Segfault in `clutter_stage_get_device_coords()` during shutdown
Using Debian sid/unstable with mutter 44.4-3, gnome-shell 44.4-1 and sysprof 45~rc-1, I ran
sysprof-cli --session-bus --gnome-shell capture.syscap
and then pressed the meta (Windows) key to bring up the overlay. gnome-shell
segfaulted, and coredumpctl handled that, and the “fail window” popped up. I then closed that by pressing Ctrl + F4, and GNOME Shell terminated another time with a segmentation fault:
(gdb) bt
#0 0x00007f1b0b44fc08 in clutter_stage_get_device_coords
(stage=stage@entry=0x0, device=device@entry=0x564c52613e10 [MetaInputDeviceX11], sequence=sequence@entry=0x0, coords=coords@entry=0x7fff1f8d4a70)
at ../clutter/clutter/clutter-stage.c:3395
#1 0x00007f1b0b45091a in clutter_stage_repick_device (stage=0x0, device=0x564c52613e10 [MetaInputDeviceX11])
at ../clutter/clutter/clutter-stage.c:3796
#2 0x00007f1b0a6dcf7a in ffi_call_unix64 () at ../src/x86/unix64.S:104
#3 0x00007f1b0a6dc40e in ffi_call_int
(cif=cif@entry=0x564c54844fe0, fn=fn@entry=0x7f1b0ba333d0 <shell_wm_completed_destroy>, rvalue=<optimized out>,
rvalue@entry=0x0, avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:673
#4 0x00007f1b0a6dcb0d in ffi_call (cif=0x564c54844fe0, fn=0x7f1b0ba333d0 <shell_wm_completed_destroy>, rvalue=0x0, avalue=<optimized out>)
at ../src/x86/ffi64.c:710
#5 0x00007f1b0b526fa7 in Gjs::Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*)
(this=<optimized out>, context=0x564c52693920, args=<optimized out>, this_obj=..., r_value=<optimized out>)
at ./obj-x86_64-linux-gnu/../gi/function.cpp:1048
#6 0x00007f1b0b527698 in Gjs::Function::call(JSContext*, unsigned int, JS::Value*)
(context=0x564c52693920, js_argc=<optimized out>, vp=<optimized out>) at ./obj-x86_64-linux-gnu/../gi/function.cpp:1228
#7 0x00007f1b08796650 in () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#8 0x00007f1b08789d97 in () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#9 0x00007f1b08795d6d in () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#10 0x00007f1b08796297 in () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#11 0x00007f1b0879685c in () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#12 0x00007f1b0883fb5d in JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#13 0x00007f1b0b503ed1 in JS::Call (rval=..., args=..., fun=..., thisObj=..., cx=<optimized out>) at /usr/include/mozjs-102/js/CallAndConstruct.h:92
#14 Gjs::Closure::invoke(JS::Handle<JSObject*>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>)
(this=this@entry=0x564c537b2a90, this_obj=this_obj@entry=..., args=..., retval=retval@entry=...) at ./obj-x86_64-linux-gnu/../gi/closure.cpp:184
#15 0x00007f1b0b557884 in Gjs::Closure::marshal(_GValue*, unsigned int, _GValue const*, void*, void*)
(this=0x564c537b2a90, return_value=0x0, n_param_values=<optimized out>, param_values=0x7fff1f8d5ad0, invocation_hint=<optimized out>, marshal_data=<optimized out>) at /usr/include/mozjs-102/js/RootingAPI.h:613
#20 0x00007f1b0b7e3243 in <emit signal 'stopped' on instance 0x564c546f77f0 [ClutterPropertyTransition]>
(instance=<optimized out>, signal_id=<optimized out>, detail=detail@entry=0) at ../../../gobject/gsignal.c:3675
#16 0x00007f1b0b7c8540 in g_closure_invoke
