Crash in gjs_value_from_g_argument
Affected version
Fedora 34 Silverblue, Wayland, mutter-40.0-4.1.fc34.x86_64, gnome-shell-40.0-1.fc34.x86_64, gjs-1.68.0-4.fc34.x86_64
Bug summary
Got this weird crash by just booting up my PC, logging in, waiting (I have a ton of things in autostart), then trying to drag some applications to other workspaces.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f1eb2ba2d5a in gjs_value_from_g_argument (context=0x5642b78d22b0, value_p=..., type_info=<optimized out>, arg=0x7ffc66f28e10, copy_structs=<optimized out>)
at ../gi/arg.cpp:2589
2589 gtype = G_TYPE_FROM_INSTANCE(gjs_arg_get<GTypeInstance*>(arg));
(gdb) bt
#0 0x00007f1eb2ba2d5a in gjs_value_from_g_argument(JSContext*, JS::MutableHandle<JS::Value>, _GIBaseInfoStub*, _GIArgument*, bool)
(context=0x5642b78d22b0, value_p=..., type_info=<optimized out>, arg=0x7ffc66f28e10, copy_structs=<optimized out>) at ../gi/arg.cpp:2589
#1 0x00007f1eb2ba3dc9 in gjs_array_from_g_list<_GList> (list=0x5642b8a90780, type_info=<optimized out>, value_p=..., cx=0x5642b78d22b0) at ../gi/arg.cpp:1879
#2 gjs_value_from_g_argument(JSContext*, JS::MutableHandle<JS::Value>, _GIBaseInfoStub*, _GIArgument*, bool)
(context=0x5642b78d22b0, value_p=..., type_info=<optimized out>, arg=<optimized out>, copy_structs=<optimized out>) at ../gi/arg.cpp:2755
#3 0x00007f1eb2bb9d57 in Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*)
(this=0x5642b7be1e00, context=0x5642b78d22b0, args=..., this_obj=..., r_value=0x0) at ../gi/function.cpp:992
#4 0x00007f1eb2bba117 in Function::call(JSContext*, unsigned int, JS::Value*) (context=0x5642b78d22b0, js_argc=<optimized out>, vp=<optimized out>)
at /usr/include/mozjs-78/js/RootingAPI.h:596
#5 0x000016f1ecfa8567 in ()
#6 0x0000000000000001 in ()
#7 0x00007ffc66f29270 in ()
#8 0x0000000000000000 in ()
Stack trace of thread 2074:
#0 0x00007f1eb2ba2d5a _Z25gjs_value_from_g_argumentP9JSContextN2JS13MutableHandleINS1_5ValueEEEP15_GIBaseInfoStubP11_GIArgumentb (libgjs.so.0 + 0x33d5a)
#1 0x00007f1eb2ba3dc9 _Z25gjs_value_from_g_argumentP9JSContextN2JS13MutableHandleINS1_5ValueEEEP15_GIBaseInfoStubP11_GIArgumentb (libgjs.so.0 + 0x34dc9)
#2 0x00007f1eb2bb9d57 _ZN8Function6invokeEP9JSContextRKN2JS8CallArgsENS2_6HandleIP8JSObjectEEP11_GIArgument (libgjs.so.0 + 0x4ad57)
#3 0x00007f1eb2bba117 _ZN8Function4callEP9JSContextjPN2JS5ValueE (libgjs.so.0 + 0x4b117)
#4 0x000016f1ecfa8567 n/a (n/a + 0x0)
#5 0x00005642b7b3a550 n/a (n/a + 0x0)
#6 0x000016f1ecef869f n/a (n/a + 0x0)
#7 0x00007f1eb026f116 _ZL8EnterJitP9JSContextRN2js8RunStateEPh (libmozjs-78.so.0 + 0x750116)
#8 0x00007f1eafc5bac4 _ZL9InterpretP9JSContextRN2js8RunStateE (libmozjs-78.so.0 + 0x13cac4)
