Use-after-free crash in GtkTextHandle
Steps to reproduce
I was playing with an entry in the widget factory, touching and dragging the text handles, on a touchscreen.
Version information
- Which version of GTK you are using
- Commit 8de4b048
- What operating system and version
- Fedora Linux 40
- If you built GTK yourself, the list of options used to configure the build
-
-Dprefix=/usr(nothing interesting here)
-
Backtrace
This is where the 0x55f97ce876c0 gesture is getting destroyed:
#0 g_type_free_instance (instance=0x55f97ce876c0) at ../gobject/gtype.c:2003
#1 0x00007fa0bbf4ab76 in g_object_unref (_object=0x55f97ce876c0) at ../gobject/gobject.c:4500
#2 0x00007fa0bb6685b0 in gtk_widget_remove_controller (widget=<optimized out>, controller=0x55f97ce876c0) at ../gtk/gtkwidget.c:11773
#3 0x00007fa0bb6216f8 in gtk_text_handle_unmap (widget=0x55f9750120e0) at ../gtk/gtktexthandle.c:333
#7 0x00007fa0bbf5c423 in <emit signal '???' on instance ???> (instance=instance@entry=0x55f9750120e0, signal_id=<optimized out>, detail=detail@entry=0)
at ../gobject/gsignal.c:3583
#4 0x00007fa0bbf5c254 in _g_closure_invoke_va
(closure=0x55f962e34bd0, return_value=0x0, instance=0x55f9750120e0, args=0x7ffff2566780, n_params=<optimized out>, param_types=0x0) at ../gobject/gclosure.c:897
#5 signal_emit_valist_unlocked
(instance=instance@entry=0x55f9750120e0, signal_id=signal_id@entry=71, detail=detail@entry=0, var_args=var_args@entry=0x7ffff2566780) at ../gobject/gsignal.c:3424
#6 0x00007fa0bbf5c361 in g_signal_emit_valist (instance=0x55f9750120e0, signal_id=71, detail=0, var_args=var_args@entry=0x7ffff2566780)
at ../gobject/gsignal.c:3263
#8 0x00007fa0bb65aaca in gtk_widget_unmap (widget=0x55f9750120e0) at ../gtk/gtkwidget.c:2890
#9 gtk_widget_unmap (widget=0x55f9750120e0) at ../gtk/gtkwidget.c:2878
#10 0x00007fa0bb65ab95 in gtk_widget_real_hide (widget=0x55f9750120e0) at ../gtk/gtkwidget.c:2810
#14 0x00007fa0bbf5c423 in <emit signal '???' on instance ???> (instance=instance@entry=0x55f9750120e0, signal_id=<optimized out>, detail=detail@entry=0)
at ../gobject/gsignal.c:3583
#11 0x00007fa0bbf5c254 in _g_closure_invoke_va
(closure=0x55f962ebc3d0, return_value=0x0, instance=0x55f9750120e0, args=0x7ffff2566ae0, n_params=<optimized out>, param_types=0x0) at ../gobject/gclosure.c:897
#12 signal_emit_valist_unlocked
(instance=instance@entry=0x55f9750120e0, signal_id=signal_id@entry=69, detail=detail@entry=0, var_args=var_args@entry=0x7ffff2566ae0) at ../gobject/gsignal.c:3424
#13 0x00007fa0bbf5c361 in g_signal_emit_valist (instance=0x55f9750120e0, signal_id=69, detail=0, var_args=var_args@entry=0x7ffff2566ae0)
at ../gobject/gsignal.c:3263
#15 0x00007fa0bb65b4b5 in gtk_widget_hide (widget=0x55f9750120e0) at ../gtk/gtkwidget.c:2786
#16 0x00007fa0bb60910b in gtk_text_update_handles (self=0x55f962fc7f20) at ../gtk/gtktext.c:2398
#17 0x00007fa0bb60ee30 in gtk_text_recompute (self=0x55f962fc7f20) at ../gtk/gtktext.c:4554
#18 gtk_text_recompute (self=0x55f962fc7f20) at ../gtk/gtktext.c:4545
#19 0x00007fa0bb60f14f in gtk_text_set_positions (self=<optimized out>, current_pos=<optimized out>, selection_bound=<optimized out>) at ../gtk/gtktext.c:4528