(closure=0x564c537b2a90, return_value=0x0, n_param_values=2, param_values=0x7fff1f8d5ad0, invocation_hint=0x7fff1f8d5a20)
at ../../../gobject/gclosure.c:832
#17 0x00007f1b0b7dbafc in signal_emit_unlocked_R
(node=node@entry=0x7fff1f8d5ba0, detail=detail@entry=0, instance=instance@entry=0x564c546f77f0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fff1f8d5ad0) at ../../../gobject/gsignal.c:3980
#18 0x00007f1b0b7dd501 in signal_emit_valist_unlocked
(instance=instance@entry=0x564c546f77f0, signal_id=signal_id@entry=687, detail=detail@entry=0, var_args=var_args@entry=0x7fff1f8d5d00)
at ../../../gobject/gsignal.c:3612
#19 0x00007f1b0b7e3186 in g_signal_emit_valist (instance=0x564c546f77f0, signal_id=687, detail=0, var_args=0x7fff1f8d5d00)
at ../../../gobject/gsignal.c:3355
#21 0x00007f1b0b46372a in clutter_timeline_stop (timeline=<optimized out>) at ../clutter/clutter/clutter-timeline.c:1456
#22 0x00007f1b0b3effe5 in transition_closure_free (data=0x564c5454fdb0) at ../clutter/clutter/clutter-actor.c:16966
#23 0x00007f1b0b6b0a02 in iter_remove_or_steal (ri=ri@entry=0x7fff1f8d5e20, notify=notify@entry=1) at ../../../glib/ghash.c:1238
#24 0x00007f1b0b6b1a6e in g_hash_table_iter_remove (iter=iter@entry=0x7fff1f8d5e20) at ../../../glib/ghash.c:1274
#25 0x00007f1b0b3f1753 in _clutter_actor_stop_transitions (self=<optimized out>) at ../clutter/clutter/clutter-actor.c:4061
#26 0x00007f1b0b3f17dd in clear_stage_views_cb
(actor=actor@entry=0x564c53e16ce0 [MetaWindowActorX11], depth=depth@entry=1, user_data=user_data@entry=0x1)
at ../clutter/clutter/clutter-actor.c:15265
#27 0x00007f1b0b3ef545 in _clutter_actor_traverse_depth
(actor=0x564c53e16ce0 [MetaWindowActorX11], before_children_callback=0x7f1b0b3f1790 <clear_stage_views_cb>, after_children_callback=0x0, current_depth=1, user_data=0x1) at ../clutter/clutter/clutter-actor.c:15914
#28 0x00007f1b0b3fa16e in _clutter_actor_traverse_depth
(user_data=0x1, current_depth=0, after_children_callback=0x0, before_children_callback=0x7f1b0b3f1790 <clear_stage_views_cb>, actor=0x564c5289c6d0 [MetaWindowGroup]) at ../clutter/clutter/clutter-actor.c:15926
#29 _clutter_actor_traverse
(flags=CLUTTER_ACTOR_TRAVERSE_DEPTH_FIRST, user_data=0x1, after_children_callback=0x0, before_children_callback=0x7f1b0b3f1790 <clear_stage_views_cb>, actor=0x564c5289c6d0 [MetaWindowGroup]) at ../clutter/clutter/clutter-actor.c:15975
#30 _clutter_actor_traverse
(user_data=0x1, after_children_callback=0x0, before_children_callback=0x7f1b0b3f1790 <clear_stage_views_cb>, flags=CLUTTER_ACTOR_TRAVERSE_DEPTH_FIRST, actor=0x564c5289c6d0 [MetaWindowGroup]) at ../clutter/clutter/clutter-actor.c:15964
#31 clutter_actor_clear_stage_views_recursive (self=self@entry=0x564c5289c6d0 [MetaWindowGroup], stop_transitions=stop_transitions@entry=1)
at ../clutter/clutter/clutter-actor.c:15295
#32 0x00007f1b0b3feea1 in clutter_actor_remove_child_internal
(self=0x564c52e92c90 [Gjs_ui_layout_UiActor], child=0x564c5289c6d0 [MetaWindowGroup], flags=REMOVE_CHILD_DEFAULT_FLAGS)
at ../clutter/clutter/clutter-actor.c:4209
#33 0x00007f1b0a6dcf7a in ffi_call_unix64 () at ../src/x86/unix64.S:104
#34 0x00007f1b0a6dc40e in ffi_call_int
(cif=cif@entry=0x564c52fe3340, fn=fn@entry=0x7f1b0b418be0 <clutter_container_remove_actor>, rvalue=<optimized out>,
