Crash in glib 2.32 with calls to gtk_file_chooser_dialog_new
Submitted by David Andruczyk
Link to original bug (#677154)
Description
My application (MegaTunix, git://github.com/djandruczyk/MegaTunix.git) is complex so making a testcase to demonstrate the fault is nontrivial. The application requires numerous interactions with file choosers depending on how its used. Users on more recent Linux systems have been reporting crashes when opening the second or later file chooser. I cannot trigger this using glib prior to 2.32, so there seems to be some bad reaction between my app and the current glib implementation. The first call to gtk_file_chooser_dialog_new seems to always work, but subsequent calls are hit or miss, which feels like a race condition. the crash always occurs inside the call to gtk_file_chooser_dialog_new, and hte trace says the abort happens from within glib.
Unexpected error from C library during 'pthread_setspecific': Invalid argument. Aborting. GDB traces shows:
MTXDEBUG: calling gtk_file_chooser_dialog_new GLib (gthread-posix.c): Unexpected error from C library during 'pthread_setspecific': Invalid argument. Aborting.
Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb69ffb40 (LWP 7856)]
0x00132416 in __kernel_vsyscall ()
(gdb) where
#0 0x00132416 in __kernel_vsyscall ()
#1 0x00f091ef in __GI_raise (sig=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0x00f0c835 in __GI_abort () at abort.c:91
#3 0x00bff67d in g_thread_abort (status=<optimized out>,
function=0xcc400c "pthread_setspecific")
at /build/buildd/glib2.0-2.32.1/./glib/gthread-posix.c:76
#4 0x00c70959 in g_private_set (key=0xa37e38, value=0x85e4820)
at /build/buildd/glib2.0-2.32.1/./glib/gthread-posix.c:1024
#5 0x00909b78 in g_cancellable_push_current (cancellable=0x8f8be00)
at /build/buildd/glib2.0-2.32.1/./gio/gcancellable.c:203
#6 0x00935067 in io_job_thread (data=0x8f8fa98, user_data=0x0)
at /build/buildd/glib2.0-2.32.1/./gio/gioscheduler.c:173
#7 0x00c55007 in g_thread_pool_thread_proxy (data=0x85eb368)
at /build/buildd/glib2.0-2.32.1/./glib/gthreadpool.c:309
#8 0x00c54673 in g_thread_proxy (data=0x83e9d80)
at /build/buildd/glib2.0-2.32.1/./glib/gthread.c:801
#9 0x00ec6d4c in start_thread (arg=0xb69ffb40) at pthread_create.c:308
#10 0x00fc5ace in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
(gdb) info threads
Id Target Id Frame
* 3 Thread 0xb69ffb40 (LWP 7856) "pool" 0x00132416 in __kernel_vsyscall ()
2 Thread 0xb7347b40 (LWP 7855) "megatunix" 0x00132416 in __kernel_vsyscall
()
1 Thread 0xb7fdc8c0 (LWP 7852) "megatunix" 0x00132416 in __kernel_vsyscall
()
(gdb) thread 2
[Switching to thread 2 (Thread 0xb7347b40 (LWP 7855))]
#0 0x00132416 in __kernel_vsyscall ()
(gdb) whe
#0 0x00132416 in __kernel_vsyscall ()
#1 0x00ecad13 in pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236
#2 0x00c708a0 in g_cond_wait_until (cond=0x81e8940, mutex=0x81e8938,
end_time=1513782200)
at /build/buildd/glib2.0-2.32.1/./glib/gthread-posix.c:855
#3 0x00c040b9 in g_async_queue_pop_intern_unlocked (queue=0x81e8938, wait=1,
