2718810,
pspec=<value optimised out>, data=0x2026120)
#2 0x0000000002026120 in ?? ()
<seb128> indeed
<mdz> I'm not surprised it can't find any debug symbols for the stack :-)

Kalle Valo (kvalo) on 2011-02-25

Changed in dbusmenu:
importance:	Undecided → Medium

Revision history for this message

Sebastien Bacher (seb128) wrote on 2011-02-28:

bug #723850 has a successful retracing: http://launchpadlibrarian.net/65275023/Stacktrace.txt

Sebastien Bacher (seb128) on 2011-02-28

Changed in libdbusmenu (Ubuntu):
status:	New → Confirmed

Revision history for this message

Michael Terry (mterry) wrote on 2011-02-28:

#10

Chris and I talked about this on IRC, and we suspect it's the same as the theme_changed_cb bugs. The stack looks exactly the same up until the very top where it calls image_notify_cb. But that function has no business being called during a theme change (and it's data argument is bogus), so it's likely that stack corruption has occurred and we're not really in image_notify_cb.

Mikkel Kamstrup Erlandsen (kamstrup) on 2011-03-04

Changed in dbusmenu:
status:	New → Confirmed
assignee:	nobody → Chris Coulson (chrisccoulson)

Revision history for this message

Sebastien Bacher (seb128) wrote on 2011-03-28:

#11

there has been no duplicate for a while so let's say it's fixed and close it, if you get a new crash feel free to open a new bug

Changed in libdbusmenu (Ubuntu):
assignee:	Chris Coulson (chrisccoulson) → nobody
status:	Confirmed → Invalid
Changed in dbusmenu:
assignee:	Chris Coulson (chrisccoulson) → nobody
importance:	Medium → Low
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulibdbusmenu package

nautilus crashed with SIGSEGV in image_notify_cb()

Bug Description

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
libdbusmenu package