gtk-window-decorator crashed with SIGSEGV in g_hash_table_lookup_node() from g_hash_table_remove_internal() from event_filter_func() from gdk_event_apply_filters()

Bug #1060171 reported by Joshua R. Poulson on 2012-10-02
446
This bug affects 92 people
Affects Status Importance Assigned to Milestone
Compiz
High
Daniel van Vugt
0.9.8
High
Daniel van Vugt
Compiz Core
High
Daniel van Vugt
compiz (Ubuntu)
High
Daniel van Vugt
Precise
Undecided
Unassigned
Quantal
High
Daniel van Vugt

Bug Description

[IMPACT]

destroyed_pixmaps_table leaking which may cause a chain reaction leading into a crash.

[TESTCASE]

No clear testcase. Ensure there is no additional or new gtk-window-decorator crash.

[REGRESSION POTENTIAL]

Minimal, 10 lines added in the fix for cleaning the pixmaps that were destroyed.

---

Ever since upgrading to Quantal I've had compiz problems, but I also am using nvidia-current from x-swat.

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: compiz-gnome 1:0.9.8.4-0ubuntu1
ProcVersionSignature: Ubuntu 3.5.0-16.25-generic 3.5.4
Uname: Linux 3.5.0-16-generic x86_64
NonfreeKernelModules: nvidia
.proc.driver.nvidia.gpus.0: Error: [Errno 21] Is a directory: '/proc/driver/nvidia/gpus/0'
.proc.driver.nvidia.registry: Binary: ""
.proc.driver.nvidia.version:
 NVRM version: NVIDIA UNIX x86_64 Kernel Module 304.51 Tue Sep 18 17:16:56 PDT 2012
 GCC version: gcc version 4.7.2 (Ubuntu/Linaro 4.7.2-2ubuntu1)
.proc.driver.nvidia.warnings.fbdev:
 Your system is not currently configured to drive a VGA console
 on the primary VGA device. The NVIDIA Linux graphics driver
 requires the use of a text-mode VGA console. Use of other console
 drivers including, but not limited to, vesafb, may result in
 corruption and stability problems, and is not supported.
.tmp.unity.support.test.0:

ApportVersion: 2.6.1-0ubuntu1
Architecture: amd64
CompizPlugins: [core,composite,opengl,compiztoolbox,decor,vpswitch,snap,mousepoll,resize,place,move,wall,grid,regex,imgpng,session,gnomecompat,animation,fade,unitymtgrabhandles,workarounds,scale,expo,ezoom,unityshell]
CompositorRunning: compiz
Date: Tue Oct 2 05:42:27 2012
DistUpgraded: 2012-09-27 12:51:35,875 DEBUG failed to SystemUnLock() (E:Not locked)
DistroCodename: quantal
DistroVariant: ubuntu
DkmsStatus: nvidia-current, 304.51, 3.5.0-16-generic, x86_64: installed
ExecutablePath: /usr/bin/gtk-window-decorator
GraphicsCard:
 NVIDIA Corporation GT216 [Quadro FX 880M] [10de:0a3c] (rev a2) (prog-if 00 [VGA controller])
   Subsystem: Lenovo Device [17aa:2145]
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
JockeyStatus:
 kmod:nvidia_experimental_304 - Experimental NVIDIA binary Xorg driver, kernel module and VDPAU library (Proprietary, Disabled, Not in use)
 kmod:nvidia_current - nvidia_current (Proprietary, Enabled, Not in use)
 kmod:nvidia_current_updates - NVIDIA binary Xorg driver, kernel module and VDPAU library (Proprietary, Disabled, Not in use)
MachineType: LENOVO 4318CTO
ProcCmdline: /usr/bin/gtk-window-decorator
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-16-generic root=UUID=e8a3aa05-6b0e-4195-b952-25eaa014049e ro quiet splash vt.handoff=7
Signal: 11
SourcePackage: compiz
StacktraceTop:
 ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 event_filter_func ()
 ?? () from /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
 ?? () from /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
 ?? () from /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
Title: gtk-window-decorator crashed with SIGSEGV in event_filter_func()
UpgradeStatus: Upgraded to quantal on 2012-09-27 (4 days ago)
UserGroups: adm cdrom dip fuse lpadmin plugdev sambashare sudo
XorgConf:
 Section "Device"
  Identifier "Default Device"
  Option "NoLogo" "True"
 EndSection
XsessionErrors:
 gnome-session[2559]: WARNING: Application 'compiz.desktop' killed by signal 6
 gnome-session[2559]: WARNING: App 'compiz.desktop' respawning too quickly
 gnome-session[2559]: CRITICAL: We failed, but the fail whale is dead. Sorry....
 (gtk-window-decorator:2790): GLib-CRITICAL **: g_hash_table_remove_internal: assertion `hash_table != NULL' failed
dmi.bios.date: 06/06/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: 6NET83WW (1.44 )
dmi.board.name: 4318CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr6NET83WW(1.44):bd06/06/2012:svnLENOVO:pn4318CTO:pvrThinkPadW510:rvnLENOVO:rn4318CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 4318CTO
dmi.product.version: ThinkPad W510
dmi.sys.vendor: LENOVO
version.compiz: compiz 1:0.9.8.4-0ubuntu1
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.39+git20120918.2426a6a7-0ubuntu0ricotz2
version.libgl1-mesa-dri: libgl1-mesa-dri 9.1~git20120929.9549e55f-0ubuntu0ricotz
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 9.1~git20120929.9549e55f-0ubuntu0ricotz
version.nvidia-graphics-drivers: nvidia-graphics-drivers N/A
version.xserver-xorg-core: xserver-xorg-core 2:1.13.0+git20120920.70e57668-0ubuntu0ricotz
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.7.3-0ubuntu1
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.99.99+git20120928.e8cb0b72-0ubuntu0sarvatt
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.20.9+git20121001.51202798-0ubuntu0sarvatt
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.2+git20120928.5c9379b1-0ubuntu0sarvatt

