Bug#932767: gnome-shell: Segmentation fault in js engine
Felipe Sateler
fsateler at debian.org
Mon Jul 22 21:31:43 BST 2019
Package: gnome-shell
Version: 3.30.2-9
Severity: important
Hi,
Today, gnome-shell crashed with the following backtrace. I was not at
the computer at the time of the crash.
#0 0x00007f1622285714 in js::InterpreterFrame::trace(JSTracer*, JS::Value*, unsigned char*)
(this=0x5631b2248b10, trc=0x7f1614335f10, sp=0x5631b28bc870, pc=0xdf <error: Cannot access memory at address 0xdf>) at ./js/src/vm/Stack.cpp:348
#1 0x00007f1622287bac in js::LifoAlloc::allocImpl(unsigned long) (n=1, this=0x0) at ./js/src/ds/LifoAlloc.h:527
#2 0x00007f1622287bac in js::LifoAlloc::alloc(unsigned long) (n=1, this=0x0) at ./js/src/ds/LifoAlloc.h:593
#3 0x00007f1622287bac in js::InterpreterStack::allocateFrame(JSContext*, unsigned long) (size=1, cx=0x7f1614335fd0, this=0x0) at ./js/src/vm/Stack-inl.h:237
#4 0x00007f1622287bac in js::InterpreterStack::pushExecuteFrame(JSContext*, JS::Handle<JSScript*>, JS::Value const&, JS::Handle<JSObject*>, js::AbstractFramePtr)
(this=0x0, cx=0x7f1614335fd0, script=..., newTargetValue=..., envChain=..., evalInFrame=...) at ./js/src/vm/Stack.cpp:456
#5 0x00007f162221e8a4 in JSScript::partiallyInit(JSContext*, JS::Handle<JSScript*>, unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, unsigned int)
(cx=<optimized out>, script=..., nscopes=338911184, nconsts=<optimized out>, nobjects=<optimized out>, ntrynotes=573078444, nscopenotes=<optimized out>, nyieldoffsets=<optimized out>, nTypeSets=<optimized out>) at ./js/src/vm/JSScript.cpp:2847
#6 0x00007f162221eb04 in js::GSNCache::purge() (this=0x0) at ./debian/build/dist/include/js/HashTable.h:92
#7 0x00005631afde2100 in ()
#8 0x00007f1624363680 in _IO_2_1_stderr_ () at /lib/x86_64-linux-gnu/libc.so.6
#9 0x00005631b2248a00 in ()
#10 0x00005631b6da3100 in ()
#11 0x27993b5cf4a5d800 in ()
#12 0x00005631b6da3100 in ()
#13 0x00005631b6da3100 in ()
#14 0x00005631b21531f0 in ()
#15 0x00007f1624755d13 in _gjs_profiler_setup_signals () at /lib/libgjs.so.0
#16 0x0000000000000041 in ()
#17 0x00005631afde2140 in __bss_start ()
#18 0x0000000000000006 in ()
#19 0x00005631afddee1c in ()
#20 0x00007f162437a730 in <signal handler called> () at /lib/x86_64-linux-gnu/libpthread.so.0
#21 0x00007f16241de7bb in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#22 0x00007f16241c9535 in __GI_abort () at abort.c:79
#23 0x00007f1624220508 in __libc_message (action=action at entry=do_abort, fmt=fmt at entry=0x7f162432b28d "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#24 0x00007f1624226c1a in malloc_printerr (str=str at entry=0x7f162432943b "free(): invalid pointer") at malloc.c:5341
#25 0x00007f162422842c in _int_free (av=<optimized out>, p=<optimized out>, have_lock=<optimized out>) at malloc.c:4165
#26 0x00007f1621ef35cd in js::jit::MCallGetProperty::name() const (this=<optimized out>) at ./js/src/jit/shared/Assembler-shared.h:253
#27 0x00007f1621ef35cd in js::jit::CodeGenerator::visitCallGetProperty(js::jit::LCallGetProperty*) (this=0x7f15e4008490, lir=0x7f1614336c30) at ./js/src/jit/CodeGenerator.cpp:10412