#20 0x00007fa0bb60fa8c in gtk_text_set_selection_bounds (self=0x55f962fc7f20, start=<optimized out>, end=<optimized out>) at ../gtk/gtktext.c:3526
#21 0x00007fa0bb612037 in gtk_text_click_gesture_pressed (gesture=0x55f962fcb1e0, n_press=1, widget_x=<optimized out>, widget_y=<optimized out>, self=0x55f962fc7f20)
at ../gtk/gtktext.c:2863
#26 0x00007fa0bbf5c423 in <emit signal '???' on instance ???> (instance=instance@entry=0x55f962fcb1e0, signal_id=<optimized out>, detail=detail@entry=0)
at ../gobject/gsignal.c:3583
#22 0x00007fa0bb49277c in _gtk_marshal_VOID__INT_DOUBLE_DOUBLEv
(closure=<optimized out>, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x55f962ee6c50) at gtk/gtkmarshalers.c:3688
#23 0x00007fa0bbf5c254 in _g_closure_invoke_va
(closure=0x55f962fcb320, return_value=0x0, instance=0x55f962fcb1e0, args=0x7ffff2566fc0, n_params=<optimized out>, param_types=0x55f962ee6c50)
at ../gobject/gclosure.c:897
#24 signal_emit_valist_unlocked
(instance=instance@entry=0x55f962fcb1e0, signal_id=signal_id@entry=107, detail=detail@entry=0, var_args=var_args@entry=0x7ffff2566fc0) at ../gobject/gsignal.c:3424
#25 0x00007fa0bbf5c361 in g_signal_emit_valist (instance=0x55f962fcb1e0, signal_id=107, detail=0, var_args=var_args@entry=0x7ffff2566fc0)
--Type <RET> for more, q to quit, c to continue without paging--c
at ../gobject/gsignal.c:3263
#27 0x00007fa0bb538159 in gtk_gesture_click_begin (gesture=0x55f962fcb1e0, sequence=sequence@entry=0x1) at ../gtk/gtkgestureclick.c:230
#32 0x00007fa0bbf5c423 in <emit signal '???' on instance ???> (instance=instance@entry=0x55f962fcb1e0, signal_id=<optimized out>, detail=detail@entry=0)
at ../gobject/gsignal.c:3583
#28 0x00007fa0bbf3fc65 in g_cclosure_marshal_VOID__BOXEDv
(closure=0x55f962e5d0e0, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x55f962ee64b0) at ../gobject/gmarshal.c:1686
#29 0x00007fa0bbf5b438 in _g_closure_invoke_va
(closure=0x55f962e5d0e0, return_value=0x0, instance=0x55f962fcb1e0, args=0x7ffff25673c0, n_params=1, param_types=0x55f962ee64b0) at ../gobject/gclosure.c:897
#30 signal_emit_valist_unlocked
(instance=instance@entry=0x55f962fcb1e0, signal_id=signal_id@entry=102, detail=detail@entry=0, var_args=var_args@entry=0x7ffff25673c0) at ../gobject/gsignal.c:3424
#31 0x00007fa0bbf5c361 in g_signal_emit_valist (instance=0x55f962fcb1e0, signal_id=102, detail=0, var_args=var_args@entry=0x7ffff25673c0)
at ../gobject/gsignal.c:3263
#33 0x00007fa0bb5365fe in _gtk_gesture_set_recognized (recognized=<optimized out>, gesture=0x55f962fcb1e0, sequence=0x1) at ../gtk/gtkgesture.c:338
#34 _gtk_gesture_set_recognized (gesture=0x55f962fcb1e0, recognized=1, sequence=0x1) at ../gtk/gtkgesture.c:324
#35 _gtk_gesture_check_recognized (gesture=gesture@entry=0x55f962fcb1e0, sequence=sequence@entry=0x1) at ../gtk/gtkgesture.c:384
#36 0x00007fa0bb537645 in gtk_gesture_handle_event (controller=0x55f962fcb1e0, event=<optimized out>, x=<optimized out>, y=75.273429870605469)
at ../gtk/gtkgesture.c:655
#37 0x00007fa0bb53884f in gtk_gesture_single_handle_event (controller=0x55f962fcb1e0, event=0x55f97ab0ac40, x=75.80078125, y=75.273429870605469)
at ../gtk/gtkgesturesingle.c:227
#38 0x00007fa0bb65c649 in gtk_event_controller_handle_event
