Ubuntu
dee package

compiz crashed with SIGSEGV in g_atomic_int_exchange_and_add()

Bug #733343 reported by Danielt551
36
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Unity
Fix Released
Critical
Neil J. Patel
Unity 3.6.6
Unity Foundations
Fix Released
Medium
Mikkel Kamstrup Erlandsen
Unity Foundations unity-3.6.6 "2011-03-17"
dee
Fix Released
Medium
Mikkel Kamstrup Erlandsen
dee 0.5.16 "Pincoy"
dee (Ubuntu)
Fix Released
Medium
Unassigned
unity (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Again this time it was accessory daemon. Brought down sub menu, and clicked accessory and instant crash, my whole desktop disappears.

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: libnux-0.9-0 0.9.32-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-6.34-generic 2.6.38-rc7
Uname: Linux 2.6.38-6-generic i686
Architecture: i386
CrashCounter: 1
Date: Fri Mar 11 10:59:32 2011
ExecutablePath: /usr/bin/compiz
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20110310)
ProcCmdline: compiz
ProcEnviron:
 LANGUAGE=en_US:en
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x2b8369 <g_atomic_int_exchange_and_add+9>: lock xadd %eax,(%edx)
 PC (0x002b8369) ok
 source "%eax" ok
 destination "(%edx)" (0x00000014) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: nux
StacktraceTop:
 g_atomic_int_exchange_and_add () from /lib/libglib-2.0.so.0
 g_variant_unref () from /lib/libglib-2.0.so.0
 ?? () from /usr/lib/libdee-1.0.so.1
 dee_model_get_uint32 () from /usr/lib/libdee-1.0.so.1
 ?? () from /usr/lib/libdee-1.0.so.1
Title: compiz crashed with SIGSEGV in g_atomic_int_exchange_and_add()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Revision history for this message
Danielt551 (danielt551) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 g_atomic_int_exchange_and_add (atomic=0x14, val=-1) at /build/buildd/glib2.0-2.28.2/./glib/gatomic-gcc.c:29
 g_variant_unref (value=0x0) at /build/buildd/glib2.0-2.28.2/./glib/gvariant-core.c:617
 dee_serializable_model_get_uint32 (self=0x9b89900, iter=0xb6424f68, column=2) at dee-serializable-model.c:577
 dee_model_get_uint32 (self=0x9b89900, iter=0xb6424f68, column=2) at dee-model.c:1321
 dee_proxy_model_get_uint32 (self=0x98ae0f0, iter=0xb6424f68, column=2) at dee-proxy-model.c:595

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in nux (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Jamie Strandboge (jdstrand)
security vulnerability: yes → no
visibility: private → public
Revision history for this message
Paolo Sammicheli (xdatap1) wrote :

Hi, more infos available on my report 735658, duplicate of this one.

Changed in nux (Ubuntu):
status: New → Confirmed
Sebastien Bacher (seb128)
affects: nux (Ubuntu) → dee (Ubuntu)
Didier Roche-Tolomelli (didrocks)
Changed in unity:
status: New → Confirmed
Changed in dee:
status: New → Confirmed
Revision history for this message
Mikkel Kamstrup Erlandsen (kamstrup) wrote :

These lines from xsession-errors are important:

(<unknown>:1395): GLib-CRITICAL **: g_sequence_get: assertion `!is_end (iter)' failed
(<unknown>:1395): dee-CRITICAL **: Internal error: NULL row in DeeSequenceModel@0x9b89900 at position 0

It means that PlaceEntryRemote::GetResult() calls dee_model_get_XYZ() and an end iter of a DeeModel. This is a programming error from the caller, so I don't know whether it's fair for Dee to crash or not...

Neil J. Patel (njpatel)
Changed in unity:
assignee: nobody → Neil J. Patel (njpatel)
importance: Undecided → Critical
milestone: none → 3.6.6
Revision history for this message
Mikkel Kamstrup Erlandsen (kamstrup) wrote :

Committed to lp:dee

revno: 276
fixes bug(s): https://launchpad.net/bugs/733343
committer: Mikkel Kamstrup Erlandsen <email address hidden>
branch nick: MASTER
timestamp: Thu 2011-03-17 11:25:31 +0100
message:
  Don't crash when callers request invalid rows, but print a detailed critical warning and return a default value

Changed in dee:
assignee: nobody → Mikkel Kamstrup Erlandsen (kamstrup)
importance: Undecided → Medium
milestone: none → 0.5.16
status: Confirmed → Fix Committed
Changed in unity-foundations:
assignee: nobody → Mikkel Kamstrup Erlandsen (kamstrup)
importance: Undecided → Medium
milestone: none → unity-3.6.6
status: New → Fix Committed
Neil J. Patel (njpatel)
Changed in unity:
status: Confirmed → Fix Committed
Mikkel Kamstrup Erlandsen (kamstrup)
Changed in unity-foundations:
status: Fix Committed → Fix Released
Changed in dee:
status: Fix Committed → Fix Released
Changed in unity:
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dee - 0.5.16-0ubuntu1

---------------
dee (0.5.16-0ubuntu1) natty; urgency=low

  * New upstream release.
    - compiz crashed with SIGSEGV in g_atomic_int_exchange_and_add()
      (LP: #733343)
    - Implement DeeFilters for restrictions and localized sorting
      (LP: #736875)
    - Dee: compiz crashed with SIGSEGV in PlaceEntryRemote::ActivateResult()
      (LP: #733250)
  * debian/libdee-1.0-1.symbols:
    updated
 -- Didier Roche <email address hidden> Thu, 17 Mar 2011 16:21:49 +0100

Changed in dee (Ubuntu):
status: Confirmed → Fix Released
Marco Trevisan (Treviño) (3v1n0)
Changed in unity (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.