#28 0x00007f1621f6a4d8 in js::detail::BumpChunk::begin() (this=<optimized out>) at ./js/src/ds/LifoAlloc.h:405
#29 0x00007f1621f6a4d8 in js::detail::BumpChunk::release() (this=0x0) at ./js/src/ds/LifoAlloc.h:405
#30 0x00007f1621f6a4d8 in js::detail::BumpChunk::~BumpChunk() (this=0x0, __in_chrg=<optimized out>) at ./js/src/ds/LifoAlloc.h:326
#31 0x00007f1621f6a4d8 in js_delete<js::detail::BumpChunk> (p=0x0) at ./debian/build/dist/include/js/Utility.h:541
#32 0x00007f1621f6a4d8 in JS::DeletePolicy<js::detail::BumpChunk>::operator()(js::detail::BumpChunk const*) (this=0x0, ptr=0x0) at ./debian/build/dist/include/js/Utility.h:643
#33 0x00007f1621f6a4d8 in mozilla::UniquePtr<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >::reset(js::detail::BumpChunk*) (aPtr=0x0, this=0x0)
at ./debian/build/dist/include/mozilla/UniquePtr.h:343
--Type <RET> for more, q to quit, c to continue without paging--c
#34 0x00007f1621f6a4d8 in mozilla::UniquePtr<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >::~UniquePtr() (this=0x0, __in_chrg=<optimized out>) at ./debian/build/dist/include/mozilla/UniquePtr.h:288
#35 0x00007f1621f6a4d8 in js::detail::SingleLinkedListElement<js::detail::BumpChunk>::~SingleLinkedListElement() (this=0x0, __in_chrg=<optimized out>) at ./js/src/ds/LifoAlloc.h:47
#36 0x00007f1621f6a4d8 in js::detail::BumpChunk::~BumpChunk() (this=0x0, __in_chrg=<optimized out>) at ./js/src/ds/LifoAlloc.h:325
#37 0x00007f1621f6a4d8 in js_delete<js::detail::BumpChunk> (p=0x0) at ./debian/build/dist/include/js/Utility.h:541
#38 0x00007f1621f6a4d8 in JS::DeletePolicy<js::detail::BumpChunk>::operator()(js::detail::BumpChunk const*) (this=0x0, ptr=0x0) at ./debian/build/dist/include/js/Utility.h:643
#39 0x00007f1621f6a4d8 in mozilla::UniquePtr<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >::reset(js::detail::BumpChunk*) (aPtr=0x0, this=0x7fffffffffffffff) at ./debian/build/dist/include/mozilla/UniquePtr.h:343
#40 0x00007f1621f6a4d8 in mozilla::UniquePtr<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >::~UniquePtr() (this=0x7fffffffffffffff, __in_chrg=<optimized out>) at ./debian/build/dist/include/mozilla/UniquePtr.h:288
#41 0x00007f1621f6a4d8 in js::detail::SingleLinkedListElement<js::detail::BumpChunk>::~SingleLinkedListElement() (this=0x0, __in_chrg=<optimized out>) at ./js/src/ds/LifoAlloc.h:47
#42 0x00007f1621f6a4d8 in js::detail::BumpChunk::~BumpChunk() (this=0x7fffffffffffffff, __in_chrg=<optimized out>) at ./js/src/ds/LifoAlloc.h:325
#43 0x00007f1621f6a4d8 in js_delete<js::detail::BumpChunk> (p=0x7fffffffffffffff) at ./debian/build/dist/include/js/Utility.h:541
#44 0x00007f1621f6a4d8 in JS::DeletePolicy<js::detail::BumpChunk>::operator()(js::detail::BumpChunk const*) (this=0x0, ptr=0x7fffffffffffffff) at ./debian/build/dist/include/js/Utility.h:643
#45 0x00007f1621f6a4d8 in mozilla::UniquePtr<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >::reset(js::detail::BumpChunk*) (aPtr=0x0, this=0x0) at ./debian/build/dist/include/mozilla/UniquePtr.h:343