#9 0x00007f1eafc691be _ZN2js9RunScriptEP9JSContextRNS_8RunStateE (libmozjs-78.so.0 + 0x14a1be)
#10 0x00007f1eafc69607 _ZN2js23InternalCallOrConstructEP9JSContextRKN2JS8CallArgsENS_14MaybeConstructENS_10CallReasonE (libmozjs-78.so.0 + 0x14a607)
#11 0x00007f1eafc69c62 _ZN2js4CallEP9JSContextN2JS6HandleINS2_5ValueEEES5_RKNS_13AnyInvokeArgsENS2_13MutableHandleIS4_EENS_10CallReasonE (libmozjs-78.so.0 + 0x14ac62)
#12 0x00007f1eb014099a _ZN2js3jit14InvokeFunctionEP9JSContextN2JS6HandleIP8JSObjectEEbbjPNS3_5ValueENS3_13MutableHandleIS8_EE (libmozjs-78.so.0 + 0x62199a)
#13 0x00007f1eb0140b4f _ZN2js3jit25InvokeFromInterpreterStubEP9JSContextPNS0_30InterpreterStubExitFrameLayoutE (libmozjs-78.so.0 + 0x621b4f)
#14 0x000016f1ecef8fb4 n/a (n/a + 0x0)
#15 0x00005642ba406088 n/a (n/a + 0x0)
#16 0x000016f1ecef869f n/a (n/a + 0x0)
#17 0x00007f1eb026f116 _ZL8EnterJitP9JSContextRN2js8RunStateEPh (libmozjs-78.so.0 + 0x750116)
#18 0x00007f1eafc5bac4 _ZL9InterpretP9JSContextRN2js8RunStateE (libmozjs-78.so.0 + 0x13cac4)
#19 0x00007f1eafc691be _ZN2js9RunScriptEP9JSContextRNS_8RunStateE (libmozjs-78.so.0 + 0x14a1be)
#20 0x00007f1eafc69607 _ZN2js23InternalCallOrConstructEP9JSContextRKN2JS8CallArgsENS_14MaybeConstructENS_10CallReasonE (libmozjs-78.so.0 + 0x14a607)
#21 0x00007f1eafc69c62 _ZN2js4CallEP9JSContextN2JS6HandleINS2_5ValueEEES5_RKNS_13AnyInvokeArgsENS2_13MutableHandleIS4_EENS_10CallReasonE (libmozjs-78.so.0 + 0x14ac62)
#22 0x00007f1eafcdd57a _Z15JS_CallFunctionP9JSContextN2JS6HandleIP8JSObjectEENS2_IP10JSFunctionEERKNS1_16HandleValueArrayENS1_13MutableHandleINS1_5ValueEEE (libmozjs-78.so.0 + 0x1be57a)
#23 0x00007f1eb2badc26 _Z18gjs_closure_invokeP9_GClosureN2JS6HandleIP8JSObjectEERKNS1_16HandleValueArrayENS1_13MutableHandleINS1_5ValueEEEb (libgjs.so.0 + 0x3ec26)
#24 0x00007f1eb2bb77a3 _ZN21GjsCallbackTrampoline16callback_closureEPP11_GIArgumentPv (libgjs.so.0 + 0x487a3)
#25 0x00007f1eb2bb857d _ZZN21GjsCallbackTrampoline10initializeEP9JSContextN2JS6HandleIP10JSFunctionEEbENUlP7ffi_cifPvPS9_S9_E_4_FUNES8_S9_SA_S9_ (libgjs.so.0 + 0x4957d)
#26 0x00007f1eb1ce299d ffi_closure_unix64_inner (libffi.so.6 + 0x699d)
#27 0x00007f1eb1ce2d6c ffi_closure_unix64 (libffi.so.6 + 0x6d6c)
#28 0x00007f1eb2a8fab8 _clutter_marshal_BOOLEAN__BOXEDv (libmutter-clutter-8.so.0 + 0x3dab8)
#29 0x00007f1eb35f183a g_signal_emit_valist (libgobject-2.0.so.0 + 0x3183a)
#30 0x00007f1eb35f1983 g_signal_emit (libgobject-2.0.so.0 + 0x31983)
#31 0x00007f1eb2a9e4b0 clutter_actor_event (libmutter-clutter-8.so.0 + 0x4c4b0)
#32 0x00007f1eb2ab0425 _clutter_actor_handle_event (libmutter-clutter-8.so.0 + 0x5e425)
#33 0x00007f1eb2add061 _clutter_process_event (libmutter-clutter-8.so.0 + 0x8b061)
#34 0x00007f1eb2addd70 clutter_stage_update_device (libmutter-clutter-8.so.0 + 0x8bd70)
