compiz crashed with SIGSEGV in g_atomic_int_exchange_and_add()

Bug #733343 reported by Danielt551 on 2011-03-11
36
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Unity
Fix Released
Critical
Neil J. Patel
Unity Foundations
Medium
Mikkel Kamstrup Erlandsen
dee
Medium
Mikkel Kamstrup Erlandsen
dee (Ubuntu)
Medium
Unassigned
unity (Ubuntu)
Undecided
Unassigned

Bug Description

Again this time it was accessory daemon. Brought down sub menu, and clicked accessory and instant crash, my whole desktop disappears.

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: libnux-0.9-0 0.9.32-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-6.34-generic 2.6.38-rc7
Uname: Linux 2.6.38-6-generic i686
Architecture: i386
CrashCounter: 1
Date: Fri Mar 11 10:59:32 2011
ExecutablePath: /usr/bin/compiz
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20110310)
ProcCmdline: compiz
ProcEnviron:
 LANGUAGE=en_US:en
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x2b8369 <g_atomic_int_exchange_and_add+9>: lock xadd %eax,(%edx)
 PC (0x002b8369) ok
 source "%eax" ok
 destination "(%edx)" (0x00000014) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: nux
StacktraceTop:
 g_atomic_int_exchange_and_add () from /lib/libglib-2.0.so.0
 g_variant_unref () from /lib/libglib-2.0.so.0
 ?? () from /usr/lib/libdee-1.0.so.1
 dee_model_get_uint32 () from /usr/lib/libdee-1.0.so.1
 ?? () from /usr/lib/libdee-1.0.so.1
Title: compiz crashed with SIGSEGV in g_atomic_int_exchange_and_add()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Danielt551 (danielt551) wrote :

StacktraceTop:
 g_atomic_int_exchange_and_add (atomic=0x14, val=-1) at /build/buildd/glib2.0-2.28.2/./glib/gatomic-gcc.c:29
 g_variant_unref (value=0x0) at /build/buildd/glib2.0-2.28.2/./glib/gvariant-core.c:617
 dee_serializable_model_get_uint32 (self=0x9b89900, iter=0xb6424f68, column=2) at dee-serializable-model.c:577
 dee_model_get_uint32 (self=0x9b89900, iter=0xb6424f68, column=2) at dee-model.c:1321
 dee_proxy_model_get_uint32 (self=0x98ae0f0, iter=0xb6424f68, column=2) at dee-proxy-model.c:595

Changed in nux (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
security vulnerability: yes → no
visibility: private → public
Paolo Sammicheli (xdatap1) wrote :

Hi, more infos available on my report 735658, duplicate of this one.

Changed in nux (Ubuntu):
status: New → Confirmed
affects: nux (Ubuntu) → dee (Ubuntu)
Didier Roche (didrocks) on 2011-03-16
Changed in unity:
status: New → Confirmed
Changed in dee:
status: New → Confirmed

These lines from xsession-errors are important:

(<unknown>:1395): GLib-CRITICAL **: g_sequence_get: assertion `!is_end (iter)' failed
(<unknown>:1395): dee-CRITICAL **: Internal error: NULL row in DeeSequenceModel@0x9b89900 at position 0

It means that PlaceEntryRemote::GetResult() calls dee_model_get_XYZ() and an end iter of a DeeModel. This is a programming error from the caller, so I don't know whether it's fair for Dee to crash or not...

Neil J. Patel (njpatel) on 2011-03-17
Changed in unity:
assignee: nobody → Neil J. Patel (njpatel)
importance: Undecided → Critical
milestone: none → 3.6.6

Committed to lp:dee

revno: 276
fixes bug(s): https://launchpad.net/bugs/733343
committer: Mikkel Kamstrup Erlandsen <email address hidden>
branch nick: MASTER
timestamp: Thu 2011-03-17 11:25:31 +0100
message:
  Don't crash when callers request invalid rows, but print a detailed critical warning and return a default value

Changed in dee:
assignee: nobody → Mikkel Kamstrup Erlandsen (kamstrup)
importance: Undecided → Medium
milestone: none → 0.5.16
status: Confirmed → Fix Committed
Changed in unity-foundations:
assignee: nobody → Mikkel Kamstrup Erlandsen (kamstrup)
importance: Undecided → Medium
milestone: none → unity-3.6.6
status: New → Fix Committed
Neil J. Patel (njpatel) on 2011-03-17
Changed in unity:
status: Confirmed → Fix Committed
Changed in unity-foundations:
status: Fix Committed → Fix Released
Changed in dee:
status: Fix Committed → Fix Released
Changed in unity:
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dee - 0.5.16-0ubuntu1

---------------
dee (0.5.16-0ubuntu1) natty; urgency=low

  * New upstream release.
    - compiz crashed with SIGSEGV in g_atomic_int_exchange_and_add()
      (LP: #733343)
    - Implement DeeFilters for restrictions and localized sorting
      (LP: #736875)
    - Dee: compiz crashed with SIGSEGV in PlaceEntryRemote::ActivateResult()
      (LP: #733250)
  * debian/libdee-1.0-1.symbols:
    updated
 -- Didier Roche <email address hidden> Thu, 17 Mar 2011 16:21:49 +0100

Changed in dee (Ubuntu):
status: Confirmed → Fix Released
Changed in unity (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers