compiz crashed with SIGSEGV in nux::Rect::Rect() from unity::launcher::LauncherIcon::OpenQuicklist() from RecvMouseDown() from unity::launcher::LauncherIcon::RecvMouseDown()

Bug #954736 reported by Platon Pukhlechev on 2012-03-14
58
This bug affects 7 people
Affects Status Importance Assigned to Milestone
Unity
Fix Released
High
Brandon Schaefer
unity (Ubuntu)
Medium
Brandon Schaefer

Bug Description

Unity crashed accidentaly

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: libnux-2.0-0 2.6.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-18.29-generic-pae 3.2.9
Uname: Linux 3.2.0-18-generic-pae i686
ApportVersion: 1.94.1-0ubuntu2
Architecture: i386
CrashCounter: 1
Date: Wed Mar 14 12:51:48 2012
ExecutablePath: /usr/bin/compiz
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta i386 (20120301)
ProcCmdline: compiz
SegvAnalysis:
 Segfault happened at: 0xb4df8fb8 <_ZN3nux4RectC2ERKS0_+8>: mov (%edx),%ecx
 PC (0xb4df8fb8) ok
 source "(%edx)" (0x5fe0a7f8) not located in a known VMA region (needed readable region)!
 destination "%ecx" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: nux
StacktraceTop:
 nux::Rect::Rect(nux::Rect const&) () from /usr/lib/libnux-core-2.0.so.0
 unity::launcher::LauncherIcon::OpenQuicklist(bool, int) () from /usr/lib/compiz/libunityshell.so
 unity::launcher::LauncherIcon::RecvMouseDown(int, int) () from /usr/lib/compiz/libunityshell.so
 sigc::internal::slot_call2<sigc::bound_mem_functor2<void, unity::launcher::LauncherIcon, int, int>, void, int, int>::call_it(sigc::internal::slot_rep*, int const&, int const&) () from /usr/lib/compiz/libunityshell.so
 sigc::internal::signal_emit2<void, int, int, sigc::nil>::emit(sigc::internal::signal_impl*, int const&, int const&) () from /usr/lib/compiz/libunityshell.so
Title: compiz crashed with SIGSEGV in nux::Rect::Rect()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Related branches

StacktraceTop:
 nux::Rect::Rect (this=0xbff2ef40, r=...) at ./Rect.cpp:54
 unity::launcher::LauncherIcon::OpenQuicklist (this=0x90965d8, default_to_first_item=false, monitor=1701667150) at /build/buildd/unity-5.6.0/plugins/unityshell/src/LauncherIcon.cpp:578
 RecvMouseDown (this=0x90965d8, button=<optimized out>, monitor=<optimized out>) at /build/buildd/unity-5.6.0/plugins/unityshell/src/LauncherIcon.cpp:607
 unity::launcher::LauncherIcon::RecvMouseDown (this=0x90965d8, button=3, monitor=0) at /build/buildd/unity-5.6.0/plugins/unityshell/src/LauncherIcon.cpp:604
 operator() (this=0x90a91bc, _A_a1=<optimized out>, _A_a2=<optimized out>) at /usr/include/sigc++-2.0/sigc++/functors/mem_fun.h:1917

Changed in nux (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nux (Ubuntu):
status: New → Confirmed
visibility: private → public
summary: - compiz crashed with SIGSEGV in nux::Rect::Rect()
+ compiz crashed with SIGSEGV in nux::Rect::Rect() from
+ unity::launcher::LauncherIcon::OpenQuicklist() from RecvMouseDown() from
+ unity::launcher::LauncherIcon::RecvMouseDown()
affects: nux (Ubuntu) → unity (Ubuntu)
Changed in unity:
status: New → Confirmed
importance: Undecided → High
milestone: none → 5.12.0

I actually fixed this. It was caused by a by _last_monitor being uninitialized. So if you somehow managed to right click the LauncherIcon before LauncherIcon::RecvMouseEnter went off. This is because when you right click the icon it calls OpenQuicklist() and it uses the default values (monitor = -1). Then in OpenQuicklist() if monitor < 0 it uses _last_monitor which if it is uninitialized cause all those huge numbers in the stacktrace. Then CRASH!

