compiz crashed with SIGSEGV in dee_model_get_tag()

Bug #840758 reported by Isiac DaGraca on 2011-09-04
This bug affects 87 people
Affects Status Importance Assigned to Milestone
Fix Released
Gord Allott
unity (Ubuntu)
Gord Allott

Bug Description

everything went poof for a while, totally unexpected

using 11.10

ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: unity 4.12.0-0ubuntu2
ProcVersionSignature: Ubuntu 3.0.0-9.15-generic 3.0.3
Uname: Linux 3.0.0-9-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Sat Sep 3 22:41:10 2011
ExecutablePath: /usr/bin/compiz
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Beta i386 (20110901)
ProcCmdline: compiz
 PATH=(custom, no user)
 Segfault happened at: 0x74d5969: mov (%edx),%edx
 PC (0x074d5969) ok
 source "(%edx)" (0x00000006) not located in a known VMA region (needed readable region)!
 destination "%edx" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: unity
 ?? () from /usr/lib/
 ?? () from /usr/lib/
 dee_model_get_tag () from /usr/lib/
 ?? () from /usr/lib/
 dee_model_get_tag () from /usr/lib/
Title: compiz crashed with SIGSEGV in dee_model_get_tag()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Related branches

Isiac DaGraca (iadagraca) wrote :

 dee_sequence_model_find_tag (self=0x94be410, iter=<optimized out>, tag=0x1, out_row_tag=0xbf84a8e8, out_tag=0xbf84a8ec) at dee-sequence-model.c:788
 dee_sequence_model_get_tag (self=0x94be410, iter=0xb56fcd78, tag=0x1) at dee-sequence-model.c:640
 dee_model_get_tag (self=0x94be410, iter=0xb56fcd78, tag=0x1) at dee-model.c:1653
 dee_proxy_model_get_tag (self=0x8b850e0, iter=0xb56fcd78, tag=0x1) at dee-proxy-model.c:725
 dee_model_get_tag (self=0x8b850e0, iter=0xb56fcd78, tag=0x1) at dee-model.c:1653

Changed in unity (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Changed in unity (Ubuntu):
status: New → Confirmed
tags: added: bugpattern-needed
Didier Roche (didrocks) on 2011-09-16
visibility: private → public
Changed in unity (Ubuntu):
importance: Medium → High
status: Confirmed → Triaged
Changed in unity:
status: New → Triaged
importance: Undecided → High
milestone: none → 4.18.0

It looks like we're accessing freed memory here. Either the whole model has been freed, or just the row. Maybe there is some race when we're removing rows.

Didier Roche (didrocks) on 2011-09-16
tags: added: didrocks-oneiric-list
Tim Penhey (thumper) wrote :

I'm pretty sure that this was fix committed on the 6th Sep, and rolled into the release of the 8th of September.

David Barth (dbarth) wrote :

Thanks Tim. The bug is here to re-open anyway if the problem occurs again.

Changed in unity:
status: Triaged → Fix Released
Changed in unity (Ubuntu):
status: Triaged → Fix Released
Carl Ansell (afccarl1994) wrote :

Just had this, and I have all updates installed. Not sure how to attach a crash log to an existing bug though.

Didier Roche (didrocks) wrote :

This is not fixed. We discussed it with Neil and kamstrup and I can clearly reproduce it with the u1ms beta. That's why I changed the status already way after the release of the 6th…

Changed in unity:
status: Fix Released → Triaged
Changed in unity (Ubuntu):
status: Fix Released → Triaged
tags: added: unity-u1ms-acceptance
Alex Launi (alexlauni) on 2011-09-22
Changed in dee:
status: New → Triaged
importance: Undecided → High
David Barth (dbarth) wrote :

Hey Mikkel, I know it's not dee's fault, but that's a Mikkel-class bug, so you're on the assignees list ;)

Changed in unity:
assignee: nobody → Mikkel Kamstrup Erlandsen (kamstrup)
David Barth (dbarth) wrote :

There's already a fix ready for review.

