gnome-control-center crashed with SIGSEGV in cc_panel_get_title_widget()

Bug #1862553 reported by Krystian on 2020-02-09
86
This bug affects 13 people
Affects Status Importance Assigned to Milestone
gnome-control-center
Unknown
Unknown
gnome-control-center (Ubuntu)
High
Olivier Tilloy
Focal
Undecided
Unassigned

Bug Description

* Impact
the settings segfault when trying to set up a livepatch account

* Test case
  $ gnome-control-center info-overview
  $ gnome-control-center online-accounts add google
-> shouldn't segfault

check also for error reports on
https://errors.ubuntu.com/problem/cfae777005d1d918049ddbf3ad3977adc2e272b0

* Regression potential
the change could introduce a small leak, that's better than a segfault though

---

problem with Ubuntu software centre ver.3.35.2

ProblemType: Crash
DistroRelease: Ubuntu 20.04
Package: gnome-control-center 1:3.35.90-0ubuntu1
ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8
Uname: Linux 5.4.0-12-generic x86_64
ApportVersion: 2.20.11-0ubuntu16
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Feb 10 00:28:42 2020
ExecutablePath: /usr/bin/gnome-control-center
InstallationDate: Installed on 2020-02-06 (3 days ago)
InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Alpha amd64 (20200124)
ProcCmdline: gnome-control-center
SegvAnalysis:
 Segfault happened at: 0x55db27c2df87 <cc_panel_get_title_widget+7>: mov 0x3f8(%rax),%rax
 PC (0x55db27c2df87) ok
 source "0x3f8(%rax)" (0x000003f8) not located in a known VMA region (needed readable region)!
 destination "%rax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: gnome-control-center
StacktraceTop:
 cc_panel_get_title_widget ()
 ?? ()
 ?? ()
 g_closure_invoke () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
 ?? () from /lib/x86_64-linux-gnu/libgobject-2.0.so.0
Title: gnome-control-center crashed with SIGSEGV in cc_panel_get_title_widget()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo
separator:

Krystian (ubu777p55ta) wrote :

StacktraceTop:
 cc_panel_get_title_widget (panel=0x55db28312590) at ../shell/cc-panel.c:227
 activate_panel (gicon=<optimized out>, visibility=<optimized out>, name=0x55db2872a460 "Konta online", parameters=0x55db28e6e0a0, id=0x7f2d0007d600 "online-accounts", self=0x55db289203d0) at ../shell/cc-panel.h:50
 set_active_panel_from_id (self=0x55db289203d0, start_id=0x7f2d0007d600 "online-accounts", parameters=0x55db28e6e0a0, add_to_history=1, force_moving_to_the_panel=1, error=<optimized out>) at ../shell/cc-window.c:445
 launch_panel_activated (action=<optimized out>, parameter=<optimized out>, user_data=<optimized out>) at ../shell/cc-application.c:109
 g_closure_invoke () from /tmp/apport_sandbox_kwp_osdr/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.6303.0

Changed in gnome-control-center (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Private Security → Public
Sebastien Bacher (seb128) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately, we cannot work on this bug because your description didn't include enough information. You may find it helpful to read "How to report bugs effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then provide a more complete description of the problem.

We have instructions on debugging some types of problems at http://wiki.ubuntu.com/DebuggingProcedures.

At a minimum, we need:
1. The specific steps or actions you took that caused you to encounter the problem.
2. The behavior you expected.
3. The behavior you actually encountered (in as much detail as possible).
Thanks!

Changed in gnome-control-center (Ubuntu):
importance: Medium → Low
status: New → Incomplete
Gold Star (goldstar611) wrote :

I can reliably reproduce this bug:

1) Boot into Ubuntu 20.04 Beta
   - But will not trigger if you are signed into Ubuntu One already
   - I am booting the ISO using grml-liveboot
2) Open Settings
3) Click About (bottom of left pane)
4) Click Software Updates (bottom of right pane)
5) In the Software & Updates dialog click the Livepatch tab (last tab)
6) Wait for Livepatch to tell you that you need to sign into Ubuntu One
7) Click the Sign in... button
8) Click the Sign in / Register... button
>> bug triggered <<

Changed in gnome-control-center (Ubuntu):
status: Incomplete → New
Changed in gnome-control-center (Ubuntu):
importance: Low → High
tags: added: rls-ff-incoming
Sebastien Bacher (seb128) wrote :

Thanks for the bug steps!

Changed in gnome-control-center (Ubuntu):
status: New → Confirmed
Changed in gnome-control-center (Ubuntu):
assignee: nobody → Robert Ancell (robert-ancell)
tags: removed: rls-ff-incoming
Changed in gnome-control-center (Ubuntu):
status: Confirmed → In Progress
Robert Ancell (robert-ancell) wrote :

What's happening is g-c-c is attempting to select the requested online account setup (ubuntusso in this case) at the time it's creating the panel. This works if the panel was already selected. Investigating exactly why doing both at the same time crashes and how to resolve.

