compiz crashes with SIGSEGV in startup: ./bin/compiz (core) - Fatal: Private index value "15CompositeScreen_index_5" already stored in screen.

Bug #1065815 reported by Daniel van Vugt on 2012-10-12
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Compiz
High
Daniel van Vugt
0.9.8
High
Daniel van Vugt
Compiz Core
Undecided
Unassigned
compiz (Ubuntu)
Undecided
Unassigned
Quantal
Undecided
Unassigned

Bug Description

[Impact]

A crasher that may explain a class of compiz crashes regarding disabling and enabling plugins.

[Test case]

Compile compiz with clang and try to start it.

[Regression potential]

Low, adds only template lines and no real code.

---original description below---

Compiled compiz with clang (env CC=clang CXX=clang++) and it crashes on startup:

./bin/compiz (core) - Info: Loading plugin: core
./bin/compiz (core) - Info: Starting plugin: core
./bin/compiz (core) - Info: Loading plugin: composite
./bin/compiz (core) - Info: Starting plugin: composite
./bin/compiz (core) - Info: Loading plugin: opengl
./bin/compiz (core) - Info: Starting plugin: opengl
./bin/compiz (core) - Fatal: Private index value "15CompositeScreen_index_5" already stored in screen.
Segmentation fault (core dumped)

Core was generated by `./bin/compiz --replace composite opengl move resize decor'.
Program terminated with signal 11, Segmentation fault.
#0 CompositeScreen::output (this=<optimised out>)
    at /home/dan/bzr/compiz/trunk/plugins/composite/src/screen.cpp:627
627 return priv->output;
(gdb) bt
#0 CompositeScreen::output (this=<optimised out>)
    at /home/dan/bzr/compiz/trunk/plugins/composite/src/screen.cpp:627
#1 0x00007f5b0fde5441 in PrivateGLScreen::PrivateGLScreen (
    this=<optimised out>, gs=<optimised out>)
    at /home/dan/bzr/compiz/trunk/plugins/opengl/src/screen.cpp:1139
#2 0x00007f5b0fde453c in GLScreen::GLScreen (this=<optimised out>,
    s=<optimised out>)
    at /home/dan/bzr/compiz/trunk/plugins/opengl/src/screen.cpp:829
#3 0x00007f5b0fdd3f56 in PluginClassHandler<GLScreen, CompScreen, 6>::get (
    base=<error reading variable: Unhandled dwarf expression opcode 0x0>)
    at /home/dan/bzr/compiz/trunk/plugins/../src/pluginclasshandler/include/core/pluginclasshandler.h:225
#4 0x00007f5b0fde175c in CompPlugin::VTableForScreenAndWindow<GLScreen, GLWindow>::initScreen(CompScreen*) ()
   from /home/dan/trunk.clang/lib/compiz/libopengl.so
#5 0x00007f5b192ddd75 in CompManager::initPlugin (p=<optimised out>)
    at /home/dan/bzr/compiz/trunk/src/plugin.cpp:233
#6 0x00007f5b192de7cf in CompPlugin::push (p=<optimised out>)
    at /home/dan/bzr/compiz/trunk/src/plugin.cpp:449
#7 0x00007f5b192a82e0 in compiz::private_screen::PluginManager::updatePlugins
    (this=<error reading variable: Unhandled dwarf expression opcode 0x0>,
    screen=<optimised out>, extraPluginsRequested=...)
    at /home/dan/bzr/compiz/trunk/src/screen.cpp:1117
#8 0x00007f5b192b2f59 in initPlugins (this=<optimised out>,
    this=<optimised out>) at /home/dan/bzr/compiz/trunk/src/screen.cpp:4777
#9 CompScreenImpl::init (this=<optimised out>, name=<optimised out>)
    at /home/dan/bzr/compiz/trunk/src/screen.cpp:4820
#10 0x0000000000404425 in CompManager::init (this=0x7fffd8b3aa58)
    at /home/dan/bzr/compiz/trunk/src/main.cpp:168
#11 0x00000000004046f2 in main (argc=<optimised out>, argv=<optimised out>)
    at /home/dan/bzr/compiz/trunk/src/main.cpp:257
(gdb)

Related branches

Changed in compiz:
milestone: none → 0.9.9.0
Daniel van Vugt (vanvugt) wrote :

