Description of problem: Compiz exits unexpectedly Version-Release number of selected component (if applicable): compiz-0.7.8-19.fc11.x86_64 How reproducible: Steps to Reproduce: 1. Move the pointer to the upper right corner of the screen, so the screen shows windows from all the virtual desktops at once. 2. Press <CTRL><ALT><Right-Arrow> Actual results: Compiz exits. Expected results: Compiz keeps running. I don't know what the correct behavior is, but exiting is not one of them. Additional info:
Hi Mark, Thanks for the bug report. We have reviewed the information you have provided above, and there is some additional information we require that will be helpful in our diagnosis of this issue. Please attach your X server config file (/etc/X11/xorg.conf, if available), /var/log/dmesg, and X server log file (/var/log/Xorg.*.log) to the bug report as individual uncompressed file attachments using the bugzilla file attachment link below. We will review this issue again once you've had a chance to attach this information. I tried to trigger this bug but I was not successful (with F11 and the same version of compiz that you have but for i586 arch). My machine has an Intel 945GME chipset. So it could be at first glance an issue with X drivers and/or compiz. Mark, could you kindly if you have time, try the following in order to help the maintainers identify the root cause. - Follow the instructions at: http://wiki.compiz-fusion.org/Troubleshooting, section "What to do if compiz crashes" (both compiz's crash handler *and* debuginfo install) and report back the compiz_crash-<pid>.out. generated after crash. As well, - Try to trigger the bug on the same machine with a different video card. - Try to trigger the bug with the F11 32 bits version with the same HW. For your information, regarding the expected behaviour, in my case, after step 1), trying step 2) just does nothing (keep at step 1): So it looks like the combo step 1 / step 2 is not supposed to work, but of course it is not supposed to crash neither :-) Thanks in advance for your help. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Created attachment 365714 [details] xorg.conf
Created attachment 365716 [details] dmesg
Created attachment 365717 [details] Xorg.0.log
Created attachment 365718 [details] Xorg.1.log
Created attachment 365719 [details] Xorg.2.log
Created attachment 365721 [details] Xorg.3.log
I tried to reproduce this issue by running off a liveusb image (running off a usb stick). I tried Fedora 12, 32 bit, and Fedora 11 64 bit, and both worked as expected. Going back to what I have installed on my system , created a different user, and was able to reproduce the issue as that user. So, it is not something in my per-user configuration, but something that is globally on my system.
Thought I would do some debugging. I connected gdb to compiz, and reproduced the issue. Here is some debugging output: Program received signal SIGSEGV, Segmentation fault. strcmp () at ../sysdeps/x86_64/strcmp.S:29 29 L(oop): movb (%rdi), %al Current language: auto; currently asm (gdb) bt #0 strcmp () at ../sysdeps/x86_64/strcmp.S:29 #1 0x00000000004147c0 in otherScreenGrabExist (s=0x13f5a50) at screen.c:2817 #2 0x00007f9e08bb7507 in rotate (d=0x1381440, option=0x7fffa20a3380, state=<value optimized out>, action=<value optimized out>, nOption=<value optimized out>) at rotate.c:726 #3 0x00007f9e08bb860b in rotateRight (d=0x1381440, action=<value optimized out>, state=<value optimized out>, option=0x7fffa20a3530, nOption=8) at rotate.c:915 #4 0x0000000000421fa0 in triggerKeyPressBindings ( argument=<value optimized out>, event=<value optimized out>, nOption=38, option=0x14ee508, d=<value optimized out>, nArgument=<value optimized out>) at event.c:422 #5 handleActionEvent (argument=<value optimized out>, event=<value optimized out>, nOption=38, option=0x14ee508, d=<value optimized out>, nArgument=<value optimized out>) at event.c:915 #6 handleEvent (argument=<value optimized out>, event=<value optimized