Using g_thread_join from JS is crashing
In a test I'm creating a GThread with GjsTestTools
, but then calling join on it crashes under fedora (at least in 34 - the one in gjs docker image), while it works properly in Ubuntu.
Thread 1 received signal SIGSEGV, Segmentation fault.
ffi_call_unix64 () at ../src/x86/unix64.S:144
144 movq %rax, (%rdi)
(rr) up
#1 0x00007f3a841f50a3 in ffi_call (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>,
avalue=<optimized out>) at ../src/x86/ffi64.c:525
525 ffi_call_unix64 (stack, cif->bytes + sizeof (struct register_args),
(rr) info local
classes = {X86_64_INTEGER_CLASS, 32767, 1413102728, 32767}
stack = <optimized out>
argp = 0x7fff543a3ab0 "\016"
arg_types = <optimized out>
gprcount = 1
ssecount = <optimized out>
ngpr = 1
nsse = 0
i = <optimized out>
avn = <optimized out>
ret_in_memory = <optimized out>
reg_args = <optimized out>
(rr) print stack
$1 = <optimized out>
(rr) print cif
$2 = <optimized out>
(rr) up
#2 0x00007f3a847f14d3 in Function::invoke (this=0x1ca2520, context=0x1b747e0, args=..., this_obj=...,
r_value=0x0) at ../gi/function.cpp:963
963 ffi_call(&m_invoker.cif, FFI_FN(m_invoker.native_address), return_value_p,
(rr) print m_invoker
$3 = {cif = {abi = FFI_UNIX64, nargs = 1, arg_types = 0x1bac380, rtype = 0x7f3a841f61f0 <ffi_type_pointer>,
bytes = 0, flags = 14}, native_address = 0x7f3a846d71b0 <g_thread_join>, padding = {0x0, 0x0, 0x0}}
(rr) list
958 g_assert_cmpuint(ffi_arg_pos, ==, ffi_argc);
959 g_assert_cmpuint(gi_arg_pos, ==, state.gi_argc);
960
961 return_value_p =
962 get_return_ffi_pointer_from_giargument(&m_arguments[-1], &return_value);
963 ffi_call(&m_invoker.cif, FFI_FN(m_invoker.native_address), return_value_p,
964 ffi_arg_pointers.get());
965
966 /* Return value and out arguments are valid only if invocation doesn't
967 * return error. In arguments need to be released always.
(rr) print ffi_arg_pointers.get()
$4 = (void **) 0x1bab6d0
(rr) print (GIArgument*) ffi_arg_pointers.get()
$5 = (GIArgument *) 0x1bab6d0
(rr) print **(GIArgument**) ffi_arg_pointers.get()
$8 = {v_boolean = 29984864, v_int8 = 96 '`', v_uint8 = 96 '`', v_int16 = -30624, v_uint16 = 34912,
v_int32 = 29984864, v_uint32 = 29984864, v_int64 = 29984864, v_uint64 = 29984864, v_float = 7.40314274e-38,
v_double = 1.4814491197621943e-316, v_short = -30624, v_ushort = 34912, v_int = 29984864, v_uint = 29984864,
v_long = 29984864, v_ulong = 29984864, v_ssize = 29984864, v_size = 29984864,
v_string = 0x1c98860 "\265\002/z:\177", v_pointer = 0x1c98860}
(rr) print *(GRealThread*)0x1c98860
$9 = {thread = {func = 0x7f3a7a2f02b5 <ref_thread_func(void*)>, data = 0x1f02780, joinable = 0,
priority = G_THREAD_PRIORITY_LOW}, ref_count = 1, ours = 1, name = 0x0, retval = 0x0}
(rr) f 0
#0 ffi_call_unix64 () at ../src/x86/unix64.S:144
144 movq %rax, (%rdi)
(rr) inof local
Undefined command: "inof". Try "help".
(rr) info local
No locals.
(rr) up
#1 0x00007f3a841f50a3 in ffi_call (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>,
avalue=<optimized out>) at ../src/x86/ffi64.c:525
525 ffi_call_unix64 (stack, cif->bytes + sizeof (struct register_args),
(rr) info local
classes = {X86_64_INTEGER_CLASS, 32767, 1413102728, 32767}
stack = <optimized out>
argp = 0x7fff543a3ab0 "\016"
arg_types = <optimized out>
gprcount = 1
ssecount = <optimized out>
ngpr = 1
nsse = 0
i = <optimized out>
avn = <optimized out>
ret_in_memory = <optimized out>
reg_args = <optimized out>
(rr) list
520 }
521 }
522 }
523 }
524
525 ffi_call_unix64 (stack, cif->bytes + sizeof (struct register_args),
526 cif->flags, rvalue, fn, ssecount);
527 }
528
529
(rr) print return_value_p
$12 = (void *) 0x0
(rr) print m_arguments[-1]
$13 = {marshallers = 0x7f3a849701c0 <skip_all_marshallers>, arg_name = 0x0, type_info = {dummy1 = 18,
dummy2 = 2147483647, dummy3 = 0x1b5f430, dummy4 = 0x1cb8990, dummy5 = 0x1db6360, dummy6 = 93128, dummy7 = 0,
padding = {0x0, 0x0, 0x0, 0x0}}, arg_pos = 0 '\000', transfer = GI_TRANSFER_NOTHING,
flags = GjsArgumentFlags::SKIP_ALL, contents = {array = {length_pos = 0 '\000', length_tag = GI_TYPE_TAG_VOID},
callback = {closure_pos = 0 '\000', destroy_pos = 0 '\000', scope = GI_SCOPE_TYPE_INVALID}, number = {
number_tag = GI_TYPE_TAG_VOID}, object = {gtype = 0x0, info = 0x0}, tmp_foreign_info = 0x0, enum_type = {
enum_min = 0, enum_max = 0}, flags_mask = 0, caller_allocates_size = 0}, static MAX_ARGS = 253 '\375',
static INSTANCE_PARAM = 254 '\376', static RETURN_VALUE = 255 '\377', static ABSENT = 255 '\377'}
(rr) print r_value
$14 = (GIArgument *) 0x0
(rr) print return_value
$15 = {v_boolean = -2112665159, v_int8 = -71 '\271', v_uint8 = 185 '\271', v_int16 = 18873, v_uint16 = 18873,
v_int32 = -2112665159, v_uint32 = 2182302137, v_int64 = 139889267132857, v_uint64 = 139889267132857,
v_float = -1.08210117e-37, v_double = 6.9114481112253657e-310, v_short = 18873, v_ushort = 18873,
v_int = -2112665159, v_uint = 2182302137, v_long = 139889267132857, v_ulong = 139889267132857,
v_ssize = 139889267132857, v_size = 139889267132857, v_string = 0x7f3a821349b9
<js::CurrentThreadCanAccessRuntime(JSRuntime const*)+25> "H;\230\020",
v_pointer = 0x7f3a821349b9 <js::CurrentThreadCanAccessRuntime(JSRuntime const*)+25>}
(rr) print m_arguments[-1].type_info
$16 = {dummy1 = 18, dummy2 = 2147483647, dummy3 = 0x1b5f430, dummy4 = 0x1cb8990, dummy5 = 0x1db6360,
dummy6 = 93128, dummy7 = 0, padding = {0x0, 0x0, 0x0, 0x0}}
(rr) call g_type_info_get_tag(&m_arguments[-1].type_info)
$17 = GI_TYPE_TAG_VOID
(rr) quit
So the issue is just related to !46 (closed) and wrong handling of functions returning gpointer
s.