Crash in `g_type_check_instance` while using Maps and Image Viewer
We (Fedora) have an openQA test of Maps. Today's run of the test on Rawhide somehow resulted in GNOME Shell crashing. The test had just exported a map as an image and was in the process of opening the image to check it worked. To do that, it launches Image Viewer by typing 'image viewer' into the overview and hitting enter, then hits super+up to maximize it. It seems like Shell crashed right at the time the test tried to maximize Image Viewer.
This is with gnome-shell-44.0-4.fc39 . All other versions are whatever is tagged for Rawhide today.
Here's the backtrace:
4272 TypeNode *node = lookup_type_node_I (type_instance->g_class->g_type);
[Current thread is 1 (Thread 0x7fa9f2025600 (LWP 1599))]
#0 g_type_check_instance (type_instance=0x55ad5fa39710) at ../gobject/gtype.c:4272
node = <optimized out>
#1 0x00007fa9f631603c in g_signal_handler_disconnect (instance=0x55ad5fa39710, handler_id=35241) at ../gobject/gsignal.c:2754
_g_boolean_var_85 = <optimized out>
__func__ = "g_signal_handler_disconnect"
#2 0x00007fa9f6035433 in shell_window_preview_layout_dispose (gobject=0x55ad61b48be0) at ../src/shell-window-preview-layout.c:282
actor = 0x55ad6266fc40
info = 0x55ad6169ab00
_handler_id = <optimized out>
_instance = <optimized out>
_handler_id_ptr = <optimized out>
self = <optimized out>
priv = 0x55ad61b48bc0
iter = {dummy1 = 0x55ad61669590, dummy2 = 0x7fa9f6344108 <g.notify_lock_lock.lto_priv>, dummy3 = 0x0, dummy4 = 6, dummy5 = 21933, dummy6 = 0x7ffc00000003}
key = 0x55ad6266fc40
value = 0x55ad6169ab00
#3 0x00007fa9f6307af4 in g_object_unref (_object=0x55ad61b48be0) at ../gobject/gobject.c:3891
_pp = <optimized out>
gaig_temp = <optimized out>
gaig_temp = <optimized out>
weak_locations = <optimized out>
nqueue = 0x55ad603b7020
_ptr = <optimized out>
object = 0x55ad61b48be0
old_ref = <optimized out>
retry_atomic_decrement1 = <optimized out>
__func__ = "g_object_unref"
#4 0x00007fa9f5bedee8 in ObjectInstance::disassociate_js_gobject (this=0x55ad60badf40) at ../gi/object.cpp:1750
had_toggle_down = <optimized out>
had_toggle_up = <optimized out>
locked_queue = <optimized out>
#5 0x00007fa9f5c4ef70 in std::function<void (ObjectInstance*)>::operator()(ObjectInstance*) const (__args#0=<optimized out>, this=0x7ffc4df64490) at /usr/include/c++/13/bits/std_function.h:591
No locals.
#6 operator() (link=0x55ad60badf40, __closure=0x7ffc4df64470) at ../gi/object.cpp:1305
action = {<std::_Maybe_unary_or_binary_function<void, ObjectInstance*>> = {<std::unary_function<ObjectInstance*, void>> = {<No data fields>}, <No data fields>}, <std::_Function_base> = {static _M_max_size = 16, static _M_max_align = 8, _M_functor = {_M_unused = {_M_object = 0x7fa9f5bede70 <ObjectInstance::disassociate_js_gobject()>, _M_const_object = 0x7fa9f5bede70 <ObjectInstance::disassociate_js_gobject()>, _M_function_pointer = 0x7fa9f5bede70 <ObjectInstance::disassociate_js_gobject()>, _M_member_pointer = (void (std::_Undefined_class::*)(std::_Undefined_class * const)) 0x7fa9f5bede70 <ObjectInstance::disassociate_js_gobject()>}, _M_pod_data = "p\336\276\365\251\177\000\000\000\000\000\000\000\000\000"}, _M_manager = 0x7fa9f5bf2de0 <std::_Function_handler<void (ObjectInstance*), std::_Mem_fn<void (ObjectInstance::*)()> >::_M_manager(std::_Any_data&, std::_Any_data const&, std::_Manager_operation)>}, _M_invoker = 0x7fa9f5--Type <RET> for more, q to quit, c to continue without paging--c
bf2e60 <std::_Function_handler<void (ObjectInstance*), std::_Mem_fn<void (ObjectInstance::*)()> >::_M_invoke(std::_Any_data const&, ObjectInstance*&&)>}
