[Desktop-packages] [Bug 1964458] Re: [jammy] gnome-shell crashes with SIGSEGV in js::gc::Cell::storeBuffer from js::gc::PostWriteBarrierImpl

Tue, 15 Mar 2022 02:16:16 -0700 

The most suspicious part of that stack I can find so far is in
gjs_context_finalize:

    GjsContextPrivate* gjs = GjsContextPrivate::from_object(object);
    gjs->~GjsContextPrivate();

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gjs in Ubuntu.
https://bugs.launchpad.net/bugs/1964458

Title:
  [jammy] gnome-shell crashes with SIGSEGV in js::gc::Cell::storeBuffer
  from js::gc::PostWriteBarrierImpl<JSObject>

Status in gjs package in Ubuntu:
  Confirmed
Status in gnome-shell package in Ubuntu:
  In Progress
Status in mozjs91 package in Ubuntu:
  Confirmed

Bug description:
  'gnome-shell --sm-disable --mode=ubiquity' crashes on exit with
  SIGSEGV in:

  #0  0x00007fd9229e61b4 in js::gc::Cell::storeBuffer (this=<optimized out>, 
this=<optimized out>)
      at .././js/src/gc/Cell.h:357
  #1  js::gc::PostWriteBarrierImpl<JSObject> (next=<optimized out>, 
prev=<optimized out>, cellp=<optimized out>)
      at .././js/src/gc/StoreBuffer.h:654
  #2  js::gc::PostWriteBarrier<js::SavedFrame> (next=<optimized out>, 
prev=<optimized out>, vp=<optimized out>)
      at .././js/src/gc/StoreBuffer.h:666
  #3  js::InternalBarrierMethods<js::SavedFrame*>::postBarrier (next=<optimized 
out>, prev=<optimized out>,
      vp=0x7fd910018210) at .././js/src/gc/Barrier.h:333
  #4  js::InternalBarrierMethods<js::SavedFrame*>::postBarrier 
(vp=0x7fd910018210, prev=<optimized out>,
      next=<optimized out>) at .././js/src/gc/Barrier.h:332
  #5  0x00007fd924858fd2 in js::BarrierMethods<JSObject*>::postWriteBarrier 
(next=<optimized out>,
      prev=<optimized out>, vp=<optimized out>, vp=<optimized out>, 
prev=<optimized out>, next=<optimized out>)
      at /usr/include/mozjs-91/js/RootingAPI.h:770
  #6  JS::Heap<JSObject*>::postWriteBarrier (next=<optimized out>, 
prev=<optimized out>, this=<optimized out>,
      this=<optimized out>, prev=<optimized out>, next=<optimized out>) at 
/usr/include/mozjs-91/js/RootingAPI.h:361
  #7  JS::Heap<JSObject*>::~Heap (this=<optimized out>, this=<optimized out>)
      at /usr/include/mozjs-91/js/RootingAPI.h:323
  #8  mozilla::detail::VectorImpl<JS::Heap<JSObject*>, 0ul, 
js::SystemAllocPolicy, false>::destroy (
      aEnd=0x7fd910018228, aBegin=<optimized out>) at 
/usr/include/mozjs-91/mozilla/Vector.h:65
  #9  mozilla::Vector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~Vector 
(this=<optimized out>,
      this=<optimized out>) at /usr/include/mozjs-91/mozilla/Vector.h:901
  #10 JS::GCVector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~GCVector 
(this=<optimized out>,
      this=<optimized out>) at /usr/include/mozjs-91/js/GCVector.h:43
  #11 GjsContextPrivate::~GjsContextPrivate (this=<optimized out>, 
this=<optimized out>) at ../gjs/context.cpp:483
  #12 0x00007fd92485a228 in gjs_context_finalize (object=0x55f0edb2b170) at 
../gjs/context.cpp:496
  #13 0x00007fd9252f3e5d in g_object_unref () from 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #14 0x00007fd92553e77d in _shell_global_destroy_gjs_context (self=<optimized 
out>) at ../src/shell-global.c:703
  #15 0x000055f0ec173ece in main (argc=<optimized out>, argv=<optimized out>) 
at ../src/main.c:659

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gjs/+bug/1964458/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to