#35 0x00007f1eb2addf91 update_device_for_event (libmutter-clutter-8.so.0 + 0x8bf91)
#36 0x00007f1eb2add8fd _clutter_process_event (libmutter-clutter-8.so.0 + 0x8b8fd)
#37 0x00007f1eb2af69c8 handle_frame_clock_before_frame (libmutter-clutter-8.so.0 + 0xa49c8)
#38 0x00007f1eb2ac1bb6 frame_clock_source_dispatch (libmutter-clutter-8.so.0 + 0x6fbb6)
#39 0x00007f1eb34db46f g_main_context_dispatch (libglib-2
(gdb) bt full
#0 0x00007f1eb2ba2d5a in gjs_value_from_g_argument(JSContext*, JS::MutableHandle<JS::Value>, _GIBaseInfoStub*, _GIArgument*, bool) (context=0x5642b78d22b0, value_p=..., type_info=<optimized out>, arg=0x7ffc66f28e10, copy_structs=<optimized out>) at ../gi/arg.cpp:2589
interface_type = GI_INFO_TYPE_OBJECT
gtype = 0x5642b77557d0 [None]
interface_info = {<GjsAutoPointer<_GIBaseInfoStub, _GIBaseInfoStub, g_base_info_unref, g_base_info_ref>> = {m_ptr = 0x5642ba687400}, <No data fields>}
type_tag = <optimized out>
#1 0x00007f1eb2ba3dc9 in gjs_array_from_g_list<_GList> (list=0x5642b8a90780, type_info=<optimized out>, value_p=..., cx=0x5642b78d22b0) at ../gi/arg.cpp:1879
i = <optimized out>
arg =
{v_boolean = -1171409584, v_int8 = 80 'P', v_uint8 = 80 'P', v_int16 = -19120, v_uint16 = 46416, v_int32 = -1171409584, v_uint32 = 3123557712, v_int64 = 94844591387984, v_uint64 = 94844591387984, v_float = -0.000662644394, v_double = 4.6859454298653445e-310, v_short = -19120, v_ushort = 46416, v_int = -1171409584, v_uint = 3123557712, v_long = 94844591387984, v_ulong = 94844591387984, v_ssize = 94844591387984, v_size = 94844591387984, v_string = 0x5642ba2db550 "", v_pointer = 0x5642ba2db550}
elems =
{<JS::Rooted<JS::StackGCVector<JS::Value, js::TempAllocPolicy> >> = {<js::RootedBase<JS::StackGCVector<JS::Value, js::TempAllocPolicy>, JS::Rooted<JS::StackGCVector<JS::Value, js::TempAllocPolicy> > >> = {<js::MutableWrappedPtrOperations<JS::StackGCVector<JS::Value, js::TempAllocPolicy>, JS::Rooted<JS::StackGCVector<JS::Value, js::TempAllocPolicy> > >> = {<js::MutableWrappedPtrOperations<JS::GCVector<JS::Value, 8, js::TempAllocPolicy>, JS::Rooted<JS::StackGCVector<JS::Value, js::TempAllocPolicy> > >> = {<js::WrappedPtrOperations<JS::GCVector<JS::Value, 8, js::TempAllocPolicy>, JS::Rooted<JS::StackGCVector<JS::Value, js::TempAllocPolicy> > >> = {<No data fields>}, <No data fields>}, <No data fields>}, <No data fields>}, stack = 0x5642b78d2318, prev = 0x7ffc66f29138, ptr = {<js::VirtualTraceable> = {_vptr.VirtualTraceable = 0x7f1eb2c848a0 <vtable for js::RootedTraceable<JS::StackGCVector<JS::Value, js::TempAllocPolicy> >+16>}, ptr = {<JS::GCVector<JS::Value, 8, js::TempAllocPolicy>> = {vector = {<js::TempAllocPolicy> = {<js::AllocPolicyBase> = {<No