It appears the mozjs Heap is a bogus pointer from very early on. Next steps:
1. See if the latest gjs update has changed the situation (waiting on new live images). 2. Look into gjs to see if the problem starts in there or if the whole gjs context from gnome-shell is invalid. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gjs in Ubuntu. https://bugs.launchpad.net/bugs/1964458 Title: [jammy] gnome-shell crashes with SIGSEGV in js::gc::Cell::storeBuffer from js::gc::PostWriteBarrierImpl<JSObject> Status in gjs package in Ubuntu: Confirmed Status in gnome-shell package in Ubuntu: Confirmed Status in mozjs91 package in Ubuntu: Confirmed Bug description: 'gnome-shell --sm-disable --mode=ubiquity' crashes on exit with SIGSEGV in: #0 0x00007fd9229e61b4 in js::gc::Cell::storeBuffer (this=<optimized out>, this=<optimized out>) at .././js/src/gc/Cell.h:357 #1 js::gc::PostWriteBarrierImpl<JSObject> (next=<optimized out>, prev=<optimized out>, cellp=<optimized out>) at .././js/src/gc/StoreBuffer.h:654 #2 js::gc::PostWriteBarrier<js::SavedFrame> (next=<optimized out>, prev=<optimized out>, vp=<optimized out>) at .././js/src/gc/StoreBuffer.h:666 #3 js::InternalBarrierMethods<js::SavedFrame*>::postBarrier (next=<optimized out>, prev=<optimized out>, vp=0x7fd910018210) at .././js/src/gc/Barrier.h:333 #4 js::InternalBarrierMethods<js::SavedFrame*>::postBarrier (vp=0x7fd910018210, prev=<optimized out>, next=<optimized out>) at .././js/src/gc/Barrier.h:332 #5 0x00007fd924858fd2 in js::BarrierMethods<JSObject*>::postWriteBarrier (next=<optimized out>, prev=<optimized out>, vp=<optimized out>, vp=<optimized out>, prev=<optimized out>, next=<optimized out>) at /usr/include/mozjs-91/js/RootingAPI.h:770 #6 JS::Heap<JSObject*>::postWriteBarrier (next=<optimized out>, prev=<optimized out>, this=<optimized out>, this=<optimized out>, prev=<optimized out>, next=<optimized out>) at /usr/include/mozjs-91/js/RootingAPI.h:361 #7 JS::Heap<JSObject*>::~Heap (this=<optimized out>, this=<optimized out>) at /usr/include/mozjs-91/js/RootingAPI.h:323 #8 mozilla::detail::VectorImpl<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy, false>::destroy ( aEnd=0x7fd910018228, aBegin=<optimized out>) at /usr/include/mozjs-91/mozilla/Vector.h:65 #9 mozilla::Vector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~Vector (this=<optimized out>, this=<optimized out>) at /usr/include/mozjs-91/mozilla/Vector.h:901 #10 JS::GCVector<JS::Heap<JSObject*>, 0ul, js::SystemAllocPolicy>::~GCVector (this=<optimized out>, this=<optimized out>) at /usr/include/mozjs-91/js/GCVector.h:43 #11 GjsContextPrivate::~GjsContextPrivate (this=<optimized out>, this=<optimized out>) at ../gjs/context.cpp:483 #12 0x00007fd92485a228 in gjs_context_finalize (object=0x55f0edb2b170) at ../gjs/context.cpp:496 #13 0x00007fd9252f3e5d in g_object_unref () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #14 0x00007fd92553e77d in _shell_global_destroy_gjs_context (self=<optimized out>) at ../src/shell-global.c:703 #15 0x000055f0ec173ece in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:659 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gjs/+bug/1964458/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
