Bug 1074401

Summary: In RHEL6, the nautilus was aborted by SIGFPE at g_hash_table_lookup_node() in glib2.
Product: Red Hat Enterprise Linux 6 Reporter: kyoneyama <kyoneyam>
Component: nautilusAssignee: Alexander Larsson <alexl>
Status: CLOSED WONTFIX QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.4CC: alexl, mclasen, mkolbas, tpelka, vchoudha
Target Milestone: rc   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-08 12:47:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1075802, 1172231    

Description kyoneyama 2014-03-10 05:56:24 UTC 
Description of problem:

  The nautilus was aborted by SIGFPE at g_hash_table_lookup_node() in glib2.


  (gdb results)
  Core was generated by `nautilus'.
  Program terminated with signal 8, Arithmetic exception.

  (gdb) bt
  #0  0x00abac7d in g_hash_table_lookup_node (hash_table=0x9b77830, 
      key=0x9b27dd4) at ghash.c:199
  #1  IA__g_hash_table_lookup (hash_table=0x9b77830, key=0x9b27dd4)
      at ghash.c:784
  #2  0x08152853 in pixbuf_can_load_type (mime_type=0x9b27dd4 "inode/directory")
      at nautilus-thumbnails.c:779
  #3  0x081212b1 in nautilus_file_should_show_thumbnail (file=0x9b5a908)
      at nautilus-file.c:3979
  #4  0x080fb6c3 in lacks_thumbnail (file=0x9b5a908)
      at nautilus-directory-async.c:1696
  #5  0x080fb1cc in is_needy (file=0x9b5a908, 
      check_missing=<value optimized out>, request_type_wanted=REQUEST_THUMBNAIL)
      at nautilus-directory-async.c:2332
  #6  0x080fc59c in thumbnail_start (directory=0x9b58070)
      at nautilus-directory-async.c:3975
  #7  start_or_stop_io (directory=0x9b58070) at nautilus-directory-async.c:4543
  #8  nautilus_directory_async_state_changed (directory=0x9b58070)
      at nautilus-directory-async.c:4589
  #9  0x081012aa in nautilus_directory_monitor_remove_internal (
      directory=0x9b58070, file=0x9b5ae18, client=0x9b46d44)
      at nautilus-directory-async.c:1127
  #10 0x0815961e in vfs_file_monitor_remove (file=0x9b5ae18, client=0x9b46d44)
      at nautilus-vfs-file.c:58


  ----- glib/ghash.c  ------
  static inline guint
  g_hash_table_lookup_node (GHashTable    *hash_table,
                            gconstpointer  key)
  {
  :
  (snip)
  :
    hash_value = (* hash_table->hash_func) (key);
    if (G_UNLIKELY (hash_value <= 1))
      hash_value = 2;
  
    node_index = hash_value % hash_table->mod;         <<<===== Division by zero
  ---------------------------

  (gdb) p *hash_table
  $1 = {size = 162995584, mod = 0, mask = 7, nnodes = 0, noccupied = 0, nodes = 0x9bf4f88, hash_func = 0x80618ec <g_direct_hash@plt>, 
  key_equal_func = 0x8061f0c <g_direct_equal@plt>, ref_count = 0, version = 0, key_destroy_func = 0, value_destroy_func = 0}


  The variable `hash_table->mod` is set to the prime number when making the hash table by g_hash_table_new_full().
  Therefore, it is hard to consider the situation where `hash_table->mod` is set to 0. 

  ----- glib/ghash.c  ------
  GHashTable*
  g_hash_table_new_full (GHashFunc       hash_func,
                         GEqualFunc      key_equal_func,
                         GDestroyNotify  key_destroy_func,
                         GDestroyNotify  value_destroy_func)
  {
    GHashTable *hash_table;
  
    hash_table = g_slice_new (GHashTable);
    g_hash_table_set_shift (hash_table, HASH_TABLE_MIN_SHIFT);       <<===== `hash_table->mod’ is set to the prime number.
    hash_table->nnodes             = 0;
  ---------------------------


Version-Release number of selected component (if applicable):

  - nautilus-2.28.4-19.el6
  - glib2-2.22.5-7.el6
  - glibc-2.12-1.107.el6
  - glibc-common-2.12-1.107.el6


How reproducible:

  This problem is not reproducible.


Additional info:

* This problem occurred during the shutdown of the system.

* Similar case:
  - https://bugzilla.redhat.com/show_bug.cgi?id=834405
  - https://bugs.launchpad.net/ubuntu/+source/nautilus-actions/+bug/946439
Comment 3 RHEL Program Management 2015-10-08 12:47:05 UTC 
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.