Crash adding bookmark

[arclance]

I got this crash when trying to add a bookmark (bookmark -> add). It does not always happen but seems to be more likely to happen after you have been using spacefm for a long time than when it is first started.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff78dde1e in IA__gtk_menu_item_get_submenu (menu_item=0x100000000)
    at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkmenuitem.c:810
810     /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkmenuitem.c: No such file or directory.
(gdb) bt full
#0  0x00007ffff78dde1e in IA__gtk_menu_item_get_submenu (menu_item=0x100000000)
    at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkmenuitem.c:810
        __inst = 0x100000000
        __t = 9435520
        __r = <optimized out>
        _g_boolean_var_ = <optimized out>
#1  0x0000000000471bb5 in on_bookmarks_change (bookmarks=<optimized out>,
    main_window=0x8080e0) at main-window.c:307
        menu = <optimized out>
#2  0x0000000000448c95 in ptk_bookmarks_notify () at ptk/ptk-bookmarks.c:86
        cb = 0x11e6db0
        i = 0
#3  0x00000000004495c1 in ptk_bookmarks_append (name=<optimized out>,
    name@entry=0x180dabb0 "nfsData_1", path=<optimized out>,
    path@entry=0x1fcabd70 "/mnt/nfsData_1") at ptk/ptk-bookmarks.c:280
        item = <optimized out>
#4  0x0000000000435d91 in ptk_file_browser_add_bookmark (
    menuitem=menuitem@entry=0x0, file_browser=<optimized out>)
    at ptk/ptk-file-browser.c:6786
        path = 0x1fcabd70 "/mnt/nfsData_1"
        name = 0x180dabb0 "nfsData_1"
#5  0x0000000000472cf8 in add_bookmark (item=<optimized out>,
    main_window=<optimized out>) at main-window.c:354
        file_browser = <optimized out>
#6  0x00007ffff69213b8 in g_closure_invoke (closure=0x1881b1a0,
    return_value=0x0, n_param_values=1, param_values=0x7fffffffda00,
---Type <return> to continue, or q <return> to quit---
    invocation_hint=0x7fffffffd9a0)
    at /tmp/buildd/glib2.0-2.40.0/./gobject/gclosure.c:768
        marshal = 0x4193c0 <g_cclosure_marshal_VOID__VOID@plt>
        marshal_data = 0x0
        in_marshal = 0
        real_closure = 0x1881b180
        __FUNCTION__ = "g_closure_invoke"
#7  0x00007ffff6932d3d in signal_emit_unlocked_R (node=node@entry=0x900a30,
    detail=detail@entry=0, instance=instance@entry=0x16bba9b0,
    emission_return=emission_return@entry=0x0,
    instance_and_params=instance_and_params@entry=0x7fffffffda00)
    at /tmp/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3551
        tmp = <optimized out>
        handler = 0x18788a10
        accumulator = 0x0
        emission = {next = 0x7fffffffde70, instance = 0x16bba9b0, ihint = {
            signal_id = 166, detail = 0, run_type = G_SIGNAL_RUN_FIRST},
          state = EMISSION_RUN, chain_type = 4}
        handler_list = 0x18788a10
        return_accu = 0x0
        accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0,
              v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
              v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0,
              v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
              v_double = 0, v_pointer = 0x0}}}
        signal_id = 166
---Type <return> to continue, or q <return> to quit---
        max_sequential_handler_number = 1207601
        return_value_altered = 1
#8  0x00007ffff693aa29 in g_signal_emit_valist (instance=<optimized out>,
    signal_id=<optimized out>, detail=<optimized out>,
    var_args=var_args@entry=0x7fffffffdb88)
    at /tmp/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3307
        instance_and_params = 0x7fffffffda00
        signal_return_type = <optimized out>
        param_values = 0x7fffffffda18
        i = <optimized out>
        n_params = <optimized out>
