** Description changed:

  [Impact]
  gnome-shell crashes on shutdown and on `gnome-shell --replace`. A proper fix 
for `gnome-shell --replace` requires mutter 3.30.2-1  too.
  
  [Test Case]
- Covered by https://wiki.ubuntu.com/StableReleaseUpdates/GNOME
+ Given https://wiki.ubuntu.com/StableReleaseUpdates/GNOME, we don't need to 
explicitly test this fix, but the SRU will be more generally verified by the 
testing outlined in bug #1804641.
  
  [Regression Potential]
  The new stable version of gjs includes changes to fix random crashes when a 
gjs application is closed. Possible regressions are leaks and other crashes but 
none has been observed until now.
  
  [Original Bug]
  https://errors.ubuntu.com/problem/f64145b51a9d0fd20bfff57836b8f743e56c50ba
  https://gitlab.gnome.org/GNOME/gjs/issues/212
  
  ---
  
  mozjs60 crashes on gnome-shell exit (didn't happen with mozjs52 which
  was still the latest yesterday)
  
  Steps to reproduce:
  
  1. Start gnome-shell (master)
  2. Super+A to show applications
  3. Alt+F2 and type "debugexit" to exit cleanly.
  
  Backtrace:
  
  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x00007f3bf4033a4e in GetPropertyOperation (vp=..., lval=...,
      pc=<optimised out>, script=..., fp=<optimised out>, cx=<optimised out>)
      at ./js/src/vm/JSContext.h:161
  161   ./js/src/vm/JSContext.h: No such file or directory.
  [Current thread is 1 (Thread 0x7f3bebd2e340 (LWP 4269))]
  (gdb) bt
  #0  0x00007f3bf4033a4e in GetPropertyOperation
      (vp=..., lval=..., pc=<optimised out>, script=..., fp=<optimised out>, 
cx=<optimised out>) at ./js/src/vm/JSContext.h:161
  #1  0x00007f3bf4033a4e in Interpret(JSContext*, js::RunState&)
      (cx=0x55d07921beb0, state=...) at ./js/src/vm/Interpreter.cpp:2834
  #2  0x00007f3bf403eb06 in js::RunScript(JSContext*, js::RunState&)
      (cx=0x55d07921beb0, state=...) at ./js/src/vm/Interpreter.cpp:418
  #3  0x00007f3bf403f0d1 in js::InternalCallOrConstruct(JSContext*, 
JS::CallArgs const&, js::MaybeConstruct)
      (cx=0x55d07921beb0, args=..., construct=<optimised out>)
      at ./js/src/vm/Interpreter.cpp:490
  #4  0x00007f3bf403f339 in js::Call(JSContext*, JS::Handle<JS::Value>, 
JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>)
      (cx=cx@entry=0x55d07921beb0, fval=..., fval@entry=..., thisv=...,
      thisv@entry=..., args=..., rval=...) at ./js/src/vm/Interpreter.cpp:536
  #5  0x00007f3bf4372b81 in JS_CallFunctionValue(JSContext*, 
JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, 
JS::MutableHandle<JS::Value>) (cx=0x55d07921beb0, obj=..., fval=..., args=..., 
rval=...)
      at ./debian/build/dist/include/js/RootingAPI.h:1128
  #6  0x00007f3bf7631310 in gjs_call_function_value () at /usr/lib/libgjs.so.0
  #7  0x00007f3bf76045d5 in gjs_closure_invoke () at /usr/lib/libgjs.so.0
  #8  0x00007f3bf7625573 in  () at /usr/lib/libgjs.so.0
  #9  0x00007f3bf7f65b6d in g_closure_invoke ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #10 0x00007f3bf7f788f3 in  () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #11 0x00007f3bf7f81882 in g_signal_emit_valist ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #12 0x00007f3bf7f81ecf in g_signal_emit ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #13 0x00007f3bf74a9c33 in clutter_actor_dispose (object=0x55d0795aa5c0)
      at clutter-actor.c:5932
  #14 0x00007f3bf70529b4 in st_widget_dispose (gobject=0x55d0795aa5c0)
      at ../src/st/st-widget.c:354
  #15 0x00007f3bf7025d48 in st_bin_dispose (gobject=0x55d0795aa5c0)
      at ../src/st/st-bin.c:188
  #16 0x00007f3bf7f6c448 in g_object_run_dispose ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #17 0x00007f3bf749d023 in clutter_actor_destroy (self=0x55d0795aa5c0)
      at clutter-actor.c:8615
  #18 0x00007f3bf74a4404 in clutter_actor_iter_destroy (iter=0x7fff3285e4e0)
      at clutter-actor.c:19002
  #19 0x00007f3bf74a44b8 in clutter_actor_real_destroy (actor=0x55d0795a9ba0)
      at clutter-actor.c:6264
  #20 0x00007f3bf7f65b6d in g_closure_invoke ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #21 0x00007f3bf7f78c4a in  () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #22 0x00007f3bf7f81882 in g_signal_emit_valist ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #23 0x00007f3bf7f81ecf in g_signal_emit ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #24 0x00007f3bf74a9c33 in clutter_actor_dispose (object=0x55d0795a9ba0)
      at clutter-actor.c:5932
  #25 0x00007f3bf70529b4 in st_widget_dispose (gobject=0x55d0795a9ba0)
      at ../src/st/st-widget.c:354
  #26 0x00007f3bf7f6c448 in g_object_run_dispose ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #27 0x00007f3bf749d023 in clutter_actor_destroy (self=0x55d0795a9ba0)
      at clutter-actor.c:8615
  #28 0x00007f3bf7025cf5 in st_bin_dispose (gobject=0x55d0795a8260)
      at ../src/st/st-bin.c:185
  #29 0x00007f3bf7f6ac13 in g_object_unref ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #30 0x00007f3bf7610f5e in ObjectInstance::release_native_object() ()
      at /usr/lib/libgjs.so.0
  #31 0x00007f3bf7618496 in ObjectInstance::disassociate_js_gobject() ()
      at /usr/lib/libgjs.so.0
  #32 0x00007f3bf76140cc in 
ObjectInstance::remove_wrapped_gobjects_if(std::function<bool 
(ObjectInstance*)>, std::function<void (ObjectInstance*)>) ()
      at /usr/lib/libgjs.so.0
  #33 0x00007f3bf76141a4 in  () at /usr/lib/libgjs.so.0