Changed in dee:
status: Triaged → In Progress
Changed in unity (Ubuntu):
status: Triaged → In Progress
Changed in unity:
status: Triaged → In Progress
Neil J. Patel (njpatel) on 2011-09-26
Changed in unity:
assignee: Mikkel Kamstrup Erlandsen (kamstrup) → Gord Allott (gordallott)
Changed in unity (Ubuntu):
assignee: nobody → Gord Allott (gordallott)
Changed in dee:
status: In Progress → Invalid
Changed in unity:
status: In Progress → Fix Committed
Changed in unity (Ubuntu):
status: In Progress → Fix Committed
Didier Roche (didrocks) on 2011-09-26
Changed in dee:
status: Invalid → Fix Released
Changed in unity:
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (6.0 KiB)

This bug was fixed in the package unity - 4.18.0-0ubuntu1

unity (4.18.0-0ubuntu1) oneiric; urgency=low

  * New upstream release.
    - Screen corruption when resuming from suspend/hibernate (LP: #676166)
    - unity-panel-service crashed with SIGSEGV in bamf_factory_view_for_path()
      (LP: #764024)
    - Dash and launcher appear underneath windows (LP: #805087)
    - unity-panel-service crashed with SIGSEGV in g_type_check_instance_cast()
      (LP: #811401)
    - [Oneric] unity-panel-service crashed with SIGSEGV in getenv()
      (LP: #817691)
    - compiz crashed with SIGSEGV in unity::FilterBar::RemoveFilter()
      (LP: #845732)
    - crash on closing a window (LP: #856015)
    - Cannot open a window that starts iconified (LP: #732997)
    - Launcher - When useing Alt F1 launcher keyboard navigation, Launcher
      should not scroll until top or bottom of Launcher is reached
      (LP: #765749)
    - Stacking problem when switching between apps with multiple windows
      (LP: #802527)
    - Pull panel to de-maximize window occasionally not working in a secondary
      screen (LP: #802651)
    - Window under Dash gets focused if it opened later (LP: #830730)
    - Clickable areas of previously active window remains on 'Show Desktop'
      (LP: #836325)
    - A minimized window 'remains' behind on the desktop if
      is set to true (LP: #847967)
    - a11y support on Unity is broken (LP: #851103)
    - compiz crashed with SIGSEGV in dee_model_get_tag() (LP: #840758)
    - crash when looping paint list in preparePaint (on closing windows)
      (LP: #853807)
    - Alt-Tab should not preview windows at excessively large sizes
      (LP: #854740)
    - Clicking on a tweet/message link sometimes does not work (LP: #790565)
    - Dragging a launcher icon makes it squashed (LP: #855761)
    - unable to unminimize gedit windows where more than one window where one
      has a dialog open (LP: #856030)
    - (oneiric) alt-tab UX doesn't work well on multi-monitor (LP: #855364)
    - Launcher shows on the primary monitor instead of the left most monitor
      (LP: #857668)
    - Keynav - pressing down key causes launcher items to jump up and down
      (LP: #858469)
    - Windows creep cross the screen with ALT+TAB (LP: #722830)
    - Minimize animation flickr when for maximized apps (LP: #737125)
    - All unity windows are invisible (panel, launcher, dash) (LP: #745996)
    - Dash "See 97 more results" has ~1 second of latency (LP: #731158)
    - Windows cannot be dragged down from panel if banshee closed to sound
      menu (LP: #781215)
    - no menu bar on top, compositing bug? (LP: #806358)
    - Launcher - a spread can accidentally be triggered during the 'dragging
      and dropping behind the Launcher' interaction (LP: #832988)
    - Impossible to navigate between panel menus when the mouse cursor is over
      the panel (LP: #834065)
    - Pressing alt on maximized window does show menu but not window controls
      (LP: #836274)
    - Application name drawn under Dash controls when window opens under Dash
      (LP: #838176)
    - Start ...


Changed in unity (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.