        __FUNCTION__ = "g_signal_emit_valist"
#9  0x00007ffff693ace2 in g_signal_emit (instance=instance@entry=0x16bba9b0,
    signal_id=<optimized out>, detail=detail@entry=0)
    at /tmp/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3363
        var_args = {{gp_offset = 24, fp_offset = 48,
            overflow_arg_area = 0x7fffffffdc60, reg_save_area = 0x7fffffffdba0}}
#10 0x00007ffff79ddf8c in IA__gtk_widget_activate (
    widget=widget@entry=0x16bba9b0)
    at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkwidget.c:5041
        __FUNCTION__ = "IA__gtk_widget_activate"
#11 0x00007ffff78e0c1d in IA__gtk_menu_shell_activate_item (
    menu_shell=0x16f6efc0, menu_item=0x16bba9b0,
    force_deactivate=<optimized out>)
    at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkmenushell.c:1276
        slist = <optimized out>
---Type <return> to continue, or q <return> to quit---
        shells = 0x207457d0
        deactivate = <optimized out>
        __FUNCTION__ = "IA__gtk_menu_shell_activate_item"
#12 0x00007ffff78e0f6c in gtk_menu_shell_button_release (widget=0x16f6efc0,
    event=<optimized out>) at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkmenushell.c:703
        submenu = 0x0
        menu_item = 0x16bba9b0
        deactivate = 1
        menu_shell = 0x16f6efc0
        priv = 0x16f6efa0
#13 0x00007ffff78cf4f5 in _gtk_marshal_BOOLEAN__BOXED (closure=0x7fb540,
    return_value=0x7fffffffde30, n_param_values=<optimized out>,
    param_values=0x7fffffffdee0, invocation_hint=<optimized out>,
    marshal_data=0x7ffff78d6720 <gtk_menu_button_release>)
    at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkmarshalers.c:86
        callback = <optimized out>
        cc = <optimized out>
        data1 = 0x16f6efc0
        data2 = <optimized out>
        v_return = <optimized out>
        __FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED"
#14 0x00007ffff69213b8 in g_closure_invoke (closure=0x7fb540,
    return_value=0x7fffffffde30, n_param_values=2, param_values=0x7fffffffdee0,
    invocation_hint=0x7fffffffde80)
    at /tmp/buildd/glib2.0-2.40.0/./gobject/gclosure.c:768
        marshal = 0x7ffff691fcb0 <g_type_class_meta_marshal>
---Type <return> to continue, or q <return> to quit---
        marshal_data = 0x160
        in_marshal = 0
        real_closure = 0x7fb520
        __FUNCTION__ = "g_closure_invoke"
#15 0x00007ffff6932afb in signal_emit_unlocked_R (node=node@entry=0x7fb590,
    detail=detail@entry=0, instance=instance@entry=0x16f6efc0,
    emission_return=emission_return@entry=0x7fffffffdfb0,
    instance_and_params=instance_and_params@entry=0x7fffffffdee0)
    at /tmp/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3589
        accumulator = 0x7fb3e0
        emission = {next = 0x0, instance = 0x16f6efc0, ihint = {signal_id = 35,
            detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN,
          chain_type = 8457920}
        handler_list = 0x0
        return_accu = 0x7fffffffde30
        accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0,
              v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
              v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0,
              v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
              v_double = 0, v_pointer = 0x0}}}
        signal_id = 35
        max_sequential_handler_number = 1207601
        return_value_altered = 0
#16 0x00007ffff693a6f9 in g_signal_emit_valist (instance=<optimized out>,
    signal_id=<optimized out>, detail=<optimized out>,
    var_args=var_args@entry=0x7fffffffe078)
---Type <return> to continue, or q <return> to quit---
    at /tmp/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3317
        return_value = {g_type = 20, data = {{v_int = 0, v_uint = 0,