Joshua R. Poulson (jrp) wrote :

StacktraceTop:
 g_hash_table_lookup_node (hash_return=<synthetic pointer>, key=0x2e0056d, hash_table=0xffc35732ffe9673b) at /build/buildd/glib2.0-2.34.0/./glib/ghash.c:401
 g_hash_table_remove_internal (hash_table=0xffc35732ffe9673b, key=0x2e0056d, notify=1) at /build/buildd/glib2.0-2.34.0/./glib/ghash.c:1269
 event_filter_func (gdkxevent=<optimized out>, event=<optimized out>, data=<optimized out>) at /build/buildd/compiz-0.9.8.4/gtk/window-decorator/events.c:1102
 gdk_event_apply_filters (filters=<optimized out>, event=<optimized out>, xevent=<optimized out>) at /build/buildd/gtk+2.0-2.24.13/gdk/x11/gdkevents-x11.c:356
 gdk_event_translate (display=display@entry=0x1bff020, event=event@entry=0x1d0ddc0, xevent=xevent@entry=0x7fff6ad552d0, return_exposes=return_exposes@entry=0) at /build/buildd/gtk+2.0-2.24.13/gdk/x11/gdkevents-x11.c:946

Changed in compiz (Ubuntu):
importance: Undecided → Medium
summary: - gtk-window-decorator crashed with SIGSEGV in event_filter_func()
+ gtk-window-decorator crashed with SIGSEGV in g_hash_table_lookup_node()
tags: removed: need-amd64-retrace

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in compiz (Ubuntu):
status: New → Confirmed
C de-Avillez (hggdh2) on 2012-10-02
visibility: private → public
summary: gtk-window-decorator crashed with SIGSEGV in g_hash_table_lookup_node()
+ from g_hash_table_remove_internal() from event_filter_func() from
+ gdk_event_apply_filters()
Changed in compiz:
importance: Undecided → High
status: New → Triaged
Changed in compiz (Ubuntu):
status: Confirmed → Triaged
importance: Medium → High
Changed in compiz:
milestone: none → 0.9.9.0
assignee: nobody → Daniel van Vugt (vanvugt)
summary: - gtk-window-decorator crashed with SIGSEGV in g_hash_table_lookup_node()
- from g_hash_table_remove_internal() from event_filter_func() from
- gdk_event_apply_filters()
+ Crash compiz

Same trouble, quantal amd64, nouveau

summary: - Crash compiz
+ gtk-window-decorator crashed with SIGSEGV in g_hash_table_lookup_node()
+ from g_hash_table_remove_internal() from event_filter_func() from
+ gdk_event_apply_filters()
John Mitchell (mitchellj) wrote :

Also getting the issue on a ATI Card. Very probable a red-herring but this happened as soon as I forcefully terminated all net connections (from my router), it closed any open TCP Streams.

Mario Vukelic (mario-vukelic) wrote :

Happened to me with nouveau in quantal amd64. I started a video in smplayer and switched to fullscreen. Shortly after that I left fullscreen and found compiz crashed.

Changed in compiz-core:
status: New → Triaged
assignee: nobody → Daniel van Vugt (vanvugt)
importance: Undecided → High
milestone: none → 0.9.7.10
Changed in compiz:
status: Triaged → In Progress
Christopher (soft-kristal) wrote :

This happened twice on two different computers, one AMD and the other Intel.

Changed in compiz:
status: In Progress → Fix Committed
Changed in compiz (Ubuntu):
assignee: nobody → Preben Lauritzen Duus (preben-duus)
Daniel van Vugt (vanvugt) wrote :

Fix committed into lp:compiz at revision 3411

Changed in compiz (Ubuntu):
assignee: Preben Lauritzen Duus (preben-duus) → nobody
Daniel van Vugt (vanvugt) wrote :

Fix committed into lp:compiz/0.9.8 at revision 3407

Changed in compiz-core:
status: Triaged → Fix Committed
Daniel van Vugt (vanvugt) wrote :

Fix committed into lp:compiz-core/0.9.7 at revision 3121

Changed in compiz (Ubuntu):
assignee: nobody → Daniel van Vugt (vanvugt)
Wajih Letaief (mawale) wrote :

occurs again after a GDM update

Mtt.Castelli (mtt.castelli) wrote :

     :~$ lsb_release -rd
Description: Ubuntu quantal (development branch)
Release: 12.10
     :~$ lspci
00:00.0 Host bridge: Intel Corporation 82915G/P/GV/GL/PL/910GL Memory Controller Hub (rev 04)
00:01.0 PCI bridge: Intel Corporation 82915G/P/GV/GL/PL/910GL PCI Express Root Port (rev 04)
00:1b.0 Audio device: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) High Definition Audio Controller (rev 03)
00:1c.0 PCI bridge: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) PCI Express Port 1 (rev 03)
00:1c.1 PCI bridge: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) PCI Express Port 2 (rev 03)
00:1d.0 USB controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #1 (rev 03)
00:1d.1 USB controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #2 (rev 03)
00:1d.2 USB controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #3 (rev 03)
00:1d.3 USB controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #4 (rev 03)
00:1d.7 USB controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB2 EHCI Controller (rev 03)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev d3)
00:1f.0 ISA bridge: Intel Corporation 82801FB/FR (ICH6/ICH6R) LPC Interface Bridge (rev 03)
00:1f.1 IDE interface: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) IDE Controller (rev 03)
00:1f.2 IDE interface: Intel Corporation 82801FR/FRW (ICH6R/ICH6RW) SATA Controller (rev 03)
00:1f.3 SMBus: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) SMBus Controller (rev 03)
01:04.0 Mass storage controller: Integrated Technology Express, Inc. IT8212 Dual channel ATA RAID controller (rev 13)
01:09.0 Multimedia controller: Philips Semiconductors SAA7130 Video Broadcast Decoder (rev 01)
01:0a.0 USB controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 62)
01:0a.1 USB controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 62)
01:0a.2 USB controller: VIA Technologies, Inc. USB 2.0 (rev 65)
02:00.0 Ethernet controller: Marvell Technology Group Ltd. 88E8053 PCI-E Gigabit Ethernet Controller (rev 15)
04:00.0 VGA compatible controller: NVIDIA Corporation G86 [GeForce 8400 GS] (rev a1)

Same issue here.

lsb_release -rd output
------------------------------
Description: Ubuntu 12.10
Release: 12.10

lspci output
----------------
00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor Family DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller (rev 09)
00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 (rev b4)
00:1c.1 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 2 (rev b4)
00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation HM65 Express Chipset Family LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller (rev 04)
00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller (rev 04)
02:00.0 Ethernet controller: Broadcom Corporation NetLink BCM57785 Gigabit Ethernet PCIe (rev 10)
02:00.1 SD Host controller: Broadcom Corporation NetXtreme BCM57765 Memory Card Reader (rev 10)
02:00.2 System peripheral: Broadcom Corporation Device 16be (rev 10)
02:00.3 System peripheral: Broadcom Corporation Device 16bf (rev 10)
03:00.0 Network controller: Atheros Communications Inc. AR9287 Wireless Network Adapter (PCI-Express) (rev 01)

description: updated
Didier Roche (didrocks) on 2012-10-17
description: updated
Markus Klyver (markusklyver) wrote :

Sam problem here. Compiz keeps crashing whole the time.