#46 0x00007f1621f6a4d8 in mozilla::UniquePtr<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >::~UniquePtr() (this=0x0, __in_chrg=<optimized out>) at ./debian/build/dist/include/mozilla/UniquePtr.h:288
#47 0x00007f1621f6a4d8 in js::detail::SingleLinkedListElement<js::detail::BumpChunk>::~SingleLinkedListElement() (this=0x0, __in_chrg=<optimized out>) at ./js/src/ds/LifoAlloc.h:47
#48 0x00007f1621f6a4d8 in js::detail::BumpChunk::~BumpChunk() (this=0x0, __in_chrg=<optimized out>) at ./js/src/ds/LifoAlloc.h:325
#49 0x00007f1621f6a4d8 in js_delete<js::detail::BumpChunk> (p=0x0) at ./debian/build/dist/include/js/Utility.h:541
#50 0x00007f1621f6a4d8 in JS::DeletePolicy<js::detail::BumpChunk>::operator()(js::detail::BumpChunk const*) (this=0x0, ptr=0x0) at ./debian/build/dist/include/js/Utility.h:643
#51 0x00007f1621f6a4d8 in mozilla::UniquePtr<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >::reset(js::detail::BumpChunk*) (aPtr=0x0, this=0x7fffffffffffffff) at ./debian/build/dist/include/mozilla/UniquePtr.h:343
#52 0x00007f1621f6a4d8 in mozilla::UniquePtr<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >::~UniquePtr() (this=0x7fffffffffffffff, __in_chrg=<optimized out>) at ./debian/build/dist/include/mozilla/UniquePtr.h:288
#53 0x00007f1621f6a4d8 in js::detail::SingleLinkedListElement<js::detail::BumpChunk>::~SingleLinkedListElement() (this=0x0, __in_chrg=<optimized out>) at ./js/src/ds/LifoAlloc.h:47
#54 0x00007f1621f6a4d8 in js::detail::BumpChunk::~BumpChunk() (this=0x7fffffffffffffff, __in_chrg=<optimized out>) at ./js/src/ds/LifoAlloc.h:325
#55 0x00007f1621f6a4d8 in js_delete<js::detail::BumpChunk> (p=0x7fffffffffffffff) at ./debian/build/dist/include/js/Utility.h:541
#56 0x00007f1621f6a4d8 in JS::DeletePolicy<js::detail::BumpChunk>::operator()(js::detail::BumpChunk const*) (this=0x0, ptr=0x7fffffffffffffff) at ./debian/build/dist/include/js/Utility.h:643
#57 0x00007f1621f6a4d8 in mozilla::UniquePtr<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >::reset(js::detail::BumpChunk*) (aPtr=0x0, this=<optimized out>) at ./debian/build/dist/include/mozilla/UniquePtr.h:343
#58 0x00007f1621f6a4d8 in mozilla::UniquePtr<js::detail::BumpChunk, JS::DeletePolicy<js::detail::BumpChunk> >::~UniquePtr() (this=<optimized out>, __in_chrg=<optimized out>) at ./debian/build/dist/include/mozilla/UniquePtr.h:288
#59 0x00007f1621f6a4d8 in js::LifoAlloc::reset(unsigned long) (this=0x7f16143370d8, defaultChunkSize=139732804923608) at ./js/src/ds/LifoAlloc.h:489
#60 0x00007f16221e1f36 in js::detail::HashTable<js::HashMapEntry<js::HeapPtr<JSObject*>, js::HeapPtr<JS::Value> >, js::HashMap<js::HeapPtr<JSObject*>, js::HeapPtr<JS::Value>, js::MovableCellHasher<js::HeapPtr<JSObject*> >, js::ZoneAllocPolicy>::MapHashPolicy, js::ZoneAllocPolicy>::all() const (this=0x3a) at ./debian/build/dist/include/js/HashTable.h:1730
#61 0x00007f16221e1f36 in js::HashMap<js::HeapPtr<JSObject*>, js::HeapPtr<JS::Value>, js::MovableCellHasher<js::HeapPtr<JSObject*> >, js::ZoneAllocPolicy>::all() const (this=0x3a) at ./debian/build/dist/include/js/HashTable.h:183
