Ubuntu
gnome-shell package

Bug #1964458
Comment #8

Comment 8 for bug 1964458

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2022-03-15: Re: [jammy] gnome-shell crashes with SIGSEGV in js::gc::Cell::storeBuffer from js::gc::PostWriteBarrierImpl<JSObject>

Fresh stack trace from image 2022-03-13 with newer gjs and mozjs91 packages:

Core was generated by `gnome-shell --sm-disable --mode=ubiquity'.
Program terminated with signal SIGSEGV, Segmentation fault.

#0 0x00007f5a697c3f44 in js::gc::Cell::storeBuffer (this=<optimized out>, this=<optimized out>)
    at .././js/src/gc/Cell.h:357
#1 js::gc::PostWriteBarrierImpl<JSObject> (next=<optimized out>, prev=<optimized out>, cellp=<optimized out>)
    at .././js/src/gc/StoreBuffer.h:654
#2 js::gc::PostWriteBarrier<js::SavedFrame> (next=<optimized out>, prev=<optimized out>, vp=<optimized out>)
    at .././js/src/gc/StoreBuffer.h:666
#3 js::InternalBarrierMethods<js::SavedFrame*>::postBarrier (next=<optimized out>, prev=<optimized out>,
    vp=0x7f5a5002b200) at .././js/src/gc/Barrier.h:333
#4 js::InternalBarrierMethods<js::SavedFrame*>::postBarrier (vp=0x7f5a5002b200, prev=<optimized out>,
    next=<optimized out>) at .././js/src/gc/Barrier.h:332
#5 0x00007f5a6b637722 in js::BarrierMethods<JSObject*>::postWriteBarrier (next=<optimized out>,
    prev=<optimized out>, vp=<optimized out>, vp=<optimized out>, prev=<optimized out>, next=<optimized out>)
    at /usr/include/mozjs-91/js/RootingAPI.h:770
#6 JS::Heap<JSObject*>::postWriteBarrier (next=<optimized out>, prev=<optimized out>, this=<optimized out>,
    this=<optimized out>, prev=<optimized out>, next=<optimized out>) at /usr/include/mozjs-91/js/RootingAPI.h:361
#7 JS::Heap<JSObject*>::~Heap (this=<optimized out>, this=<optimized out>)
    at /usr/include/mozjs-91/js/RootingAPI.h:323
#8 mozilla::detail::VectorImpl<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy, false>::destroy (
    aEnd=0x7f5a5002b218, aBegin=<optimized out>) at /usr/include/mozjs-91/mozilla/Vector.h:65
#9 mozilla::Vector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~Vector (this=<optimized out>,
    this=<optimized out>) at /usr/include/mozjs-91/mozilla/Vector.h:901
#10 JS::GCVector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~GCVector (this=<optimized out>,
    this=<optimized out>) at /usr/include/mozjs-91/js/GCVector.h:43
#11 GjsContextPrivate::~GjsContextPrivate (this=<optimized out>, this=<optimized out>) at ../gjs/context.cpp:482
#12 0x00007f5a6b638978 in gjs_context_finalize (object=0x557e2a3f7180) at ../gjs/context.cpp:495
#13 0x00007f5a6c0d2dfd in g_object_unref () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#14 0x00007f5a6c31d77d in _shell_global_destroy_gjs_context (self=<optimized out>) at ../src/shell-global.c:703
#15 0x0000557e2950bece in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:659

Fresh stack trace from image 2022-03-13 with newer gjs and mozjs91 packages:

Core was generated by `gnome-shell --sm-disable --mode=ubiquity'.
Program terminated with signal SIGSEGV, Segmentation fault.

#0  0x00007f5a697c3f44 in js::gc::Cell::storeBuffer (this=<optimized out>, this=<optimized out>)
    at .././js/src/gc/Cell.h:357
#1  js::gc::PostWriteBarrierImpl<JSObject> (next=<optimized out>, prev=<optimized out>, cellp=<optimized out>)
    at .././js/src/gc/StoreBuffer.h:654
#2  js::gc::PostWriteBarrier<js::SavedFrame> (next=<optimized out>, prev=<optimized out>, vp=<optimized out>)
    at .././js/src/gc/StoreBuffer.h:666
#3  js::InternalBarrierMethods<js::SavedFrame*>::postBarrier (next=<optimized out>, prev=<optimized out>, 
    vp=0x7f5a5002b200) at .././js/src/gc/Barrier.h:333
#4  js::InternalBarrierMethods<js::SavedFrame*>::postBarrier (vp=0x7f5a5002b200, prev=<optimized out>, 
    next=<optimized out>) at .././js/src/gc/Barrier.h:332
#5  0x00007f5a6b637722 in js::BarrierMethods<JSObject*>::postWriteBarrier (next=<optimized out>, 
    prev=<optimized out>, vp=<optimized out>, vp=<optimized out>, prev=<optimized out>, next=<optimized out>)
    at /usr/include/mozjs-91/js/RootingAPI.h:770
#6  JS::Heap<JSObject*>::postWriteBarrier (next=<optimized out>, prev=<optimized out>, this=<optimized out>, 
    this=<optimized out>, prev=<optimized out>, next=<optimized out>) at /usr/include/mozjs-91/js/RootingAPI.h:361
#7  JS::Heap<JSObject*>::~Heap (this=<optimized out>, this=<optimized out>)
    at /usr/include/mozjs-91/js/RootingAPI.h:323
#8  mozilla::detail::VectorImpl<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy, false>::destroy (
    aEnd=0x7f5a5002b218, aBegin=<optimized out>) at /usr/include/mozjs-91/mozilla/Vector.h:65
#9  mozilla::Vector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~Vector (this=<optimized out>, 
    this=<optimized out>) at /usr/include/mozjs-91/mozilla/Vector.h:901
#10 JS::GCVector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~GCVector (this=<optimized out>, 
    this=<optimized out>) at /usr/include/mozjs-91/js/GCVector.h:43
#11 GjsContextPrivate::~GjsContextPrivate (this=<optimized out>, this=<optimized out>) at ../gjs/context.cpp:482
#12 0x00007f5a6b638978 in gjs_context_finalize (object=0x557e2a3f7180) at ../gjs/context.cpp:495
#13 0x00007f5a6c0d2dfd in g_object_unref () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#14 0x00007f5a6c31d77d in _shell_global_destroy_gjs_context (self=<optimized out>) at ../src/shell-global.c:703
#15 0x0000557e2950bece in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:659

Ubuntugnome-shell package

Comment 8 for bug 1964458

Ubuntu
gnome-shell package