[GTK+ >= 3.20] caja crash when changing from trash in list view to other directory in list view

[viktorjk]

OS: Debian unstable (with GTK+ 3.22.1)
Caja version: 1.16.0

(I hope that I translated the expressions correctly to english.)
I could reproduce this with a new account and after a fresh install of caja. When I open the trash in list view, caja crashes when I go to another directory which was set to be displayed in list view. This is independent of the way to change the directory. I saw this for an empty trash and for one file in the trash.

The syslog entry for one crash is:
caja[8724]: gdk_window_get_window_type: assertion 'GDK_IS_WINDOW (window)' failed
caja[8724]: gtk_widget_set_parent_window: assertion 'GTK_IS_WIDGET (widget)' failed
caja[8724]: gtk_widget_set_parent: assertion 'GTK_IS_WIDGET (widget)' failed
kernel: [56828.208234] caja[8724]: segfault at 18 ip 00007f213cf76390 sp 00007ffd0d6fb5a8 error 4 in libgtk-3.so.0.2200.1[7f213cbec000+6f7000]
caja[9379]: Allocating size to GtkGrid 0x56258c28e140 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
caja[9379]: Allocating size to GtkGrid 0x56258c28e140 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
caja[9379]: Allocating size to GtkGrid 0x56258c28e140 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?

See also https://bugs.debian.org/834943 (Caja 1.14.1 and GTK+ 3.20.7)

If I should give you more information about my system, just tell me. If you want me to debug this, please give me instructions or send a link to a site with instructions.

[lukefromdc]

Confirmed here. The grid warnings should have nothing to do with it,
I am using a branch that applies a Nemo/Nauitlus commit that fixes
those. I get only this segfault on the trash/other directory/both in list
mode transition:

Oct 5 19:08:15 ubuntu kernel: [ 6183.996530] caja[4921]: segfault at 18 ip 00007f5352d4b270 sp 00007ffc84fff2d8 error 4 in libgtk-3.so.0.2200.1[7f53529d5000+6e3000]

"Ubuntu" is just the machine name to obfuscate tracking by network
providers, OS is Debian Unstable with GTK 3.22 and a lot of locally
built packages.

On 10/5/2016 at 6:24 PM, "viktorjk" notifications@github.com wrote:

OS: Debian unstable (with GTK+ 3.22.1)
Caja version: 1.16.0

(I hope that I translated the expressions correctly to english.)
I could reproduce this with a new account and after a fresh
install of caja. When I open the trash in list view, caja crashes
when I go to another directory which was set to be displayed in
list view. This is independent of the way to change the directory.
I saw this for an empty trash and for one file in the trash.

The syslog entry for one crash is:
caja[8724]: gdk_window_get_window_type: assertion 'GDK_IS_WINDOW
(window)' failed
caja[8724]: gtk_widget_set_parent_window: assertion 'GTK_IS_WIDGET
(widget)' failed
caja[8724]: gtk_widget_set_parent: assertion 'GTK_IS_WIDGET
(widget)' failed
kernel: [56828.208234] caja[8724]: segfault at 18 ip
00007f213cf76390 sp 00007ffd0d6fb5a8 error 4 in libgtk-
3.so.0.2200.1[7f213cbec000+6f7000]
caja[9379]: Allocating size to GtkGrid 0x56258c28e140 without
calling gtk_widget_get_preferred_width/height(). How does the code
know the size to allocate?
caja[9379]: Allocating size to GtkGrid 0x56258c28e140 without
calling gtk_widget_get_preferred_width/height(). How does the code
know the size to allocate?
caja[9379]: Allocating size to GtkGrid 0x56258c28e140 without
calling gtk_widget_get_preferred_width/height(). How does the code
know the size to allocate?

See also https://bugs.debian.org/834943 (Caja 1.14.1 and GTK+
3.20.7)

If I should give you more information about my system, just tell
me. If you want me to debug this, please give me instructions or
send a link to a site with instructions.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#649

[lukefromdc]

#647 will fix the grid warnings but has no effect on the "trash crash" when moving from trash as a list view to anything else as a list view. This shows the problem is elsewhere, possibly these warnings relevant:

caja[8724]: gdk_window_get_window_type: assertion 'GDK_IS_WINDOW (window)' failed
caja[8724]: gtk_widget_set_parent_window: assertion 'GTK_IS_WIDGET (widget)' failed
caja[8724]: gtk_widget_set_parent: assertion 'GTK_IS_WIDGET (widget)' failed

Though I was using both the grid and the GtkApplication3 branch commits, I don't think that code would change, though if it did it again had no effect on behavior.

Wasa a segfault included in the messages you got at all?

[viktorjk]

lukefromdc:

#647 will fix the grid warnings but has no effect on the "trash crash" when moving from trash as a list view to anything else as a list view. This shows the problem is elsewhere, possibly these warnings relevant:

I looked again into the syslog and saw the grid warnings elsewhere, so they are not related to the crash.

caja[8724]: gdk_window_get_window_type: assertion 'GDK_IS_WINDOW (window)' failed

This does not show up with a new user account here, only with my regular user account when I open a caja window, so it isn't related to the crash either.

caja[8724]: gtk_widget_set_parent_window: assertion 'GTK_IS_WIDGET (widget)' failed
caja[8724]: gtk_widget_set_parent: assertion 'GTK_IS_WIDGET (widget)' failed

These two entries always show up together with the segfault:

kernel: [56828.208234] caja[8724]: segfault at 18 ip 00007f213cf76390 sp 00007ffd0d6fb5a8 error 4 in libgtk-3.so.0.2200.1[7f213cbec000+6f7000]

Wasa a segfault included in the messages you got at all?

See above.

[monsta]

Backtrace from Debian Testing (GTK+ 3.22.1):

(gdb) bt full
#0  0x00007f15aac31390 in gtk_widget_get_css_node (widget=0x0) at ././gtk/gtkwidget.c:16523
#1  0x00007f15aabfe98b in gtk_tree_view_update_button_position (tree_view=<optimized out>, column=0x5577e3cac990 [GtkTreeViewColumn])
    at ././gtk/gtktreeview.c:3536
        priv = 0x5577e3626410
        column_el = <optimized out>
#2  0x00007f15aac06032 in gtk_tree_view_insert_column (tree_view=0x5577e36267d0 [GtkTreeView], column=0x5577e3cac990 [GtkTreeViewColumn], position=3, 
    position@entry=-1) at ././gtk/gtktreeview.c:12161
        __func__ = "gtk_tree_view_insert_column"
#3  0x00007f15aac0626e in gtk_tree_view_append_column (tree_view=<optimized out>, column=<optimized out>) at ././gtk/gtktreeview.c:12036
        __func__ = "gtk_tree_view_append_column"
#4  0x00005577e138f5f8 in apply_columns_settings (list_view=list_view@entry=0x5577e3ca0320 [FMListView], column_order=column_order@entry=0x5577e3ff7000, visible_columns=visible_columns@entry=0x5577e3ce13a0) at fm-list-view.c:1591
        all_columns = 0x5577e4014980
        file = <optimized out>
        old_view_columns = 0x5577e3460500
        view_columns = 0x5577e3d9b120
        visible_columns_hash = <optimized out>
        prev_view_column = <optimized out>
        l = 0x5577e3dec160
        i = <optimized out>
#5  0x00005577e138f658 in set_columns_settings_from_metadata_and_preferences (list_view=0x5577e3ca0320 [FMListView]) at fm-list-view.c:1968
        column_order = 0x5577e3ff7000
        visible_columns = 0x5577e3ce13a0
#9  0x00007f15a922efaf in <emit signal ??? on instance 0x5577e3ca0320 [FMListView]> (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at ././gobject/gsignal.c:3447
        var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff3d2d3250, reg_save_area = 0x7fff3d2d3190}}
    #6  0x00007f15a9213f75 in g_closure_invoke (closure=closure@entry=0x5577e39afab0, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7fff3d2d2fc0, invocation_hint=invocation_hint@entry=0x7fff3d2d2f40) at ././gobject/gclosure.c:804
                marshal = <optimized out>
                marshal_data = <optimized out>
                in_marshal = 0
                real_closure = 0x5577e39afa90
                __func__ = "g_closure_invoke"
    #7  0x00007f15a922637d in signal_emit_unlocked_R (node=node@entry=0x5577e39afb00, detail=detail@entry=0, instance=instance@entry=0x5577e3ca0320, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fff3d2d2fc0) at ././gobject/gsignal.c:3673
                accumulator = 0x0
                emission = 
                  {next = 0x0, instance = 0x5577e3ca0320, ihint = {signal_id = 387, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 93973411122208}
                handler_list = <optimized out>
                return_accu = 0x0
                accu = 
                      {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                signal_id = 387
                max_sequential_handler_number = 9559
                return_value_altered = 0
    #8  0x00007f15a922ebcc in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fff3d2d3170) at ././gobject/gsignal.c:3391
                instance_and_params = 0x7fff3d2d2fc0
                signal_return_type = <optimized out>
                param_values = 0x7fff3d2d2fd8
---Type <return> to continue, or q <return> to quit---
                i = <optimized out>
