Launchpad has imported 1 comments from the remote bug at https://bugzilla.mozilla.org/show_bug.cgi?id=1826512.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2023-04-05T08:20:49+00:00 Daniel van Vugt wrote: Steps to reproduce: 1. Log into gnome-shell (currently version 44 using mozjs102). 2. Wait or use it for a while (long enough for some GC to have occurred I guess). 3. Log out. https://launchpad.net/bugs/1974293 https://gitlab.gnome.org/GNOME/gjs/-/issues/472 Actual results: #0 __pthread_kill_implementation (no_tid=0, signo=11, threadid=<optimised out>) at ./nptl/pthread_kill.c:44 tid = <optimised out> ret = 0 pd = <optimised out> old_mask = {__val = {11}} ret = <optimised out> #1 __pthread_kill_internal (signo=11, threadid=<optimised out>) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=<optimised out>, signo=signo@entry=11) at ./nptl/pthread_kill.c:89 #3 0x00007f464d03c406 in __GI_raise (sig=sig@entry=11) at ../sysdeps/posix/raise.c:26 ret = <optimised out> #4 0x000056282c4afaea in dump_gjs_stack_on_signal_handler (signo=11) at ../src/main.c:495 sa = {__sigaction_handler = {sa_handler = 0x56282c4af730 <dump_gjs_stack_alarm_sigaction>, sa_sigaction = 0x56282c4af730 <dump_gjs_stack_alarm_sigaction>}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0x0} i = <optimised out> #5 0x00007f464d03c4b0 in <signal handler called> () at /lib/x86_64-linux-gnu/libc.so.6 #6 0x00007f464ad8d344 in js::gc::Cell::storeBuffer() const (this=<optimised out>, this=<optimised out>) at /usr/src/mozjs102-102.9.0-1/js/src/gc/Cell.h:357 buffer = 0x0 #7 js::gc::PostWriteBarrierImpl<JSObject>(void*, JSObject*, JSObject*) (next=<optimised out>, prev=<optimised out>, cellp=<optimised out>) at /usr/src/mozjs102-102.9.0-1/js/src/gc/StoreBuffer.h:646 buffer = 0x0 #8 js::gc::PostWriteBarrier<js::SavedFrame>(js::SavedFrame**, js::SavedFrame*, js::SavedFrame*) (next=<optimised out>, prev=<optimised out>, vp=<optimised out>) at /usr/src/mozjs102-102.9.0-1/js/src/gc/StoreBuffer.h:658 #9 js::InternalBarrierMethods<js::SavedFrame*, void>::postBarrier(js::SavedFrame**, js::SavedFrame*, js::SavedFrame*) (next=<optimised out>, prev=<optimised out>, vp=0x7f4630022da0) at /usr/src/mozjs102-102.9.0-1/js/src/gc/Barrier.h:350 #10 js::InternalBarrierMethods<js::SavedFrame*, void>::postBarrier(js::SavedFrame**, js::SavedFrame*, js::SavedFrame*) (vp=0x7f4630022da0, prev=<optimised out>, next=<optimised out>) at /usr/src/mozjs102-102.9.0-1/js/src/gc/Barrier.h:349 #11 0x00007f464d91f721 in js::BarrierMethods<JSObject*, void>::postWriteBarrier(JSObject**, JSObject*, JSObject*) (next=0x0, prev=<optimised out>, vp=0x7f4630022da0) at /usr/include/mozjs-102/js/RootingAPI.h:795 p = 0x7f4630022da0 #12 JS::Heap<JSObject*>::postWriteBarrier(JSObject* const&, JSObject* const&) (next=<optimised out>, prev=@0x7f4630022da0: 0x1c8a30a483a0, this=0x7f4630022da0, this=<optimised out>, prev=<optimised out>, next=<optimised out>) at /usr/include/mozjs-102/js/RootingAPI.h:376 p = 0x7f4630022da0 #13 JS::Heap<JSObject*>::~Heap() (this=0x7f4630022da0, this=<optimised out>) at /usr/include/mozjs-102/js/RootingAPI.h:338 p = 0x7f4630022da0 #14 mozilla::detail::VectorImpl<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy, false>::destroy(JS::Heap<JSObject*>*, JS::Heap<JSObject*>*) (aEnd=0x7f4630022da8, aBegin=<optimised out>) at /usr/include/mozjs-102/mozilla/Vector.h:65 p = 0x7f4630022da0 #15 mozilla::Vector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~Vector() (this=0x56282d2db9d8, this=<optimised out>) at /usr/include/mozjs-102/mozilla/Vector.h:901 #16 JS::GCVector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~GCVector() (this=0x56282d2db9d8, this=<optimised out>) at /usr/include/mozjs-102/js/GCVector.h:43 #17 GjsContextPrivate::~GjsContextPrivate() (this=0x56282d2db960, this=<optimised out>) at /usr/src/gjs-1.76.0-1/obj-x86_64-linux-gnu/../gjs/context.cpp:487 #18 0x00007f464d9211e3 in gjs_context_finalize(GObject*) (object=0x56282d2dbae0) at /usr/src/gjs-1.76.0-1/obj-x86_64-linux-gnu/../gjs/context.cpp:500 gjs = <optimised out> #19 0x00007f464e02ee4c in g_object_unref (_object=0x56282d2dbae0) at ../../../gobject/gobject.c:3938 weak_locations = <optimised out> nqueue = 0x56282d8fc5c0 object = 0x56282d2dbae0 old_ref = <optimised out> __func__ = "g_object_unref" #20 0x00007f464dc2508d in _shell_global_destroy_gjs_context (self=<optimised out>) at ../src/shell-global.c:752 _pp = <optimised out> _ptr = <optimised out> #21 0x000056282c4af00f in main (argc=<optimised out>, argv=<optimised out>) at ../src/main.c:776 context = 0x56282cd4e780 debug_flags_string = 0x56282d06c7b0 "backtrace-aborts:backtrace-math-errors:backtrace-crashes-all:backtrace-all" error = 0x0 shell_debug = <optimised out> ecode = 0 (gdb) Expected results: No crash. Reply at: https://bugs.launchpad.net/ubuntu/+source/gnome- shell/+bug/1974293/comments/51 ** Changed in: mozjs Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-shell in Ubuntu. https://bugs.launchpad.net/bugs/1974293 Title: gnome-shell crashed on logout with SIGSEGV in js::gc::Cell::storeBuffer() from js::gc::PostWriteBarrierImpl<JSObject>() To manage notifications about this bug go to: https://bugs.launchpad.net/gjs/+bug/1974293/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
