Crash in gtk_file_system_model_monitor_change()
I'm debugging an Epiphany UI process SIGSEGV when using the Save Image As context menu item. When the file chooser opens, click Cancel and then Epiphany will crash:
(gdb) bt full
#0 remove_file (file=0x7f162c0013b0, model=0x557c0e71f860 [GtkFileSystemModel]) at ../gtk/gtkfilesystemmodel.c:470
_pp = 0x55940e700168
_ptr = <optimized out>
node = 0x55940e700168
id = 4294967295
__func__ = "remove_file"
#1 gtk_file_system_model_monitor_change
(monitor=<optimized out>, file=file@entry=0x7f162c0013b0, other_file=other_file@entry=0x0, type=<optimized out>, model=0x557c0e71f860 [GtkFileSystemModel]) at ../gtk/gtkfilesystemmodel.c:723
#2 0x00007f16476d4707 in _g_cclosure_marshal_VOID__OBJECT_OBJECT_ENUMv
(closure=0x557c0e703f90, return_value=<optimized out>, instance=0x557c0e6ca920, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=<optimized out>) at ../gio/gmarshal-internal.c:1382
data1 = <optimized out>
data2 = <optimized out>
callback = 0x7f16471143e0 <gtk_file_system_model_monitor_change>
arg0 = 0x7f162c0013b0
arg1 = 0x0
arg2 = -461151179
args_copy = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7fff508787d0, reg_save_area = 0x7fff50878710}}
#3 0x00007f164799a65a in _g_closure_invoke_va
(closure=closure@entry=0x557c0e703f90, return_value=return_value@entry=0x0, instance=instance@entry=0x557c0e6ca920, args=args@entry=0x7fff508786f0, n_params=3, param_types=0x557c0b165fe0) at ../gobject/gclosure.c:895
marshal = 0x7f16476d4640 <_g_cclosure_marshal_VOID__OBJECT_OBJECT_ENUMv>
marshal_data = <optimized out>
in_marshal = 0
real_closure = 0x557c0e703f70
__func__ = "_g_closure_invoke_va"
#4 0x00007f16479b566f in g_signal_emit_valist
(instance=0x557c0e6ca920, signal_id=31, detail=<optimized out>, var_args=var_args@entry=0x7fff508786f0)
at ../gobject/gsignal.c:3462
return_accu = <optimized out>
accu = {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
accumulator = 0x0
emission = {next = 0x0, instance = 0x557c0e6ca920, ihint = {signal_id = 31, detail = 0, run_type = (G_SIGNAL_RUN_FIRST | G_SIGNAL_ACCUMULATOR_FIRST_RUN)}, state = EMISSION_RUN, chain_type = 0x557c0b156640 [GInotifyFileMonitor/GLocalFileMonitor/GFileMonitor]}
instance_type = <optimized out>
emission_return = {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
rtype = 0x4 [void]
static_scope = 0
fastpath_handler = <optimized out>
closure = <optimized out>
run_type = <optimized out>
hlist = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--c
l = <optimized out>
fastpath = <optimized out>
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__func__ = "g_signal_emit_valist"
#5 0x00007f16479b5873 in g_signal_emit (instance=instance@entry=0x557c0e6ca920, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3612
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff508787d0, reg_save_area = 0x7fff50878710}}
#6 0x00007f16476c4e29 in g_file_monitor_emit_event (monitor=monitor@entry=0x557c0e6ca920 [GInotifyFileMonitor], child=<optimized out>, other_file=<optimized out>, event_type=<optimized out>) at ../gio/gfilemonitor.c:296
__func__ = "g_file_monitor_emit_event"
#7 0x00007f16477968bb in g_file_monitor_source_dispatch (source=0x557c0e6f2b70, callback=<optimized out>, user_data=<optimized out>) at ../gio/glocalfilemonitor.c:582
fms = 0x557c0e6f2b70
event = 0x7f162c002e00
event_queue = {head = 0x7f162c0017f0 = {0x7f162c002a50, 0x7f162c002b00}, tail = 0x7f162c002de0 = {0x7f162c002b00}, length = 2}
now = <optimized out>
instance = 0x557c0e6ca920 [GInotifyFileMonitor]
#8 0x00007f1647894d09 in g_main_dispatch (context=<optimized out>) at ../glib/gmain.c:3460
dispatch = 0x7f1647796750 <g_file_monitor_source_dispatch>
prev_source = 0x0
begin_time_nsec = 5807587296649
was_in_call = 0
user_data = 0x0
callback = 0x0
cb_funcs = 0x0
cb_data = 0x0
need_destroy = <optimized out>
source = 0x557c0e6f2b70
current = 0x557c0b151670
i = 1
__func__ = "g_main_dispatch"
#9 g_main_context_dispatch (context=<optimized out>) at ../glib/gmain.c:4200
#10 0x00007f1647895268 in g_main_context_iterate (context=context@entry=0x557c0b1499a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4276
max_priority = 0
timeout = 0
some_ready = 1
nfds = 13
allocated_nfds = <optimized out>
fds = <optimized out>
begin_time_nsec = 5807586986910
#11 0x00007f1647895303 in g_main_context_iteration (context=context@entry=0x557c0b1499a0, may_block=may_block@entry=1) at ../glib/gmain.c:4343
retval = <optimized out>
#12 0x00007f1647735f5d in g_application_run (application=0x557c0b173810 [EphyShell], argc=<optimized out>, argv=<optimized out>) at ../gio/gapplication.c:2573
arguments = 0x557c0b38f730
status = 0
context = 0x557c0b1499a0
acquired_context = <optimized out>
__func__ = "g_application_run"
#13 0x0000557c0a22d04b in main (argc=<optimized out>, argv=<optimized out>) at ../src/ephy-main.c:434
option_context = <optimized out>
option_group = <optimized out>
error = 0x0
user_time = 0
arbitrary_url = <optimized out>
ctx = <optimized out>
mode = <optimized out>
status = <optimized out>
flags = <optimized out>
desktop_info = <optimized out>
Importantly, note that id = 4294967295
in the first frame, which is 2^32 - 1, GTK_INVALID_LIST_POSITION
. So that looks suspicious.
I can reproduce this crash in Ephy Tech Preview, but not in my jhbuild environment using latest build of GTK. Not sure what the difference is, but probably some other dep in my jhbuild environment is older.