metacity crashed with SIGSEGV in g_list_length()

Bug #145282 reported by Jerome Haltom on 2007-09-26
Affects Status Importance Assigned to Milestone
metacity (Ubuntu)
Ubuntu Desktop Bugs

Bug Description

Binary package hint: metacity

I was just working.

ProblemType: Crash
Architecture: amd64
CrashCounter: 1
Date: Wed Sep 26 11:35:55 2007
DistroRelease: Ubuntu 7.10
ExecutablePath: /usr/bin/metacity
NonfreeKernelModules: vmnet vmblock vmmon nvidia
Package: metacity 1:2.20.0-0ubuntu1
PackageArchitecture: amd64
ProcCmdline: /usr/bin/metacity --sm-client-id=default0
ProcCwd: /home/jhaltom
Signal: 11
SourcePackage: metacity
 g_list_length () from /usr/lib/
 ?? ()
 ?? ()
 ?? ()
 ?? ()
Title: metacity crashed with SIGSEGV in g_list_length()
Uname: Linux station-1 2.6.22-12-generic #1 SMP Sun Sep 23 20:03:18 GMT 2007 x86_64 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin netdev plugdev powerdev scanner video
 Segfault happened at: 0x2b4445491ac7 <g_list_length+7>: mov 0x8(%rdi),%rdi
 PC (0x2b4445491ac7) ok
 source "0x8(%rdi)" (0x68712748) not located in a known VMA region (needed readable region)!
 destination "%rdi" ok
SegvReason: reading unknown VMA

Jerome Haltom (wasabi) wrote :

StacktraceTop:do_screen_and_xinerama_relative_constraints (window=0x876600,
do_all_constraints (window=0x876600, info=0x7fff670ff840, priority=PRIORITY_MINIMUM,
meta_window_constrain (window=0x876600, orig_fgeom=0x7fff670ff9f0, flags=<value optimized out>,
meta_window_move_resize_internal (window=0x876600, flags=24, gravity=1,
meta_window_move_resize (window=0x68712740, user_op=<value optimized out>, root_x_nw=0,

Changed in metacity:
importance: Undecided → Medium
Sebastien Bacher (seb128) wrote :

Thanks for your bug report. This bug has been reported to the developers of the software. You can track it and make comments here:

Changed in metacity:
assignee: nobody → desktop-bugs
status: New → Triaged
Changed in metacity:
status: Unknown → New
Changed in metacity:
status: New → Incomplete
Marnanel Thurman (marnanel) wrote :

[Sorry, I asked this upstream and the reporter clearly didn't get the message.]

This is going to be a tough one to track down if we can't reproduce it. Can you reproduce this bug? What were you actually doing, not moving windows around or switching between windows or anything? Were you just typing away, or were you not touching the computer at all?

FWIW, the call to g_list_length here is pretty useless except if you have logging on. We should probably remove it unless you do, and save a few cycles. On the other hand, it wouldn't fix this crash, since it's not *really* a problem with g_list_length but with the rectangle list containing a pointer outside the segment. We can't tell what that rectangle list was, since that depends on what called do_screen_and_xinerama_relative_constraints(), and that information's been optimised away. Unless we can find out more, we're going to have to close this for lack of information.

Marnanel Thurman (marnanel) wrote :

I did actually add a check for verbose mode yesterday, so that the log message's size and content are not calculated unless it'll be used, and hence g_list_length won't be called. This closes the presenting problem. But we still have the difficulty that the presenting problem can only have been caused by a degenerate list, which would have caused problems further down the line, and the real problem would have been finding where this list went bad. However, we can't do that unless we can replicate, and we've only had one report of this problem. Hence, I'm closing this upstream as INVALID. However, if this happens again, let us know.

Changed in metacity:
status: Incomplete → Invalid
Kees Cook (kees) on 2009-09-16
description: updated

I am closing this bug since no further information has been provided.

Changed in metacity (Ubuntu):
status: Triaged → Invalid
Changed in metacity:
importance: Unknown → Critical
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.