After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 727858 - gnome-shell crashed
gnome-shell crashed
Status: RESOLVED DUPLICATE of bug 725024
Product: gjs
Classification: Bindings
Component: general
unspecified
Other Linux
: Normal critical
: ---
Assigned To: gjs-maint
gjs-maint
Depends on:
Blocks:
 
 
Reported: 2014-04-08 19:29 UTC by Pacho Ramos
Modified: 2014-04-10 18:40 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
gi: don't finalize gobject until idle (11.36 KB, patch)
2014-04-10 18:27 UTC, Ray Strode [halfline]
none Details | Review

Description Pacho Ramos 2014-04-08 19:29:17 UTC
Program terminated with signal 11, Segmentation fault.
  • #0 lookup
    at ./dist/include/js/HashTable.h line 435
  • #0 lookup
    at ./dist/include/js/HashTable.h line 435
  • #1 lookup
    at ./dist/include/js/HashTable.h line 724
  • #2 lookup
    at ./dist/include/js/HashTable.h line 1283
  • #3 remove
    at ./dist/include/js/HashTable.h line 1418
  • #4 js::Shape::removeChild
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jspropertytree.cpp line 119
  • #5 js::Shape::finalize
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jspropertytree.cpp line 211
  • #6 finalize<js::Shape>
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsgc.cpp line 348
  • #7 FinalizeTypedArenas<js::Shape>
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsgc.cpp line 412
  • #8 js::gc::FinalizeArenas
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsgc.cpp line 453
  • #9 foregroundFinalize
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsgc.cpp line 3794
  • #10 SweepPhase
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsgc.cpp line 3814
  • #11 IncrementalCollectSlice
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsgc.cpp line 4236
  • #12 GCCycle
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsgc.cpp line 4399
  • #13 Collect
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsgc.cpp line 4507
  • #14 js_InvokeOperationCallback
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jscntxt.cpp line 1028
  • #15 js_HandleExecutionInterrupt
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jscntxt.cpp line 1044
  • #16 js::Interpret
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 1548
  • #17 js::RunScript
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 309
  • #18 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 363
  • #19 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #20 js_fun_apply
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsfun.cpp line 912
  • #21 CallJSNative
    at ./jscntxtinlines.h line 372
  • #22 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 352
  • #23 js::Interpret
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 2414
  • #24 js::RunScript
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 309
  • #25 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 363
  • #26 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #27 js_fun_apply
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsfun.cpp line 912
  • #28 CallJSNative
    at ./jscntxtinlines.h line 372
  • #29 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 352
  • #30 js::Interpret
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 2414
  • #31 js::RunScript
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 309
  • #32 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 363
  • #33 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #34 js_fun_apply
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsfun.cpp line 912
  • #35 CallJSNative
    at ./jscntxtinlines.h line 372
  • #36 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 352
  • #37 js::Interpret
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 2414
  • #38 js::RunScript
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 309
  • #39 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 363
  • #40 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #41 js_fun_apply
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsfun.cpp line 912
  • #42 CallJSNative
    at ./jscntxtinlines.h line 372
  • #43 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 352
  • #44 js::Interpret
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 2414
  • #45 js::RunScript
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 309
  • #46 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 363
  • #47 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #48 js_fun_apply
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsfun.cpp line 912
  • #49 CallJSNative
    at ./jscntxtinlines.h line 372
  • #50 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 352
  • #51 js::Interpret
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 2414
  • #52 js::RunScript
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 309
  • #53 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 363
  • #54 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #55 js_fun_apply
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsfun.cpp line 912
  • #56 CallJSNative
    at ./jscntxtinlines.h line 372
  • #57 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 352
  • #58 js::Interpret
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 2414
  • #59 js::RunScript
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 309
  • #60 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 363
  • #61 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #62 js_fun_apply
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsfun.cpp line 912
  • #63 CallJSNative
    at ./jscntxtinlines.h line 372
  • #64 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 352
  • #65 js::Interpret
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 2414
  • #66 js::RunScript
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 309
  • #67 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 363
  • #68 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #69 js::CallOrConstructBoundFunction
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsfun.cpp line 1039
  • #70 CallJSNative
    at ./jscntxtinlines.h line 372
  • #71 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 352
  • #72 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #73 js_fun_apply
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsfun.cpp line 912
  • #74 CallJSNative
    at ./jscntxtinlines.h line 372
  • #75 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 352
  • #76 js::Interpret
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 2414
  • #77 js::RunScript
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 309
  • #78 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 363
  • #79 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #80 js_fun_apply
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsfun.cpp line 912
  • #81 CallJSNative
    at ./jscntxtinlines.h line 372
  • #82 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 352
  • #83 js::Interpret
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 2414
  • #84 js::RunScript
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 309
  • #85 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 363
  • #86 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #87 js::CallOrConstructBoundFunction
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsfun.cpp line 1039
  • #88 CallJSNative
    at ./jscntxtinlines.h line 372
  • #89 js::InvokeKernel
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 352
  • #90 Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.h line 119
  • #91 js::Invoke
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsinterp.cpp line 396
  • #92 JS_CallFunctionValue
    at /var/tmp/portage/dev-lang/spidermonkey-17.0.0-r3/work/mozjs17.0.0/js/src/jsapi.cpp line 5851
  • #93 gjs_call_function_value
    at gjs/jsapi-util.c line 636
  • #94 gjs_closure_invoke
    at gi/closure.c line 277
  • #95 closure_marshal
    at gi/value.c line 133
  • #96 g_closure_invoke
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/gobject/gclosure.c line 777
  • #97 signal_emit_unlocked_R
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/gobject/gsignal.c line 3586
  • #98 g_signal_emit_valist
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/gobject/gsignal.c line 3330
  • #99 g_signal_emit
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/gobject/gsignal.c line 3386
  • #100 on_captured_event
    at ./clutter-click-action.c line 408
  • #101 _clutter_marshal_BOOLEAN__BOXED
    at clutter-marshal.c line 85
  • #102 g_closure_invoke
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/gobject/gclosure.c line 777
  • #103 signal_emit_unlocked_R
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/gobject/gsignal.c line 3656
  • #104 g_signal_emit_valist
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/gobject/gsignal.c line 3340
  • #105 g_signal_emit
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/gobject/gsignal.c line 3386
  • #106 clutter_actor_event
    at ./clutter-actor.c line 13619
  • #107 _clutter_actor_handle_event
    at ./clutter-actor.c line 20171
  • #108 emit_event_chain
    at ./clutter-main.c line 2266
  • #109 emit_pointer_event
    at ./clutter-main.c line 2286
  • #110 _clutter_process_event_details
    at ./clutter-main.c line 2621
  • #111 _clutter_process_event
    at ./clutter-main.c line 2777
  • #112 _clutter_stage_process_queued_events
    at ./clutter-stage.c line 1065
  • #113 master_clock_process_events
    at ./clutter-master-clock.c line 366
  • #114 clutter_clock_dispatch
    at ./clutter-master-clock.c line 583
  • #115 g_main_dispatch
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c line 3066
  • #116 g_main_context_dispatch
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c line 3642
  • #117 g_main_context_iterate
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c line 3713
  • #118 g_main_loop_run
    at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c line 3907
  • #119 meta_run
    at core/main.c line 556
  • #120 main
    at main.c line 441

