[Bug 396681] New: SEGV in file-selector ...
https://bugzilla.novell.com/show_bug.cgi?id=396681 Summary: SEGV in file-selector ... Product: openSUSE 11.0 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: mmeeks@novell.com QAContact: qa@suse.de Found By: --- So - it seems we have a lurking crasher in the file-selector; this was fairly repeatable on my machine (for whatever reason), and happens when I shut the file-selector in firefox: It seems like we don't reference count / lifecycle manage the: GTK_FILE_SYSTEM_HANDLE (handle)->file_system = file_system; in libgnomeui/file-chooser/gtkfilesystemgio.c's (gtk_file_system_gio_get_folder) However - it's unclear if we should - the unix backend doesn't appear to: though that backend also shows signs of handle / lifecycle issues ;-) Worse the file-system seems not to have a 'dispose' method to clean this stuff up in. Of course - if all these operations are being correctly cancelled (are they?) - and GIO actually checks for cancellation if a successful request has been processed and is already queued to callback at idle (does it?) - then perhaps we could (by checking for an error earlier) avoid the bug in enumerate_children_callback: but I think that's unlikely ;-) More thought & understanding required than I have just now. [debugging log follows]: (firefox:8766): GLib-GObject-WARNING **: invalid uninstantiatable type `(null)' in cast to `GtkFileSystemGio' (gdb) bt #0 IA__g_logv (log_domain=0x7fd2163537dc "GLib-GObject", log_level=G_LOG_LEVEL_WARNING, format=0x7fd216359418 "invalid uninstantiatable type `%s' in cast to `%s'", args1=0x7fff233582d0) at gmessages.c:395 #1 0x00007fd215e9e5c3 in IA__g_log (log_domain=0x7fd2163537dc "GLib-GObject", log_level=G_LOG_LEVEL_WARNING, format=0x7fd216359418 "invalid uninstantiatable type `%s' in cast to `%s'") at gmessages.c:517 #2 0x00007fd21634b0ff in IA__g_type_check_instance_cast (type_instance=0x414f180, iface_type=34948912) at gtype.c:3189 #3 0x00007fd209923c3b in enumerate_children_callback (source_object=<value optimized out>, result=0x2afd0c0, user_data=0x55700f0) at gtkfilesystemgio.c:740 #4 0x00007fd20efdace9 in complete_in_idle_cb (data=0x7fd2163537dc) at gsimpleasyncresult.c:563 #5 0x00007fd215e9493a in IA__g_main_context_dispatch (context=0x65fea0) at gmain.c:2009 #6 0x00007fd215e98040 in g_main_context_iterate (context=0x65fea0, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2642 #7 0x00007fd215e981dc in IA__g_main_context_iteration (context=0x65fea0, may_block=1) at gmain.c:2705 (gdb) up #3 0x00007fd209923c3b in enumerate_children_callback (source_object=<value optimized out>, result=0x2afd0c0, user_data=0x55700f0) at gtkfilesystemgio.c:740 740 file_system = GTK_FILE_SYSTEM_GIO (GTK_FILE_SYSTEM_HANDLE (handle)->file_system); (gdb) l 735 GFile *file; 736 GError *error = NULL; 737 738 file = G_FILE (source_object); 739 handle = GTK_FILE_SYSTEM_HANDLE_GIO (user_data); 740 file_system = GTK_FILE_SYSTEM_GIO (GTK_FILE_SYSTEM_HANDLE (handle)->file_system); 741 enumerator = g_file_enumerate_children_finish (file, result, &error); 742 743 if (enumerator) 744 { (gdb) p *handle $1 = {parent_instance = {parent_instance = {g_type_instance = {g_class = 0x2b1fcf0}, ref_count = 1, qdata = 0x0}, file_system = 0x414f180, cancelled = 0}, cancellable = 0x0, source_id = 0, callback = 0x7fd21522d140, data = 0x2afb300, tried_mount = 0} (gdb) p *handle->file_system There is no member named file_system. (gdb) p *handle->parent_instance.parent_instance.file_system There is no member named file_system. (gdb) p *handle->parent_instance.file_system $2 = <incomplete type> (gdb) p *(GtkFileSystemGio)handle->parent_instance.file_system Structure has no component named operator*. (gdb) p *(GtkFileSystemGio *)handle->parent_instance.file_system $3 = {parent_instance = {g_type_instance = {g_class = 0x38f7b60}, ref_count = 0, qdata = 0x0}, volume_monitor = 0x38f7b60, volumes = 0x0, cancellable = 0x0} (gdb) (gdb) up #4 0x00007fd20efdace9 in complete_in_idle_cb (data=0x7fd2163537dc) at gsimpleasyncresult.c:563 563 g_simple_async_result_complete (simple); (gdb) l 558 static gboolean 559 complete_in_idle_cb (gpointer data) 560 { 561 GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (data); 562 563 g_simple_async_result_complete (simple); 564 565 return FALSE; 566 } 567 subsequently this SEGV'd as you would expect. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=396681
JP Rosevear
https://bugzilla.novell.com/show_bug.cgi?id=396681
Stephan Kulow
https://bugzilla.novell.com/show_bug.cgi?id=396681
User federico@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c1
Federico Mena Quintero
https://bugzilla.novell.com/show_bug.cgi?id=396681
User federico@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c2
--- Comment #2 from Federico Mena Quintero
https://bugzilla.novell.com/show_bug.cgi?id=396681
Federico Mena Quintero
https://bugzilla.novell.com/show_bug.cgi?id=396681
User coolo@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c3
Stephan Kulow
https://bugzilla.novell.com/show_bug.cgi?id=396681
User federico@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c4
--- Comment #4 from Federico Mena Quintero
https://bugzilla.novell.com/show_bug.cgi?id=396681
User mmeeks@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c5
--- Comment #5 from Michael Meeks
Michael, why do you hit this bug so often --- do you have a "slow" directory in your bookmarks or something? A remote location, perhaps? Or an NFS dir somewhere?
