xfce4-display-settings crashed with SIGSEGV in convert_xfce_output_info()

Bug #1665048 reported by Alistair Buxton on 2017-02-15
This bug affects 15 people
Affects Status Importance Assigned to Milestone
xfce4-settings (Ubuntu)

Bug Description

To reproduce:

1. Install Xubuntu 17.04 in virtualbox, with a single monitor/all default settings.
2. Boot up the machine and DO NOT resize the virtual display window.
3. Start xfce4-display-settings - it works fine.
4. Maximize the virtual display window. The window itself should get bigger, but the guest desktop window will remain 800x600.
5. Start xfce4-display-settings again.

Result: instant segfault.

This isn't 100% reproducible, but when it happens it will happen repeatedly.

ProblemType: Crash
DistroRelease: Ubuntu 17.04
Package: xfce4-settings 4.12.1-1ubuntu1
ProcVersionSignature: Ubuntu 4.9.0-15.16-generic 4.9.5
Uname: Linux 4.9.0-15-generic x86_64
ApportVersion: 2.20.4-0ubuntu2
Architecture: amd64
CurrentDesktop: XFCE
Date: Wed Feb 15 17:25:12 2017
ExecutablePath: /usr/bin/xfce4-display-settings
InstallationDate: Installed on 2017-02-13 (1 days ago)
InstallationMedia: Xubuntu 17.04 "Zesty Zapus" - Alpha amd64 (20170213)
ProcCmdline: xfce4-display-settings
Signal: 11
SourcePackage: xfce4-settings
 ?? ()
 ?? ()
 ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
 g_closure_invoke () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
 ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
Title: xfce4-display-settings crashed with SIGSEGV in g_closure_invoke()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Alistair Buxton (a-j-buxton) wrote :
information type: Private → Public

Thank you for taking the time to report this crash and helping to make this software better. This particular crash has already been reported and is a duplicate of bug #1628250, so is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Please continue to report any other bugs you may find.

tags: removed: need-amd64-retrace

Removing duplicate bug report because it is private and cannot be accessed.

Changed in xfce4-settings:
importance: Unknown → High
status: Unknown → Confirmed
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in xfce4-settings (Ubuntu):
status: New → Confirmed
description: updated
Alistair Buxton (a-j-buxton) wrote :
Download full text (6.2 KiB)

Here is a full backtrace:

#0 0x000055555555b684 in ()
#1 0x000055555555bc23 in ()
#6 0x00007ffff671cfbf in <emit signal ??? on instance 0x555555803040 [XfceTitledDialog]> (instance=instance@entry=0x555555803040, signal_id=<optimised out>, detail=detail@entry=0) at ././gobject/gsignal.c:3447
        var_args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffe1d0, reg_save_area = 0x7fffffffe110}}
    #2 0x00007ffff749892c in _gtk_marshal_BOOLEAN__BOXED (closure=0x5555559e3f20, return_value=0x7fffffffded0, n_param_values=<optimised out>, param_values=0x7fffffffdf30, invocation_hint=<optimised out>, marshal_data=<optimised out>) at gtkmarshalers.c:86
                callback = 0x55555555bb40
                cc = 0x5555559e3f20
                data1 = 0x555555803040
                data2 = <optimised out>
                v_return = <optimised out>
                __func__ = "_gtk_marshal_BOOLEAN__BOXED"
    #3 0x00007ffff6701f75 in g_closure_invoke (closure=0x5555559e3f20, return_value=return_value@entry=0x7fffffffded0, n_param_values=2, param_values=param_values@entry=0x7fffffffdf30, invocation_hint=invocation_hint@entry=0x7fffffffdeb0) at ././gobject/gclosure.c:804
                marshal = <optimised out>
                marshal_data = <optimised out>
                in_marshal = 0
                real_closure = 0x5555559e3f00
                __func__ = "g_closure_invoke"
    #4 0x00007ffff6714053 in signal_emit_unlocked_R (node=node@entry=0x5555557eaf70, detail=detail@entry=0, instance=instance@entry=0x555555803040, emission_return=emission_return@entry=0x7fffffffe040, instance_and_params=instance_and_params@entry=0x7fffffffdf30) at ././gobject/gsignal.c:3705
                tmp = <optimised out>
                handler = 0x5555559e2340
                accumulator = 0x5555557eada0
                emission =
                  {next = 0x0, instance = 0x555555803040, ihint = {signal_id = 53, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 4}
                handler_list = <optimised out>
                return_accu = 0x7fffffffded0
                accu =
                      {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                signal_id = 53
                max_sequential_handler_number = 171
                return_value_altered = 1
    #5 0x00007ffff671c67f in g_signal_emit_valist (instance=<optimised out>, signal_id=<optimised out>, detail=<optimised out>, var_args=var_args@entry=0x7fffffffe0f0) at ././gobject/gsignal.c:3401
                return_value =
                      {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                error = 0x0
                rtype = 20
                static_scope = 0
                instance_and_params = 0...