data fields>}, cx_ = 0x5642b78d22b0}, static kElemIsPod = false, static kMaxInlineBytes = 992, static kInlineCapacity = 8, mBegin = 0x7ffc66f28ef8, mLength = 1, mTail = {<mozilla::Vector<JS::Value, 8, js::TempAllocPolicy>::CapacityAndReserved> = {mCapacity = 8}, mBytes = "\000\000\000\000\000\000\372\377h㦹BV\000\000\200\216\362f\374\177\000\000F", '\000' <repeats 11 times>, "\001\000\000\000\001\000\000\000\000\000\000\000\032\000\000\000\000\000\000\000\001\000\000\000\000\000\000"}}}, <No data fields>}}}, <No data fields>}
type_tag = <optimized out>
#2 gjs_value_from_g_argument(JSContext*, JS::MutableHandle<JS::Value>, _GIBaseInfoStub*, _GIArgument*, bool) (context=0x5642b78d22b0, value_p=..., type_info=<optimized out>, arg=<optimized out>, copy_structs=<optimized out>) at ../gi/arg.cpp:2755
type_tag = <optimized out>
#3 0x00007f1eb2bb9d57 in Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) (this=0x5642b7be1e00, context=0x5642b78d22b0, args=..., this_obj=..., r_value=0x0) at ../gi/function.cpp:992
cache = 0x5642b7f08ed0
out_value = <optimized out>
js_out_arg = {<js::RootedBase<JS::Value, JS::Rooted<JS::Value> >> = {<js::MutableWrappedPtrOperations<JS::Value, JS::Rooted<JS::Value> >> = {<js::WrappedPtrOperations<JS::Value, JS::Rooted<JS::Value> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0x5642b78d2310, prev = 0x7ffc66f293d0, ptr = {asBits_ = 18445055223849287680}}
return_value_p = <optimized out>
return_value =
{v_boolean = -1196882048, v_int8 = -128 '\200', v_uint8 = 128 '\200', v_int16 = 1920, v_uint16 = 1920, v_int32 = -1196882048, v_uint32 = 3098085248, v_int64 = 94844565915520, v_uint64 = 94844565915520, v_float = -8.05994496e-05, v_double = 4.6859441713584068e-310, v_short = 1920, v_ushort = 1920, v_int = -1196882048, v_uint = 3098085248, v_long = 94844565915520, v_ulong = 94844565915520, v_ssize = 94844565915520, v_size = 94844565915520, v_string = 0x5642b8a90780 "P\265-\272BV", v_pointer = 0x5642b8a90780}
ffi_argc = 1
state =
{in_cvalues = 0x5642ba564680, out_cvalues = 0x5642ba5646a0, inout_original_cvalues = 0x5642b905c090, ignore_release = std::unordered_set with 0 elements, instance_object = {<js::RootedBase<JSObject*, JS::Rooted<JSObject*> >> = {<js::MutableWrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<js::WrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0x5642b78d22c8, prev = 0x7ffc66f29220, ptr = 0x8492133f400}, return_values = {<JS::Rooted<JS::StackGCVector<JS::Value, js::TempAllocPolicy> >> = {<js::RootedBase<JS::StackGCVector<JS::Value, js::TempAllocPolicy>, JS::Rooted<JS::StackGCVector<JS::Value, js::TempAllocPolicy> > >> = {<js::MutableWrappedPtrOperations<JS::StackGCVector<JS::Value, js::TempAllocPolicy>, JS::Rooted<JS::StackGCVector<JS::Value, js::TempAllocPolicy> > >> = {<js::MutableWrappedPtrOperations<JS::GCVector<JS::Value, 