Well - of course, I have a large shared NFS mount across all machines; but this was running on the server: so no idea - that one is a slow dual-core machine (?) also - I guess, I happened to be running it in gdb - with a breakpoint in g_logv - looking for #385128# (the world's most irritating bug - I regularly see the warnings - but only when not debugging the process ;-). Of course, being an FMR - this doesn't crash that reliably; only on the 2nd time did it die for me. Anyhow - thanks for the fix; good stuff etc. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=396681
User federico@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c6
Federico Mena Quintero
https://bugzilla.novell.com/show_bug.cgi?id=396681
User mmeeks@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c7
Michael Meeks
https://bugzilla.novell.com/show_bug.cgi?id=396681
User federico@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c8
--- Comment #8 from Federico Mena Quintero
https://bugzilla.novell.com/show_bug.cgi?id=396681
User federico@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c9
Federico Mena Quintero
https://bugzilla.novell.com/show_bug.cgi?id=396681
User federico@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c10
Federico Mena Quintero
https://bugzilla.novell.com/show_bug.cgi?id=396681
User mmeeks@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c11
Michael Meeks
This patch fixes those checks for all the async callbacks, and fixes a couple of minor memory leaks.
Just playing with my gedit - and I confess; I'm apparently not using your latest packages [ which itself is concerning since I updated from factory Friday ] - got another set of warning spew from gedit today: #2 0xb6fcc3bb in IA__g_return_if_fail_warning (log_domain=0xb7bfaf97 "Gtk", pretty_function=0xb7c15c04 "gtk_file_folder_list_children", expression=0xb7c1596e "GTK_IS_FILE_FOLDER (folder)") at gmessages.c:532 #3 0xb7a3b9f7 in IA__gtk_file_folder_list_children (folder=0x0, children=0xbfaf7358, error=0x0) at gtkfilesystem.c:1105 #4 0xb7a30b18 in finish_folder_load (chooser_entry=0x8438918) at gtkfilechooserentry.c:1208 #5 0xb70552a4 in IA__g_cclosure_marshal_VOID__VOID (closure=0x8648450, return_value=0x0, n_param_values=1, param_values=0xbfaf75a8, invocation_hint=0xbfaf74e4, marshal_data=0xb7a30e70) at gmarshal.c:77 #6 0xb7047c3b in IA__g_closure_invoke (closure=0x8648450, return_value=0x0, n_param_values=1, param_values=0xbfaf75a8, invocation_hint=0xbfaf74e4) at gclosure.c:490 #7 0xb705c1c7 in signal_emit_unlocked_R (node=0x85962b0, detail=0, instance=0x864b3c0, emission_return=0x0, instance_and_params=0xbfaf75a8) at gsignal.c:2440 #8 0xb705d67e in IA__g_signal_emit_valist (instance=0x864b3c0, signal_id=393, detail=0, var_args=0xbfaf7818 "") at gsignal.c:2199 #9 0xb705d993 in IA__g_signal_emit_by_name (instance=0x864b3c0, detailed_signal=0xb34b6d36 "finished-loading") at gsignal.c:2267 #10 0xb34b64f1 in enumerator_files_callback (source_object=0x85ed760, result=0x860af20, user_data=0x864b3c0) at gtkfilesystemgio.c:662 #11 0xb7fac13d in next_async_callback_wrapper (source_object=0x85ed760, res=0x860af20, user_data=0x864b3c0) at gfileenumerator.c:244 #12 0xb7fbe822 in IA__g_simple_async_result_complete (simple=0x860af20) at gsimpleasyncresult.c:553 #13 0xb7fbe841 in complete_in_idle_cb (data=0x860af20) at gsimpleasyncresult.c:563 #14 0xb6fc03f1 in g_idle_dispatch (source=0x873f8b8, callback=0xb7bfaf97 <_fini+95>, user_data=0x860af20) at gmain.c:4087 #15 0xb6fc22d9 in IA__g_main_context_dispatch (context=0x821fef0) at gmain.c:2009 #16 0xb6fc585b in g_main_context_iterate (context=0x821fef0, block=1, dispatch=1, self=0x81f5060) at gmain.c:2642 #17 0xb6fc5d2a in IA__g_main_loop_run (loop=0x854fac0) at gmain.c:2850 #18 0xb7a8c299 in IA__gtk_main () at gtkmain.c:1163 #19 0x08076ac4 in main () this time from enumerator_files_callback - as I quit the file-chooser in gedit. Poking at your patch on the surface, it didn't look like you fixed this one; did you ? #4 0xb7a30b18 in finish_folder_load (chooser_entry=0x8438918) at gtkfilechooserentry.c:1208 1208 if (!gtk_file_folder_list_children (chooser_entry->current_folder, &paths, NULL)) /* NULL-GError */ (gdb) l 1203 GSList *paths; 1204 GSList *tmp_list; 1205 1206 discard_completion_store (chooser_entry); 1207 1208 if (!gtk_file_folder_list_children (chooser_entry->current_folder, &paths, NULL)) /* NULL-GError */ 1209 return; 1210 1211 chooser_entry->completion_store = gtk_list_store_new (N_COLUMNS, 1212 G_TYPE_STRING, (gdb) p *chooser_entry $2 = {parent_instance = {widget = {object = {parent_instance = {g_type_instance = {g_class = 0x8438828}, ref_count = 0, qdata = 0x0}, flags = 2166272}, private_flags = 3072, state = 0 '\0', saved_state = 0 '\0', name = 0x0, style = 0x0, requisition = {width = 160, height = 30}, allocation = {x = 100, y = 58, width = 1, height = 1}, window = 0x0, parent = 0x0}, text = 0x0, editable = 1, visible = 1, overwrite_mode = 0, in_drag = 0, text_length = 0, text_max_length = 0, text_area = 0x0, im_context = 0x85ed950, popup_menu = 0x0, current_pos = 0, selection_bound = 0, cached_layout = 0x0, cache_includes_preedit = 1, need_im_reset = 0, has_frame = 1, activates_default = 1, cursor_visible = 1, in_click = 0, is_cell_renderer = 0, editing_canceled = 0, mouse_cursor_obscured = 1, select_words = 0, select_lines = 0, resolved_dir = 0, truncate_multiline = 1, button = 0, blink_timeout = 0, recompute_idle = 0, scroll_offset = 0, ascent = 16384, descent = 4096, text_size = 0, n_bytes = 0, preedit_length = 0, preedit_cursor = 0, dnd_position = -1, drag_start_x = 0, drag_start_y = 0, invisible_char = 9679, width_chars = -1}, action = GTK_FILE_CHOOSER_ACTION_OPEN, file_system = 0x0, base_folder = 0x8396eb8, file_part = 0x87560d8 " \037d\b8�\b\020", file_part_pos = 6, current_folder_path = 0x86e2888, current_folder = 0x0, load_folder_handle = 0x0, load_complete_action = LOAD_COMPLETE_NOTHING, completion_store = 0x0, start_autocompletion_idle_id = 0, completion_feedback_window = 0x0, completion_feedback_label = 0x0, completion_feedback_timeout_id = 0, has_completion = 0, in_change = 0, eat_tabs = 1} ie. the ref-count of 0 is rather troubling there :-) I get: (gedit:22472): Gtk-CRITICAL **: gtk_file_folder_list_children: assertion `GTK_IS_FILE_FOLDER (folder)' failed (gedit:22472): Gtk-CRITICAL **: gtk_widget_set_tooltip_text: assertion `GTK_IS_WIDGET (widget)' failed both of which seem to be FMRs. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=396681
User mmeeks@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c12
Michael Meeks
https://bugzilla.novell.com/show_bug.cgi?id=396681
User federico@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=396681#c13
Federico Mena Quintero
participants (1)
-
bugzilla_noreply@novell.com