I was going to write up a bug report for the crash in g_type_check_instance_cast(), but someone beat me to it: https://bugs.launchpad.net/ubuntu/+source/xfce4-appfinder/+bug/1016671 In my case, it's on a 64-bit Xubuntu Quantal installation.
Fixed in b46f5a.
I'm seeing xfce4-appfinder crash with a different backtrace as well. Does this look like the same bug, or something else? Disassembly: => 0x7f21378e8b90: mov (%rbx),%r12 0x7f21378e8b93: mov 0x8(%r12),%rdi 0x7f21378e8b98: test %rdi,%rdi 0x7f21378e8b9b: je 0x7f21378e8bfb 0x7f21378e8b9d: mov $0x50,%esi 0x7f21378e8ba2: callq 0x7f21378e6390 <g_type_check_instance_cast@plt> 0x7f21378e8ba7: mov %rax,%rdi 0x7f21378e8baa: callq 0x7f21378e5600 <g_object_unref@plt> 0x7f21378e8baf: mov $0xffffffff,%esi 0x7f21378e8bb4: mov %ebp,%edi 0x7f21378e8bb6: movq $0x0,0x8(%r12) 0x7f21378e8bbf: xor %eax,%eax 0x7f21378e8bc1: callq 0x7f21378e53f0 <gtk_tree_path_new_from_indices@plt> 0x7f21378e8bc6: mov %rax,%r12 0x7f21378e8bc9: mov 0x18(%r13),%eax 0x7f21378e8bcd: mov %rbx,0x8(%rsp) SegvAnalysis: Segfault happened at: 0x7f21378e8b90: mov (%rbx),%r12 PC (0x7f21378e8b90) ok source "(%rbx)" (0x00000029) not located in a known VMA region (needed readable region)! destination "%r12" ok Stacktrace: #0 0x00007f21378e8b90 in ?? () No symbol table info available. #1 0x00007f21378ef4b2 in ?? () No symbol table info available. #2 0x00007f2135740140 in g_closure_invoke (closure=0x7f2137c93e60, return_value=0x0, n_param_values=1, param_values=0x7fff750bafc0, invocation_hint=0x7fff750baf60) at /build/buildd/glib2.0-2.34.1/./gobject/gclosure.c:777 marshal = 0x7f2135741f70 <g_cclosure_marshal_VOID__VOID> marshal_data = 0x0 in_marshal = 0 real_closure = 0x7f2137c93e40 __PRETTY_FUNCTION__ = "g_closure_invoke" #3 0x00007f2135751550 in signal_emit_unlocked_R (node=node@entry=0x7f2137ba9350, detail=detail@entry=0, instance=instance@entry=0x7f2137b690a0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fff750bafc0) at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c:3551 tmp = <optimized out> handler = 0x7f211c008ec0 accumulator = 0x0 emission = {next = 0x0, instance = 0x7f2137b690a0, ihint = {signal_id = 103, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4} class_closure = 0x7f2137ba9300 hlist = 0x7f2114008ca0 handler_list = 0x7f2114008ca0 return_accu = 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 103 max_sequential_handler_number = 1234 return_value_altered = 1 #4 0x00007f21357594af in g_signal_emit_valist (instance=0x7f2137b690a0, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fff750bb208) at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c:3300 instance_and_params = 0x7fff750bafc0 signal_return_type = 4 param_values = 0x7fff750bafd8 node = 0x7f2137ba9350 i = <optimized out> n_params = 0 __PRETTY_FUNCTION__ = "g_signal_emit_valist" #5 0x00007f2135759642 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c:3356 var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff750bb2e0, reg_save_area = 0x7fff750bb220}} #6 0x00007f2136f72a0a in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available.
*** Bug 9676 has been marked as a duplicate of this bug. ***