GNOME Bugzilla – Bug 677154
Crash in glib 2.32 with calls to gtk_file_chooser_dialog_new
Last modified: 2018-05-24 14:15:37 UTC
My application (MegaTunix, git://github.com/djandruczyk/MegaTunix.git) is complex so making a testcase to demonstrate the fault is nontrivial. The application requires numerous interactions with file choosers depending on how its used. Users on more recent Linux systems have been reporting crashes when opening the second or later file chooser. I cannot trigger this using glib prior to 2.32, so there seems to be some bad reaction between my app and the current glib implementation. The first call to gtk_file_chooser_dialog_new seems to always work, but subsequent calls are hit or miss, which feels like a race condition. the crash always occurs inside the call to gtk_file_chooser_dialog_new, and hte trace says the abort happens from within glib. Unexpected error from C library during 'pthread_setspecific': Invalid argument. Aborting. GDB traces shows: MTXDEBUG: calling gtk_file_chooser_dialog_new GLib (gthread-posix.c): Unexpected error from C library during 'pthread_setspecific': Invalid argument. Aborting. Program received signal SIGABRT, Aborted.
+ Trace 230282
Thread 3063937856 (LWP 7856)
NOTE: This trace was made on an Ubuntu 12.04 i386 system, glib version installed is: glib version: 2.32.1-0ubuntu2 GTK version: 2.24.10-0ubuntu6 My app cannot work with GTK+3.x yet as it is dependent on GtkGLEXT which doesn't yet work with GTK+3.x
Created attachment 215538 [details] Log of application being ran against the instrumented glib grep for "BAD" in the logfile to see the point where glib makes a call to g_private_set with a bad key. with the abort commented out the application appears to run perfectly fine, but something appears to be wrong within glib if it's getting that bad key error, perhaps a timing/race? This bug has also been replicated on glib 2.32.3 as well (debian sid)
The logging at the point where the second filechooser is being called shows this (NOTE this is code where the abort in g_private_set is commented out) : MTXDBG: calling gtk_file_chooser_dialog_new g_private_set, Address of key: 0x38ae38 , Address of value: 0xb1400e88 pthread_setspecific status != 0, BAD KEY!!! Abort commented out g_private_set, Address of key: 0x9839e0 , Address of value: 0x1 g_private_set, Address of key: 0x9839e0 , Address of value: (nil) g_private_set, Address of key: 0x38ae38 , Address of value: 0xb1400e18 g_private_set, Address of key: 0x38ae38 , Address of value: (nil) dialog created g_private_set, Address of key: 0x38ae38 , Address of value: 0xb1400dd8 g_private_set, Address of key: 0x38ae38 , Address of value: (nil) NOTICE the following: The first call to g_private set wiht the key of 0x38ae38 FAILS, from what I can interpret from the pthread_setspecific docs, specifically: http://pubs.opengroup.org/onlinepubs/7908799/xsh/pthread_getspecific.html The pthread_setspecific() function associates a thread-specific value with a key obtained via a previous call to pthread_key_create(). Different threads may bind different values to the same key. These values are typically pointers to blocks of dynamically allocated memory that have been reserved for use by the calling thread. It looks/feels like a race condition, where it's trying to set the key BEFORE it has called pthread_key_create. By commented out the abort, you can set it and succeed a bit later. Will anyone take a look at this to confirm?
2.32.3 changed the behavior. The crash happens now much sooner but it still tied to FileChoosers. GDB trace: after gtk_file_chooser_dialog_new should be using system path + ECU_Backups System path is /usr/local/share/MegaTunix/ECU_Backups [Thread 0xb564ab70 (LWP 24714) exited] [New Thread 0xb564ab70 (LWP 24715)] [New Thread 0xb4e2eb70 (LWP 24716)] [Thread 0xb5e4bb70 (LWP 24713) exited] [Thread 0xb564ab70 (LWP 24715) exited] [New Thread 0xb564ab70 (LWP 24717)] Program received signal SIGSEGV, Segmentation fault.
+ Trace 230446
Thread 3043273584 (LWP 24717)
belay my last, that was something else (wrong trace) With 2.32.3 calling gtk_file_chooser_dialog_new dialog created GLib (gthread-posix.c): Unexpected error from C library during 'pthread_setspecific': Invalid argument. Aborting. Program received signal SIGABRT, Aborted. 0xb7fe1424 in __kernel_vsyscall () (gdb) where
+ Trace 230447
The error STILL persists with 2.32.3
This appears to be releated to the rewrite of the glib thread support in 2.32. Ryan, any idea ? Happening on an Ubuntu 12.04 system
also on debian sid, I've seen the issues on 2.32, 2.32.1, 2.32.2 and 2.32.3. Let me know if I can provide any more information, see comment 3, it seems to me the behavior in Glib with regards to pthread_setspecific should NOT be to abort, but to dump out a message instead which indicates a problem/bug/fault occurred instead of an abort.
I'm working on trying to create a self contained testcase to demonstrate the crash without having to download my entire program and pre-reqs to demonstrate the fault.
The issues STILL persists in GLIB 2.32.3 (2.32.3-0ubuntu1) Full trace attached with debug symbols installed for glib Points of interest: glib explodes when gtk_file_chooser_dialog_new() is called by my code from getfiles.c on line 414, from the main (thread 1). glib starts up a threadpool at some point and THAT is what chokes (thread 6) (gdb) info threads Id Target Id Frame * 6 Thread 0xac4feb40 (LWP 14652) "pool" 0xb7fdf1b2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 4 Thread 0xad6c1b40 (LWP 14650) "megatunix" 0xb7fdf1b2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 3 Thread 0xb41d4b40 (LWP 14649) "gdbus" 0xb7fdf1b2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 2 Thread 0xb4b70b40 (LWP 14648) "dconf worker" 0xb7fdf1b2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 1 Thread 0xb4ddb8c0 (LWP 14645) "megatunix" g_object_ref ( _object=0x93ae4c8) at /build/buildd/glib2.0-2.32.3/./gobject/gobject.c:2889 ACTION_SAVE calling gtk_file_chooser_dialog_new GLib (gthread-posix.c): Unexpected error from C library during 'pthread_setspecific': Invalid argument. Aborting. Program received signal SIGABRT, Aborted.
+ Trace 230805
Thread 2890918720 (LWP 14652)
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/glib/issues/551.