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gjs in Ubuntu.
https://bugs.launchpad.net/bugs/1796238

Title:
  [SRU][regression] mozjs60 crashes with SIGSEGV on gnome-shell exit, in
  GetPropertyOperation() from Interpret() from js::RunScript()

Status in gjs package in Ubuntu:
  Fix Released
Status in mozjs60 package in Ubuntu:
  Invalid
Status in gjs source package in Cosmic:
  In Progress
Status in mozjs60 source package in Cosmic:
  Invalid

Bug description:
  [Impact]
  gnome-shell crashes on shutdown and on `gnome-shell --replace`. A proper fix 
for `gnome-shell --replace` requires mutter 3.30.2-1  too.

  [Test Case]
  Given https://wiki.ubuntu.com/StableReleaseUpdates/GNOME, we don't need to 
explicitly test this fix, but the SRU will be more generally verified by the 
testing outlined in bug #1804641.

  [Regression Potential]
  The new stable version of gjs includes changes to fix random crashes when a 
gjs application is closed. Possible regressions are leaks and other crashes but 
none has been observed until now.

  [Original Bug]
  https://errors.ubuntu.com/problem/f64145b51a9d0fd20bfff57836b8f743e56c50ba
  https://gitlab.gnome.org/GNOME/gjs/issues/212

  ---

  mozjs60 crashes on gnome-shell exit (didn't happen with mozjs52 which
  was still the latest yesterday)

  Steps to reproduce:

  1. Start gnome-shell (master)
  2. Super+A to show applications
  3. Alt+F2 and type "debugexit" to exit cleanly.

  Backtrace:

