Description of problem: gnome-shell crash with SIGSEGV Version-Release number of selected component (if applicable): gnome-shell-40.0~rc-1.fc34.x86_64 glib2-2.67.6-1.fc34.x86_64 gjs-1.67.3-1.fc34.x86_64 How reproducible: sometimes Steps to Reproduce: 1. Lock screen 2. Login to unlock 3. Actual results: crash Expected results: successful login Additional info: (gdb) info threads Id Target Id Frame * 1 Thread 0x7f835a3abd80 (LWP 17853) 0x00007f835e9936a3 in mozilla::LinkedListElement<JS::PersistentRooted<JSFunction*> >::remove (this=0x556367ec27f7) at /usr/include/mozjs-78/mozilla/LinkedList.h:243 2 Thread 0x7f8332cea640 (LWP 17879) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 3 Thread 0x7f83324e9640 (LWP 17878) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 4 Thread 0x7f8331ce8640 (LWP 17882) 0x00007f835e5189ff in poll () from /lib64/libc.so.6 5 Thread 0x7f8344bd1640 (LWP 17880) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 6 Thread 0x7f82f1a1d640 (LWP 18892) 0x00007f835e5189ff in poll () from /lib64/libc.so.6 7 Thread 0x7f8329a06640 (LWP 17941) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 8 Thread 0x7f832a600640 (LWP 17935) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 9 Thread 0x7f832a7ff640 (LWP 17934) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 10 Thread 0x7f832a401640 (LWP 17936) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 11 Thread 0x7f832918c640 (LWP 19955) 0x00007f835e51e15d in syscall () from /lib64/libc.so.6 12 Thread 0x7f832a202640 (LWP 17937) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 13 Thread 0x7f832a003640 (LWP 17938) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 14 Thread 0x7f8329c05640 (LWP 17940) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 15 Thread 0x7f832897a640 (LWP 19937) 0x00007f835e51e15d in syscall () from /lib64/libc.so.6 16 Thread 0x7f83593a6640 (LWP 17864) 0x00007f835e5189ff in poll () from /lib64/libc.so.6 17 Thread 0x7f8358b35640 (LWP 17873) 0x00007f835e5189ff in poll () from /lib64/libc.so.6 18 Thread 0x7f83453d2640 (LWP 17881) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 19 Thread 0x7f8329e04640 (LWP 17939) 0x00007f835dad1a6a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0 20 Thread 0x7f835a3a8640 (LWP 17862) 0x00007f835e5189ff in poll () from /lib64/libc.so.6 (gdb) bt full #0 0x00007f835e9936a3 in mozilla::LinkedListElement<JS::PersistentRooted<JSFunction*> >::remove() (this=0x556367ec27f7) at /usr/include/mozjs-78/mozilla/LinkedList.h:243 __old_p = 0x556367ec27f7 #1 mozilla::LinkedListElement<JS::PersistentRooted<JSFunction*> >::~LinkedListElement() (this=0x556367ec27f7, this=<optimized out>) at /usr/include/mozjs-78/mozilla/LinkedList.h:199 __old_p = 0x556367ec27f7 #2 mozilla::LinkedListElement<JS::PersistentRooted<JSFunction*> >::~LinkedListElement() (this=0x556367ec27f7, this=<optimized out>) at /usr/include/mozjs-78/mozilla/LinkedList.h:197 __old_p = 0x556367ec27f7 #3 JS::PersistentRooted<JSFunction*>::~PersistentRooted() (this=0x556367ec27f7, this=<optimized out>) at /usr/include/mozjs-78/js/RootingAPI.h:1332 __old_p = 0x556367ec27f7 #4 std::default_delete<JS::PersistentRooted<JSFunction*> >::operator()(JS::PersistentRooted<JSFunction*>*) const (this=<optimized out>, __ptr=0x556367ec27f7) at /usr/include/c++/11/bits/unique_ptr.h:85 __old_p = 0x556367ec27f7 #5 std::default_delete<JS::PersistentRooted<JSObject*> >::operator()(JS::PersistentRooted<JSObject*>*) const (__ptr=0x556367ec27f7, this=<optimized out>) at /usr/include/c++/11/bits/unique_ptr.h:79 __old_p = 0x556367ec27f7 #6 std::__uniq_ptr_impl<JS::PersistentRooted<JSObject*>, std::default_delete<JS::PersistentRooted<JSObject*> > >::reset(JS::PersistentRooted<JSObject*>*) (__p=0x0, this=0x556367ec27e8) at /usr/include/c++/11/bits/unique_ptr.h:182 __old_p = 0x556367ec27f7 #7 std::unique_ptr<JS::PersistentRooted<JSObject*>, std::default_delete<JS::PersistentRooted<JSObject*> > >::reset(JS::PersistentRooted<JSObject*>*) (__p=0x0, this=0x556367ec27e8) at /usr/include/c++/11/bits/unique_ptr.h:456 #8 GjsMaybeOwned<JSObject*>::teardown_rooting() (this=0x556367ec27e0) at ../gjs/jsapi-util-root.h:161 #9 GjsMaybeOwned<JSObject*>::reset() (this=0x556367ec27e0) at ../gjs/jsapi-util-root.h:266 #10 0x00007f835e99b23c in GjsMaybeOwned<JSObject*>::switch_to_unrooted(JSContext*) (cx=<optimized out>, this=0x556367ec27e0) at ../gjs/jsapi-util-root.h:294 thing = {<js::RootedBase<JSObject*, JS::Rooted<JSObject*> >> = {<js::MutableWrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<js::WrappedPtrOperations<JSObject*, JS::Rooted<JSObject*> >> = {<No data fields>}, <No data fields>}, <No data fields>}, stack = 0x55636590da18, prev = 0x0, ptr = 0x5000} gjs = 0x5563659000c0 #11 ObjectInstance::switch_to_unrooted(JSContext*) (cx=<optimized out>, this=0x556367ec27d0) at ../gi/object.h:342 gjs = 0x5563659000c0 #12 ObjectInstance::toggle_down() (this=0x556367ec27d0) at ../gi/object.cpp:1152 gjs = 0x5563659000c0 #13 0x00007f835f4ef99f in emit_signal_instance_in_idle_cb (data=data@entry=0x7f8338488530) at ../gio/gdbusconnection.c:3800 signal_instance = 0x7f8338488530 parameters = 0x556367957b80 has_subscription = 1 #14 0x00007f835f2aa65b in g_idle_dispatch (source=0x7f83381c80a0, callback=0x7f835f4ef920 <emit_signal_instance_in_idle_cb>, user_data=0x7f8338488530) at ../glib/gmain.c:5848 again = <optimized out> #15 0x00007f835f2ae3d7 in g_main_dispatch (context=0x5563655504a0) at ../glib/gmain.c:3337 dispatch = 0x7f835f2aa640 <g_idle_dispatch> prev_source = 0x0 begin_time_nsec = 13394656800162 was_in_call = <optimized out> user_data = 0x7f8338488530 callback = 0x7f835f4ef920 <emit_signal_instance_in_idle_cb> cb_funcs = 0x7f835f3913a0 <g_source_callback_funcs> cb_data = 0x7f83380eb990 need_destroy = <optimized out> source = 0x7f83381c80a0 current = 0x556365583430 i = 1 #16 g_main_context_dispatch (context=0x5563655504a0) at ../glib/gmain.c:4055 #17 0x00007f835f302518 in g_main_context_iterate.constprop.0 (context=0x5563655504a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4131 max_priority = 0 timeout = 0 some_ready = 1 nfds = 17 allocated_nfds = 25 fds = <optimized out> begin_time_nsec = 13394656755165 --Type <RET> for more, q to quit, c to continue without paging-- #18 0x00007f835f2ad9a3 in g_main_loop_run (loop=0x5563658eab60) at ../glib/gmain.c:4329 __func__ = "g_main_loop_run" #19 0x00007f835e6c0712 in meta_run () at /lib64/libmutter-8.so.0 #20 0x0000556363aa4ca6 in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:504 ctx = <optimized out> error = 0x0 ecode = <optimized out>
Looks like the same crash-on-session-unlock as several other bugs. *** This bug has been marked as a duplicate of bug 1940171 ***