rvalue@entry=0x0, avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:673
#35 0x00007f1b0a6dcb0d in ffi_call (cif=0x564c52fe3340, fn=0x7f1b0b418be0 <clutter_container_remove_actor>, rvalue=0x0, avalue=<optimized out>)
at ../src/x86/ffi64.c:710
#36 0x00007f1b0b526fa7 in Gjs::Function::invoke(JSContext*, JS::CallArgs const&, JS::Handle<JSObject*>, _GIArgument*)
(this=<optimized out>, context=0x564c52693920, args=<optimized out>, this_obj=..., r_value=<optimized out>)
at ./obj-x86_64-linux-gnu/../gi/function.cpp:1048
#37 0x00007f1b0b527698 in Gjs::Function::call(JSContext*, unsigned int, JS::Value*)
(context=0x564c52693920, js_argc=<optimized out>, vp=<optimized out>) at ./obj-x86_64-linux-gnu/../gi/function.cpp:1228
#38 0x00007f1b08796650 in () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#39 0x00007f1b08789d97 in () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#40 0x00007f1b08795e13 in () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#41 0x00007f1b08796297 in () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#42 0x00007f1b0879685c in () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#43 0x00007f1b0883fb5d in JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /lib/x86_64-linux-gnu/libmozjs-102.so.0
#44 0x00007f1b0b503ed1 in JS::Call (rval=..., args=..., fun=..., thisObj=..., cx=<optimized out>) at /usr/include/mozjs-102/js/CallAndConstruct.h:92
#45 Gjs::Closure::invoke(JS::Handle<JSObject*>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>)
(this=this@entry=0x564c52fe3a90, this_obj=this_obj@entry=..., args=..., retval=retval@entry=...) at ./obj-x86_64-linux-gnu/../gi/closure.cpp:184
#46 0x00007f1b0b557884 in Gjs::Closure::marshal(_GValue*, unsigned int, _GValue const*, void*, void*)
(this=0x564c52fe3a90, return_value=0x0, n_param_values=<optimized out>, param_values=0x7fff1f8d6f80, invocation_hint=<optimized out>, marshal_data=<optimized out>) at /usr/include/mozjs-102/js/RootingAPI.h:613
#51 0x00007f1b0b7e3243 in <emit signal 'shutdown' on instance 0x564c52680e60 [ShellGlobal]>
(instance=<optimized out>, signal_id=<optimized out>, detail=detail@entry=0) at ../../../gobject/gsignal.c:3675
#47 0x00007f1b0b7c8540 in g_closure_invoke
(closure=0x564c52fe3a90, return_value=0x0, n_param_values=1, param_values=0x7fff1f8d6f80, invocation_hint=0x7fff1f8d6ed0)
at ../../../gobject/gclosure.c:832
#48 0x00007f1b0b7dbafc in signal_emit_unlocked_R
(node=node@entry=0x7fff1f8d7030, detail=detail@entry=0, instance=instance@entry=0x564c52680e60, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fff1f8d6f80) at ../../../gobject/gsignal.c:3980
#49 0x00007f1b0b7dd501 in signal_emit_valist_unlocked
(instance=instance@entry=0x564c52680e60, signal_id=signal_id@entry=164, detail=detail@entry=0, var_args=var_args@entry=0x7fff1f8d7190)
at ../../../gobject/gsignal.c:3612
#50 0x00007f1b0b7e3186 in g_signal_emit_valist (instance=0x564c52680e60, signal_id=164, detail=0, var_args=0x7fff1f8d7190)
at ../../../gobject/gsignal.c:3355
#52 0x00007f1b0ba28093 in _shell_global_notify_shutdown (global=<optimized out>) at ../src/shell-global.c:1929
#53 0x0000564c50e849cd in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:690