Crash on st_theme_get_custom_stylesheets
This is one of the most common crashes we have in ubuntu (errors.ubuntu.com, bug #1702151), but it also happens in fedora (or this.
Seems somewhat related to some wrong memory management in the theme.
#0 g_type_check_instance_is_fundamentally_a (type_instance=type_instance@entry=0x565029d4d600, fundamental_type=fundamental_type@entry=80) at ../../../gobject/gtype.c:4026
node = 0x7265766f68
#1 0x00007f2d4be3dc1e in g_object_ref (_object=0x565029d4d600) at ../../../gobject/gobject.c:3212
_g_boolean_var_ = <optimized out>
object = 0x565029d4d600
old_val = <optimized out>
__FUNCTION__ = "g_object_ref"
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
#2 0x00007f2d4afab6ad in st_theme_get_custom_stylesheets () from /srv/daisy.ubuntu.com/production/cache/Ubuntu 19.04/cache-CZcYej/sandbox/Ubuntu 19.04/amd64/report-sandbox/usr/lib/gnome-shell/libst-1.0.so
No symbol table info available.
#3 0x00007f2d4a3af81e in ffi_call_unix64 () at ../src/x86/unix64.S:76
No locals.
#4 0x00007f2d4a3af1ef in ffi_call (cif=cif@entry=0x56502ba54998, fn=<optimized out>, rvalue=<optimized out>, rvalue@entry=0x7fff572b4998, avalue=avalue@entry=0x7fff572b48a0) at ../src/x86/ffi64.c:525
classes = {X86_64_INTEGER_CLASS, 32767, 1231217745, 32557}
stack = <optimized out>
argp = <optimized out>
arg_types = <optimized out>
gprcount = <optimized out>
ssecount = <optimized out>
ngpr = 1
nsse = 0
i = <optimized out>
avn = <optimized out>
ret_in_memory = <optimized out>
reg_args = <optimized out>
#5 0x00007f2d4b51e229 in gjs_invoke_c_function (context=0x565029a21000, function=0x56502ba54980, obj=..., args=..., js_rval=..., r_value=0x0) at gi/function.cpp:1096
in_arg_cvalues = 0x7fff572b48b0
out_arg_cvalues = 0x7fff572b4890
inout_original_arg_cvalues = 0x7fff572b4880
ffi_arg_pointers = 0x7fff572b48a0
return_value = {v_boolean = 0, v_int8 = 0 '\000', v_uint8 = 0 '\000', v_int16 = 0, v_uint16 = 0, v_int32 = 0, v_uint32 = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_short = 0, v_ushort = 0, v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_ssize = 0, v_size = 0, v_string = 0x0, v_pointer = 0x0}
return_value_p = 0x7fff572b4998
return_gargument = {v_boolean = 18, v_int8 = 18 '\022', v_uint8 = 18 '\022', v_int16 = 18, v_uint16 = 18, v_int32 = 18, v_uint32 = 18, v_int64 = 18, v_uint64 = 18, v_float = 2.52233724e-44, v_double = 8.8931816251424378e-323, v_short = 18, v_ushort = 18, v_int = 18, v_uint = 18, v_long = 18, v_ulong = 18, v_ssize = 18, v_size = 18, v_string = 0x12 <error: Cannot access memory at address 0x12>, v_pointer = 0x12}
processed_c_args = 1 '\001'
gi_argc = 0 '\000'
gi_arg_pos = <optimized out>
c_argc = 1 '\001'
c_arg_pos = <optimized out>
js_arg_pos = <optimized out>
can_throw_gerror = false
did_throw_gerror = false
local_error = 0x0
failed = false
postinvoke_release_failed = <optimized out>
is_method = <optimized out>
is_object_method = true
return_info = {dummy1 = 18, dummy2 = 2147483647, dummy3 = 0x565029517880, dummy4 = 0x56502ba5ad40, dummy5 = 0x565029f94cc0, dummy6 = 23216, dummy7 = 0, padding = {0x0, 0x0, 0x0, 0x0}}
return_tag = GI_TYPE_TAG_GSLIST
