Ubuntu
autopilot-gtk package

ubiquity crashed with SIGSEGV in GtkNode::MatchStringProperty()

Bug #1254996 reported by Jean-Baptiste Lallement
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
autopilot-gtk (Ubuntu)
Fix Released
Critical
Martin Pitt

Bug Description

Crashed during autopilot test with latest image [1]

TEST CASE:
1. Download Trusty Ubuntu Desktop iso
2. bzr branch lp:ubiquity ubiquity.trunk
3. cd ubiquity.trunk/autopilot/ubiquity-autopilot-runner
4. ./run-ubiquity-test --sdl ~/iso/ubuntu/trusty-desktop-amd64.iso
5. Wait until it crashes

[1] https://jenkins.qa.ubuntu.com/job/ubiquity_ap-ubuntu_devel_daily-test_english_default/ARCH=i386,label=rabisu/

ProblemType: Crash
DistroRelease: Ubuntu 14.04
Package: ubiquity 2.17.0
ProcVersionSignature: Ubuntu 3.12.0-4.10-generic 3.12.1
Uname: Linux 3.12.0-4-generic x86_64
ApportVersion: 2.12.7-0ubuntu1
Architecture: amd64
CasperVersion: 1.336ubuntu1
Date: Tue Nov 26 08:43:53 2013
ExecutablePath: /usr/lib/ubiquity/bin/ubiquity
ExecutableTimestamp: 1383058884
InstallCmdLine: boot=casper DEBCONF_DEBUG=developer -- debconf/priority=critical locale=en_US console-setup/ask_detect=false console-setup/layoutcode=us noprompt console=ttyS0,115200
InterpreterPath: /usr/bin/python3.3
LiveMediaBuild: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20131125)
ProcCmdline: /usr/bin/python3 /usr/lib/ubiquity/bin/ubiquity --autopilot
ProcCwd: /home/ubuntu/ubiquity-autopilot/autopilot
ProcEnviron:
 LANGUAGE=en_US
 TERM=unknown
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x7f2337181d10 <_ZNK7GtkNode19MatchStringPropertyERKSsS1_+208>: mov (%rbx),%r12
 PC (0x7f2337181d10) ok
 source "(%rbx)" (0x00000000) not located in a known VMA region (needed readable region)!
 destination "%r12" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: ubiquity
StacktraceTop:
 GtkNode::MatchStringProperty(std::string const&, std::string const&) const () from /usr/lib/x86_64-linux-gnu/gtk-3.0/modules/libautopilot.so
 xpathselect::XPathQueryPart::Matches(std::shared_ptr<xpathselect::Node const> const&) const () from /usr/lib/x86_64-linux-gnu/libxpathselect.so.1.4
 SelectNodes () from /usr/lib/x86_64-linux-gnu/libxpathselect.so.1.4
 GetNodesThatMatchQuery(std::string const&) () from /usr/lib/x86_64-linux-gnu/gtk-3.0/modules/libautopilot.so
 Introspect(std::string const&) () from /usr/lib/x86_64-linux-gnu/gtk-3.0/modules/libautopilot.so
Title: ubiquity crashed with SIGSEGV in GtkNode::MatchStringProperty()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

See original description

Related branches

lp:~pitti/autopilot-gtk/fix-1254996
Thomi Richards (community): Approve
PS Jenkins bot: Approve (continuous-integration)
Diff: 19 lines (+2/-3)
1 file modified
lib/GtkNode.cpp (+2/-3)
lp:ubuntu/trusty-proposed/autopilot-gtk
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubiquity (Ubuntu):
status: New → Confirmed
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

setting to critical because it blocks automated installer testing

affects: ubiquity (Ubuntu) → autopilot (Ubuntu)
Changed in autopilot (Ubuntu):
status: Confirmed → New
importance: Undecided → Critical
status: New → Confirmed
description: updated
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 GtkNode::MatchStringProperty (this=0x37e9218, name=..., value=...) at /build/buildd/autopilot-gtk-1.4+14.04.20131106.1/lib/GtkNode.cpp:304
 xpathselect::XPathQueryPart::Matches (this=this@entry=0x3801120, node=...) at /build/buildd/xpathselect-1.4+14.04.20131106.1/lib/xpathquerypart.h:68
 SearchTreeForNode (next_match=..., start_points=...) at /build/buildd/xpathselect-1.4+14.04.20131106.1/lib/xpathselect.cpp:68
 xpathselect::SelectNodes (root=..., query=...) at /build/buildd/xpathselect-1.4+14.04.20131106.1/lib/xpathselect.cpp:112
 GetNodesThatMatchQuery (query_string=...) at /build/buildd/autopilot-gtk-1.4+14.04.20131106.1/lib/Introspection.cpp:114

tags: removed: need-duplicate-check
Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
tags: removed: need-amd64-retrace
Martin Pitt (pitti)
affects: autopilot (Ubuntu) → autopilot-gtk (Ubuntu)
Revision history for this message
Martin Pitt (pitti) wrote :

For the record, I cannot reproduce this with today's (20131126) trusty image, but I do get it with 20131125. The stack trace unfortunately does not show the actual property name and value, but the interesting bit is that it happens at the closing } of GtkNode::MatchStringProperty(). That means it crashes when destructing an object, and this function only has one C++ object: the std::string dest_value (everything else is C).

I can't say I understand the reason. string's = assignment does copy the C string, so unreffing the variant after it is valid. The string should then get auto-freed at the end of the function.

When I replace the temporary std:string with a simple g_strcmp0(), the crash seems to go away. Jean-Baptiste, Dan Chapman, and I ran the ubiquity tests several times in exactly the same environment but with this libautopilot-gtk patch, and they all succeeded.

It's nagging me that I don't understand the real cause, but this is both a simplification and also avoids unnecessarily copying the string, so let's get this in.

Martin Pitt (pitti)
Changed in autopilot-gtk (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package autopilot-gtk - 1.4+14.04.20131128.1-0ubuntu1

---------------
autopilot-gtk (1.4+14.04.20131128.1-0ubuntu1) trusty; urgency=low

  [ Martin Pitt ]
  * Drop generated GDBus sources from bzr and generate them during
    build.
  * Avoid unnecessary string duplication when matching properties. This
    also fixes a rare crash when cleaning up the temporary string
    object. (LP: #1254996)

  [ Mathieu Trudel-Lapierre ]
  * Fix source format: make it 1.0.

  [ Timo Jyrinki ]
  * Wrap-and-sort dependencies, remove trailing whitespace.

  [ Ubuntu daily release ]
  * Automatic snapshot from revision 62
 -- Ubuntu daily release <email address hidden> Thu, 28 Nov 2013 10:03:59 +0000

Changed in autopilot-gtk (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.