Alistair Buxton (a-j-buxton) wrote :

These warnings are output:

al@al-xfce:~$ xfce4-display-settings

(xfce4-display-settings:2148): xfce4-display-settings-CRITICAL **: xfce_randr_mode_width: assertion 'mode != NULL' failed

(xfce4-display-settings:2148): xfce4-display-settings-CRITICAL **: xfce_randr_mode_height: assertion 'mode != NULL' failed
Segmentation fault (core dumped)

description: updated
Alistair Buxton (a-j-buxton) wrote :

Here is a video demonstrating the bug:


This only works reliably if you do it immediately upon booting the installed system for the first time.

Alistair Buxton (a-j-buxton) wrote :
Alistair Buxton (a-j-buxton) wrote :

Attached are the two xrandr outputs from the video.

Kev Bowring (flocculant) wrote :

See the crash - but I get no warnings, just ' Segmentation fault (core dumped)'

Alistair Buxton (a-j-buxton) wrote :

I noticed that the crash doesn't seem to happen if you change the screenmode from within xfce4-display-settings before resizing the window.

I think what happens is something like this:

1. Xfce desktop starts at the default resolution 800x600.
2. Resizing the VBox window changes the list of available screen modes, but not the current screenmode.
3. xfce4-display-settings starts. Because there is no existing configuration it asks for the current desktop size, and ask xrandr for the screen mode matching that size.
4. Because that screen mode is no longer in the list, xrandr returns "no such mode".
5. xfce4-display-settings can't handle that, so it crashes.

Alistair Buxton (a-j-buxton) wrote :

One more thing: I can reproduce this crash even when the guest utilities are installed and working correctly, if I resize the virtualbox window and then quickly run display settings before the display is resized to match the new window size (which takes about 2 seconds to happen).

Liam Proven (lproven) wrote :

Confirmed in 17.10 as well.

Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:

tags: added: iso-testing

Bug #1628250 is now public.

summary: - xfce4-display-settings crashed with SIGSEGV in g_closure_invoke()
+ xfce4-display-settings crashed with SIGSEGV in
+ convert_xfce_output_info()

 convert_xfce_output_info (output_id=<optimized out>) at main.c:1618
 get_output_for_window (window=<optimized out>) at main.c:2671
 select_current_output_from_dialog_position (app=0x557e3781ee90) at main.c:2708
 dialog_map_event_cb (widget=widget@entry=0x7f366000c580, event=<optimized out>, data=0x557e3781ee90) at main.c:2722
 _gtk_marshal_BOOLEAN__BOXED (closure=0x557e3781f130, return_value=0x7ffe4fdc5840, n_param_values=<optimized out>, param_values=0x7ffe4fdc58a0, invocation_hint=<optimized out>, marshal_data=<optimized out>) at gtkmarshalers.c:86

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.