Version-Release number of selected component: polkit-0.112-2.fc20 Additional info: reporter: libreport-2.2.1 backtrace_rating: 4 cmdline: /usr/lib/polkit-1/polkitd --no-debug crash_function: LookupPropertyWithFlagsInline executable: /usr/lib/polkit-1/polkitd kernel: 3.13.8-200.fc20.x86_64 runlevel: N 5 type: CCpp uid: 999 Truncated backtrace: Thread no. 1 (10 frames) #0 LookupPropertyWithFlagsInline at /usr/src/debug/mozjs17.0.0/js/src/jsobj.cpp:4077 #1 js_GetPropertyHelperInline at /usr/src/debug/mozjs17.0.0/js/src/jsobj.cpp:4277 #2 js::GetPropertyHelper at /usr/src/debug/mozjs17.0.0/js/src/jsobj.cpp:4365 #3 js::Interpret at /usr/src/debug/mozjs17.0.0/js/src/jsinterpinlines.h:270 #4 js::RunScript at /usr/src/debug/mozjs17.0.0/js/src/jsinterp.cpp:309 #5 js::InvokeKernel at /usr/src/debug/mozjs17.0.0/js/src/jsinterp.cpp:363 #6 js::Invoke at /usr/src/debug/mozjs17.0.0/js/src/jsinterp.h:119 #7 JS_CallFunctionName at /usr/src/debug/mozjs17.0.0/js/src/jsapi.cpp:5837 #8 call_js_function_with_runaway_killer at polkitbackendjsauthority.c:1019 #9 polkit_backend_js_authority_check_authorization_sync at polkitbackendjsauthority.c:1180
Created attachment 885260 [details] File: backtrace
Created attachment 885261 [details] File: cgroup
Created attachment 885262 [details] File: core_backtrace
Created attachment 885263 [details] File: dso_list
Created attachment 885264 [details] File: environ
Created attachment 885265 [details] File: exploitable
Created attachment 885266 [details] File: limits
Created attachment 885267 [details] File: maps
Created attachment 885268 [details] File: open_fds
Created attachment 885269 [details] File: proc_pid_status
Created attachment 885270 [details] File: var_log_messages
Thanks for your report. Can you reproduce this crash at will?
Notes to self: crash in > if (!proto->isNative()) { where isNative is an inline from vm/ObjectImpl-inl.h, invisibly indirecting through proto->shape_ , which is NULL. "current" at that time points to our generated Action() object, which is constructed by interpreting a script, so not too likely to be incorrect. Overall likely to be a duplicate of #910262, but the only way to know is to have a reproducer and test with a fixed package.
(In reply to Miloslav Trmač from comment #12) > Thanks for your report. Can you reproduce this crash at will? Hi Miloslav, Sorry, no I can't. I have no idea what I was doing at the time.
OK, I'll mark it as a duplicate of #910262 for now, which should be fixed Real Soon Now. If, after fixing that bug, this crash reappears, please reopen this report. *** This bug has been marked as a duplicate of bug 910262 ***