end_time=1513782200)
at /build/buildd/glib2.0-2.32.1/./glib/gasyncqueue.c:424
#4 0x00c048de in g_async_queue_timeout_pop (queue=0x81e8938, timeout=10000)
at /build/buildd/glib2.0-2.32.1/./glib/gasyncqueue.c:545
#5 0x080aec94 in thread_dispatcher (data=0x0) at threads.c:157
#6 0x00c54673 in g_thread_proxy (data=0x82c4a90)
at /build/buildd/glib2.0-2.32.1/./glib/gthread.c:801
#7 0x00ec6d4c in start_thread (arg=0xb7347b40) at pthread_create.c:308
#8 0x00fc5ace in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
(gdb) thread 1
[Switching to thread 1 (Thread 0xb7fdc8c0 (LWP 7852))]
#0 0x00132416 in __kernel_vsyscall ()
(gdb) where
#0 0x00132416 in __kernel_vsyscall ()
#1 0x00ecd712 in __lll_unlock_wake ()
at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:384
#2 0x00ec9d27 in _L_unlock_622 () from /lib/i386-linux-gnu/libpthread.so.0
#3 0x00ec9c6a in __pthread_mutex_unlock_usercnt (mutex=0x85ec400, decr=1)
at pthread_mutex_unlock.c:52
#4 0x00c703d0 in g_mutex_unlock (mutex=0x85fa128)
at /build/buildd/glib2.0-2.32.1/./glib/gthread-posix.c:227
#5 0x00c043df in g_async_queue_unlock (queue=0x85fa128)
at /build/buildd/glib2.0-2.32.1/./glib/gasyncqueue.c:278
#6 0x00c5547d in g_thread_pool_push (pool=0x85eb368, data=0x8f8fa98,
error=0x0) at /build/buildd/glib2.0-2.32.1/./glib/gthreadpool.c:568
#7 0x009352f0 in g_io_scheduler_push_job (job_func=0x9479b0 <run_in_thread>,
user_data=0x8855ff0, notify=0, io_priority=0, cancellable=0x8f8be00)
at /build/buildd/glib2.0-2.32.1/./gio/gioscheduler.c:234
#8 0x00947e4c in g_simple_async_result_run_in_thread (simple=0x8954d98,
func=0x919c50 <query_info_async_thread>, io_priority=0,
cancellable=0x8f8be00)
at /build/buildd/glib2.0-2.32.1/./gio/gsimpleasyncresult.c:906
#9 0x00917d8d in g_file_real_query_info_async (file=0x8f5f530,
attributes=0x58f58c "standard::is-hidden,standard::is-backup,standard::display-name,standard::icon", flags=G_FILE_QUERY_INFO_NONE, io_priority=0,
cancellable=0x8f8be00, callback=0x363300 <query_info_callback>,
---Type <return> to continue, or q <return> to quit---
user_data=0x8c533e0) at /build/buildd/glib2.0-2.32.1/./gio/gfile.c:4867
#10 0x00919da2 in g_file_query_info_async (file=0x8f5f530,
attributes=0x58f58c "standard::is-hidden,standard::is-backup,standard::display-name,standard::icon", flags=G_FILE_QUERY_INFO_NONE, io_priority=0,
cancellable=0x8f8be00, callback=0x363300 <query_info_callback>,
user_data=0x8c533e0) at /build/buildd/glib2.0-2.32.1/./gio/gfile.c:1147
#11 0x003653db in _gtk_file_system_get_info (file_system=0x8f29900,
file=0x8f5f530,
attributes=0x58f58c "standard::is-hidden,standard::is-backup,standard::display-name,standard::icon", callback=0x3548d0 <get_file_info_finished>,
data=0x8f8fa58) at /build/buildd/gtk+2.0-2.24.10/gtk/gtkfilesystem.c:931
#12 0x0035a317 in shortcuts_insert_file (impl=0x85f21d8, pos=<optimized out>,
shortcut_type=SHORTCUT_TYPE_FILE, volume=0x0, file=0x8f5f530, label=0x0,
removable=0, type=SHORTCUTS_HOME)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkfilechooserdefault.c:1644