out>, nOption=38, option=0x14ee508, d=<value optimized out>, nArgument=<value optimized out>) at event.c:1247 #7 0x00007f9e0ac4a0c5 in glibHandleEvent (d=0x1381440, event=0x7f9e0819a485) at glib.c:185 #8 0x00007f9e09de9092 in videoHandleEvent (d=0x1381440, event=0x7fffa20a4570) at video.c:973 #9 0x00007f9e09be53f5 in shotHandleEvent (d=0x1381440, event=0x7fffa20a4570) ---Type <return> to continue, or q <return> to quit--- at screenshot.c:395 #10 0x00007f9e099e10fb in decorHandleEvent (d=0x1381440, event=0x7fffa20a4570) at decoration.c:1014 #11 0x00007f9e097db1f9 in wobblyHandleEvent (d=0x1381440, event=0x7fffa20a4570) at wobbly.c:2158 #12 0x00007f9e095d3753 in cloneHandleEvent (d=0x1381440, event=0x7fffa20a4570) at clone.c:643 #13 0x00007f9e091ca4e4 in fadeHandleEvent (d=0x1381440, event=0x7fffa20a4570) at fade.c:606 #14 0x00007f9e08fc6c5b in minHandleEvent (d=0x1381440, event=0x7fffa20a4570) at minimize.c:659 #15 0x00007f9e08bb80ae in rotateHandleEvent (d=0x1381440, event=0x7fffa20a4570) at rotate.c:1571 #16 0x00007f9e089b0ef5 in zoomHandleEvent (d=0x1381440, event=0x7fffa20a4570) at zoom.c:918 #17 0x00007f9e087acb44 in moveHandleEvent (d=0x1381440, event=0x7fffa20a4570) at move.c:747 #18 0x00007f9e085a7f9f in resizeHandleEvent (d=0x1381440, event=0x7fffa20a4570) at resize.c:983 #19 0x00007f9e083a1d26 in switchHandleEvent (d=0x7fff00000000, event=0x7f9e0819a485) at switcher.c:1092 #20 0x00007f9e08199cdb in scaleHandleEvent (d=0x1381440, event=0x7fffa20a4570) at scale.c:1807 ---Type <return> to continue, or q <return> to quit--- #21 0x00000000004107df in eventLoop () at display.c:1573 #22 0x000000000040bc6b in main (argc=2, argv=0x7fffa20a46c0) at main.c:446 (gdb) up #1 0x00000000004147c0 in otherScreenGrabExist (s=0x13f5a50) at screen.c:2817 2817 if (strcmp (name, s->grabs[i].name) == 0) (gdb) p s->grabs[i].name $4 = 0x7f9e0819a485 "scale" (gdb) p name $1 = 0x7fff00000000 <Address 0x7fff00000000 out of bounds> (gdb) list otherScreenGrabExist 2798 It returns TRUE if a grab exists but it is NOT held by one of the 2799 plugins listed, returns FALSE otherwise. */ 2800 2801 Bool 2802 otherScreenGrabExist (CompScreen *s, ...) 2803 { 2804 va_list ap; 2805 char *name; 2806 int i; 2807 (gdb) 2808 for (i = 0; i < s->maxGrab; i++) 2809 { 2810 if (s->grabs[i].active) 2811 { 2812 va_start (ap, s); 2813 2814 name = va_arg (ap, char *); 2815 while (name) 2816 { 2817 if (strcmp (name, s->grabs[i].name) == 0) (gdb) up #2 0x00007f9e08bb7507 in rotate (d=0x1381440, option=0x7fffa20a3380, state=<value optimized out>, action=<value optimized out>, nOption=<value optimized out>) at rotate.c:726 726 if (otherScreenGrabExist (s, "rotate", "move", "switcher", (gdb) p s $5 = <value optimized out> 704 static Bool 705 rotate (CompDisplay *d, 706 CompAction *action, 707 CompActionState state, 708 CompOption *option, 709 int nOption) (gdb) 710 { 711 CompScreen *s; 712 Window xid; 713 714 xid = getIntOptionNamed (option, nOption, "root", 0); 715 716 s = findScreenAtDisplay (d, xid); 717 if (s) 718 { 719 int direction; (gdb) 720 721 ROTATE_SCREEN (s); 722 723 if (s->hsize < 2) 724 return FALSE; 725 726 if (otherScreenGrabExist (s, "rotate", "move", "switcher", 727 "group-drag", "cube", 0)) 728 return FALSE; 729 I am not certain why we are running into grief here.
Hi Marc, Thank you for the bug report. It looks that "name" is pointing out of bound thus generating a segfault in strcmp.S. Thanks to the information you provided, I found that this particular bug has already been reported into our bug tracking system: https://bugzilla.redhat.com/show_bug.cgi?id=511921 It looks like caused by some "stack smashing" triggered somewhere else, fixed in later versions of compiz ( https://bugzilla.redhat.com/show_bug.cgi?id=511921#c3 ) So I am going to close this ticket as duplicate of the BZ#511921 Again, Marc, thanks for your actions, and please feel free to report any further bugs you find. Regards. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers *** This bug has been marked as a duplicate of bug 511921 ***