Crash when rapidly opening and closing windows in folders with significant number of files
Affected version
- Nightly flatpak: Yes
- Other: 43.2
Steps to reproduce
- Navigate to a folder with a significant number of items (~30,000 worked for me)
- In rapid succesion, open a new window with CTRL-N and close it with CTRL-W
Current behavior
Nautilus segfaults in Nightly and fails critical assertions in 43.2.
Expected behavior
Nautilus should not segfault or fail critical assertions.
Additional information
GDB
#0 0x00007ffff72279c1 in g_type_check_instance_cast (type_instance=0xaaaaaaaaaaaaaaaa, iface_type=0x555555742190 [GMenuModel]) at ../gobject/gtype.c:4193
#1 0x0000555555649261 in bind_current_view_menu_model_to_popover (self=0x55555b7f4c50) at ../../../../../../../../../Projects/nautilus/src/nautilus-pathbar.c:243
#2 0x00007ffff7ec3d99 in g_main_dispatch (context=<optimized out>) at ../glib/gmain.c:3460
dispatch = 0x7ffff7ebfc60 <g_idle_dispatch>
prev_source = 0x0
begin_time_nsec = 45531446042345
was_in_call = 0
user_data = 0x55555b7f4c50
callback = 0x55555564923a <bind_current_view_menu_model_to_popover>
cb_funcs = 0x7ffff7faf2e0 <g_source_callback_funcs>
cb_data = 0x55555b730fc0
need_destroy = <optimized out>
source = 0x55555b733840
current = 0x555555761ca0
i = 2
__func__ = "g_main_dispatch"
#3 g_main_context_dispatch (context=<optimized out>) at ../glib/gmain.c:4200
#4 0x00007ffff7ec42f8 in g_main_context_iterate (context=context@entry=0x555555758440, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4276
max_priority = 200
timeout = 0
some_ready = 1
nfds = 2
allocated_nfds = <optimized out>
fds = <optimized out>
begin_time_nsec = 45531445712982
#5 0x00007ffff7ec4393 in g_main_context_iteration (context=context@entry=0x555555758440, may_block=may_block@entry=1) at ../glib/gmain.c:4343
retval = <optimized out>
#6 0x00007ffff734172d in g_application_run (application=0x555555742a40 [NautilusApplication], argc=<optimized out>, argv=<optimized out>) at ../gio/gapplication.c:2573
arguments = 0x5555557f6070
status = 0
context = 0x555555758440
acquired_context = <optimized out>
__func__ = "g_application_run"
#7 0x0000555555584e6e in main (argc=1, argv=0x7fffffffe508) at ../../../../../../../../../Projects/nautilus/src/nautilus-main.c:81
retval = 32767
application = 0x555555742a40 [NautilusApplication]
Valgrind
==2== Invalid read of size 8
==2== at 0x1FD252: bind_current_view_menu_model_to_popover (nautilus-pathbar.c:243)
==2== by 0x48C6D98: g_main_dispatch (gmain.c:3460)
==2== by 0x48C6D98: g_main_context_dispatch (gmain.c:4200)
==2== by 0x48C72F7: g_main_context_iterate.constprop.0 (gmain.c:4276)
==2== by 0x48C7392: g_main_context_iteration (gmain.c:4343)
==2== by 0x54A872C: g_application_run (gapplication.c:2573)
==2== by 0x138E6D: main (nautilus-main.c:81)
==2== Address 0xd5f7a50 is 480 bytes inside a block of size 528 free'd
==2== at 0x484926F: free (vg_replace_malloc.c:884)
==2== by 0x55E23BC: g_type_free_instance (gtype.c:2055)
==2== by 0x4ABEB3C: gtk_box_dispose (gtkbox.c:230)
==2== by 0x55C3ABF: g_object_unref (gobject.c:3891)
==2== by 0x4BF2EA7: stack_remove (gtkstack.c:1751)
==2== by 0x4BF2F9C: gtk_stack_dispose (gtkstack.c:836)
==2== by 0x55C3ABF: g_object_unref (gobject.c:3891)
==2== by 0x48B2A88: g_hash_table_remove_internal (ghash.c:1775)
==2== by 0x48B2A88: g_hash_table_remove (ghash.c:1803)
==2== by 0x4C52078: gtk_widget_real_destroy (gtkwidget.c:7564)
==2== by 0x4C52078: gtk_widget_dispose (gtkwidget.c:7427)
==2== by 0x207FDC: nautilus_toolbar_dispose (nautilus-toolbar.c:414)
==2== by 0x55C3ABF: g_object_unref (gobject.c:3891)
==2== by 0x48B2A88: g_hash_table_remove_internal (ghash.c:1775)
==2== by 0x48B2A88: g_hash_table_remove (ghash.c:1803)
==2== Block was alloc'd at
==2== at 0x484BA73: calloc (vg_replace_malloc.c:1340)
==2== by 0x48CDE98: g_malloc0 (gmem.c:163)
==2== by 0x55E1F2E: g_type_create_instance (gtype.c:1955)
==2== by 0x55C47D7: g_object_new_internal (gobject.c:2246)
==2== by 0x55C5ED7: g_object_new_with_properties (gobject.c:2409)
==2== by 0x55C6D30: g_object_new (gobject.c:2055)
==2== by 0x2079B1: nautilus_toolbar_constructed (nautilus-toolbar.c:230)
==2== by 0x55C48B1: g_object_new_internal (gobject.c:2297)
==2== by 0x55C5ED7: g_object_new_with_properties (gobject.c:2409)
==2== by 0x55C6D30: g_object_new (gobject.c:2055)
==2== by 0x4AC4488: _gtk_builder_construct (gtkbuilder.c:841)
==2== by 0x4AC6084: builder_construct (gtkbuilderparser.c:474)
==2==
==2== Invalid read of size 8
==2== at 0x55E39C1: g_type_check_instance_cast (gtype.c:4193)
==2== by 0x1FD260: bind_current_view_menu_model_to_popover (nautilus-pathbar.c:243)
==2== by 0x48C6D98: g_main_dispatch (gmain.c:3460)
==2== by 0x48C6D98: g_main_context_dispatch (gmain.c:4200)
==2== by 0x48C72F7: g_main_context_iterate.constprop.0 (gmain.c:4276)
==2== by 0x48C7392: g_main_context_iteration (gmain.c:4343)
==2== by 0x54A872C: g_application_run (gapplication.c:2573)
==2== by 0x138E6D: main (nautilus-main.c:81)
==2== Address 0xaaaaaaaaaaaaaaaa is not stack'd, malloc'd or (recently) free'd
==2==
==2==
==2== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==2== General Protection Fault
==2== at 0x55E39C1: g_type_check_instance_cast (gtype.c:4193)
==2== by 0x1FD260: bind_current_view_menu_model_to_popover (nautilus-pathbar.c:243)
==2== by 0x48C6D98: g_main_dispatch (gmain.c:3460)
==2== by 0x48C6D98: g_main_context_dispatch (gmain.c:4200)
==2== by 0x48C72F7: g_main_context_iterate.constprop.0 (gmain.c:4276)
==2== by 0x48C7392: g_main_context_iteration (gmain.c:4343)
==2== by 0x54A872C: g_application_run (gapplication.c:2573)
==2== by 0x138E6D: main (nautilus-main.c:81)