                n_params = <optimized out>
                __func__ = "g_signal_emit_valist"
#10 0x00005577e137cd50 in finish_loading (view=0x5577e3ca0320 [FMListView]) at fm-directory-view.c:9638
        attributes = <optimized out>
#11 0x00005577e13b6003 in ready_callback_call (directory=0x5577e3400190 [CajaVFSDirectory], callback=<optimized out>) at caja-directory-async.c:1414
        file_list = 0x0
        callback = <optimized out>
        directory = 0x5577e3400190 [CajaVFSDirectory]
#12 0x00005577e13bbb93 in call_ready_callbacks_at_idle (callback_data=<optimized out>) at caja-directory-async.c:2057
        directory = 0x5577e3400190 [CajaVFSDirectory]
        node = <optimized out>
        next = <optimized out>
        callback = 0x5577e3d10f20
#13 0x00007f15a8f3a68a in g_main_context_dispatch (context=0x5577e33cae40) at ././glib/gmain.c:3203
        dispatch = 0x7f15a8f370d0 <g_idle_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x5577e3400190
        callback = 0x5577e13bbaf0 <call_ready_callbacks_at_idle>
        cb_funcs = <optimized out>
        cb_data = 0x5577e4002970
        need_destroy = <optimized out>
        source = 0x5577e3ff2e20
        current = 0x5577e33dbb30
        i = 1
#14 0x00007f15a8f3a68a in g_main_context_dispatch (context=context@entry=0x5577e33cae40) at ././glib/gmain.c:3856
#15 0x00007f15a8f3aa40 in g_main_context_iterate (context=0x5577e33cae40, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at ././glib/gmain.c:3929
        max_priority = 200
        timeout = 0
        some_ready = 1
        nfds = 5
        allocated_nfds = 5
        fds = <optimized out>
#16 0x00007f15a8f3ad62 in g_main_loop_run (loop=0x5577e39a7410) at ././glib/gmain.c:4125
        __func__ = "g_main_loop_run"
#17 0x00007f15aaad46d5 in gtk_main () at ././gtk/gtkmain.c:1299
        loop = 0x5577e39a7410
#18 0x00005577e1332048 in main (argc=<optimized out>, argv=<optimized out>) at caja-main.c:710
        kill_shell = 0
        no_default_window = 1
        browser_window = 0
        no_desktop = 0
        version = 0
        autostart_mode = <optimized out>
        autostart_id = <optimized out>
        geometry = 0x0
        remaining = 0x0
        perform_self_check = 0
        application = 0x5577e359c540 [CajaApplication]
        context = <optimized out>
---Type <return> to continue, or q <return> to quit---
        file = <optimized out>
        fileinfo = <optimized out>
        appinfo = <optimized out>
        uri = <optimized out>
        uris = 0x0
        uris_array = <optimized out>
        error = 0x0
        i = <optimized out>
        options = 
            {{long_name = 0x5577e143f264 "check", short_name = 99 'c', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff3d2d3424, description = 0x5577e143f2c8 "Perform a quick set of self-check tests.", arg_description = 0x0}, {long_name = 0x5577e145cced "version", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff3d2d3420, description = 0x5577e143f2f8 "Show the version of the program.", arg_description = 0x0}, {long_name = 0x5577e1442c91 "geometry", short_name = 103 'g', flags = 0, arg = G_OPTION_ARG_STRING, arg_data = 0x7fff3d2d3428, description = 0x5577e143f320 "Create the initial window with the given geometry.", arg_description = 0x5577e1449e33 "GEOMETRY"}, {long_name = 0x5577e143f1c2 "no-default-window", short_name = 110 'n', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff3d2d3414, description = 0x5577e143f358 "Only create windows for explicitly specified URIs.", arg_description = 0x0}, {long_name = 0x5577e143f1d4 "no-desktop", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff3d2d341c, description = 0x5577e143f390 "Do not manage the desktop (ignore the preference set in the preferences dialog).", arg_description = 0x0}, {long_name = 0x5577e144031a "browser", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff3d2d3418, description = 0x5577e143f1df "open a browser window.", arg_description = 0x0}, {long_name = 0x5577e145f57d "quit", short_name = 113 'q', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff3d2d3410, description = 0x5577e143f1f6 "Quit Caja.", arg_description = 0x0}, {long_name = 0x5577e144402d "", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_STRING_ARRAY, arg_data = 0x7fff3d2d3430, description = 0x0, arg_description = 0x5577e143f201 "[URI...]"}, {long_name = 0x0, short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x0, description = 0x0, arg_description = 0x0}}
(gdb) 