(controller=0x55f962fcb1e0, event=<optimized out>, target=<optimized out>, x=<optimized out>, y=<optimized out>) at ../gtk/gtkeventcontroller.c:362
#39 gtk_widget_run_controllers
(widget=widget@entry=0x55f962fc7f20, event=event@entry=0x55f97ab0ac40, target=target@entry=0x55f962fc7f20, x=75.80078125, y=75.273429870605469, phase=phase@entry=GTK_PHASE_BUBBLE) at ../gtk/gtkwidget.c:4585
#40 0x00007fa0bb65cad5 in gtk_widget_event (widget=0x55f962fc7f20, event=0x55f97ab0ac40, target=0x55f962fc7f20) at ../gtk/gtkwidget.c:4777
#41 gtk_widget_event (widget=0x55f962fc7f20, event=0x55f97ab0ac40, target=0x55f962fc7f20) at ../gtk/gtkwidget.c:4753
#42 0x00007fa0bb577a12 in gtk_propagate_event_internal (widget=0x55f962fc7f20, event=0x55f97ab0ac40, topmost=<optimized out>) at ../gtk/gtkmain.c:1947
#43 0x00007fa0bb659b7a in _gtk_widget_emulate_press (widget=0x55f962f0cdc0, event=<optimized out>, event_widget=0x55f962fc7f20) at ../gtk/gtkwidget.c:2064
#44 _gtk_widget_set_sequence_state_internal (widget=<optimized out>, sequence=<optimized out>, state=<optimized out>, emitter=<optimized out>)
at ../gtk/gtkwidget.c:2259
#45 0x00007fa0bb536ce3 in gtk_widget_cancel_event_sequence (widget=0x55f962f0cdc0, gesture=0x55f97ce876c0, sequence=0x1, state=GTK_EVENT_SEQUENCE_DENIED)
at ../gtk/gtkwidget.c:11688
#46 gtk_gesture_set_sequence_state (gesture=0x55f97ce876c0, sequence=0x1, state=GTK_EVENT_SEQUENCE_DENIED) at ../gtk/gtkgesture.c:1057
#47 0x00007fa0bb659806 in _gtk_widget_set_sequence_state_internal
(widget=0x55f962f0cdc0, sequence=<optimized out>, state=GTK_EVENT_SEQUENCE_CLAIMED, emitter=0x55f987af64e0) at ../gtk/gtkwidget.c:2240
#48 0x00007fa0bb536ce3 in gtk_widget_cancel_event_sequence (widget=0x55f962f0cdc0, gesture=0x55f987af64e0, sequence=0x1, state=GTK_EVENT_SEQUENCE_CLAIMED)
at ../gtk/gtkwidget.c:11688
#49 gtk_gesture_set_sequence_state (gesture=gesture@entry=0x55f987af64e0, sequence=0x1, state=state@entry=GTK_EVENT_SEQUENCE_CLAIMED) at ../gtk/gtkgesture.c:1057
#50 0x00007fa0bb537846 in gtk_gesture_set_state (gesture=0x55f987af64e0, state=GTK_EVENT_SEQUENCE_CLAIMED) at ../gtk/gtkgesture.c:1137
#51 0x00007fa0bb621d7e in handle_drag_begin (gesture=0x55f987af64e0, x=<optimized out>, y=<optimized out>, handle=0x55f9739d3cf0) at ../gtk/gtktexthandle.c:455
#56 0x00007fa0bbf5c423 in <emit signal '???' on instance ???> (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>)
at ../gobject/gsignal.c:3583
#52 0x00007fa0bb4922e9 in _gtk_marshal_VOID__DOUBLE_DOUBLEv
(closure=<optimized out>, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x55f962ee7fa0) at gtk/gtkmarshalers.c:3158
#53 0x00007fa0bbf5c254 in _g_closure_invoke_va
(closure=0x55f975741690, return_value=0x0, instance=0x55f987af64e0, args=0x7ffff2567d20, n_params=<optimized out>, param_types=0x55f962ee7fa0)
at ../gobject/gclosure.c:897
#54 signal_emit_valist_unlocked
(instance=instance@entry=0x55f987af64e0, signal_id=signal_id@entry=111, detail=detail@entry=0, var_args=var_args@entry=0x7ffff2567d20) at ../gobject/gsignal.c:3424
#55 0x00007fa0bbf5c361 in g_signal_emit_valist (instance=0x55f987af64e0, signal_id=111, detail=0, var_args=var_args@entry=0x7ffff2567d20)
at ../gobject/gsignal.c:3263
#61 0x00007fa0bbf5c423 in <emit signal '???' on instance ???> (instance=instance@entry=0x55f987af64e0, signal_id=<optimized out>, detail=detail@entry=0)
at ../gobject/gsignal.c:3583
#57 0x00007fa0bbf3fc65 in g_cclosure_marshal_VOID__BOXEDv
(closure=0x55f962e5d0e0, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x55f962ee64b0) at ../gobject/gmarshal.c:1686
#58 0x00007fa0bbf5c254 in _g_closure_invoke_va
(closure=0x55f962e5d0e0, return_value=0x0, instance=0x55f987af64e0, args=0x7ffff25680b0, n_params=<optimized out>, param_types=0x55f962ee64b0)
at ../gobject/gclosure.c:897
#59 signal_emit_valist_unlocked
(instance=instance@entry=0x55f987af64e0, signal_id=signal_id@entry=102, detail=detail@entry=0, var_args=var_args@entry=0x7ffff25680b0) at ../gobject/gsignal.c:3424
#60 0x00007fa0bbf5c361 in g_signal_emit_valist (instance=0x55f987af64e0, signal_id=102, detail=0, var_args=var_args@entry=0x7ffff25680b0)
at ../gobject/gsignal.c:3263
#62 0x00007fa0bb5365fe in _gtk_gesture_set_recognized (recognized=<optimized out>, gesture=0x55f987af64e0, sequence=0x1) at ../gtk/gtkgesture.c:338
#63 _gtk_gesture_set_recognized (gesture=0x55f987af64e0, recognized=1, sequence=0x1) at ../gtk/gtkgesture.c:324
#64 _gtk_gesture_check_recognized (gesture=gesture@entry=0x55f987af64e0, sequence=sequence@entry=0x1) at ../gtk/gtkgesture.c:384
#65 0x00007fa0bb537645 in gtk_gesture_handle_event (controller=0x55f987af64e0, event=<optimized out>, x=<optimized out>, y=75.2734375) at ../gtk/gtkgesture.c:655
#66 0x00007fa0bb53884f in gtk_gesture_single_handle_event (controller=0x55f987af64e0, event=0x55f983fe5260, x=75.80078125, y=75.2734375)
at ../gtk/gtkgesturesingle.c:227
#67 0x00007fa0bb65c649 in gtk_event_controller_handle_event
(controller=0x55f987af64e0, event=<optimized out>, target=<optimized out>, x=<optimized out>, y=<optimized out>) at ../gtk/gtkeventcontroller.c:362
#68 gtk_widget_run_controllers
(widget=widget@entry=0x55f962f0cdc0, event=event@entry=0x55f983fe5260, target=target@entry=0x55f962fc7f20, x=75.80078125, y=75.2734375, phase=phase@entry=GTK_PHASE_CAPTURE) at ../gtk/gtkwidget.c:4585
#69 0x00007fa0bb65c9b8 in _gtk_widget_captured_event (widget=0x55f962f0cdc0, event=0x55f983fe5260, target=0x55f962fc7f20) at ../gtk/gtkwidget.c:4746
#70 0x00007fa0bb57798a in gtk_propagate_event_internal (widget=0x55f962f0cdc0, widget@entry=0x55f962fc7f20, event=event@entry=0x55f983fe5260, topmost=<optimized out>)
at ../gtk/gtkmain.c:1915
#71 0x00007fa0bb577c20 in gtk_propagate_event (widget=widget@entry=0x55f962fc7f20, event=event@entry=0x55f983fe5260) at ../gtk/gtkmain.c:1997
#72 0x00007fa0bb578503 in gtk_main_do_event (event=<optimized out>) at ../gtk/gtkmain.c:1687
#78 0x00007fa0bbf5c423 in <emit signal '???' on instance ???> (instance=instance@entry=0x55f963b3cde0, signal_id=<optimized out>, detail=detail@entry=0)
at ../gobject/gsignal.c:3583
#73 0x00007fa0bb7d34ee in _gdk_marshal_BOOLEAN__POINTERv
(closure=<optimized out>, return_value=0x7ffff2568730, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x55f963b3afe0) at gdk/gdkmarshalers.c:302
#74 0x00007fa0bb85524a in gdk_surface_event_marshallerv
(closure=0x55f9693ab630, return_value=0x7ffff2568730, instance=0x55f963b3cde0, args=0x7ffff2568820, marshal_data=0x0, n_params=1, param_types=0x55f963b3afe0)
at ../gdk/gdksurface.c:462
#75 0x00007fa0bbf5c254 in _g_closure_invoke_va
(closure=0x55f9693ab630, return_value=0x7ffff2568730, instance=0x55f963b3cde0, args=0x7ffff2568820, n_params=<optimized out>, param_types=0x55f963b3afe0)
at ../gobject/gclosure.c:897
#76 signal_emit_valist_unlocked
(instance=instance@entry=0x55f963b3cde0, signal_id=signal_id@entry=342, detail=detail@entry=0, var_args=var_args@entry=0x7ffff2568820) at ../gobject/gsignal.c:3424
#77 0x00007fa0bbf5c361 in g_signal_emit_valist (instance=0x55f963b3cde0, signal_id=342, detail=0, var_args=var_args@entry=0x7ffff2568820)
at ../gobject/gsignal.c:3263
#79 0x00007fa0bb8f86d5 in gdk_surface_handle_event.isra.0 (event=event@entry=0x55f983fe5260) at ../gdk/gdksurface.c:2932
#80 0x00007fa0bb8f8ab0 in _gdk_event_emit.isra.0 (event=event@entry=0x55f983fe5260) at ../gdk/gdkevents.c:491
#81 0x00007fa0bb7e4886 in gdk_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at ../gdk/wayland/gdkeventsource.c:142
#82 0x00007fa0bbfe5e8c in g_main_dispatch (context=0x55f962d91f70) at ../glib/gmain.c:3344
#83 g_main_context_dispatch_unlocked (context=0x55f962d91f70) at ../glib/gmain.c:4152
#84 0x00007fa0bc047c98 in g_main_context_iterate_unlocked.isra.0
(context=context@entry=0x55f962d91f70, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4217
#85 0x00007fa0bbfe7383 in g_main_context_iteration (context=context@entry=0x55f962d91f70, may_block=may_block@entry=1) at ../glib/gmain.c:4282
#86 0x00007fa0bb3130fd in g_application_run (application=0x55f962d865d0, argc=<optimized out>, argv=0x7ffff2568cd8) at ../gio/gapplication.c:2712
#87 0x000055f9526fe409 in main ()Soon after, it crashes here:
#0 0x00007fa0bb536421 in _gtk_gesture_get_n_touch_points (gesture=0x0, only_active=0) at ../gtk/gtkgesture.c:283
#1 _gtk_gesture_get_n_physical_points (gesture=gesture@entry=0x55f97ce876c0, only_active=only_active@entry=0) at ../gtk/gtkgesture.c:308
#2 0x00007fa0bb536526 in _gtk_gesture_has_matching_touchpoints (gesture=0x55f97ce876c0) at ../gtk/gtkgesture.c:364
#3 _gtk_gesture_check_recognized (gesture=gesture@entry=0x55f97ce876c0, sequence=sequence@entry=0x1) at ../gtk/gtkgesture.c:378
#4 0x00007fa0bb536e81 in gtk_gesture_set_sequence_state (gesture=0x55f97ce876c0, sequence=0x1, state=GTK_EVENT_SEQUENCE_DENIED) at ../gtk/gtkgesture.c:1063
#5 0x00007fa0bb659806 in _gtk_widget_set_sequence_state_internal
(widget=0x55f962f0cdc0, sequence=<optimized out>, state=GTK_EVENT_SEQUENCE_CLAIMED, emitter=0x55f987af64e0) at ../gtk/gtkwidget.c:2240
#6 0x00007fa0bb536ce3 in gtk_widget_cancel_event_sequence (widget=0x55f962f0cdc0, gesture=0x55f987af64e0, sequence=0x1, state=GTK_EVENT_SEQUENCE_CLAIMED)
at ../gtk/gtkwidget.c:11688
#7 gtk_gesture_set_sequence_state (gesture=gesture@entry=0x55f987af64e0, sequence=0x1, state=state@entry=GTK_EVENT_SEQUENCE_CLAIMED) at ../gtk/gtkgesture.c:1057
#8 0x00007fa0bb537846 in gtk_gesture_set_state (gesture=0x55f987af64e0, state=GTK_EVENT_SEQUENCE_CLAIMED) at ../gtk/gtkgesture.c:1137
#9 0x00007fa0bb621d7e in handle_drag_begin (gesture=0x55f987af64e0, x=<optimized out>, y=<optimized out>, handle=0x55f9739d3cf0) at ../gtk/gtktexthandle.c:455