This is why it was extremely hard to reproduce, I messed up a branch where I removed the mouse enter callback signal; so it was happening every time.

Changed in unity:
assignee: nobody → Brandon Schaefer (brandontschaefer)
Changed in unity (Ubuntu):
assignee: nobody → Brandon Schaefer (brandontschaefer)

Line 84 in the diff on the attached branch. It was a random thing I found which is why it wasn't included in its own branch.

Daniel van Vugt (vanvugt) wrote :

OK then. Apparently fix committed to lp:unity at revision 2194.

Changed in unity:
status: Confirmed → Fix Committed
milestone: 5.12.0 → 5.10.0
Didier Roche (didrocks) on 2012-04-12
Changed in unity:
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (9.2 KiB)

This bug was fixed in the package unity - 5.10.0-0ubuntu3

---------------
unity (5.10.0-0ubuntu3) precise-proposed; urgency=low

  [ Oliver Grawert ]
  * Enable subarch specific quilt support
  * add linaros disable_standalone-clients.patch to make unity build with GLES

  [ Didier Roche ]
  * remove a symlink and replace with a real file for
    debian/patches/series.<arch> as not supported in non v3 (and we don't
    want v3 format with full source upstream derived branch)

unity (5.10.0-0ubuntu2) precise-proposed; urgency=low

  [ Ricardo Salveti de Araujo ]
  * Enabling build with OpenGL ES2.0 support for ARM and disable maintainer
     mode on that arch to avoid -Werror failure (LP: #980544)

unity (5.10.0-0ubuntu1) precise-proposed; urgency=low

  * New upstream release:
    - bamfdaemon crashed with SIGABRT in g_assertion_message() (LP: #926208)
    - We are using 1 bad hack for compiz hanging on startup (LP: #963264)
    - GConf backend steals glib events from compiz (LP: #965220)
    - when I closed QupZill brawser it crashed and then and then I sow
      worrning that compiz crashed but fire fox and chrome is estle working.
      gtk-window-decorator crashed with SIGSEGV in max_window_name_width()
      (LP: #948580)
    - compiz crashed with SIGSEGV in std::basic_string<...>::basic_string()
      from unity::launcher::HudLauncherIcon::HudLauncherIcon()::{lambda} from
      unity::UBusManager::OnCallback (LP: #964897)
    - unity-panel-service crashed due to heap corruption in g_free() from
      service_proxy_name_changed() [libindicator/indicator-service-
      manager.c:574] (LP: #969360)
    - Opening dash while an application is maximized makes unity completely
      useless, have to relogin (LP: #975103)
    - unity crash on alt-tab (LP: #975168)
    - Top bar - Menus should be condensed to fit panel/overlay of appmenu
      (LP: #655184)
    - Topbar - window controls for maximised windows in the top bar should
      conform to Fitts's law (LP: #839690)
    - [FFe, UIFe] Dash - When the Dash is open and there is a maximised app in
      the background, the top bar background should not disappear
      (LP: #839480)
    - Dash - The inner bottom left, bottom right and top right corners of the
      desktop dash border are rendered incorrectly (LP: #839476)
    - Showdesktoped window contents invisible in window spread (LP: #877778)
    - Maximized windows can be accidentally closed from wrong monitor.
      (LP: #865701)
    - Unity launcher on-screen corruption on resume from suspend with nVidia
      proprietary driver (LP: #915265)
    - Launcher - Inserting items into launcher makes unnecessary animations on
      other monitors (LP: #925021)
    - Far left character in panel (and launcher popups) distorted
      (LP: #927441)
    - Jenkins build failure: SetAcceptKeyNavFocusOnMouseEnter not declared
      (LP: #938037)
    - super+<unbound key> and sometimes super+<number> keys now cause launch
      to wedge with the key hints shown and retains focus instead of selecting
      the requested window (LP: #934084)
    - three-finger move does not move (Precise) (LP: #940612)
    - compiz crashed with SIGSEGV in std::__de...

Read more...

Changed in unity (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers