Bug 1252434

Summary: nautilus crashes before the undo bar is shown
Product: Red Hat Enterprise Linux 7 Reporter: Martin Simon <msimon>
Component: nautilusAssignee: David King <dking>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: high    
Version: 7.2CC: csoriano, jfilak, msimon, tlavigne, tpelka, vbenes, vhumpa, vrutkovs
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nautilus-3.14.3-5.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 08:35:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch 1
none
patch2
none
patch 3 none

Description Martin Simon 2015-08-11 12:09:58 UTC 
Description of problem:
Nautilus ends with segmentation fault after paste action. This is only reproducible in a secondary nautilus window (the first is ran background, but I don't know the architecture). 

Version-Release number of selected component (if applicable):
nautilus-3.14.3-3.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Open Home, select Templates folder (for example) and press CTRL+C
2. Open Desktop folder in the same window and press CTRL+V

Actual results:
nautilus crashes

Expected results:
no crash

Additional info:
nautilus[5870]: segfault at 200000016 ip 00007fb0e2b92f1b sp 00007ffe87d17e50 error 4 in libgobject-2.0.so.0.4200.2[7fb0e2b61000+4e000]
Comment 1 Vitezslav Humpa 2015-08-11 12:40:25 UTC 
Managed to reproduce this too. Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007f4af2600f1b in g_type_check_instance_cast () from /lib64/libgobject-2.0.so.0
(gdb) bt
#0  0x00007f4af2600f1b in g_type_check_instance_cast () at /lib64/libgobject-2.0.so.0
#1  0x00000000004749f6 in nautilus_window_on_undo_changed (manager=<optimized out>, window=0x29deb30) at nautilus-window.c:1512
#2  0x00007f4af25dede8 in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#3  0x00007f4af25f09b1 in signal_emit_unlocked_R () at /lib64/libgobject-2.0.so.0
#4  0x00007f4af25f8471 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#5  0x00007f4af25f872f in g_signal_emit () at /lib64/libgobject-2.0.so.0
#6  0x00000000004d2d28 in nautilus_file_undo_manager_set_action (info=<optimized out>) at nautilus-file-undo-manager.c:245
#7  0x00000000004a8164 in finalize_common (common=0x2e65ed0) at nautilus-file-operations.c:974
#8  0x00000000004a8d2b in copy_job_done (user_data=0x2e65ed0) at nautilus-file-operations.c:4587
#9  0x00007f4af287ea2f in mainloop_proxy_func () at /lib64/libgio-2.0.so.0
#10 0x00007f4af22e179a in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#11 0x00007f4af22e1ae8 in g_main_context_iterate.isra.24 () at /lib64/libglib-2.0.so.0
#12 0x00007f4af22e1b9c in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#13 0x00007f4af28c4f24 in g_application_run () at /lib64/libgio-2.0.so.0
#14 0x000000000042a0fb in main (argc=3, argv=0x7ffc197b8888) at nautilus-main.c:103
Comment 2 Martin Simon 2015-08-12 16:17:09 UTC 
The very same segfault is also by renaming any file/folder. Again, the scenario is to start nautilus and close it (the process should remain in background), start nautilus again (only to redirect the new process to the background one) and paste/rename or probably some other operations -> segfault.

Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007feb9ecf4f1b in g_type_check_instance_cast ()
   from /lib64/libgobject-2.0.so.0
(gdb) bt
#0  0x00007feb9ecf4f1b in g_type_check_instance_cast ()
    at /lib64/libgobject-2.0.so.0
#1  0x00000000004749f6 in nautilus_window_on_undo_changed (manager=<optimized out>, window=0x1934770) at nautilus-window.c:1512
#2  0x00007feb9ecd2de8 in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#3  0x00007feb9ece49b1 in signal_emit_unlocked_R ()
    at /lib64/libgobject-2.0.so.0
#4  0x00007feb9ecec471 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#5  0x00007feb9ecec72f in g_signal_emit () at /lib64/libgobject-2.0.so.0
#6  0x00000000004d2d28 in nautilus_file_undo_manager_set_action (info=<optimized out>) at nautilus-file-undo-manager.c:245
#7  0x00000000004b70e7 in nautilus_file_operation_free (op=0x1e3d780)
    at nautilus-file.c:1674
#8  0x00000000004be7c9 in nautilus_file_operation_complete (op=<optimized out>, result_file=<optimized out>, error=<optimized out>) at nautilus-file.c:1700
#9  0x00000000004bf04c in rename_get_info_callback (source_object=<optimized out>, res=<optimized out>, callback_data=0x1e3d780) at nautilus-file.c:1767
#10 0x00007feb9ef95b7b in g_task_return_now () at /lib64/libgio-2.0.so.0
#11 0x00007feb9ef95b99 in complete_in_idle_cb () at /lib64/libgio-2.0.so.0
#12 0x00007feb9e9d579a in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#13 0x00007feb9e9d5ae8 in g_main_context_iterate.isra.24 ()
    at /lib64/libglib-2.0.so.0
#14 0x00007feb9e9d5b9c in g_main_context_iteration ()
    at /lib64/libglib-2.0.so.0
#15 0x00007feb9efb8f24 in g_application_run () at /lib64/libgio-2.0.so.0
#16 0x000000000042a0fb in main (argc=3, argv=0x7ffd71e7dca8)
    at nautilus-main.c:103


As the backtrace is similar to the above one, I suppose the problem is related to nautilus_file_undo_manager_set_action at nautilus-file-undo-manager.c:245
Comment 3 David King 2015-09-03 13:39:58 UTC 
nautilus_window_on_undo_changed() appears in both stacktraces, and was added by the new undo feature in bug 1102849, so seems like a regression caused by the patch added in nautilus-3.14.3-3.el7.
Comment 4 Carlos Soriano 2015-09-14 12:20:24 UTC 
Created attachment 1073217 [details]
Patch 1

This serie of patches are the ones present on https://bugzilla.redhat.com/show_bug.cgi?id=1102849 but with the crash reported here fixed
Comment 5 Carlos Soriano 2015-09-14 12:20:46 UTC 
Created attachment 1073218 [details]
patch2
Comment 6 Carlos Soriano 2015-09-14 12:21:13 UTC 
Created attachment 1073219 [details]
patch 3
Comment 7 David King 2015-09-14 13:08:02 UTC 
Seems fixed for me with those patches.
Comment 11 Martin Simon 2015-09-15 08:19:31 UTC 
I've retested this with the new build containing those patches nautilus-3.14.3-5.el7.x86_64 and I'm no longer able to reproduce the segfault. It seems to be fixed now.
Comment 12 Vadim Rutkovsky 2015-09-24 15:53:50 UTC 
*** Bug 1259739 has been marked as a duplicate of this bug. ***
Comment 13 Vadim Rutkovsky 2015-10-08 10:50:26 UTC 
Still occurs on 3.14.3-5.el7: see http://faf-report.itos.redhat.com/reports/10497/
Comment 14 errata-xmlrpc 2015-11-19 08:35:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2236.html
Comment 15 Jakub Filak 2016-06-24 12:00:39 UTC 
There are 3 CentOS-7 bug reports against nautilus-3.14.3-7.el7 that were identified as duplicates of bug #1259739 by ABRT/FAF:
https://bugs.centos.org/view.php?id=10058
https://bugs.centos.org/view.php?id=9987
https://bugs.centos.org/view.php?id=9963

http://test-report.itos.redhat.com/problems/bthash/?bth=0b56446b0fddfcece885aea7c59512ced6adf417&bth=608e091eab857f2e030f8ba4e3bd7766292428db&bth=86ec504f3edc4668b518cbeb459f0ce2b8dfb2ed&bth=b3cad1434011b8fd2d249dca10319151db5d8f99