Bug 653606 – evolution crashed with SIGSEGV in g_type_check_instance_is_a()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 653606 - evolution crashed with SIGSEGV in g_type_check_instance_is_a()


Summary:	evolution crashed with SIGSEGV in g_type_check_instance_is_a()


Status:	RESOLVED DUPLICATE of bug 664137

Product:	gtk+
Classification:	Platform
Component:	Widget: Other
Version:	3.2.x
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	gtk-bugs
QA Contact:	gtk-bugs

URL:
Whiteboard:

Duplicates:	655426 (view as bug list)
Depends on:
Blocks:

Reported:	2011-06-29 02:20 UTC by Fabio Durán Verdugo
Modified:	2011-12-15 20:56 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Fabio Durán Verdugo 2011-06-29 02:20:54 UTC

Evolution 3.1.2 on ubuntu oneirc

https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/803266

Steps for reproducte:
- Click on the new button for a new message.
- complete the text box to: and the suject for the message
- insert one sd-card in your computer.
- attach any file from this sd-card in the message.
- Evo freeze and crash.


.

+ Trace 227608

Thread 4 (Thread 2490)

#0 __kernel_vsyscall
#1 read
from /lib/i386-linux-gnu/libpthread.so.0
#2 read
at /usr/include/bits/unistd.h line 45
#3 unix_signal_helper_thread
at /build/buildd/glib2.0-2.29.8/./glib/gmain.c line 4610
#4 g_thread_create_proxy
at /build/buildd/glib2.0-2.29.8/./glib/gthread.c line 1954
#5 start_thread
from /lib/i386-linux-gnu/libpthread.so.0
#6 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130

Thread 1 (Thread 2487)