And valgrind says

==27820== Invalid read of size 8
==27820== at 0xA0D69B0: CompositeScreen::output() (screen.cpp:627)
==27820== by 0xA721430: PrivateGLScreen::PrivateGLScreen(GLScreen*) (screen.cpp:1139)
==27820== by 0xA72052B: GLScreen::GLScreen(CompScreen*) (screen.cpp:829)
==27820== by 0xA70FF45: PluginClassHandler<GLScreen, CompScreen, 6>::get(CompScreen*) (pluginclasshandler.h:225)
==27820== by 0xA71D74B: CompPlugin::VTableForScreenAndWindow<GLScreen, GLWindow>::initScreen(CompScreen*) (plugin.h:229)
==27820== by 0x4EB6D74: CompManager::initPlugin(CompPlugin*) (plugin.cpp:233)
==27820== by 0x4EB77CE: CompPlugin::push(CompPlugin*) (plugin.cpp:449)
==27820== by 0x4E812DF: compiz::private_screen::PluginManager::updatePlugins(CompScreen*, std::vector<CompOption::Value, std::allocator<CompOption::Value> > const&) (screen.cpp:1117)
==27820== by 0x4E8BF58: CompScreenImpl::init(char const*) (screen.cpp:4777)
==27820== by 0x404424: CompManager::init() (main.cpp:168)
==27820== by 0x4046F1: main (main.cpp:257)
==27820== Address 0x60 is not stack'd, malloc'd or (recently) free'd
==27820==
==27820==
==27820== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==27820== Access not within mapped region at address 0x60
==27820== at 0xA0D69B0: CompositeScreen::output() (screen.cpp:627)
==27820== by 0xA721430: PrivateGLScreen::PrivateGLScreen(GLScreen*) (screen.cpp:1139)
==27820== by 0xA72052B: GLScreen::GLScreen(CompScreen*) (screen.cpp:829)
==27820== by 0xA70FF45: PluginClassHandler<GLScreen, CompScreen, 6>::get(CompScreen*) (pluginclasshandler.h:225)
==27820== by 0xA71D74B: CompPlugin::VTableForScreenAndWindow<GLScreen, GLWindow>::initScreen(CompScreen*) (plugin.h:229)
==27820== by 0x4EB6D74: CompManager::initPlugin(CompPlugin*) (plugin.cpp:233)
==27820== by 0x4EB77CE: CompPlugin::push(CompPlugin*) (plugin.cpp:449)
==27820== by 0x4E812DF: compiz::private_screen::PluginManager::updatePlugins(CompScreen*, std::vector<CompOption::Value, std::allocator<CompOption::Value> > const&) (screen.cpp:1117)
==27820== by 0x4E8BF58: CompScreenImpl::init(char const*) (screen.cpp:4777)
==27820== by 0x404424: CompManager::init() (main.cpp:168)
==27820== by 0x4046F1: main (main.cpp:257)

Daniel van Vugt (vanvugt) wrote :

Could be related to bug 1064602.

Changed in compiz:
assignee: nobody → Daniel van Vugt (vanvugt)
Daniel van Vugt (vanvugt) wrote :

Alright, I have a fix that works. And I suspect it may fix some of those strange crashes in and around PluginClassHandler you see when toggling plugins in CCSM.

Changed in compiz:
status: New → In Progress
Omer Akram (om26er) on 2012-10-12
Changed in compiz:
importance: Undecided → High
Changed in compiz:
status: In Progress → Fix Committed
Daniel van Vugt (vanvugt) wrote :

Fix committed into lp:compiz at revision 3415

Daniel van Vugt (vanvugt) wrote :

Set to High to 0.9.8 too.

Although the crash I reported only happens with clang, not gcc or Ubuntu builds, the fix quite possibly also solves crashes we do see in Ubuntu when plugins are toggled in CCSM.

Daniel van Vugt (vanvugt) wrote :

Fix committed to lp:compiz/0.9.8 at revision 3408, scheduled for release in Compiz 0.9.8.6.

description: updated
Changed in compiz (Ubuntu):
status: New → Confirmed
description: updated
Changed in compiz (Ubuntu):
status: Confirmed → In Progress
Changed in compiz (Ubuntu Quantal):
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package compiz - 1:0.9.8.4+bzr3412-0ubuntu1

---------------
compiz (1:0.9.8.4+bzr3412-0ubuntu1) raring; urgency=low

  * New upstream snapshot.
    - Avoid duplicate template instantiations of PluginClassHandler<>, at
      least for those plugins that get re-used by others. (LP: #1065815)
    - Don't try to dereference NULL, which is returned by
      ccsGConfIntegratedSettingReadValue when it gets unexpected data
      from gconf. (LP: #1056615)
    - Stop the resize border (Rectangle resize mode) from flickering
      slightly. (LP: #1068518)
 -- Timo Jyrinki <email address hidden> Fri, 09 Nov 2012 09:52:15 +0200

Changed in compiz (Ubuntu):
status: In Progress → Fix Released
Changed in compiz-core:
status: New → Triaged
milestone: none → 0.9.7.12

Hello Daniel, or anyone else affected,

Accepted compiz into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/compiz/1:0.9.8.4+bzr3412-0ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in compiz (Ubuntu Quantal):
status: In Progress → Fix Committed
tags: added: verification-needed
tags: added: verification-done
removed: verification-needed

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package compiz - 1:0.9.8.4+bzr3412-0ubuntu0.1

---------------
compiz (1:0.9.8.4+bzr3412-0ubuntu0.1) quantal-proposed; urgency=low

  * New upstream snapshot.
    - Avoid duplicate template instantiations of PluginClassHandler<>, at
      least for those plugins that get re-used by others. (LP: #1065815)
    - Don't try to dereference NULL, which is returned by
      ccsGConfIntegratedSettingReadValue when it gets unexpected data
      from gconf. (LP: #1056615)
    - Stop the resize border (Rectangle resize mode) from flickering
      slightly. (LP: #1068518)
 -- Timo Jyrinki <email address hidden> Fri, 09 Nov 2012 09:52:15 +0200

Changed in compiz (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in compiz-core:
milestone: 0.9.7.12 → 0.9.7.14
Changed in compiz:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers