gnome-shell: js::gc::Cell::storeBuffer(): gnome-shell killed by SIGSEGV
Affected version
Provide at least the following information:
- Your OS and version: Fedora 38 Beta
- Affected GNOME Shell version:
gnome-shell-44~rc-2.fc38.x86_64
- Does this issue appear in XOrg and/or Wayland: Wayland, Xorg not tested
- Does this issue happen without extensions: Not sure, I don't know how to reproduce it on will. I only have the AppIndicator extension.
Bug summary
Sometimes I see a gnome-shell crash when logging out. I'm not sure how to trigger it, it might be race condition.
Steps to reproduce
Not sure. Log out, sometimes it happens.
Relevant logs, screenshots, screencasts etc.
There are backtraces in: https://bugzilla.redhat.com/show_bug.cgi?id=2175759
Here's the latest backtrace:
Core was generated by `/usr/bin/gnome-shell'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f6f7c954f8c in js::gc::Cell::storeBuffer (this=<optimized out>, this=<optimized out>) at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Cell.h:357
357 inline StoreBuffer* Cell::storeBuffer() const { return chunk()->storeBuffer; }
[Current thread is 1 (Thread 0x7f6f7a8c05c0 (LWP 1583))]
#0 0x00007f6f7c954f8c in js::gc::Cell::storeBuffer (this=<optimized out>, this=<optimized out>) at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Cell.h:357
No locals.
#1 js::gc::PostWriteBarrierImpl<JSObject> (next=<optimized out>, prev=<optimized out>, cellp=<optimized out>) at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/StoreBuffer.h:646
buffer = 0x0
buffer = <optimized out>
#2 js::gc::PostWriteBarrier<js::SavedFrame> (next=<optimized out>, prev=<optimized out>, vp=<optimized out>) at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/StoreBuffer.h:658
No locals.
#3 js::InternalBarrierMethods<js::SavedFrame*, void>::postBarrier (next=<optimized out>, prev=<optimized out>, vp=0x5634d9654fd0) at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Barrier.h:350
No locals.
#4 js::InternalBarrierMethods<js::SavedFrame*, void>::postBarrier (vp=0x5634d9654fd0, prev=<optimized out>, next=<optimized out>) at /usr/src/debug/mozjs102-102.9.0-1.fc38.x86_64/gc/Barrier.h:349
No locals.
#5 0x00007f6f7e407109 in js::BarrierMethods<JSObject*, void>::postWriteBarrier (next=0x0, prev=<optimized out>, vp=0x5634d9654fd0) at /usr/include/mozjs-102/js/RootingAPI.h:795
No locals.
#6 JS::Heap<JSObject*>::postWriteBarrier (next=<optimized out>, prev=<optimized out>, this=<optimized out>, this=<optimized out>, prev=<optimized out>, next=<optimized out>) at /usr/include/mozjs-102/js/RootingAPI.h:376
No locals.
#7 JS::Heap<JSObject*>::~Heap (this=<optimized out>, this=<optimized out>) at /usr/include/mozjs-102/js/RootingAPI.h:338
No locals.
#8 mozilla::detail::VectorImpl<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy, false>::destroy (aEnd=0x5634d9654fd8, aBegin=<optimized out>) at /usr/include/mozjs-102/mozilla/Vector.h:65
p = 0x5634d9654fd0
#9 mozilla::Vector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~Vector (this=<optimized out>, this=<optimized out>) at /usr/include/mozjs-102/mozilla/Vector.h:901
g = <optimized out>
g = <optimized out>
#10 JS::GCVector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~GCVector (this=<optimized out>, this=<optimized out>) at /usr/include/mozjs-102/js/GCVector.h:43
No locals.
#11 GjsContextPrivate::~GjsContextPrivate (this=<optimized out>, this=<optimized out>) at ../gjs/context.cpp:487
_pp = <optimized out>
_ptr = <optimized out>
_pp = <optimized out>
_ptr = <optimized out>
_pp = <optimized out>
_ptr = <optimized out>
#12 0x00007f6f7e40838b in gjs_context_finalize (object=0x5634d59a7630) at ../gjs/context.cpp:500
gjs = <optimized out>
#13 0x00007f6f7eb9fbca in g_object_unref (_object=0x5634d59a7630) at ../gobject/gobject.c:3938
_pp = <optimized out>
gaig_temp = <optimized out>
gaig_temp = <optimized out>
weak_locations = <optimized out>
nqueue = 0x5634d6034670
_ptr = <optimized out>
object = 0x5634d59a7630
old_ref = <optimized out>
retry_atomic_decrement1 = <optimized out>
__func__ = "g_object_unref"
#14 0x00007f6f7e82745d in _shell_global_destroy_gjs_context (self=<optimized out>) at ../src/shell-global.c:737
_pp = <optimized out>
_ptr = <optimized out>
#15 0x00005634d4752011 in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:674
context = 0x5634d565dcf0
error = 0x0
ecode = 0