gnome-shell crashed with SIGSEGV in g_cancellable_is_cancelled()

Reported by Anders Kaseorg on 2012-07-23
32
This bug affects 9 people
Affects Status Importance Assigned to Milestone
gnome-shell
Fix Released
Unknown
accountsservice (Ubuntu)
Medium
Unassigned
Quantal
Undecided
Unassigned
gnome-shell (Ubuntu)
Undecided
Unassigned
Quantal
Undecided
Unassigned

Bug Description

I think this happened while unlocking the screen.

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: gnome-shell 3.5.4-0ubuntu1
ProcVersionSignature: Ubuntu 3.5.0-6.6-generic 3.5.0
NonfreeKernelModules: openafs nvidia
ApportVersion: 2.4-0ubuntu5
Architecture: amd64
CrashCounter: 1
Date: Mon Jul 23 17:03:03 2012
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/gnome-shell
ExecutableTimestamp: 1342558406
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha amd64 (20101202)
ProcCmdline: /usr/bin/gnome-shell
ProcCwd: /home/anders
SegvAnalysis:
 Segfault happened at: 0x7f6897144ab9 <g_cancellable_is_cancelled+9>: movzbl (%rax),%eax
 PC (0x7f6897144ab9) ok
 source "(%rax)" (0x00000000) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: gnome-shell
StacktraceTop:
 g_cancellable_is_cancelled (cancellable=0x7f6896ca09a0) at /build/buildd/glib2.0-2.33.6/./gio/gcancellable.c:296
 ?? () from /tmp/tmptq8iie/usr/lib/libaccountsservice.so.0
 g_simple_async_result_complete (simple=0x48710e0) at /build/buildd/glib2.0-2.33.6/./gio/gsimpleasyncresult.c:775
 reply_cb (connection=<optimized out>, res=0x2e902b0, user_data=user_data@entry=0x48710e0) at /build/buildd/glib2.0-2.33.6/./gio/gdbusproxy.c:2632
 g_simple_async_result_complete (simple=0x2e902b0) at /build/buildd/glib2.0-2.33.6/./gio/gsimpleasyncresult.c:775

Anders Kaseorg (anders-kaseorg) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-shell (Ubuntu):
status: New → Confirmed
vitobrus (vitobrus) on 2012-07-31
Changed in gnome-shell (Ubuntu):
assignee: nobody → vitobrus (vitobrus)
Changed in gnome-shell (Ubuntu):
assignee: vitobrus (vitobrus) → nobody
Marius Gedminas (mgedmin) wrote :

This happens to me more or less daily (but not on every screen unlock) on Ubuntu 12.10 with gdm in place of lightdm and gnome-shell 3.6.1-0ubuntu1.1.

My bug seems to be #1032309 (according to DuplicateOf/KnownReport fields apport shows me), but it appears to be private.

I've installed -dbg packages for all the libraries mentioned in the stack trace, so here's my Stacktrace.txt I extracted from the /var/crash/ file (attached). It shows the crash happening inside on_get_unix_user_finished in act-user-manager.c:1028 in libaccountservice.so.0 -- that information was missing in the original Stacktrace.txt attached to this bug (likely because of the "outdated debug symbol package for libaccountsservice0" mentioned in RetraceOutdatedPackages.txt).

Marius Gedminas (mgedmin) wrote :

I forgot to mention: steps to reproduce:

1. Unplug external display at the end of the work day
2. Suspend the laptop
3. Bring the laptop home
4. Resume, browse some internet, suspend again.
5. Leave it overnight.
6. Bring it back to work
7. Resume, try to unlock -- can't: the lock screen is frozen, showing an old date and time, not reacting to input (although mouse cursor moves), then after a while gnome-shell crashes.
8. Plug in external display and do some work. Then back to step 1.

I've been unable to reproduce this using any shorter method.

Marius Gedminas (mgedmin) wrote :

Looking at the sources of accountsservice 0.6.21-6ubuntu5: there's only one place where on_get_unix_user_finished invokes g_cancellable_is_cancelled, and it's introduced by debian/patches/9001-manage_pending_ck_calls_with_cancellable.patch:

        if (new_session->cancellable == NULL || g_cancellable_is_cancelled (new_session->cancellable)) {
                return;
        }

It appears that there's a race: new_session->cancellable is reset to NULL between the check and the g_cancellable_is_cancelled call.

That patch mentions https://bugs.freedesktop.org/show_bug.cgi?id=50112 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673185.

Marius Gedminas (mgedmin) wrote :

This bug is also known as http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688413. There appears to be a fix by Simon McVittie, which was applied upstream and also to Debian's accountsservice 0.6.21-7.

Marius Gedminas (mgedmin) wrote :

I've built an updated accountsservice package with this patch in a PPA for testing: https://launchpad.net/~mgedmin/+archive/ppa

Changed in gnome-shell:
status: Unknown → Fix Released
Marius Gedminas (mgedmin) wrote :

I've been testing the updated accountsservice deb from my PPA for six days now. There have been no more crashes. Prior to that I used to get a crash almost every day.

Marius Gedminas (mgedmin) wrote :

Since this bug has security implications (gnome-shell crash on resume unlocks the session), I think it's worth pursuing a SRU for accountsservice.

Does anyone want to help me with that? I've never asked for a SRU before.

Alessio Treglia (quadrispro) wrote :

Fixed in raring, leaving it open for quantal.

Changed in accountsservice (Ubuntu):
importance: Undecided → Medium
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.