              v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
              v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0,
              v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
              v_double = 0, v_pointer = 0x0}}}
        error = 0x0
        rtype = 20
        static_scope = 0
        instance_and_params = 0x7fffffffdee0
        signal_return_type = <optimized out>
        param_values = 0x7fffffffdef8
        i = <optimized out>
        n_params = <optimized out>
        __FUNCTION__ = "g_signal_emit_valist"
#17 0x00007ffff693ace2 in g_signal_emit (instance=instance@entry=0x16f6efc0,
    signal_id=<optimized out>, detail=detail@entry=0)
    at /tmp/buildd/glib2.0-2.40.0/./gobject/gsignal.c:3363
        var_args = {{gp_offset = 32, fp_offset = 48,
            overflow_arg_area = 0x7fffffffe150, reg_save_area = 0x7fffffffe090}}
#18 0x00007ffff79df114 in gtk_widget_event_internal (
    widget=widget@entry=0x16f6efc0, event=event@entry=0x188af570)
    at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkwidget.c:5010
        signal_num = <optimized out>
        return_val = 0
#19 0x00007ffff79df3e9 in IA__gtk_widget_event (widget=widget@entry=0x16f6efc0,
---Type <return> to continue, or q <return> to quit---
    event=event@entry=0x188af570)
    at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkwidget.c:4807
        __FUNCTION__ = "IA__gtk_widget_event"
#20 0x00007ffff78cdca4 in IA__gtk_propagate_event (widget=0x16f6efc0,
    event=0x188af570) at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkmain.c:2490
        tmp = <optimized out>
        handled_event = <optimized out>
        __FUNCTION__ = "IA__gtk_propagate_event"
#21 0x00007ffff78ce05b in IA__gtk_main_do_event (event=0x188af570)
    at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkmain.c:1685
        event_widget = <optimized out>
        grab_widget = 0x16bba9b0
        window_group = <optimized out>
        rewritten_event = <optimized out>
        tmp_list = <optimized out>
        __FUNCTION__ = "IA__gtk_main_do_event"
#22 0x00007ffff75491fc in gdk_event_dispatch (source=<optimized out>,
    callback=<optimized out>, user_data=<optimized out>)
    at /tmp/buildd/gtk+2.0-2.24.23/gdk/x11/gdkevents-x11.c:2403
        display = <optimized out>
        event = 0x188af570
#23 0x00007ffff6651e04 in g_main_dispatch (context=0x764d40)
    at /tmp/buildd/glib2.0-2.40.0/./glib/gmain.c:3064
        dispatch = 0x7ffff75491b0 <gdk_event_dispatch>
        prev_source = 0x0
        was_in_call = 0
---Type <return> to continue, or q <return> to quit---
        user_data = 0x0
        callback = 0x0
        cb_funcs = <optimized out>
        cb_data = 0x0
        need_destroy = <optimized out>
        source = 0x764c10
        current = 0x7f19e0
        i = 0
#24 g_main_context_dispatch (context=context@entry=0x764d40)
    at /tmp/buildd/glib2.0-2.40.0/./glib/gmain.c:3663
No locals.
#25 0x00007ffff6652048 in g_main_context_iterate (context=0x764d40,
    block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at /tmp/buildd/glib2.0-2.40.0/./glib/gmain.c:3734
        max_priority = 2147483647
        timeout = 6598
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 8
        fds = 0xfba300
#26 0x00007ffff665230a in g_main_loop_run (loop=0x7f6f90)
    at /tmp/buildd/glib2.0-2.40.0/./glib/gmain.c:3928
        __FUNCTION__ = "g_main_loop_run"
#27 0x00007ffff78cd147 in IA__gtk_main ()
    at /tmp/buildd/gtk+2.0-2.24.23/gtk/gtkmain.c:1257
        tmp_list = 0x0
---Type <return> to continue, or q <return> to quit---
        functions = 0x0
        init = <optimized out>
        loop = 0x7f6f90
#28 0x0000000000470368 in main (argc=1, argv=0x7fffffffe548) at main.c:1502
        run = <optimized out>
        err = 0x0