#13 0x0035baab in shortcuts_append_home (impl=0x85f21d8)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkfilechooserdefault.c:1775
#14 shortcuts_model_create (impl=0x85f21d8)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkfilechooserdefault.c:2174
#15 gtk_file_chooser_default_constructor (type=138321408,
n_construct_properties=1, construct_params=0x8f177f0)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkfilechooserdefault.c:4898
#16 0x00baecf9 in g_object_newv (object_type=138321408, n_parameters=0,
parameters=0x0) at /build/buildd/glib2.0-2.32.1/./gobject/gobject.c:1713
#17 0x00baf7c8 in g_object_new (object_type=138321408, first_property_name=0x0)
at /build/buildd/glib2.0-2.32.1/./gobject/gobject.c:1542
#18 0x0035d214 in _gtk_file_chooser_default_new ()
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkfilechooserdefault.c:10033
#19 0x003623d9 in gtk_file_chooser_widget_constructor (type=140461872,
n_construct_properties=1, construct_params=0x8e85190)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkfilechooserwidget.c:103
#20 0x00baecf9 in g_object_newv (object_type=140461872, n_parameters=0,
parameters=0x0) at /build/buildd/glib2.0-2.32.1/./gobject/gobject.c:1713
#21 0x00baf7c8 in g_object_new (object_type=140461872, first_property_name=0x0)
at /build/buildd/glib2.0-2.32.1/./gobject/gobject.c:1542
#22 0x0035d5ad in gtk_file_chooser_dialog_constructor (type=136174432,
n_construct_properties=3, construct_params=0x8904120)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkfilechooserdialog.c:276
#23 0x00baecf9 in g_object_newv (object_type=136174432, n_parameters=2,
parameters=0x8f91798)
at /build/buildd/glib2.0-2.32.1/./gobject/gobject.c:1713
#24 0x00baf543 in g_object_new_valist (object_type=136174432,
first_property_name=0x57cef7 "title",
var_args=0xbfffe1f8 "\001\270", <incomplete sequence \361>)
at /build/buildd/glib2.0-2.32.1/./gobject/gobject.c:1830
#25 0x00baf7a0 in g_object_new (object_type=136174432,
---Type <return> to continue, or q <return> to quit---
first_property_name=0x57cef7 "title")
at /build/buildd/glib2.0-2.32.1/./gobject/gobject.c:1545
#26 0x0035da05 in gtk_file_chooser_dialog_new_valist (
title=0x8ee5880 "Select your Table backup file to export",
parent=<optimized out>, action=GTK_FILE_CHOOSER_ACTION_SAVE,
first_button_text=0xce7eb5 "gtk-cancel",
varargs=0xbfffe260 "\372\377\377\377\300", <incomplete sequence \316>,
backend=<optimized out>)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkfilechooserdialog.c:396
#27 0x0035db37 in IA__gtk_file_chooser_dialog_new (
title=0x8ee5880 "Select your Table backup file to export",
parent=0x81f7678, action=GTK_FILE_CHOOSER_ACTION_SAVE,
first_button_text=0xce7eb5 "gtk-cancel")
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkfilechooserdialog.c:440
#28 0x00ce58b5 in choose_file (data=0x8f879e8) at getfiles.c:407
#29 0x0809ed84 in export_single_table (table_num=3) at tableio.cpp:304
#30 0x08079552 in std_button_handler (widget=0x87bec98, data=0x0)
at gui_handlers.c:702
#31 0x00baa243 in g_cclosure_marshal_VOID__VOIDv (closure=0x8b7d8a8,