#14 0x00007fa0bbf5c423 in <emit signal '???' on instance ???> (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>)
at ../gobject/gsignal.c:3583
#10 0x00007fa0bb4922e9 in _gtk_marshal_VOID__DOUBLE_DOUBLEv
(closure=<optimized out>, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x55f962ee7fa0) at gtk/gtkmarshalers.c:3158
#11 0x00007fa0bbf5c254 in _g_closure_invoke_va
(closure=0x55f975741690, return_value=0x0, instance=0x55f987af64e0, args=0x7ffff2567d20, n_params=<optimized out>, param_types=0x55f962ee7fa0)
at ../gobject/gclosure.c:897
#12 signal_emit_valist_unlocked
(instance=instance@entry=0x55f987af64e0, signal_id=signal_id@entry=111, detail=detail@entry=0, var_args=var_args@entry=0x7ffff2567d20) at ../gobject/gsignal.c:3424
#13 0x00007fa0bbf5c361 in g_signal_emit_valist (instance=0x55f987af64e0, signal_id=111, detail=0, var_args=var_args@entry=0x7ffff2567d20)
at ../gobject/gsignal.c:3263
#19 0x00007fa0bbf5c423 in <emit signal '???' on instance ???> (instance=instance@entry=0x55f987af64e0, signal_id=<optimized out>, detail=detail@entry=0)
at ../gobject/gsignal.c:3583
#15 0x00007fa0bbf3fc65 in g_cclosure_marshal_VOID__BOXEDv
(closure=0x55f962e5d0e0, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x55f962ee64b0) at ../gobject/gmarshal.c:1686
#16 0x00007fa0bbf5c254 in _g_closure_invoke_va
(closure=0x55f962e5d0e0, return_value=0x0, instance=0x55f987af64e0, args=0x7ffff25680b0, n_params=<optimized out>, param_types=0x55f962ee64b0)
at ../gobject/gclosure.c:897
#17 signal_emit_valist_unlocked
(instance=instance@entry=0x55f987af64e0, signal_id=signal_id@entry=102, detail=detail@entry=0, var_args=var_args@entry=0x7ffff25680b0) at ../gobject/gsignal.c:3424
#18 0x00007fa0bbf5c361 in g_signal_emit_valist (instance=0x55f987af64e0, signal_id=102, detail=0, var_args=var_args@entry=0x7ffff25680b0)
at ../gobject/gsignal.c:3263
#20 0x00007fa0bb5365fe in _gtk_gesture_set_recognized (recognized=<optimized out>, gesture=0x55f987af64e0, sequence=0x1) at ../gtk/gtkgesture.c:338
#21 _gtk_gesture_set_recognized (gesture=0x55f987af64e0, recognized=1, sequence=0x1) at ../gtk/gtkgesture.c:324
#22 _gtk_gesture_check_recognized (gesture=gesture@entry=0x55f987af64e0, sequence=sequence@entry=0x1) at ../gtk/gtkgesture.c:384
--Type <RET> for more, q to quit, c to continue without paging--c
#23 0x00007fa0bb537645 in gtk_gesture_handle_event (controller=0x55f987af64e0, event=<optimized out>, x=<optimized out>, y=75.2734375) at ../gtk/gtkgesture.c:655
#24 0x00007fa0bb53884f in gtk_gesture_single_handle_event (controller=0x55f987af64e0, event=0x55f983fe5260, x=75.80078125, y=75.2734375)
at ../gtk/gtkgesturesingle.c:227
#25 0x00007fa0bb65c649 in gtk_event_controller_handle_event
(controller=0x55f987af64e0, event=<optimized out>, target=<optimized out>, x=<optimized out>, y=<optimized out>) at ../gtk/gtkeventcontroller.c:362
#26 gtk_widget_run_controllers
(widget=widget@entry=0x55f962f0cdc0, event=event@entry=0x55f983fe5260, target=target@entry=0x55f962fc7f20, x=75.80078125, y=75.2734375, phase=phase@entry=GTK_PHASE_CAPTURE) at ../gtk/gtkwidget.c:4585
#27 0x00007fa0bb65c9b8 in _gtk_widget_captured_event (widget=0x55f962f0cdc0, event=0x55f983fe5260, target=0x55f962fc7f20) at ../gtk/gtkwidget.c:4746