Calling order seems to be messed up in some places... well, it's not the first time I see a visual issue in gdb's backtrace output.

[monsta]

Might be related: in https://bugzilla.redhat.com/1372877 glade crashes in the same place (see three top functions in the backtrace).

[monsta]

Nautilus apparently avoids this problem since there was this code change in 2013:
https://git.gnome.org/browse/nautilus/commit/?id=e19f7cb3fec1e6c884d1741c3c00916c65ab035f

So there's no more gtk_tree_view_append_column there.

Some comments at https://bugzilla.gnome.org/697183 (which is referenced in the commit) hint that it might be a GTK+ bug. If it's so, it might have reappeared now...

[monsta]

Aha, it's not just GTK+ 3.22. Caja in Ubuntu 16.10 (GTK+ 3.20.9) crashes at the same place.

[lukefromdc]

I just tested the Nautilus patch mentioned. It built OK but crashed with a segfault on attempting to switch to a list view at all. One or more data structures must be different by that time in Nautilus development. Maybe Nemo will offer a clue to this assuming they don't have the same bug?

[monsta]

Looks like the bug appeared with GTK+ 3.20. I can't reproduce it with 3.18.9.

[monsta]

Just found linuxmint/nemo#1159, there's a hint about GTK+ commit that apparently led to this problem.

[lukefromdc]

If this is cause by
GNOME/gtk@20ce058#diff-f9b0a335e31535d864dc889ab5756acbL1409
If the segfault comes form gtk_tree_view_column_get_button (l->data) returning NULL after a column had been removed from the tree, then it seems to me that having a special case if-then block to trap the NULL and return something else could fix it.

[monsta]

Sounds like some inconsistency in their column code, the column itself is ok (it has additional ref on it, so it's still stored valid in our hash table), but the button is gone...

[monsta]

I've decided to try Nautilus patch myself, and it doesn't crash for me. Can you try it once more? The adapted patch is in #705.

[lukefromdc]

I've built a local "dev-all" debian package with both PR #705 and #706 together and will be putting it into use so they both get tested in actual use.

[shirishag75]

@lukefromdc how can I help with testing it ? I also had issues and am open to testing this.

[lukefromdc]

https://github.com/shirishag75 , The fix for this is merged to master so all you need to do is build Caja from git master , install and run it, open any directory and set it to list view. Then go to the trash, set it to list view and change back to the directory you set to list view. Current git master will not crash, older versions will

[shirishag75]

@lukefromdc thank you for the update, so when should we able to see this in a release, 1.18 or a mid-release, some 1.17.x release for testing purposes ?

[viktorjk]

Just in case nobody else did notice, caja (with GTK+ >=3.20) not only crashes when one changes from trash to another directory (both in the default list view), but also when one adds one column to the list view via the menu. This then also leads to crashes when one changes from a directory to another directory with at least one more column (both of course in list view). Maybe there are additional cases for triggering the crash, I just tested a bit after reading #705. So you can adjust the bug title if you want.

@shirishag75: Maybe you also want to test this.

Thanks for resolving this issue!

[lukefromdc]

Caja is now at 1.17.2, the fix for this went to git master after that release, I have no idea what distros are doing but if you build Caja yourself you can use git master now, 1.17.3 when it comes out or the next point release of 1.16, which distros should pick up, I have no idea whatsoever the timing of any of that.

[raveit65]

We're working at a 1.16 point releases but back porting commits isn't easy in that case as 1.16 branch support gtk3/gtk2 code.