return_value=0x0, instance=0x87bec98, args=0xbfffe5dc "\222%O",
marshal_data=0x0, n_params=0, param_types=0x0)
at /build/buildd/glib2.0-2.32.1/./gobject/gmarshal.c:115
#32 0x00ba8727 in _g_closure_invoke_va (closure=0x8b7d8a8, return_value=0x0,
instance=0x87bec98, args=0xbfffe5dc "\222%O", n_params=0, param_types=0x0)
at /build/buildd/glib2.0-2.32.1/./gobject/gclosure.c:840
#33 0x00bc1a29 in g_signal_emit_valist (instance=0x87bec98, signal_id=171,
detail=0, var_args=0xbfffe5dc "\222%O")
at /build/buildd/glib2.0-2.32.1/./gobject/gsignal.c:3207
#34 0x00bc2453 in g_signal_emit (instance=0x87bec98, signal_id=171, detail=0)
at /build/buildd/glib2.0-2.32.1/./gobject/gsignal.c:3352
#35 0x002f621a in IA__gtk_button_clicked (button=0x87bec98)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkbutton.c:1128
#36 0x002f7630 in gtk_real_button_released (button=0x87bec98)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkbutton.c:1725
#37 gtk_real_button_released (button=0x87bec98)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkbutton.c:1715
#38 0x00baa243 in g_cclosure_marshal_VOID__VOIDv (closure=0x81fb310,
return_value=0x0, instance=0x87bec98,
args=0xbfffe8cc "\206", <incomplete sequence \347\274>,
marshal_data=0x2f75f0, n_params=0, param_types=0x0)
at /build/buildd/glib2.0-2.32.1/./gobject/gmarshal.c:115
#39 0x00ba6db7 in g_type_class_meta_marshalv (closure=0x81fb310,
return_value=0x0, instance=0x87bec98,
args=0xbfffe8cc "\206", <incomplete sequence \347\274>,
marshal_data=0x1a4, n_params=0, param_types=0x0)
at /build/buildd/glib2.0-2.32.1/./gobject/gclosure.c:997
---Type <return> to continue, or q <return> to quit---
#40 0x00ba8727 in _g_closure_invoke_va (closure=0x81fb310, return_value=0x0,
instance=0x87bec98,
args=0xbfffe8cc "\206", <incomplete sequence \347\274>, n_params=0,
param_types=0x0) at /build/buildd/glib2.0-2.32.1/./gobject/gclosure.c:840
#41 0x00bc1a29 in g_signal_emit_valist (instance=0x87bec98, signal_id=170,
detail=0, var_args=0xbfffe8cc "\206", <incomplete sequence \347\274>)
at /build/buildd/glib2.0-2.32.1/./gobject/gsignal.c:3207
#42 0x00bc2453 in g_signal_emit (instance=0x87bec98, signal_id=170, detail=0)
at /build/buildd/glib2.0-2.32.1/./gobject/gsignal.c:3352
#43 0x002f613a in gtk_button_released (button=0x87bec98)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkbutton.c:1120
#44 0x002f6184 in gtk_button_button_release (widget=0x87bec98, event=0x8f6fa38)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkbutton.c:1617
#45 0x003b58a2 in _gtk_marshal_BOOLEAN__BOXED (closure=0x81f02d0,
return_value=0xbfffea84, n_param_values=2, param_values=0xbfffeaf0,
invocation_hint=0xbfffea70, marshal_data=0x2f6150)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkmarshalers.c:86
#46 0x00ba72fd in g_type_class_meta_marshal (closure=0x81f02d0,
return_value=0xbfffea84, n_param_values=2, param_values=0xbfffeaf0,
invocation_hint=0xbfffea70, marshal_data=0xb4)
at /build/buildd/glib2.0-2.32.1/./gobject/gclosure.c:970
#47 0x00ba8484 in g_closure_invoke (closure=0x81f02d0,