Comment 2 Ray Strode [halfline] 2014-04-10 18:26:43 UTC
in particular, see this comment from the mozilla bug:

> SpiderMonkey embeddings /must not/ call back into the API from a finalizer, 
> full stop. We do allow API usage, including running (almost) arbitrary script > code, during GC, but /only/ during the JSGCCallback when the phase is
> JSGC_END. Gecko has the same need: it implements something called "delayed 
> finalization." The idea is that when finalizers need to interact with 
> SpiderMonkey they push the operation into a list, then run these operations in 
> order when they get the JSGC_END callback. I guess gnome-shell needs something 
> similar.
Comment 3 Ray Strode [halfline] 2014-04-10 18:27:34 UTC
i have a patch in mind, but I haven't tested it yet.  I'll attach it for comments.
Comment 4 Ray Strode [halfline] 2014-04-10 18:27:54 UTC
Created attachment 274027 [details] [review]
gi: don't finalize gobject until idle

Right now gobjects get finalized as part of the GC process.
Finalizing a gobject can lead to javascript code getting run.
javascript code isn't allowed to be run while the GC is active.

This commit introduces a ref to objects about to be finalized,
that gets unrefed on idle to ensure the last reference is always
dropped when the GC is inactive.
Comment 5 Giovanni Campagna 2014-04-10 18:35:30 UTC
This is somehow a duplicate of bug 725024, which has a different fix (it just avoids calling into JS code, and expects apps to dispose stuff manually beforehand, which is ok for clutter and gtk)
Comment 6 Ray Strode [halfline] 2014-04-10 18:40:43 UTC

*** This bug has been marked as a duplicate of bug 725024 ***