8, js::TempAllocPolicy>, JS::Rooted<JS::StackGCVector<JS::Value, js::TempAllocPolicy> > >> = {<js::WrappedPtrOperations<JS::GCVector<JS::Value, 8, js::TempAllocPolicy>, JS::Rooted<JS::StackGCVector<JS::Value, js::TempAllocPolicy> > >> = {<No data fields>}, <No data fields>}, <No data fields>}, <No data fields>}, stack = 0x5642b78d2318, prev = 0x7ffc66f29418, ptr = {<js::VirtualTraceable> = {_vptr.VirtualTraceable = 0x7f1eb2c848a0 <vtable for js::RootedTraceable<JS::StackGCVector<JS::Value, js::TempAllocPolicy> >+16>}, ptr = {<JS::GCVector<JS::Value, 8, js::TempAllocPolicy>> = {vector = {<js::TempAllocPolicy> = {<js::AllocPolicyBase> = {<No data fields>}, cx_ = 0x5642b78d22b0}, static kElemIsPod = false, static kMaxInlineBytes = 992, static kInlineCapacity = 8, mBegin = 0x7ffc66f29170, mLength = 0, mTail = {<mozilla::Vector<JS::Value, 8, js::TempAllocPolicy>::CapacityAndReserved> = {mCapacity = 8}, mBytes = "\300\222\362f\374\177\000\000>\017\021\260\036\177\000G\020\224\362f\374\177\000\000җ\273\262\036\177\000F\020#\215\267BV\000\000Г\362f\374\177\000\000\300\227\354\005\306\033\373\377Г\362f\374\177\000"}}}, <No data fields>}}}, <No data fields>}, local_error = {m_ptr = 0x0}, gi_argc = 0, processed_c_args = 1, failed = false, can_throw_gerror = false, is_method = true}
ffi_arg_pointers = std::unique_ptr<void *[]> = {get() = 0x5642b905c0a0}
gi_arg_pos = -1
ffi_arg_pos = <optimized out>
js_arg_pos = 0
obj = {<js::RootedBase<JSObject*, JS::Rooted<JSObject*> >> = {<js::MutableWrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<js::WrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0x5642b78d22c8, prev = 0x7ffc66f29120, ptr = 0x8492133f400}
dynamicString = "Shell.WindowPreviewLayout.method Shell.WindowPreviewLayout.get_windows"
label = {m_stack = 0x0}
errorp = 0x7ffc66f291b0
#4 0x00007f1eb2bba117 in Function::call(JSContext*, unsigned int, JS::Value*) (context=0x5642b78d22b0, js_argc=<optimized out>, vp=<optimized out>) at /usr/include/mozjs-78/js/RootingAPI.h:596
js_argv = {<JS::detail::CallArgsBase<JS::detail::IncludeUsedRval>> = {argv_ = 0x7ffc66f292a0, argc_ = 0, constructing_ = false, ignoresReturnValue_ = false}, <No data fields>}
callee = {<js::RootedBase<JSObject*, JS::Rooted<JSObject*> >> = {<js::MutableWrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<js::WrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0x5642b78d22c8, prev = 0x7ffc66f29438, ptr = 0x1aa647630fa0}
priv = <optimized out>
#5 0x000016f1ecfa8567 in ()
#6 0x0000000000000001 in ()
#7 0x00007ffc66f29270 in ()
#8 0x0000000000000000 in ()