Bug 1331021 - Assertion "(_cairo_atomic_int_get (&(&surface->ref_count)->ref_count) > 0)
Summary: Assertion "(_cairo_atomic_int_get (&(&surface->ref_count)->ref_count) > 0)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: cairo
Version: 25
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Benjamin Otte
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1364824 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-27 13:09 UTC by Jaroslav Škarvada
Modified: 2016-08-08 08:00 UTC (History)
5 users (show)

Fixed In Version: cairo-1.14.6-2.fc24
Clone Of:
Environment:
Last Closed: 2016-08-01 16:25:00 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Jaroslav Škarvada 2016-04-27 13:09:13 UTC 
Description of problem:
cairo-surface.c:953: cairo_surface_destroy: assert „((*&(&surface->ref_count)->ref_count) > 0)“ not valid.

Version-Release number of selected component (if applicable):
emerald-0.8.8-14.fc23 

How reproducible:
Always

Steps to Reproduce:
1. Used xfce with emerald theme Crystal-ICE (legacy engine)
2. Interaction with sim messanger (e.g. send few jabber messages)

Actual results:
Segfault in less than 60 seconds of sim usage.
cairo-surface.c:953: cairo_surface_destroy: assert „((*&(&surface->ref_count)->ref_count) > 0)“ not valid.

Expected results:
No segfault

Additional info:
There may be more reproducers for this problem, but this one is really reliable. It seems it doesn't happen with emerald-0.8.8-14.fc23.x86_64

The backtrace is attached, but it doesn't help me much:
#0  0x00007f67f0e00a98 in raise () at /lib64/libc.so.6
#1  0x00007f67f0e0269a in abort () at /lib64/libc.so.6
#2  0x00007f67f0df9227 in __assert_fail_base () at /lib64/libc.so.6
#3  0x00007f67f0df92d2 in  () at /lib64/libc.so.6
#4  0x00007f67f191ee12 in cairo_surface_destroy () at /lib64/libcairo.so.2
#5  0x00007f67f194e000 in _get_image_surface () at /lib64/libcairo.so.2
#6  0x00007f67f194ec73 in _cairo_xlib_surface_acquire_source_image () at /lib64/libcairo.so.2
#7  0x00007f67f191f6d4 in _cairo_surface_acquire_source_image () at /lib64/libcairo.so.2
#8  0x00007f67f18e7e52 in _pixman_image_for_pattern () at /lib64/libcairo.so.2
#9  0x00007f67f18e893e in _cairo_image_source_create_for_pattern () at /lib64/libcairo.so.2
#10 0x00007f67f191c151 in clip_and_composite_boxes.part () at /lib64/libcairo.so.2
#11 0x00007f67f191c75e in clip_and_composite_boxes () at /lib64/libcairo.so.2
#12 0x00007f67f191ca79 in _cairo_spans_compositor_mask () at /lib64/libcairo.so.2
#13 0x00007f67f18d7429 in _cairo_compositor_paint () at /lib64/libcairo.so.2
#14 0x00007f67f191f8b1 in _cairo_surface_paint () at /lib64/libcairo.so.2
#15 0x00007f67f18df285 in _cairo_gstate_paint () at /lib64/libcairo.so.2
#16 0x00007f67f18d1ea5 in cairo_paint () at /lib64/libcairo.so.2
#17 0x00007f67f4308ad0 in try_pixmap_and_mask.part () at /lib64/libwnck-3.so.0
#18 0x00007f67f4309fa4 in _wnck_read_icons () at /lib64/libwnck-3.so.0
#19 0x00007f67f42ff90f in get_icons () at /lib64/libwnck-3.so.0
#20 0x00007f67f43004af in force_update_now () at /lib64/libwnck-3.so.0
#21 0x00007f67f430175a in update_idle () at /lib64/libwnck-3.so.0
#22 0x00007f67f1c22e3a in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#23 0x00007f67f1c231d0 in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0
#24 0x00007f67f1c234f2 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#25 0x00007f67f3bc4325 in gtk_main () at /lib64/libgtk-3.so.0
#26 0x00005618cfe959ef in main (argc=2, argv=0x7ffff2923ff8) at main.c:6027
Comment 1 Jaroslav Škarvada 2016-04-27 13:12:24 UTC 
I will check with upstream git, and if it is still reproducible I will report this upstream.
Comment 2 Jaroslav Škarvada 2016-04-27 13:14:21 UTC 
The core is generated by emerald process:
Core was generated by `emerald --replace'.
Program terminated with signal SIGABRT, Aborted.
Comment 3 Jaroslav Škarvada 2016-04-27 13:16:09 UTC 
(In reply to Jaroslav Škarvada from comment #0)
> Version-Release number of selected component (if applicable):
> emerald-0.8.8-14.fc23 

I meant emerald-0.8.12.4-1.fc23.x86_64
Comment 4 Jaroslav Škarvada 2016-04-27 16:42:03 UTC 
Cairo upstream bug:
https://bugs.freedesktop.org/show_bug.cgi?id=91967

Thanks to raveit65 and XRevan86 for investigation.

The proposed patch resolved the problem for me:
https://bugs.freedesktop.org/attachment.cgi?id=118325
Comment 6 Wolfgang Ulbrich 2016-06-19 10:08:05 UTC 
Cairo upstream have applied the fix.
https://cgit.freedesktop.org/cairo/commit/?id=d69dd6b341594c338fa6c7b327fd7f201eb37bc1

Dear maintainer, can you please rebuild cairo with that fix for all branches?
Comment 7 Wolfgang Ulbrich 2016-07-24 14:20:02 UTC 
Any news?
Comment 8 Kalev Lember 2016-07-25 07:39:10 UTC 
Thanks, I've backported the patch as http://pkgs.fedoraproject.org/cgit/rpms/cairo.git/commit/?id=fd73152fd62eb9a58716ff2a7151354226305e09
Comment 9 Fedora Update System 2016-07-25 07:39:59 UTC 
cairo-1.14.6-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-680189b17c
Comment 10 Jan Kurik 2016-07-26 04:52:51 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle.
Changing version to '25'.
Comment 11 Fedora Update System 2016-07-28 06:01:26 UTC 
cairo-1.14.6-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-680189b17c
Comment 12 Fedora Update System 2016-08-01 16:24:57 UTC 
cairo-1.14.6-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 13 Wolfgang Ulbrich 2016-08-08 07:59:09 UTC 
*** Bug 1364824 has been marked as a duplicate of this bug. ***
Comment 14 Wolfgang Ulbrich 2016-08-08 08:00:20 UTC 
This fix needs to be applied to f23 too.
Note You need to log in before you can comment on or make changes to this bug.