Hide Forgot
Created attachment 1135090 [details] coredump Description of problem: Segfault occurs in nautilus on RHEL7.2. nautilus[3991]: segfault at 100000016 ip 00007efdb0581f6b sp 00007fff1f3dd6a0 error 4 in libgobject-2.0.so.0.4200.2[7efdb0550000+4e000] The below is a backtrace when gdm was terminated. (gdb) bt #0 0x00007efdb0581f6b in g_type_check_instance_cast (type_instance=0x1c7f930, iface_type=iface_type@entry=26964144) at gtype.c:4014 #1 0x0000000000474a16 in nautilus_window_on_undo_changed (manager=<optimized out>, window=0x1a48d80) at nautilus-window.c:1512 #2 0x00007efdb055fe38 in g_closure_invoke (closure=0x1e40c00, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7fff1f3dd890, invocation_hint=invocation_hint@entry=0x7fff1f3dd830) at gclosure.c:768 #3 0x00007efdb0571a01 in signal_emit_unlocked_R (node=node@entry=0x19b5310, detail=detail@entry=0, instance=instance@entry=0x1964ea0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fff1f3dd890) at gsignal.c:3623 As a result of casting type of a variable, it has access to out-of-range address. (gdb) l 4009 { 4010 TypeNode *node, *iface; 4011 gboolean is_instantiatable, check; 4012 4013 node = lookup_type_node_I (type_instance->g_class->g_type); ** 4014 is_instantiatable = node && node->is_instantiatable; ** (gdb) p type_instance->g_class->g_type $23 = 4294967297 (gdb) p node $24 = (TypeNode *) 0x100000000 Version-Release number of selected component (if applicable): - kernel-3.10.0-327.4.4.el7.x86_64 - nautilus-3.14.3-7.el7.x86_64 - glib2-2.42.2-5.el7 How reproducible: Sometimes. Steps to Reproduce: No reproducer. Actual results: Segfault occured. Opend files are closed suddenly on the desktop. Expected results: Segfault does not occur. Additional info: It seems to be similar to the following problems. https://bugzilla.redhat.com/show_bug.cgi?id=1252434
Another customer encounter the similar issue. The issue is very similar as bug 1252434, but the version is higher than the errata. kernel-3.10.0-327.el7.x86_64 nautilus-3.14.3-7.el7.x86_64 glib2-2.42.2-5.el7.x86_64 ------------------------------------------------- nautilus killed by SIGSEGV (gdb) bt #0 0x00007f5153334f6b in g_type_check_instance_cast (type_instance=0x1898950, iface_type=iface_type@entry=23397216) at gtype.c:4014 #1 0x0000000000474a16 in nautilus_window_on_undo_changed (manager=<optimized out>, window=0x16d46f0) at nautilus-window.c:1512 #2 0x00007f5153312e38 in g_closure_invoke (closure=0x18a43f0, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffdfa920880, invocation_hint=invocation_hint@entry=0x7ffdfa920820) at gclosure.c:768 #3 0x00007f5153324a01 in signal_emit_unlocked_R (node=node@entry=0x1656e70, detail=detail@entry=0, instance=instance@entry=0x15f86a0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffdfa920880) at gsignal.c:3623 #4 0x00007f515332c4c1 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffdfa920a00) at gsignal.c:3309 #5 0x00007f515332c77f in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3365 #6 0x00000000004d2d78 in nautilus_file_undo_manager_set_action (info=<optimized out>) at nautilus-file-undo-manager.c:245 #7 0x00000000004a81b4 in finalize_common (common=common@entry=0x1bfef90) at nautilus-file-operations.c:974 #8 0x00000000004a8d7b in copy_job_done (user_data=0x1bfef90) at nautilus-file-operations.c:4587 #9 0x00007f51535b2a2f in mainloop_proxy_func (data=0x7f50f8003110) at gioscheduler.c:200 #10 0x00007f515301579a in g_main_dispatch (context=0x136c6d0) at gmain.c:3109 #11 g_main_context_dispatch (context=context@entry=0x136c6d0) at gmain.c:3708 #12 0x00007f5153015ae8 in g_main_context_iterate (context=context@entry=0x136c6d0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3779 #13 0x00007f5153015b9c in g_main_context_iteration (context=0x136c6d0, context@entry=0x0, may_block=may_block@entry=1) at gmain.c:3840 #14 0x00007f51535f8f24 in g_application_run (application=0x1342120, argc=argc@entry=3, argv=argv@entry=0x7ffdfa920da8) at gapplication.c:2282 #15 0x000000000042a0fb in main (argc=3, argv=0x7ffdfa920da8) at nautilus-main.c:103 (gdb) list g_type_check_instance_cast 4013 node = lookup_type_node_I (type_instance->g_class->g_type); 4014 is_instantiatable = node && node->is_instantiatable; (gdb) p type_instance->g_class->g_type $9 = 8589934593 (gdb) p node $10 = (TypeNode *) 0x200000000 (gdb) p node->is_instantiatable Cannot access memory at address 0x200000000 ------------------------------------------ Uploaded coredump-13738 for reference.
The problem still occurs even in the latest version of nautilus. - kernel-3.10.0-327.el7.x86_64 - nautilus-3.14.3-12.el7 - glib2-2.46.2-4.el7
Nautilus 3.14 is the latest version for which I see those crashes: https://retrace.fedoraproject.org/faf/problems/?opsysreleases=71&component_names=nautilus&function_names=nautilus_window_on_undo_changed, but nautilus 3.22 has been in RHEL for some time already and now we have nautilus 3.26. The reproducer from Bug 1252434 seems doesn't work as well. So I am going to close this as WONTFIX. Please reopen if you still see those crashes.
*** Bug 1460395 has been marked as a duplicate of this bug. ***