predicate = {<std::_Maybe_unary_or_binary_function<bool, ObjectInstance*>> = {<std::unary_function<ObjectInstance*, bool>> = {<No data fields>}, <No data fields>}, <std::_Function_base> = {static _M_max_size = 16, static _M_max_align = 8, _M_functor = {_M_unused = {_M_object = 0x7ffc4df64588, _M_const_object = 0x7ffc4df64588, _M_function_pointer = 0x7ffc4df64588, _M_member_pointer = (void (std::_Undefined_class::*)(std::_Undefined_class * const)) 0x7ffc4df64588}, _M_pod_data = "\210E\366M\374\177\000\000\000\000\000\000\000\000\000"}, _M_manager = 0x7fa9f5bf2e80 <std::_Function_handler<bool(ObjectInstance*), ObjectInstance::update_heap_wrapper_weak_pointers(JSTracer*, JS::Compartment*, void*)::<lambda(ObjectInstance*)> >::_M_manager(std::_Any_data &, const std::_Any_data &, std::_Manager_operation)>}, _M_invoker = 0x7fa9f5bf3a30 <std::_Function_handler<bool(ObjectInstance*), ObjectInstance::update_heap_wrapper_weak_pointers(JSTracer*, JS::Compartment*, void*)::<lambda(ObjectInstance*)> >::_M_invoke(const std::_Any_data &, ObjectInstance *&&)>}
action = <optimized out>
predicate = <optimized out>
#7 __gnu_cxx::__ops::_Iter_pred<ObjectInstance::remove_wrapped_gobjects_if(const Predicate&, const Action&)::<lambda(ObjectInstance*)> >::operator()<__gnu_cxx::__normal_iterator<ObjectInstance**, std::vector<ObjectInstance*> > > (__it=..., this=0x7ffc4df64470) at /usr/include/c++/13/bits/predefined_ops.h:318
No locals.
#8 std::__remove_if<__gnu_cxx::__normal_iterator<ObjectInstance**, std::vector<ObjectInstance*> >, __gnu_cxx::__ops::_Iter_pred<ObjectInstance::remove_wrapped_gobjects_if(const Predicate&, const Action&)::<lambda(ObjectInstance*)> > > (__pred=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algobase.h:2145
__result = {_M_current = 0x55ad63d56690}
__result = <optimized out>
#9 std::remove_if<__gnu_cxx::__normal_iterator<ObjectInstance**, std::vector<ObjectInstance*> >, ObjectInstance::remove_wrapped_gobjects_if(const Predicate&, const Action&)::<lambda(ObjectInstance*)> > (__pred=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:880
No locals.
#10 ObjectInstance::remove_wrapped_gobjects_if(std::function<bool (ObjectInstance*)> const&, std::function<void (ObjectInstance*)> const&) [clone .constprop.0] (predicate=..., action=...) at ../gi/object.cpp:1301
No locals.
#11 0x00007fa9f5bea160 in ObjectInstance::update_heap_wrapper_weak_pointers (trc=<optimized out>) at ../gi/object.cpp:1598
locked_queue = <optimized out>
#12 0x00007fa9f434d2b6 in js::gc::GCRuntime::callWeakPointerCompartmentCallbacks (comp=0x55ad5fbf7f10, trc=<optimized out>, this=0x55ad5fc77910) at /usr/src/debug/mozjs102-102.9.0-1.fc39.x86_64/gc/GC.cpp:1355
p = @0x55ad5fc78930: {op = 0x7fa9f5bea0a0 <ObjectInstance::update_heap_wrapper_weak_pointers(JSTracer*, JS::Compartment*, void*)>, data = 0x0}
__for_range = @0x55ad5fc78918: {<js::SystemAllocPolicy> = {<js::AllocPolicyBase> = {<No data fields>}, <No data fields>}, static kElemIsPod = false, static kMaxInlineBytes = 999, static kInlineCapacity = 4, mBegin = 0x55ad5fc78930, mLength = 1, mTail = {<mozilla::Vector<js::gc::Callback<void (*)(JSTracer*, JS::Compartment*, void*)>, 4, js::SystemAllocPolicy>::CapacityAndReserved> = {mCapacity = 4}, mBytes = "\240\240\276\365\251\177", '\000' <repeats 46 times>, "\002\000\000\000\317\002\000\000\000\000\000"}, static sMaxInlineStorage = <optimized out>}
__for_begin = 0x55ad5fc78930
__for_end = 0x55ad5fc78940
#13 js::gc::GCRuntime::sweepEmbeddingWeakPointers (gcx=<optimized out>, this=0x55ad5fc77910) at /usr/src/debug/mozjs102-102.9.0-1.fc39.x86_64/gc/Sweeping.cpp:1427
comp = {zone = <optimized out>, it = 0x55ad5fcdb2a0}
zone = {current = 0x55ad5fcdaa20}
ap2 = <optimized out>
lock = <optimized out>
ap = <optimized out>
lock = <optimized out>
ap = <optimized out>
ap2 = <optimized out>
ap2 = <optimized out>
zone = <optimized out>
comp = <optimized out>
#14 js::gc::GCRuntime::beginSweepingSweepGroup (this=<optimized out>, gcx=<optimized out>, budget=...) at /usr/src/debug/mozjs102-102.9.0-1.fc39.x86_64/gc/Sweeping.cpp:1493
scc = <optimized out>
sweepingAtoms = <optimized out>
threadIsSweeping = <optimized out>
#15 0x00007fa9f43430fc in sweepaction::SweepActionSequence::run (this=0x55ad5fbfbb30, args=...) at /usr/src/debug/mozjs102-102.9.0-1.fc39.x86_64/gc/Sweeping.cpp:2085
iter = <optimized out>
#16 0x00007fa9f4348d79 in sweepaction::SweepActionForEach<js::gc::SweepGroupsIter, JSRuntime*>::run (this=0x55ad5fbfbca0, args=...) at /usr/src/debug/mozjs102-102.9.0-1.fc39.x86_64/gc/Sweeping.cpp:2120
iter = <optimized out>
clearElem = {mExitFunction = {__this = 0x55ad5fbfbca0}, mExecuteOnDestruction = true}
#17 0x00007fa9f4321886 in js::gc::GCRuntime::performSweepActions (budget=..., this=0x1) at /usr/src/debug/mozjs102-102.9.0-1.fc39.x86_64/dist/include/mozilla/UniquePtr.h:290
s = {<js::AutoGeckoProfilerEntry> = {profiler_ = 0x0}, <No data fields>}
pjc = <optimized out>
sweepProgress = <optimized out>
markProgress = <optimized out>
ap = <optimized out>
gcx = 0x55ad5fc77928
disableBarriers = <optimized out>
args = {gc = 0x55ad5fc77910, gcx = 0x55ad5fc77928, budget = @0x7ffc4df64d70}
s = <optimized out>
ap = <optimized out>
gcx = <optimized out>
pjc = <optimized out>
disableBarriers = <optimized out>
args = <optimized out>
sweepProgress = <optimized out>
markProgress = <optimized out>
#18 js::gc::GCRuntime::incrementalSlice (budgetWasIncreased=<optimized out>, reason=<optimized out>, budget=..., this=0x1) at /usr/src/debug/mozjs102-102.9.0-1.fc39.x86_64/gc/GC.cpp:3255
performingGC = <optimized out>
session = {<js::gc::AutoHeapSession> = {gc = 0x55ad5fc77910, prevState = JS::HeapState::Idle, profilingStackFrame = {<mozilla::detail::MaybeStorage<js::AutoGeckoProfilerEntry, false>> = {<mozilla::detail::MaybeStorageBase<js::AutoGeckoProfilerEntry, false>> = {mStorage = {val = {profiler_ = 0x0}}}, mIsSome = 1 '\001'}, <mozilla::detail::Maybe_CopyMove_Enabler<js::AutoGeckoProfilerEntry, false, true, true>> = {<No data fields>}, <No data fields>}}, <No data fields>}
destroyingRuntime = <optimized out>
shouldPauseMutator = <optimized out>
performingGC = <optimized out>
session = <optimized out>
destroyingRuntime = <optimized out>
shouldPauseMutator = <optimized out>
ap = <optimized out>
ap1 = <optimized out>
ap2 = <optimized out>
#19 js::gc::GCRuntime::gcCycle (this=this@entry=0x55ad5fc77910, nonincrementalByAPI=nonincrementalByAPI@entry=true, budgetArg=..., reason=<optimized out>, reason@entry=JS::GCReason::MEM_PRESSURE) at /usr/src/debug/mozjs102-102.9.0-1.fc39.x86_64/gc/GC.cpp:3736
callCallbacks = {gc_ = @0x55ad5fc77910, reason_ = JS::GCReason::MEM_PRESSURE}
budget = {idle = false, extended = false, static UnlimitedCounter = 9223372036854775807, static StepsPerExpensiveCheck = 1000, budget = {static RawDataAlignment = 8, static RawDataSize = 16, rawData = "\200\f\247\364\251\177\000\000\020y\307_\255U\000", tag = 2 '\002'}, interruptRequested = 0x0, counter = 9223372036854603762, interrupted = false}
budgetWasIncreased = <optimized out>
agc = {stats = @0x55ad5fc77990}
result = <optimized out>
#20 0x00007fa9f43234b8 in js::gc::GCRuntime::collect (this=0x55ad5fc77910, nonincrementalByAPI=<optimized out>, budget=..., reason=JS::GCReason::MEM_PRESSURE) at /usr/src/debug/mozjs102-102.9.0-1.fc39.x86_64/gc/GC.cpp:3920
cycleResult = <optimized out>
startTime = <optimized out>
timer = <optimized out>
clearGCOptions = <optimized out>
logGC = <optimized out>
av = <optimized out>
leaveAtomsZone = <optimized out>
sliceThresholds = <optimized out>
repeat = <optimized out>
#21 0x00007fa9f41b9414 in js::gc::GCRuntime::gc (reason=JS::GCReason::MEM_PRESSURE, options=JS::GCOptions::Normal, this=<optimized out>) at /usr/src/debug/mozjs102-102.9.0-1.fc39.x86_64/gc/GC.cpp:3998
No locals.