  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x00007f3bf4033a4e in GetPropertyOperation (vp=..., lval=...,
      pc=<optimised out>, script=..., fp=<optimised out>, cx=<optimised out>)
      at ./js/src/vm/JSContext.h:161
  161   ./js/src/vm/JSContext.h: No such file or directory.
  [Current thread is 1 (Thread 0x7f3bebd2e340 (LWP 4269))]
  (gdb) bt
  #0  0x00007f3bf4033a4e in GetPropertyOperation
      (vp=..., lval=..., pc=<optimised out>, script=..., fp=<optimised out>, 
cx=<optimised out>) at ./js/src/vm/JSContext.h:161
  #1  0x00007f3bf4033a4e in Interpret(JSContext*, js::RunState&)
      (cx=0x55d07921beb0, state=...) at ./js/src/vm/Interpreter.cpp:2834
  #2  0x00007f3bf403eb06 in js::RunScript(JSContext*, js::RunState&)
      (cx=0x55d07921beb0, state=...) at ./js/src/vm/Interpreter.cpp:418
  #3  0x00007f3bf403f0d1 in js::InternalCallOrConstruct(JSContext*, 
JS::CallArgs const&, js::MaybeConstruct)
      (cx=0x55d07921beb0, args=..., construct=<optimised out>)
      at ./js/src/vm/Interpreter.cpp:490
  #4  0x00007f3bf403f339 in js::Call(JSContext*, JS::Handle<JS::Value>, 
JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>)
      (cx=cx@entry=0x55d07921beb0, fval=..., fval@entry=..., thisv=...,
      thisv@entry=..., args=..., rval=...) at ./js/src/vm/Interpreter.cpp:536
  #5  0x00007f3bf4372b81 in JS_CallFunctionValue(JSContext*, 
JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, 
JS::MutableHandle<JS::Value>) (cx=0x55d07921beb0, obj=..., fval=..., args=..., 
rval=...)
      at ./debian/build/dist/include/js/RootingAPI.h:1128
  #6  0x00007f3bf7631310 in gjs_call_function_value () at /usr/lib/libgjs.so.0
  #7  0x00007f3bf76045d5 in gjs_closure_invoke () at /usr/lib/libgjs.so.0
  #8  0x00007f3bf7625573 in  () at /usr/lib/libgjs.so.0
  #9  0x00007f3bf7f65b6d in g_closure_invoke ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #10 0x00007f3bf7f788f3 in  () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #11 0x00007f3bf7f81882 in g_signal_emit_valist ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #12 0x00007f3bf7f81ecf in g_signal_emit ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #13 0x00007f3bf74a9c33 in clutter_actor_dispose (object=0x55d0795aa5c0)
      at clutter-actor.c:5932
  #14 0x00007f3bf70529b4 in st_widget_dispose (gobject=0x55d0795aa5c0)
      at ../src/st/st-widget.c:354
  #15 0x00007f3bf7025d48 in st_bin_dispose (gobject=0x55d0795aa5c0)
      at ../src/st/st-bin.c:188
  #16 0x00007f3bf7f6c448 in g_object_run_dispose ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #17 0x00007f3bf749d023 in clutter_actor_destroy (self=0x55d0795aa5c0)
      at clutter-actor.c:8615
  #18 0x00007f3bf74a4404 in clutter_actor_iter_destroy (iter=0x7fff3285e4e0)
      at clutter-actor.c:19002
  #19 0x00007f3bf74a44b8 in clutter_actor_real_destroy (actor=0x55d0795a9ba0)
      at clutter-actor.c:6264
  #20 0x00007f3bf7f65b6d in g_closure_invoke ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #21 0x00007f3bf7f78c4a in  () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #22 0x00007f3bf7f81882 in g_signal_emit_valist ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #23 0x00007f3bf7f81ecf in g_signal_emit ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #24 0x00007f3bf74a9c33 in clutter_actor_dispose (object=0x55d0795a9ba0)
      at clutter-actor.c:5932
  #25 0x00007f3bf70529b4 in st_widget_dispose (gobject=0x55d0795a9ba0)
      at ../src/st/st-widget.c:354
  #26 0x00007f3bf7f6c448 in g_object_run_dispose ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #27 0x00007f3bf749d023 in clutter_actor_destroy (self=0x55d0795a9ba0)
      at clutter-actor.c:8615
  #28 0x00007f3bf7025cf5 in st_bin_dispose (gobject=0x55d0795a8260)
      at ../src/st/st-bin.c:185
  #29 0x00007f3bf7f6ac13 in g_object_unref ()
      at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #30 0x00007f3bf7610f5e in ObjectInstance::release_native_object() ()
      at /usr/lib/libgjs.so.0
  #31 0x00007f3bf7618496 in ObjectInstance::disassociate_js_gobject() ()
      at /usr/lib/libgjs.so.0
  #32 0x00007f3bf76140cc in 
ObjectInstance::remove_wrapped_gobjects_if(std::function<bool 
(ObjectInstance*)>, std::function<void (ObjectInstance*)>) ()
      at /usr/lib/libgjs.so.0
  #33 0x00007f3bf76141a4 in  () at /usr/lib/libgjs.so.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gjs/+bug/1796238/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to