#62 0x00007f16221e1f36 in js::detail::HashTable<js::HashMapEntry<js::HeapPtr<JSObject*>, js::HeapPtr<JS::Value> >, js::HashMap<js::HeapPtr<JSObject*>, js::HeapPtr<JS::Value>, js::MovableCellHasher<js::HeapPtr<JSObject*> >, js::ZoneAllocPolicy>::MapHashPolicy, js::ZoneAllocPolicy>::Enum::Enum<js::WeakMap<js::HeapPtr<JSObject*>, js::HeapPtr<JS::Value>, js::MovableCellHasher<js::HeapPtr<JSObject*> > > >(js::WeakMap<js::HeapPtr<JSObject*>, js::HeapPtr<JS::Value>, js::MovableCellHasher<js::HeapPtr<JSObject*> > >&) (map=..., this=<synthetic pointer>) at ./debian/build/dist/include/js/HashTable.h:1072
#63 0x00007f16221e1f36 in js::WeakMap<js::HeapPtr<JSObject*>, js::HeapPtr<JS::Value>, js::MovableCellHasher<js::HeapPtr<JSObject*> > >::sweep() (this=0x2) at ./js/src/gc/WeakMap.h:326
#64 0x00007f16221e65dc in () at ./debian/build/dist/include/js/GCPolicyAPI.h:78
#65 0x00005631b1e15dd8 in ()
#66 0x7fffffffffffffff in ()
#67 0x0000000000000000 in ()
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gnome-shell depends on:
ii dconf-gsettings-backend [gsettings-backend] 0.30.1-2
ii evolution-data-server 3.30.5-1.1
ii gir1.2-accountsservice-1.0 0.6.45-2
ii gir1.2-atspi-2.0 2.30.0-7
ii gir1.2-freedesktop 1.58.3-2
ii gir1.2-gcr-3 3.28.1-1
ii gir1.2-gdesktopenums-3.0 3.28.1-1
ii gir1.2-gdm-1.0 3.30.2-3
ii gir1.2-geoclue-2.0 2.5.3-1
ii gir1.2-glib-2.0 1.58.3-2
ii gir1.2-gnomebluetooth-1.0 3.28.2-3
ii gir1.2-gnomedesktop-3.0 3.30.2.1-2
ii gir1.2-gtk-3.0 3.24.10-1
ii gir1.2-gweather-3.0 3.28.3-1
ii gir1.2-ibus-1.0 1.5.19-4+b1
ii gir1.2-mutter-3 3.30.2-7
ii gir1.2-nm-1.0 1.18.0-3
ii gir1.2-nma-1.0 1.8.22-2
ii gir1.2-pango-1.0 1.42.4-6
ii gir1.2-polkit-1.0 0.105-25
ii gir1.2-rsvg-2.0 2.44.10-2.1
ii gir1.2-soup-2.4 2.64.2-2
ii gir1.2-upowerglib-1.0 0.99.10-1
ii gjs 1.54.3-1+b1
ii gnome-backgrounds 3.30.0-1
ii gnome-settings-daemon 3.30.2-3
ii gnome-shell-common 3.30.2-9
ii gsettings-desktop-schemas 3.28.1-1
ii libatk-bridge2.0-0 2.30.0-5
ii libatk1.0-0 2.30.0-2
ii libc6 2.28-10
ii libcairo2 1.16.0-4
ii libcanberra-gtk3-0 0.30-7
ii libcanberra0 0.30-7
ii libcroco3 0.6.12-3
ii libecal-1.2-19 3.30.5-1.1
ii libedataserver-1.2-23 3.30.5-1.1
ii libgcr-base-3-1 3.28.1-1
ii libgdk-pixbuf2.0-0 2.38.1+dfsg-1
ii libgirepository-1.0-1 1.58.3-2
ii libgjs0g 1.54.3-1+b1
ii libglib2.0-0 2.60.5-1
ii libglib2.0-bin 2.60.5-1
ii libgstreamer1.0-0 1.16.0-2
ii libgtk-3-0 3.24.10-1
ii libical3 3.0.5-1
ii libjson-glib-1.0-0 1.4.4-2
ii libmutter-3-0 3.30.2-7
ii libnm0 1.18.0-3
ii libpango-1.0-0 1.42.4-6
ii libpangocairo-1.0-0 1.42.4-6
ii libpolkit-agent-1-0 0.105-25
ii libpolkit-gobject-1-0 0.105-25
ii libpulse-mainloop-glib0 12.2-4
ii libpulse0 12.2-4
ii libsecret-1-0 0.18.7-1
ii libstartup-notification0 0.12-6
ii libsystemd0 241-7
ii libx11-6 2:1.6.7-1
ii libxfixes3 1:5.0.3-1
ii mutter 3.30.2-7
ii python3 3.7.3-1
Versions of packages gnome-shell recommends:
ii bolt 0.7-2
pn chrome-gnome-shell <none>
ii gdm3 3.30.2-3
ii gkbd-capplet 3.26.1-1
ii gnome-control-center 1:3.30.3-1
ii gnome-user-docs 3.30.2-1
ii iio-sensor-proxy 2.4-2
ii switcheroo-control 1.2-2
ii unzip 6.0-24
Versions of packages gnome-shell suggests:
ii gir1.2-telepathyglib-0.12 0.24.1-2
ii gir1.2-telepathylogger-0.2 0.8.2-3
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list