Chris Halse Rogers (raof) wrote :

The upload to quantal-proposed seems to have unrelated changes - specifically, it appears to remove a couple of xml.in files in gtk/gnome/, and disable a test. Are these changes intentional? If so, please document them in the changelog. If not, please remove them :).

I've rejected the upload from the unapproved queue; please reupload after addressing my issues!

Łukasz Zemczak (sil2100) wrote :

@RAOF
I'm looking into it right now, so far what I found: the removed gtk/gnome/ files are not written in the current changelog since they were supposedly cherry-picked in an earlier release. Changelog entry:

  * Cherry-picked from upstream:
    - ABI bump due to an ABI change in the composite plugin
    - Removed schema keys still used in keybindings and automated tests
      (LP: #1057955)

LP: #1057955 is the bug related to the files removal and it was already mentioned in the changelog for version 1:0.9.8.4-0ubuntu1. The changelog policy is that if a change is already cherry-picked and mentioned in some release, we do not re-insert it into the changelog for the second time. SInce cherry-picked things get automatically inserted in a new tarball.
I hope this resolves this issue.

As for the disable of tests - I remember there was a changelog entry for that, but Didier removed it when doing a push to quantal-proposed. Will check that out and keep you in touch.

Hello Joshua, or anyone else affected,

Accepted compiz into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/compiz/1:0.9.8.4+bzr3407-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in compiz (Ubuntu Quantal):
status: Triaged → Fix Committed
tags: added: verification-needed
Timo Jyrinki (timo-jyrinki) wrote :

I've been running the bzr3407 compiz now for over a week without crashes (I did see this before it).

tags: added: verification-done
removed: verification-needed

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package compiz - 1:0.9.8.4+bzr3407-0ubuntu1

---------------
compiz (1:0.9.8.4+bzr3407-0ubuntu1) quantal-proposed; urgency=low

  * New upstream snapshot.
    - Cherry-picked fixes in Ubuntu merged to development branch
    - Fix leakage of destroyed_pixmaps_table, containing pointers to freed
      decor_t's which could result in a freed GHashTable being passed into
      g_hash_table_remove and causing a crash. (LP: #1060171)
 -- Timo Jyrinki <email address hidden> Fri, 12 Oct 2012 13:36:25 +0300

Changed in compiz (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in compiz (Ubuntu):
status: Triaged → Fix Released
Changed in compiz-core:
status: Fix Committed → Fix Released

Hello Joshua, or anyone else affected,

Accepted compiz into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/compiz/1:0.9.7.8+bzr3121-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in compiz (Ubuntu Precise):
status: New → Fix Committed
tags: removed: verification-done
tags: added: verification-needed
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package compiz - 1:0.9.7.8+bzr3121-0ubuntu1

---------------
compiz (1:0.9.7.8+bzr3121-0ubuntu1) precise-proposed; urgency=low

  * New upstream stable branch snapshot.
    - Includes all the previous cherry-picked fixes
    - Fix crash when imgsvg is loaded, due to missing symbol
      (decor_apply_gravity from libdecoration). (LP: #956986)
    - Fix multiple window placement bugs (LP: #974242) (LP: #976032)
    - Fix window handle leak causing gradual degradation in desktop
      performance (LP: #1050610)
    - Some decoration pixmaps get leaked on window resize, due to race
      conditions between gtk-window-decorator and the decor plugin.
      (LP: #1057263)
    - Avoid a NULL dereference and give a useful error message instead.
      (LP: #944653)
    - Fix leakage of destroyed_pixmaps_table, containing pointers to freed
      decor_t's which could result in a freed GHashTable being passed into
      g_hash_table_remove and causing a crash. (LP: #1060171)
  * debian/patches/compiz-package-gles2.patch:
    - Drop the NEWS file, update decor.cpp part to build with new upstream
      code.
  * debian/patches/revert_fix_933776_955035.patch:
    - Cherry-pick the revert from upstream since the bug fix is not
      suitable for SRU as is
  * debian/patches/revert_fix_994841.patch:
    - Cherry-pick also this revert as non-SRU material, not relevant
      to users
  * debian/libdecoration0.symbols:
    - Update with latest symbols
 -- Timo Jyrinki <email address hidden> Mon, 12 Nov 2012 13:56:29 +0200

Changed in compiz (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in compiz:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers