libautopilotgtk.so crashed with SIGSEGV in GtkNode::MatchStringProperty (this=0xa8b6c80, name=..., value=...) at /build/buildd/autopilot-gtk-1.4+14.04.20131128.1/lib/GtkNode.cpp:271

Bug #1261685 reported by Jean-Baptiste Lallement on 2013-12-17
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
autopilot-gtk (Ubuntu)
High
Martin Pitt

Bug Description

Automated tests of Ubiquity randomly crash with this bug. It is very difficult to reproduce locally but frequent in the CI lab.

ProblemType: Crash
DistroRelease: Ubuntu 14.04
Package: ubiquity 2.17.1
ProcVersionSignature: Ubuntu 3.12.0-7.15-generic 3.12.4
Uname: Linux 3.12.0-7-generic i686
ApportVersion: 2.12.7-0ubuntu2
Architecture: i386
Date: Tue Dec 17 09:59:45 2013
Disassembly: value is not available
ExecutablePath: /usr/lib/ubiquity/bin/ubiquity
ExecutableTimestamp: 1386676647
InterpreterPath: /usr/bin/python3.3
PackageArchitecture: amd64
ProcCmdline: /usr/bin/python3 /usr/lib/ubiquity/bin/ubiquity --autopilot
ProcCwd: /home/ubuntu/ubiquity-autopilot/autopilot
ProcEnviron:
 LANGUAGE=en_US
 TERM=unknown
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SegvAnalysis: Failure: invalid literal for int() with base 16: '*value'
Signal: 11
SourcePackage: ubiquity
Stacktrace:
 #0 <unavailable> in ?? ()
 PC unavailable, cannot determine locals.
 Backtrace stopped: not enough registers or memory available to unwind further
 Quitting: PC register is not available
StacktraceTop: <unavailable> in ?? ()
ThreadStacktrace: PC register is not available
Title: ubiquity crashed with SIGSEGV in <unavailable> in ??() [non-native amd64 package]
UpgradeStatus: Upgraded to trusty on 2012-01-31 (685 days ago)
UserGroups:

Related branches

Jean-Baptiste Lallement (jibel) wrote :
information type: Private → Public
tags: added: ubiquity-2.17.1

StacktraceTop:
 _M_dispose (__a=..., this=<optimized out>) at /usr/include/c++/4.8/bits/basic_string.h:249
 ~basic_string (this=<optimized out>, __in_chrg=<optimized out>) at /usr/include/c++/4.8/bits/basic_string.h:539
 GtkNode::MatchStringProperty (this=0xa8b6c80, name=..., value=...) at /build/buildd/autopilot-gtk-1.4+14.04.20131128.1/lib/GtkNode.cpp:271
 xpathselect::XPathQueryPart::Matches (this=0xaa1ad58, node=...) at /build/buildd/xpathselect-1.4+14.04.20131106.1/lib/xpathquerypart.h:68
 SearchTreeForNode (next_match=..., start_points=...) at /build/buildd/xpathselect-1.4+14.04.20131106.1/lib/xpathselect.cpp:68

Changed in ubiquity (Ubuntu):
importance: Undecided → Medium
summary: - ubiquity crashed with SIGSEGV in <unavailable> in ??() [non-native amd64
- package]
+ ubiquity crashed with SIGSEGV in <unavailable> in _M_dispose() [non-
+ native amd64 package]
tags: removed: need-amd64-retrace
Changed in ubiquity (Ubuntu):
importance: Medium → High
status: New → Confirmed
affects: ubiquity (Ubuntu) → autopilot-gtk (Ubuntu)
description: updated
summary: - ubiquity crashed with SIGSEGV in <unavailable> in _M_dispose() [non-
- native amd64 package]
+ libautopilotgtk.so crashed with SIGSEGV in GtkNode::MatchStringProperty
+ (this=0xa8b6c80, name=..., value=...) at /build/buildd/autopilot-
+ gtk-1.4+14.04.20131128.1/lib/GtkNode.cpp:271
Martin Pitt (pitti) on 2013-12-18
Changed in autopilot-gtk (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
Martin Pitt (pitti) wrote :

This sounds really similar to bug 1254996 which was (mysteriously, but effectively) fixed in r62. The attached branch contains a potential solution for this with the same approach: Avoid using temporary std::strings in our C code, which seems to wreak some havoc somehow.

This is the amd64 package.

Changed in autopilot-gtk (Ubuntu):
status: Confirmed → In Progress
Martin Pitt (pitti) wrote :

i386 test package

Jean-Baptiste Lallement (jibel) wrote :

I ran a test job in a loop on i386 with the patched version attached to this bug report and no crash occurred in 6 runs. At the same time Ubuntu Gnome was running with the version in the archived and crashed.

All 6 runs ended successfully and there is no observable regression introduced by this patch.

Martin Pitt (pitti) on 2013-12-18
Changed in autopilot-gtk (Ubuntu):
status: In Progress → Fix Committed
milestone: none → ubuntu-13.12
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package autopilot-gtk - 1.4+14.04.20131218-0ubuntu2

---------------
autopilot-gtk (1.4+14.04.20131218-0ubuntu2) trusty; urgency=medium

  * No-change rebuild against trusty's xpathselect. The previous auto-upload
    was built against the PPA's xpathselect which isn't in trusty yet, making
    this uninstallable.
 -- Martin Pitt <email address hidden> Thu, 19 Dec 2013 07:08:09 +0100

Changed in autopilot-gtk (Ubuntu):
status: Fix Committed → Fix Released
Dan Chapman  (dpniel) wrote :

Unfortuantely this bug is still present it occurs when repeatedly selecting the same object or a group of objects. It seems it comes down to the speed it's checking if you put a 0.3 sec sleep between each selection it doesn't crash.

I have attached a simplified test script which reproduces the bug locally.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers