Ubuntu
atk1.0 package

ubiquity crashed with SIGSEGV in g_type_check_instance_is_a()

Bug #1870508 reported by Jean-Baptiste Lallement
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ATK
Fix Released
Unknown
atk1.0 (Ubuntu)
Fix Released
High
Marcus Tomlinson

Bug Description

== Test Case ==
1. Boot to ubiquity-dm
2. Enable the screenreader (Alt+Super+S)
3. Select "Install Ubuntu"
4. Proceed with all the steps of the installer

= Actual Result =
During installation, when the slideshow is running, this crash occurs.

ProblemType: Crash
DistroRelease: Ubuntu 20.04
Package: ubiquity 20.04.9
ProcVersionSignature: Ubuntu 5.4.0-21.25-generic 5.4.27
Uname: Linux 5.4.0-21-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu22
Architecture: amd64
CasperVersion: 1.442
CurrentDesktop: ubuntu:GNOME
Date: Fri Apr 3 10:55:58 2020
ExecutablePath: /usr/lib/ubiquity/bin/ubiquity
ExecutableTimestamp: 1585729537
InstallCmdLine: file=/cdrom/preseed/ubuntu.seed initrd=/casper/initrd quiet splash --- maybe-ubiquity
InterpreterPath: /usr/bin/python3.8
LiveMediaBuild: Ubuntu 20.04 LTS "Focal Fossa" - Beta amd64 (20200402)
ProcCmdline: /usr/bin/python3 /usr/lib/ubiquity/bin/ubiquity --greeter --only
ProcCwd: /
ProcEnviron:
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=C.UTF-8
Python3Details: /usr/bin/python3.8, Python 3.8.2, python3-minimal, 3.8.2-0ubuntu1
PythonDetails: N/A
SegvAnalysis:
 Segfault happened at: 0x7fbd15f8f16a <g_type_check_instance_is_a+186>: mov %rax,-0x20(%rsp)
 PC (0x7fbd15f8f16a) ok
 source "%rax" ok
 destination "-0x20(%rsp)" (0x7ffe329d3ff0) not located in a known VMA region (needed writable region)!
SegvReason: writing unknown VMA
Signal: 11
SourcePackage: ubiquity
StacktraceTop:
 g_type_check_instance_is_a () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
 atk_component_get_extents () from /lib/x86_64-linux-gnu/libatk-1.0.so.0
 ?? () from /lib/x86_64-linux-gnu/libgtk-3.so.0
 atk_component_get_extents () from /lib/x86_64-linux-gnu/libatk-1.0.so.0
 atk_component_get_extents () from /lib/x86_64-linux-gnu/libatk-1.0.so.0
Title: ubiquity crashed with SIGSEGV in g_type_check_instance_is_a()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

separator:

See original description
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 g_type_check_instance_is_a () from /tmp/apport_sandbox_5cctycbu/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.6400.1
 atk_component_get_extents (component=component@entry=0x492f850, x=x@entry=0x7ffe331d1d28, y=y@entry=0x7ffe331d1d2c, width=width@entry=0x0, height=height@entry=0x0, coord_type=coord_type@entry=ATK_XY_SCREEN) at ../atk/atkcomponent.c:277
 gtk_notebook_page_accessible_get_extents (coord_type=ATK_XY_SCREEN, height=0x7ffe329d4134, width=<optimized out>, y=0x7ffe331d1d2c, x=0x7ffe331d1d28, component=0x492dad0) at ../../../../gtk/a11y/gtknotebookpageaccessible.c:323
 gtk_notebook_page_accessible_get_extents (component=0x492dad0, x=0x7ffe331d1d28, y=0x7ffe331d1d2c, width=<optimized out>, height=0x7ffe329d4134, coord_type=ATK_XY_SCREEN) at ../../../../gtk/a11y/gtknotebookpageaccessible.c:301
 atk_component_get_extents (component=0x492dad0, x=<optimized out>, y=<optimized out>, width=<optimized out>, height=<optimized out>, coord_type=ATK_XY_SCREEN) at ../atk/atkcomponent.c:299

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in ubiquity (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Revision history for this message
Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/1870508

tags: added: iso-testing
Jean-Baptiste Lallement (jibel)
information type: Private → Public
Brian Murray (brian-murray)
tags: added: rls-ff-incoming
Jean-Baptiste Lallement (jibel)
Changed in ubiquity (Ubuntu):
importance: Medium → High
status: New → Confirmed
description: updated
Changed in atk1.0 (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Martin Wimpress  (flexiondotorg)
Changed in atk1.0 (Ubuntu):
assignee: nobody → Marcus Tomlinson (marcustomlinson)
Changed in ubiquity (Ubuntu):
assignee: nobody → Marcus Tomlinson (marcustomlinson)
Revision history for this message
Marcus Tomlinson (marcustomlinson) wrote :

This issue is present in atk 2.35.1-1ubuntu1 but not in 2.34.0-1.

Thankfully the diff between these releases is relatively small: https://paste.ubuntu.com/p/wr93v8kWQ7/

Of particular interest is the introduction of the atk_socket_component_real_get_extents() function, and the NEWS entry: "Make AtkSocket get_extents return parent extents by default (MR!23)".

Question is, why was this added? I'll ask upstream.

Revision history for this message
Marcus Tomlinson (marcustomlinson) wrote :

This crash looks to be due to an infinite loop between a child and parent in atk.

This is what I think is happening:

- The loops begins with a call to atk_component_get_extents() on a gtk notebook page.

- atk_component_get_extents() then calls iface->get_extents() [1]

- which translates to gtk_notebook_page_accessible_get_extents() [2]

- the gtk notebook page then calls atk_component_get_extents() on it's child [3]

- where the child's iface->get_extents() translates to atk_socket_component_real_get_extents() [4]

- in which the child calls atk_component_get_extents() again on its parent [5]

- - - -

[1] https://gitlab.gnome.org/GNOME/atk/-/blob/9118d44778e4d3a05810012cdcaa69eb4db2c389/atk/atkcomponent.c#L299

[2] https://gitlab.gnome.org/GNOME/gtk/-/blob/4ff578db10fe01de662e478ffd5f9ff205e89074/gtk/a11y/gtknotebookpageaccessible.c#L342

[3] https://gitlab.gnome.org/GNOME/gtk/-/blob/4ff578db10fe01de662e478ffd5f9ff205e89074/gtk/a11y/gtknotebookpageaccessible.c#L325

[4] https://gitlab.gnome.org/GNOME/atk/-/blob/e7276a0c47a0bd3cfb5654583ca3358ddf51a609/atk/atksocket.c#L104

[5] https://gitlab.gnome.org/GNOME/atk/-/blob/e7276a0c47a0bd3cfb5654583ca3358ddf51a609/atk/atksocket.c#L198

Revision history for this message
Marcus Tomlinson (marcustomlinson) wrote :

Upstream bug report: https://gitlab.gnome.org/GNOME/atk/-/issues/18

Marcus Tomlinson (marcustomlinson)
no longer affects: ubiquity
no longer affects: atk
Marcus Tomlinson (marcustomlinson)
no longer affects: ubiquity (Ubuntu)
Marcus Tomlinson (marcustomlinson)
Changed in atk1.0 (Ubuntu):
status: Confirmed → In Progress
Marcus Tomlinson (marcustomlinson)
Changed in atk1.0 (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package atk1.0 - 2.35.1-1ubuntu2

---------------
atk1.0 (2.35.1-1ubuntu2) focal; urgency=medium

  * control, gbp.conf: Update for ubuntu/master branch
  * Revert "atksocket: make get_extents return parent extents by default" This
    reverts upstream commit 4b5ed8630c5ae9ef37884c4199da8463b7e5a127. This
    commit causes an infinite loop and a crash in the Ubuntu installer. (LP:
    #1870508)

 -- Iain Lane <email address hidden> Fri, 17 Apr 2020 15:29:42 +0100

Changed in atk1.0 (Ubuntu):
status: Fix Committed → Fix Released
Martin Wimpress  (flexiondotorg)
Changed in gtk+3.0 (Ubuntu):
status: New → Invalid
no longer affects: gtk+3.0 (Ubuntu)
Bug Watch Updater (bug-watch-updater)
Changed in atk:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.