#0 g_type_check_instance_is_a
at /build/buildd/glib2.0-2.29.8/./gobject/gtype.c line 3952
#1 g_object_unref
at /build/buildd/glib2.0-2.29.8/./gobject/gobject.c line 2680
#2 button_data_free
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkpathbar.c line 1370
#3 weak_refs_notify
at /build/buildd/glib2.0-2.29.8/./gobject/gobject.c line 2244
#4 g_data_set_internal
at /build/buildd/glib2.0-2.29.8/./glib/gdataset.c line 410
#5 g_datalist_id_set_data_full
at /build/buildd/glib2.0-2.29.8/./glib/gdataset.c line 673
#6 g_object_real_dispose
at /build/buildd/glib2.0-2.29.8/./gobject/gobject.c line 896
#7 gtk_widget_dispose
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkwidget.c line 10600
#8 gtk_button_dispose
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkbutton.c line 670
#9 g_object_unref
at /build/buildd/glib2.0-2.29.8/./gobject/gobject.c line 2709
#10 g_value_object_free_value
at /build/buildd/glib2.0-2.29.8/./gobject/gobject.c line 3029
#11 g_value_unset
at /build/buildd/glib2.0-2.29.8/./gobject/gvalue.c line 275
#12 g_signal_emit_valist
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 3016
#13 g_signal_emit
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 3044
#14 gtk_container_remove
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkcontainer.c line 1555
#15 gtk_path_bar_clear_buttons
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkpathbar.c line 1180
#16 gtk_path_bar_set_file_finish
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkpathbar.c line 1645
#17 gtk_path_bar_get_info_callback
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkpathbar.c line 1725
#18 gtk_path_bar_get_info_callback
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkpathbar.c line 1678
#19 query_info_callback
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkfilesystem.c line 864
#20 g_simple_async_result_complete
at /build/buildd/glib2.0-2.29.8/./gio/gsimpleasyncresult.c line 749
#21 complete_in_idle_cb_for_thread
at /build/buildd/glib2.0-2.29.8/./gio/gsimpleasyncresult.c line 816
#22 g_idle_dispatch
at /build/buildd/glib2.0-2.29.8/./glib/gmain.c line 4844
#23 g_main_dispatch
at /build/buildd/glib2.0-2.29.8/./glib/gmain.c line 2477
#24 g_main_context_dispatch
at /build/buildd/glib2.0-2.29.8/./glib/gmain.c line 3050
#25 g_main_context_iterate
at /build/buildd/glib2.0-2.29.8/./glib/gmain.c line 3128
#26 g_main_loop_run
at /build/buildd/glib2.0-2.29.8/./glib/gmain.c line 3336
#27 gtk_dialog_run
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkdialog.c line 1108
#28 e_attachment_store_run_file_chooser_dialog
at e-attachment-store.c line 512
#29 e_attachment_store_run_load_dialog
at e-attachment-store.c line 563
#30 action_add_cb
at e-attachment-view.c line 91
#31 g_cclosure_marshal_VOID__VOID
at /build/buildd/glib2.0-2.29.8/./gobject/gmarshal.c line 79
#32 g_closure_invoke
at /build/buildd/glib2.0-2.29.8/./gobject/gclosure.c line 771
#33 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 3256
#34 g_signal_emit_valist
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 2987
#35 g_signal_emit
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 3044
#36 _gtk_action_emit_activate
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkaction.c line 799
#37 gtk_action_activate
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkaction.c line 829
#38 gtk_real_button_clicked
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkbutton.c line 1832
#39 g_cclosure_marshal_VOID__VOID
at /build/buildd/glib2.0-2.29.8/./gobject/gmarshal.c line 79
#40 g_closure_invoke
at /build/buildd/glib2.0-2.29.8/./gobject/gclosure.c line 771
#41 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 3326
#42 g_signal_emit_valist
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 2987
#43 g_signal_emit
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 3044
#44 gtk_button_clicked
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkbutton.c line 1194
#45 gtk_real_button_released
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkbutton.c line 1820
#46 g_cclosure_marshal_VOID__VOID
at /build/buildd/glib2.0-2.29.8/./gobject/gmarshal.c line 79
#47 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.29.8/./gobject/gclosure.c line 882
#48 g_closure_invoke
at /build/buildd/glib2.0-2.29.8/./gobject/gclosure.c line 771
#49 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 3186
#50 g_signal_emit_valist
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 2987
#51 g_signal_emit
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 3044
#52 gtk_button_released
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkbutton.c line 1180
#53 gtk_button_button_release
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkbutton.c line 1712
#54 gtk_button_button_release
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkbutton.c line 1704
#55 _gtk_marshal_BOOLEAN__BOXED
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkmarshalers.c line 85
#56 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.29.8/./gobject/gclosure.c line 882
#57 g_closure_invoke
at /build/buildd/glib2.0-2.29.8/./gobject/gclosure.c line 771
#58 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 3294
#59 g_signal_emit_valist
#60 g_signal_emit
at /build/buildd/glib2.0-2.29.8/./gobject/gsignal.c line 3044
#61 gtk_widget_event_internal
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkwidget.c line 6104
#62 gtk_propagate_event
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkmain.c line 2610
#63 gtk_main_do_event
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkmain.c line 1880
#64 _gdk_event_emit
at /build/buildd/gtk+3.0-3.1.6/./gdk/gdkevents.c line 71
#65 gdk_event_source_dispatch
at /build/buildd/gtk+3.0-3.1.6/./gdk/x11/gdkeventsource.c line 360
#66 g_main_dispatch
at /build/buildd/glib2.0-2.29.8/./glib/gmain.c line 2477
#67 g_main_context_dispatch
at /build/buildd/glib2.0-2.29.8/./glib/gmain.c line 3050
#68 g_main_context_iterate
at /build/buildd/glib2.0-2.29.8/./glib/gmain.c line 3128
#69 g_main_loop_run
at /build/buildd/glib2.0-2.29.8/./glib/gmain.c line 3336
#70 gtk_main
at /build/buildd/gtk+3.0-3.1.6/./gtk/gtkmain.c line 1363
#71 main
at main.c line 691

Comment 1 Milan Crha 2011-08-31 09:06:03 UTC

*** Bug 655426 has been marked as a duplicate of this bug. ***

Comment 2 Milan Crha 2011-11-30 08:11:45 UTC

The same downstream bug report from 3.2.2:
https://bugzilla.redhat.com/show_bug.cgi?id=758402

Comment 3 Milan Crha 2011-12-13 07:53:34 UTC

I'm moving this to gtk+, because it is somewhere deep in it.