Olivier Tilloy (osomon) wrote :

The crash is caused by the GOA panel being disposed prematurely, in get_all_providers_cb: user_data (the panel) is being g_autoptr'd, and as a consequence it is destroyed when exiting the scope of the callback. This appears to be an unwanted regression/side effect of https://gitlab.gnome.org/GNOME/gnome-control-center/-/commit/5579314a38aa3aa26e8f833661fe898d31f327f7.

Olivier Tilloy (osomon) wrote :

This was originally worked around by https://gitlab.gnome.org/GNOME/gnome-control-center/-/commit/f5d601d3b023e6d869f40415e1e31aebfb7b1d01, but for some reason this workaround is no longer working.

Olivier Tilloy (osomon) wrote :

I'm attaching a simple python script that automates the reproduction of the bug:

 1) In a terminal window, run "gnome-control-center info-overview"
 2) In another terminal window, run the attached script
 3) Observe how the gnome-control-center process crashed in the first terminal window

Olivier Tilloy (osomon) wrote :

From the upstream bug report (https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/401), there's an even simpler way to reproduce:

  $ gnome-control-center info-overview
  $ gnome-control-center online-accounts add google

Daniel van Vugt (vanvugt) wrote :
description: updated
tags: added: eoan
Changed in gnome-control-center (Ubuntu):
status: In Progress → Triaged
Olivier Tilloy (osomon) wrote :

The following patch fixes the crash for me, at the cost of probably introducing a memory leak:

--- panels/online-accounts/cc-online-accounts-panel.c.orig 2020-04-27 17:07:18.366421418 +0200
+++ panels/online-accounts/cc-online-accounts-panel.c 2020-04-27 17:08:12.634932818 +0200
@@ -874,7 +874,7 @@
                       GAsyncResult *res,
                       gpointer user_data)
 {
- g_autoptr(CcGoaPanel) self = user_data;
+ CcGoaPanel *self = CC_GOA_PANEL (user_data);
   GList *providers;
   GList *l;

As suggested by seb128, a minor leak is preferable than a crash (I fully agree), so we should probably apply this as a distro-patch while we request feedback from upstream on the proper way to fix the problem without a leak.

Olivier Tilloy (osomon) wrote :
Olivier Tilloy (osomon) on 2020-04-27
Changed in gnome-control-center (Ubuntu):
assignee: Robert Ancell (robert-ancell) → Olivier Tilloy (osomon)
status: Triaged → In Progress
Olivier Tilloy (osomon) wrote :
Changed in gnome-control-center (Ubuntu):
status: In Progress → Fix Committed
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-control-center - 1:3.36.2-1ubuntu1

---------------
gnome-control-center (1:3.36.2-1ubuntu1) groovy; urgency=medium

  * New upstream version rebased on Debian (lp: #1876256)
  * debian/patches/0001-sound-Fix-translation-of-System-Sounds.patch,
    debian/patches/0028-applications-Fix-only-connected-snap-interfaces-show.patch,
    debian/patches/git-info-crash-on-nvidia.patch,
    debian/patches/git-nongnome-segfault.patch:
    - removed, included in the new version

 -- Sebastien Bacher <email address hidden> Fri, 01 May 2020 09:10:17 +0200

Changed in gnome-control-center (Ubuntu):
status: Fix Committed → Fix Released
Brian Murray (brian-murray) wrote :

Is this bug targetted for fixing in Ubuntu 20.04 LTS?

Olivier Tilloy (osomon) wrote :

I think the fix should be SRUed to focal, indeed.

tags: added: rls-ff-incoming
Olivier Tilloy (osomon) wrote :

Nevermind, the SRU to focal is already tracked by bug #1876256, and an upload is already sitting in the queue.

tags: removed: rls-ff-incoming

Hello Krystian, or anyone else affected,

Accepted gnome-control-center into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnome-control-center/1:3.36.2-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in gnome-control-center (Ubuntu Focal):
status: New → Fix Committed
tags: added: verification-needed verification-needed-focal
Sebastien Bacher (seb128) wrote :

Using 1:3.36.2-0ubuntu1 there is no segfault with the steps of the testcase, marking as verified

tags: added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal

The verification of the Stable Release Update for gnome-control-center has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-control-center - 1:3.36.2-0ubuntu1

---------------
gnome-control-center (1:3.36.2-0ubuntu1) focal; urgency=medium

  * New upstream version rebased on Debian (lp: #1876256)
  * debian/patches/0001-sound-Fix-translation-of-System-Sounds.patch,
    debian/patches/0028-applications-Fix-only-connected-snap-interfaces-show.patch,
    debian/patches/git-info-crash-on-nvidia.patch:
    - removed, included in the new version

  [ Marco Trevisan ]
  * debian/patches/0008-Allow-tweaking-some-settings-for-Ubuntu-Dock.patch:
    - disable dock in all monitors when choosing a specific one (lp: #1866088)
    - Ignore inactive monitors (lp: #1873890)
    - Show shell labels when using appearance panel (lp: #1873883)

  [ Olivier Tilloy ]
  * d/p/0032-online-accounts-maybe-leak-a-reference-to-the-panel.patch:
    maybe leak a reference to the panel, to prevent a crash (LP: #1862553)

 -- Sebastien Bacher <email address hidden> Fri, 01 May 2020 09:10:17 +0200

Changed in gnome-control-center (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.