#28 0x00007fa0bb57798a in gtk_propagate_event_internal (widget=0x55f962f0cdc0, widget@entry=0x55f962fc7f20, event=event@entry=0x55f983fe5260, topmost=<optimized out>)
at ../gtk/gtkmain.c:1915
#29 0x00007fa0bb577c20 in gtk_propagate_event (widget=widget@entry=0x55f962fc7f20, event=event@entry=0x55f983fe5260) at ../gtk/gtkmain.c:1997
#30 0x00007fa0bb578503 in gtk_main_do_event (event=<optimized out>) at ../gtk/gtkmain.c:1687
#36 0x00007fa0bbf5c423 in <emit signal '???' on instance ???> (instance=instance@entry=0x55f963b3cde0, signal_id=<optimized out>, detail=detail@entry=0)
at ../gobject/gsignal.c:3583
#31 0x00007fa0bb7d34ee in _gdk_marshal_BOOLEAN__POINTERv
(closure=<optimized out>, return_value=0x7ffff2568730, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x55f963b3afe0) at gdk/gdkmarshalers.c:302
#32 0x00007fa0bb85524a in gdk_surface_event_marshallerv
(closure=0x55f9693ab630, return_value=0x7ffff2568730, instance=0x55f963b3cde0, args=0x7ffff2568820, marshal_data=0x0, n_params=1, param_types=0x55f963b3afe0)
at ../gdk/gdksurface.c:462
#33 0x00007fa0bbf5c254 in _g_closure_invoke_va
(closure=0x55f9693ab630, return_value=0x7ffff2568730, instance=0x55f963b3cde0, args=0x7ffff2568820, n_params=<optimized out>, param_types=0x55f963b3afe0)
at ../gobject/gclosure.c:897
#34 signal_emit_valist_unlocked
(instance=instance@entry=0x55f963b3cde0, signal_id=signal_id@entry=342, detail=detail@entry=0, var_args=var_args@entry=0x7ffff2568820) at ../gobject/gsignal.c:3424
#35 0x00007fa0bbf5c361 in g_signal_emit_valist (instance=0x55f963b3cde0, signal_id=342, detail=0, var_args=var_args@entry=0x7ffff2568820)
at ../gobject/gsignal.c:3263
#37 0x00007fa0bb8f86d5 in gdk_surface_handle_event.isra.0 (event=event@entry=0x55f983fe5260) at ../gdk/gdksurface.c:2932
#38 0x00007fa0bb8f8ab0 in _gdk_event_emit.isra.0 (event=event@entry=0x55f983fe5260) at ../gdk/gdkevents.c:491
#39 0x00007fa0bb7e4886 in gdk_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at ../gdk/wayland/gdkeventsource.c:142
#40 0x00007fa0bbfe5e8c in g_main_dispatch (context=0x55f962d91f70) at ../glib/gmain.c:3344
#41 g_main_context_dispatch_unlocked (context=0x55f962d91f70) at ../glib/gmain.c:4152
#42 0x00007fa0bc047c98 in g_main_context_iterate_unlocked.isra.0
(context=context@entry=0x55f962d91f70, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4217
#43 0x00007fa0bbfe7383 in g_main_context_iteration (context=context@entry=0x55f962d91f70, may_block=may_block@entry=1) at ../glib/gmain.c:4282
#44 0x00007fa0bb3130fd in g_application_run (application=0x55f962d865d0, argc=<optimized out>, argv=0x7ffff2568cd8) at ../gio/gapplication.c:2712
#45 0x000055f9526fe409 in main ()This stack frame in the backtrace of the crash:
#4 0x00007fa0bb536e81 in gtk_gesture_set_sequence_state (gesture=0x55f97ce876c0, sequence=0x1, state=GTK_EVENT_SEQUENCE_DENIED) at ../gtk/gtkgesture.c:1063corresponds to this frame in the backtrace of the gesture getting destroyed:
#46 gtk_gesture_set_sequence_state (gesture=0x55f97ce876c0, sequence=0x1, state=GTK_EVENT_SEQUENCE_DENIED) at ../gtk/gtkgesture.c:1057I have this recorded in rr, so I can reproduce it reliably and look at things.