return_value=0xbfffea84, n_param_values=2, param_values=0xbfffeaf0,
invocation_hint=0xbfffea70)
at /build/buildd/glib2.0-2.32.1/./gobject/gclosure.c:777
#48 0x00bba70d in signal_emit_unlocked_R (node=0x81f0438, detail=0,
instance=0x87bec98, emission_return=0xbfffec88,
instance_and_params=0xbfffeaf0)
at /build/buildd/glib2.0-2.32.1/./gobject/gsignal.c:3585
#49 0x00bc1ff5 in g_signal_emit_valist (instance=0x87bec98, signal_id=34,
detail=0,
var_args=0xbfffed00 ",\355\377\277\070\372\366\b8\372\366\b\311\361N")
at /build/buildd/glib2.0-2.32.1/./gobject/gsignal.c:3306
#50 0x00bc2453 in g_signal_emit (instance=0x87bec98, signal_id=34, detail=0)
at /build/buildd/glib2.0-2.32.1/./gobject/gsignal.c:3352
#51 0x004ef413 in gtk_widget_event_internal (widget=0x87bec98, event=0x8f6fa38)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkwidget.c:4992
#52 0x003b3a6e in IA__gtk_propagate_event (widget=0x87bec98, event=0x8f6fa38)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkmain.c:2567
#53 0x003b3e00 in IA__gtk_main_do_event (event=0x8f6fa38)
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkmain.c:1757
#54 0x00889758 in gdk_event_dispatch (source=0x81dd638, callback=0,
user_data=0x0)
at /build/buildd/gtk+2.0-2.24.10/gdk/x11/gdkevents-x11.c:2377
#55 0x00c30cda in g_main_dispatch (context=0x81dd718)
at /build/buildd/glib2.0-2.32.1/./glib/gmain.c:2515
---Type <return> to continue, or q <return> to quit---
#56 g_main_context_dispatch (context=0x81dd718)
at /build/buildd/glib2.0-2.32.1/./glib/gmain.c:3052
#57 0x00c310e5 in g_main_context_iterate (dispatch=1, block=12839440,
context=0x81dd718, self=<optimized out>)
at /build/buildd/glib2.0-2.32.1/./glib/gmain.c:3123
#58 g_main_context_iterate (context=0x81dd718, block=12839440, dispatch=1,
self=<optimized out>) at /build/buildd/glib2.0-2.32.1/./glib/gmain.c:3060
#59 0x00c311c1 in g_main_context_iteration (context=0x81dd718, may_block=1)
at /build/buildd/glib2.0-2.32.1/./glib/gmain.c:3184
#60 0x003b2df1 in IA__gtk_main_iteration ()
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkmain.c:1417
#61 0x08076e8a in gui_dispatcher (data=0x81b3428) at dispatcher.c:318
#62 0x00c31a3f in g_timeout_dispatch (source=0x83038e8,
callback=0x8076c10 <gui_dispatcher>, user_data=0x81b3428)
at /build/buildd/glib2.0-2.32.1/./glib/gmain.c:3859
#63 0x00c30cda in g_main_dispatch (context=0x81dd718)
at /build/buildd/glib2.0-2.32.1/./glib/gmain.c:2515
#64 g_main_context_dispatch (context=0x81dd718)
at /build/buildd/glib2.0-2.32.1/./glib/gmain.c:3052
#65 0x00c310e5 in g_main_context_iterate (dispatch=1, block=1,
context=0x81dd718, self=<optimized out>)
at /build/buildd/glib2.0-2.32.1/./glib/gmain.c:3123
#66 g_main_context_iterate (context=0x81dd718, block=1, dispatch=1,
self=<optimized out>) at /build/buildd/glib2.0-2.32.1/./glib/gmain.c:3060
#67 0x00c3152b in g_main_loop_run (loop=0x83037f8)
at /build/buildd/glib2.0-2.32.1/./glib/gmain.c:3317
#68 0x003b2b8f in IA__gtk_main ()
at /build/buildd/gtk+2.0-2.24.10/gtk/gtkmain.c:1329
#69 0x0805abbb in main (argc=5, argv=0xbffff1e4) at main.c:150
Version: 2.32.x