[IgnorantGuru]

This one's a mystery. I can't reproduce it. A few notes:

• Crash is occurring within GTK code, even though it is passed a valid widget (the menu item passed is created when the SpaceFM window is created and is valid for its duration), and the widget is validated again by SpaceFM's code before its passed.
• Like some of your other bug reports, this one again could indicate that you have memory corruption occurring somewhere (I note that NFS is again involved). GTK should always return a valid value to that function, especially when passed a validated widget. SpaceFM does create this menu dynamically, so perhaps some NFS-caused delay is finding a rare bug in GTK, or something has corrupted the memory involved.
• gtk_menu_item_get_submenu being passed menu_item=0x100000000 is a highly suspicious value - again looks like corruption. SpaceFM's code sets/changes that value only once - when the main window is initialized (unless SpaceFM's code is inadvertently corrupting it).
• The SpaceFM code (and likely the GTK2 code) involved has not changed in a very long time, and no other reports of this crash to date.

Note that you can also add a bookmark by right-clicking in the bookmarks pane and selecting New, or right-clicking on the file list and selecting New|Bookmark.

[arclance]

Crash is occurring within GTK code, even though it is passed a valid widget (the menu item passed is created when the SpaceFM window is created and is valid for its duration), and the widget is validated again by SpaceFM's code before its passed.

I run SpaceFM as a daemon "spacefm -d" and sometimes open and close windows and open a second window in a different workspace while having the first spacefm tab still open in the original workspace.

Maybe SpaceFM is corrupting something by accident under these conditions.

Like some of your other bug reports, this one again could indicate that you have memory corruption occurring somewhere (I note that NFS is again involved). GTK should always return a valid value to that function, especially when passed a validated widget. SpaceFM does create this menu dynamically, so perhaps some NFS-caused delay is finding a rare bug in GTK, or something has corrupted the memory involved.

I don't know why adding a bookmark would involve any code that would interact with NFS at all (unless it is reading a directory over NFS again which it is not doing here (/mnt/nfsData_1 is the local NFS mount point)) but I don't know the language well enough to check for myself.

gtk_menu_item_get_submenu being passed menu_item=0x100000000 is a highly suspicious value - again looks like corruption. SpaceFM's code sets/changes that value only once - when the main window is initialized (unless SpaceFM's code is inadvertently corrupting it).

I would not be surprised if there was some unexpected corruption caused by SpaceFM (directly or through unexpected library use) since I still think there is something wrong with the code causing my memory growth over time issue. No other program on my computer has memory growth issues like that except web browsers and those are know memory nightmares.

The SpaceFM code (and likely the GTK2 code) involved has not changed in a very long time, and no other reports of this crash to date.

I have seen the crash before this is just the first time I captured a backtrace since it is not reproducible. I first saw it on another computer that I don't run SpaceFM under gdb on so I did not get a backtrace then.

Note that you can also add a bookmark by right-clicking in the bookmarks pane and selecting New, or right-clicking on the file list and selecting New|Bookmark.

I seem to remember right clicking in the bookmarks pane crashing as well but it was nearly a year ago so I might be wrong about it. I did not know about right-click -> New -> Bookmark, it is hiding at the bottom of a submenu.

[IgnorantGuru]

I run SpaceFM as a daemon "spacefm -d" and sometimes open and close windows and open a second window in a different workspace while having the first spacefm tab still open in the original workspace. Maybe SpaceFM is corrupting something by accident under these conditions.

Using multiple windows shouldn't cause a problem in general. Each window has a valid Bookmarks menu item pointer, a widget which is created when the window is initialized. That pointer is passed, and GTK is crashing there (GTK normally validates its data before using it as well). So this certainly looks like memory corruption of the pointer at least. As for where its occurring, that may require detailed project-wide memory analysis - could be anywhere, and could be triggered by some rare event as well.

You've reported several bugs that imply memory corruption, but thus far you're the only one reporting them. Could be others just aren't taking the time to do so, but it's unusual and a pattern. If others see a crash here (or anywhere) please report it or drop a 'me too' here.

[IgnorantGuru]

All the code for adding bookmarks has changed in the under-development book branch. If you see any further crashes please open a new issue.