[Desktop-packages] [Bug 1964458] Re: [jammy] gnome-shell crashes with SIGSEGV in js::gc::Cell::storeBuffer from js::gc::PostWriteBarrierImpl

Fri, 25 Mar 2022 02:26:27 -0700 

** No longer affects: gjs (Ubuntu)

** No longer affects: mozjs91 (Ubuntu)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to mozjs91 in Ubuntu.
https://bugs.launchpad.net/bugs/1964458

Title:
  [jammy] gnome-shell crashes with SIGSEGV in js::gc::Cell::storeBuffer
  from js::gc::PostWriteBarrierImpl<JSObject>

Status in gjs:
  Unknown
Status in gnome-shell package in Ubuntu:
  In Progress

Bug description:
  Core was generated by `gnome-shell --sm-disable --mode=ubiquity'.
  Program terminated with signal SIGSEGV, Segmentation fault.

  In mozjs91:

  #0 0x00007f5a697c3f44 in js::gc::Cell::storeBuffer (this=<optimized out>, 
this=<optimized out>)
      at .././js/src/gc/Cell.h:357
  #1 js::gc::PostWriteBarrierImpl<JSObject> (next=<optimized out>, 
prev=<optimized out>, cellp=<optimized out>)
      at .././js/src/gc/StoreBuffer.h:654
  #2 js::gc::PostWriteBarrier<js::SavedFrame> (next=<optimized out>, 
prev=<optimized out>, vp=<optimized out>)
      at .././js/src/gc/StoreBuffer.h:666
  #3 js::InternalBarrierMethods<js::SavedFrame*>::postBarrier (next=<optimized 
out>, prev=<optimized out>,
      vp=0x7f5a5002b200) at .././js/src/gc/Barrier.h:333
  #4 js::InternalBarrierMethods<js::SavedFrame*>::postBarrier 
(vp=0x7f5a5002b200, prev=<optimized out>,
      next=<optimized out>) at .././js/src/gc/Barrier.h:332
  #5 0x00007f5a6b637722 in js::BarrierMethods<JSObject*>::postWriteBarrier 
(next=<optimized out>,
      prev=<optimized out>, vp=<optimized out>, vp=<optimized out>, 
prev=<optimized out>, next=<optimized out>)
      at /usr/include/mozjs-91/js/RootingAPI.h:770
  #6 JS::Heap<JSObject*>::postWriteBarrier (next=<optimized out>, 
prev=<optimized out>, this=<optimized out>,
      this=<optimized out>, prev=<optimized out>, next=<optimized out>) at 
/usr/include/mozjs-91/js/RootingAPI.h:361
  #7 JS::Heap<JSObject*>::~Heap (this=<optimized out>, this=<optimized out>)
      at /usr/include/mozjs-91/js/RootingAPI.h:323
  #8 mozilla::detail::VectorImpl<JS::Heap<JSObject*>, 0ul, 
js::SystemAllocPolicy, false>::destroy (
      aEnd=0x7f5a5002b218, aBegin=<optimized out>) at 
/usr/include/mozjs-91/mozilla/Vector.h:65
  #9 mozilla::Vector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~Vector 
(this=<optimized out>,
      this=<optimized out>) at /usr/include/mozjs-91/mozilla/Vector.h:901
  #10 JS::GCVector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~GCVector 
(this=<optimized out>,
      this=<optimized out>) at /usr/include/mozjs-91/js/GCVector.h:43
  #11 GjsContextPrivate::~GjsContextPrivate (this=<optimized out>, 
this=<optimized out>) at ../gjs/context.cpp:482
  #12 0x00007f5a6b638978 in gjs_context_finalize (object=0x557e2a3f7180) at 
../gjs/context.cpp:495
  #13 0x00007f5a6c0d2dfd in g_object_unref () from 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #14 0x00007f5a6c31d77d in _shell_global_destroy_gjs_context (self=<optimized 
out>) at ../src/shell-global.c:703
  #15 0x0000557e2950bece in main (argc=<optimized out>, argv=<optimized out>) 
at ../src/main.c:659

  In mozjs78:

  See bug 1947130

To manage notifications about this bug go to:
https://bugs.launchpad.net/gjs/+bug/1964458/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to