SIGSEGV clutter_stage_set_key_focus
Affected version
Fedora 35, Mutter 42.2, Gnome-shell 42.2
Bug summary
I was using qBittorrent when it again started stalling (I often get warnings it is not responding). However, I did not yet get the warning window. Next I tried to make a screenshot. The menu to select Selection/Screen... appeared and then gnome-shell crashed.
I didn't try to reproduce.
What happened
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000757426ecbb14 in clutter_stage_set_key_focus () from /usr/lib64/mutter-10/libmutter-clutter-10.so.0
[Current thread is 1 (Thread 0x75742152b600 (LWP 2108780))]
(gdb) bt
#0 0x0000757426ecbb14 in clutter_stage_set_key_focus () at /usr/lib64/mutter-10/libmutter-clutter-10.so.0
#1 0x0000757426068c04 in ffi_call_unix64 () at ../src/x86/unix64.S:76
#2 0x0000757426068108 in ffi_call (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>) at ../src/x86/ffi64.c:525
#3 0x0000757426f911c4 in Gjs::Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*) [clone .localalias] [clone .lto_priv.0]
() at /usr/lib64/libgjs.so.0
#4 0x0000757426f918c7 in Gjs::Function::call(JSContext*, unsigned int, JS::Value*) () at /usr/lib64/libgjs.so.0
#5 0x0000757424f52f8b in CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&)
(args=..., reason=js::CallReason::Call, native=0x757426f917f0 <Gjs::Function::call(JSContext*, unsigned int, JS::Value*)>, cx=0x56dc8d5d72b0)
at /usr/src/debug/mozjs91-91.9.0-1.fc35.x86_64/vm/Interpreter.cpp:426
#6 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason)
(cx=0x56dc8d5d72b0, args=..., construct=<optimized out>, reason=js::CallReason::Call) at /usr/src/debug/mozjs91-91.9.0-1.fc35.x86_64/vm/Interpreter.cpp:497
#7 0x0000757424f43f00 in js::CallFromStack(JSContext*, JS::CallArgs const&) (args=<optimized out>, cx=<optimized out>)
at /usr/src/debug/mozjs91-91.9.0-1.fc35.x86_64/vm/Interpreter.cpp:575
#8 Interpret(JSContext*, js::RunState&) (cx=0x56dc8d5d72b0, state=...) at /usr/src/debug/mozjs91-91.9.0-1.fc35.x86_64/vm/Interpreter.cpp:3226
#9 0x0000757424f527d1 in js::RunScript(JSContext*, js::RunState&) (cx=0x56dc8d5d72b0, state=...)
at /usr/src/debug/mozjs91-91.9.0-1.fc35.x86_64/vm/Interpreter.cpp:395
#10 0x0000757424f52d91 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason)
(cx=0x56dc8d5d72b0, args=..., construct=js::NO_CONSTRUCT, reason=js::CallReason::Call)
at /usr/src/debug/mozjs91-91.9.0-1.fc35.x86_64/vm/Interpreter.cpp:543
#11 0x0000757424f53262 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) (cx=<optimized out>, fval=..., thisv=..., args=..., rval=..., reason=<optimized out>)
at /usr/src/debug/mozjs91-91.9.0-1.fc35.x86_64/vm/Interpreter.cpp:588
#12 0x0000757424fb1f19 in JS_CallFunction(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSFunction*>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) (cx=0x56dc8d5d72b0, obj=..., fun=..., args=..., rval=...) at /usr/src/debug/mozjs91-91.9.0-1.fc35.x86_64/dist/include/js/RootingAPI.h:1193
#13 0x0000757426f8fa10 in Gjs::Closure::invoke(JS::Handle<JSObject*>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /usr/lib64/libgjs.so.0
#14 0x0000757426fc5076 in Gjs::Closure::marshal(_GValue*, unsigned int, _GValue const*, void*, void*) () at /usr/lib64/libgjs.so.0
#18 0x0000757427a72c03 in <emit signal ??? on instance ???> (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>)
at ../gobject/gsignal.c:3553
#15 0x0000757427a54c7f in g_closure_invoke
(closure=0x56dc8e71c8c0, return_value=0x0, n_param_values=2, param_values=0x7ffc6c421d60, invocation_hint=0x7ffc6c421ce0) at ../gobject/gclosure.c:830
#16 0x0000757427a71126 in signal_emit_unlocked_R
(node=node@entry=0x56dc8d81a200, detail=detail@entry=0, instance=instance@entry=0x56dc8e71b460, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc6c421d60) at ../gobject/gsignal.c:3742
#17 0x0000757427a729ea in g_signal_emit_valist
(instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc6c421f30) at ../gobject/gsignal.c:3497
#19 0x0000757426933a8e in st_button_button_release () at /usr/lib64/gnome-shell/libst-1.0.so
#20 0x0000757426e68448 in _clutter_marshal_BOOLEAN__BOXEDv () at /usr/lib64/mutter-10/libmutter-clutter-10.so.0
#21 0x0000757427a72aba in _g_closure_invoke_va
(param_types=0x56dc8cff3a20, n_params=<optimized out>, args=0x7ffc6c422250, instance=0x56dc8e71b460, return_value=0x7ffc6c4221a0, closure=0x56dc8d010c30)
at ../gobject/gclosure.c:893
#22 g_signal_emit_valist (instance=0x56dc8e71b460, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffc6c422250) at ../gobject/gsignal.c:3406
#23 0x0000757427a72c03 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at ../gobject/gsignal.c:3553
#24 0x0000757426e7cd24 in clutter_actor_event () at /usr/lib64/mutter-10/libmutter-clutter-10.so.0
#25 0x0000757426e874eb in _clutter_actor_handle_event () at /usr/lib64/mutter-10/libmutter-clutter-10.so.0
#26 0x0000757426eb456c in _clutter_process_event () at /usr/lib64/mutter-10/libmutter-clutter-10.so.0
#27 0x0000757426ecbec0 in _clutter_stage_queue_event () at /usr/lib64/mutter-10/libmutter-clutter-10.so.0
#28 0x0000757426c44300 in clutter_source_dispatch () at /usr/lib64/libmutter-10.so.0
#29 0x000075742795b0af in g_main_dispatch (context=0x56dc8cca0e50) at ../glib/gmain.c:3381
#30 g_main_context_dispatch (context=0x56dc8cca0e50) at ../glib/gmain.c:4099
#31 0x00007574279b0308 in g_main_context_iterate.constprop.0 (context=0x56dc8cca0e50, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
at ../glib/gmain.c:4175
#32 0x000075742795a7c3 in g_main_loop_run (loop=0x56dc8f1b3790) at ../glib/gmain.c:4373
#33 0x0000757426ca3129 in meta_context_run_main_loop () at /usr/lib64/libmutter-10.so.0
#34 0x000056dc8bb0fe2b in main ()