#22 JS_GC (cx=0x55ad5fbca020, reason=reason@entry=JS::GCReason::MEM_PRESSURE) at /usr/src/debug/mozjs102-102.9.0-1.fc39.x86_64/jsapi.cpp:1305
No locals.
#23 0x00007fa9f5c0ff5e in GjsContextPrivate::trigger_gc_if_needed (data=data@entry=0x55ad5fb9dca0) at ../gjs/context.cpp:854
gjs = 0x55ad5fb9dca0
#24 0x00007fa9f5d44d19 in g_timeout_dispatch (source=0x55ad60004020, callback=0x7fa9f5c0ff30 <GjsContextPrivate::trigger_gc_if_needed(void*)>, user_data=0x55ad5fb9dca0) at ../glib/gmain.c:5054
timeout_source = 0x55ad60004020
again = <optimized out>
#25 0x00007fa9f5d3ef58 in g_main_dispatch (context=0x55ad5f75e800) at ../glib/gmain.c:3460
dispatch = 0x7fa9f5d44cf0 <g_timeout_dispatch>
prev_source = 0x0
begin_time_nsec = 193944514799
was_in_call = 0
user_data = 0x55ad5fb9dca0
callback = 0x7fa9f5c0ff30 <GjsContextPrivate::trigger_gc_if_needed(void*)>
cb_funcs = 0x7fa9f5e2b280 <g_source_callback_funcs>
cb_data = 0x7fa9cc39af20
need_destroy = <optimized out>
source = 0x55ad60004020
current = 0x55ad5f73b5d0
i = 0
current = <optimized out>
i = <optimized out>
__func__ = <optimized out>
source = <optimized out>
_g_boolean_var_163 = <optimized out>
was_in_call = <optimized out>
user_data = <optimized out>
callback = <optimized out>
cb_funcs = <optimized out>
cb_data = <optimized out>
need_destroy = <optimized out>
dispatch = <optimized out>
prev_source = <optimized out>
begin_time_nsec = <optimized out>
_g_boolean_var_164 = <optimized out>
#26 g_main_context_dispatch (context=0x55ad5f75e800) at ../glib/gmain.c:4200
No locals.
#27 0x00007fa9f5d9ecb8 in g_main_context_iterate.isra.0 (context=0x55ad5f75e800, block=1, dispatch=1, self=<optimized out>) at ../glib/gmain.c:4276
max_priority = 300
timeout = 0
some_ready = 1
nfds = 13
allocated_nfds = <optimized out>
fds = <optimized out>
begin_time_nsec = 193944496614
#28 0x00007fa9f5d44bcf in g_main_loop_run (loop=0x55ad6118d5a0) at ../glib/gmain.c:4479
self = <optimized out>
__func__ = "g_main_loop_run"
#29 0x00007fa9f56d414a in meta_context_run_main_loop (context=context@entry=0x55ad5f75cbd0, error=error@entry=0x7ffc4df65130) at ../src/core/meta-context.c:482
priv = 0x55ad5f75cb50
__func__ = "meta_context_run_main_loop"
#30 0x000055ad5f307f87 in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:663
context = 0x55ad5f75cbd0
error = 0x0
ecode = 0
Edited by Adam Williamson