Comment 4 James "Doc" Livingston 2011-12-13 23:39:24 UTC

I'm seeing a crash in Gedit using the file open dialog that looks very similar when you examine the stack trace (although it may not be identical)

+ Trace 229270

#0 g_object_unref
at gobject.c line 2680
#1 button_data_free
at gtkpathbar.c line 1470
#2 weak_refs_notify
at gobject.c line 2244
#3 g_object_unref
at gobject.c line 2709
#4 g_value_unset
at gvalue.c line 275
#5 g_signal_emit_valist
at gsignal.c line 3032
#6 g_signal_emit
at gsignal.c line 3060
#7 gtk_path_bar_clear_buttons
at gtkpathbar.c line 1280
#8 gtk_path_bar_set_file_finish
at gtkpathbar.c line 1745
#9 gtk_path_bar_get_info_callback
at gtkpathbar.c line 1828
#10 gtk_path_bar_get_info_callback
at gtkpathbar.c line 1781
#11 query_info_callback
at gtkfilesystem.c line 882
#12 g_simple_async_result_complete
at gsimpleasyncresult.c line 749
#13 complete_in_idle_cb_for_thread
at gsimpleasyncresult.c line 817
#14 g_main_dispatch
at gmain.c line 2425
#15 g_main_context_dispatch
at gmain.c line 2995
#16 g_main_context_iterate
at gmain.c line 3073
#17 g_main_loop_run
at gmain.c line 3281
#18 gtk_main
at gtkmain.c line 1362
#19 gedit_main
at gedit.c line 199
#20 main
at gedit.c line 290





Valgrind reports:

Invalid read of size 8
   at 0x3F5101131A: g_object_unref (gobject.c:2680)
   by 0x3F5C586931: button_data_free (gtkpathbar.c:1470)
   by 0x3F51011171: weak_refs_notify (gobject.c:2244)
   by 0x3F510113DA: g_object_unref (gobject.c:2709)
   by 0x3F51035A92: g_value_unset (gvalue.c:275)
   by 0x3F5102A173: g_signal_emit_valist (gsignal.c:3032)
   by 0x3F5102A2E1: g_signal_emit (gsignal.c:3060)
   by 0x3F5C586A3D: gtk_path_bar_set_file_finish (gtkpathbar.c:1280)
   by 0x3F5C587EA4: gtk_path_bar_get_info_callback (gtkpathbar.c:1828)
   by 0x3F5C506CDD: query_info_callback (gtkfilesystem.c:882)
   by 0x3F51C67D26: g_simple_async_result_complete (gsimpleasyncresult.c:749)
==26334==    by 0x3F51C67DB7: complete_in_idle_cb_for_thread (gsimpleasyncresult.c:817)
==26334==  Address 0x1 is not stack'd, malloc'd or (recently) free'd

Comment 5 Michael Schwendt 2011-12-14 20:45:25 UTC

This file chooser crash affects every gtk+ 3 based app in Fedora 16 currently:
https://bugzilla.redhat.com/766352

Comment 6 Michael Schwendt 2011-12-15 11:36:38 UTC

Regarding reproducibility, here one only needs to open the file chooser and enter/leave a couple of directories consecutively. It crashes spontaneously
upon entering a directory. For example, I can do:

  $ mkdir -p ~/1/2 ~/1/3
  $ evince

and then use evince's "File > Open" dialog to navigate to $HOME/1 and repeatedly enter/leave the two subdirs '2' and '3' by clicking their names as well as using the "Places" bar and the row of buttons at the top of the dialog. 

Sometimes it crashes upon entering the first subdir already. In other cases it takes a few attempts accompanied with assertion warnings in the terminal output, at most:

(evince:4060): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

(evince:4126): Gtk-CRITICAL **: change_folder_and_display_error: assertion `G_IS_FILE (file)' failed

(evince:4060): GLib-GIO-CRITICAL **: g_file_equal: assertion `G_IS_FILE (file2)' failed

(evince:4126): Gtk-CRITICAL **: _gtk_file_system_model_get_iter_for_file: assertion `G_IS_FILE (file)' failed

(evince:4126): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed
Segmentation fault (core dumped)

Comment 7 Benjamin Otte (Company) 2011-12-15 20:55:53 UTC


*** This bug has been marked as a duplicate of bug 646461 ***

Comment 8 Benjamin Otte (Company) 2011-12-15 20:56:26 UTC


*** This bug has been marked as a duplicate of bug 664137 ***