return_values = {<JS::Rooted<JS::GCVector<JS::Value, 8, js::TempAllocPolicy> >> = {<js::RootedBase<JS::GCVector<JS::Value, 8, js::TempAllocPolicy>, JS::Rooted<JS::GCVector<JS::Value, 8, js::TempAllocPolicy> > >> = {<js::MutableWrappedPtrOperations<JS::GCVector<JS::Value, 8, js::TempAllocPolicy>, JS::Rooted<JS::GCVector<JS::Value, 8, js::TempAllocPolicy> > >> = {<js::WrappedPtrOperations<JS::GCVector<JS::Value, 8, js::TempAllocPolicy>, JS::Rooted<JS::GCVector<JS::Value, 8, js::TempAllocPolicy> > >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0x565029a21068, prev = 0x7fff572b51f8, ptr = {tracer = 0x7f2d4b516100 <JS::StructGCPolicy<JS::GCVector<JS::Value, 8ul, js::TempAllocPolicy> >::trace(JSTracer*, JS::GCVector<JS::Value, 8ul, js::TempAllocPolicy>*, char const*)>, storage = {vector = {<js::TempAllocPolicy> = {cx_ = 0x565029a21000}, static kElemIsPod = false, static kMaxInlineBytes = 992, static kInlineCapacity = 8, mBegin = 0x7fff572b4ba8, mLength = 0, mTail = {<mozilla::Vector<JS::Value, 8, js::TempAllocPolicy>::CapacityAndReserved> = {mCapacity = 8}, mBytes = "PgRK-\177\000\000`\020\242)PV\000\000\000\020\242)PV\000\000@L+W\377\177\000\000\253\220RK-\177\000\000h\020\242)PV\000\000`M+W\377\177\000\000\360L+W\377\177\000"}, static sMaxInlineStorage = <optimized out>}}}}, <No data fields>}
next_rval = 0 '\000'
__PRETTY_FUNCTION__ = "bool gjs_invoke_c_function(JSContext*, Function*, JS::HandleObject, const JS::HandleValueArray&, mozilla::Maybe<JS::MutableHandle<JS::Value> >, GIArgument*)"
#6 0x00007f2d4b51f9a6 in function_call (context=0x565029a21000, js_argc=0, vp=0x5650314ae360) at /usr/include/mozjs-60/js/RootingAPI.h:1128
js_argv = <optimized out>
object = {<js::RootedBase<JSObject*, JS::Rooted<JSObject*> >> = {<js::MutableWrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<js::WrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0x565029a21020, prev = 0x7fff572b4ff0, ptr = 0x7f2d29563eb0}
callee = {<js::RootedBase<JSObject*, JS::Rooted<JSObject*> >> = {<js::MutableWrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<js::WrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0x565029a21020, prev = 0x7fff572b4c40, ptr = 0x7f2d281b39d0}
success = <optimized out>
priv = 0x56502ba54980
retval = {<js::RootedBase<JS::Value, JS::Rooted<JS::Value> >> = {<js::MutableWrappedPtrOperations<JS::Value, JS::Rooted<JS::Value> >> = {<js::WrappedPtrOperations<JS::Value, JS::Rooted<JS::Value> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0x565029a21060, prev = 0x7fff572b4f10, ptr = {data = {asBits = 18444914486360932352, debugView = {payload47 = 0, tag = JSVAL_TAG_UNDEFINED}, s = {payload = {i32 = 0, u32 = 0, why = JS_ELEMENTS_HOLE}}, asDouble = -nan(0x9800000000000), asPtr = 0xfff9800000000000, asWord = 18444914486360932352, asUIntPtr = 18444914486360932352}}}
#7 0x00007f2d4931e1f4 in js::CallJSNative (args=..., native=0x7f2d4b51f880 <function_call(JSContext*, unsigned int, JS::Value*)>, cx=0x565029a21000) at ./debian/build/dist/include/js/CallArgs.h:286
ok = <optimized out>
ok = <optimized out>
#8 js::InternalCallOrConstruct (cx=0x565029a21000, args=..., construct=<optimized out>) at ./js/src/vm/Interpreter.cpp:450
call = 0x7f2d4b51f880 <function_call(JSContext*, unsigned int, JS::Value*)>
skipForCallee = <optimized out>
fun = {<js::RootedBase<JSFunction*, JS::Rooted<JSFunction*> >> = {<js::MutableWrappedPtrOperations<JSFunction*, JS::Rooted<JSFunction*> >> = {<js::WrappedPtrOperations<JSFunction*, JS::Rooted<JSFunction*> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0xfffe7f2d29563eb0, prev = 0x7fff572b4da0, ptr = 0x565029a21020}
state = {<js::RunState> = {kind_ = (unknown: 693518000), script_ = {<js::RootedBase<JSScript*, JS::Rooted<JSScript*> >> = {<js::MutableWrappedPtrOperations<JSScript*, JS::Rooted<JSScript*> >> = {<js::WrappedPtrOperations<JSScript*, JS::Rooted<JSScript*> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0x7f2d4931ed08 <InternalConstruct(JSContext*, js::AnyConstructArgs const&)+280>, prev = 0x565029a21058, ptr = 0x7fff572b5030}}, args_ = @0x7f2d29bd63f8, construct_ = (unknown: 209315840)}
ok = <optimized out>
#9 0x00007f2d49311461 in js::CallFromStack (args=..., cx=<optimized out>) at ./js/src/vm/Interpreter.cpp:3115