unity-panel-service crashed with SIGSEGV in panel_indicator_entry_accessible_get_n_children() from atk_object_get_n_accessible_children()

Bug #913324 reported by Benjamin on 2012-01-08
346
This bug affects 46 people
Affects Status Importance Assigned to Milestone
Application Menu Indicator
Fix Released
Critical
Ted Gould
Unity
Fix Released
Critical
Ted Gould
5.0
Fix Committed
Critical
Christopher Townsend
6.0
Fix Released
Critical
Ted Gould
indicator-appmenu (Ubuntu)
Critical
Ted Gould
Nominated for Precise by Daniel van Vugt
unity (Ubuntu)
Critical
Ted Gould
Nominated for Precise by Daniel van Vugt

Bug Description

unity panel crashed by itself. Unity 3d in use.

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: unity-services 4.24.0-0ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-8.14-generic 3.2.0
Uname: Linux 3.2.0-8-generic i686
.tmp.unity.support.test.0:

ApportVersion: 1.90-0ubuntu1
Architecture: i386
CompizPlugins: [core,bailer,detection,composite,opengl,compiztoolbox,decor,snap,imgpng,vpswitch,place,gnomecompat,resize,move,mousepoll,regex,grid,animation,unitymtgrabhandles,session,wall,workarounds,expo,fade,scale,ezoom,unityshell]
CompositorRunning: compiz
Date: Sun Jan 8 03:29:08 2012
DistUpgraded: Log time: 2011-12-14 11:11:39.927404
DistroCodename: precise
DistroVariant: ubuntu
EcryptfsInUse: Yes
ExecutablePath: /usr/lib/unity/unity-panel-service
GraphicsCard:
 Intel Corporation Mobile 945GM/GMS, 943/940GML Express Integrated Graphics Controller [8086:27a2] (rev 03) (prog-if 00 [VGA controller])
   Subsystem: Hewlett-Packard Company Device [103c:30aa]
   Subsystem: Hewlett-Packard Company Device [103c:30aa]
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha i386 (20111129.1)
MachineType: Hewlett-Packard HP Compaq nc6320 (EV073AV)
PccardctlIdent:
 Socket 0:
   no product info available
PccardctlStatus:
 Socket 0:
   no card
ProcCmdline: /usr/lib/unity/unity-panel-service
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.2.0-8-generic root=UUID=5aae3ec3-1271-4bd2-be11-086a732f323a ro quiet splash vt.handoff=7
SegvAnalysis:
 Segfault happened at: 0x804c8b6: mov (%ebx),%edx
 PC (0x0804c8b6) ok
 source "(%ebx)" (0x6f742067) not located in a known VMA region (needed readable region)!
 destination "%edx" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: unity
StacktraceTop:
 ?? ()
 atk_object_get_n_accessible_children () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
 ?? () from /usr/lib/i386-linux-gnu/gtk-3.0/modules/libatk-bridge.so
 ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
 g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
Title: unity-panel-service crashed with SIGSEGV in atk_object_get_n_accessible_children()
UpgradeStatus: Upgraded to precise on 2011-12-14 (24 days ago)
UserGroups: adm cdrom dip lpadmin mythtv plugdev sambashare sudo
dmi.bios.date: 02/21/2008
dmi.bios.vendor: Hewlett-Packard
dmi.bios.version: 68YDU Ver. F.0E
dmi.board.name: 30AA
dmi.board.vendor: Hewlett-Packard
dmi.board.version: KBC Version 58.13
dmi.chassis.asset.tag: HUB6421139
dmi.chassis.type: 10
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias: dmi:bvnHewlett-Packard:bvr68YDUVer.F.0E:bd02/21/2008:svnHewlett-Packard:pnHPCompaqnc6320(EV073AV):pvrF.0E:rvnHewlett-Packard:rn30AA:rvrKBCVersion58.13:cvnHewlett-Packard:ct10:cvr:
dmi.product.name: HP Compaq nc6320 (EV073AV)
dmi.product.version: F.0E
dmi.sys.vendor: Hewlett-Packard
version.compiz: compiz 1:0.9.6+bzr20110929-0ubuntu8
version.libdrm2: libdrm2 2.4.29-1ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 7.11-0ubuntu4
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 7.11-0ubuntu4
version.xserver-xorg-core: xserver-xorg-core 2:1.10.4-1ubuntu6
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.6.0-1ubuntu13
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.14.99~git20110811.g93fc084-0ubuntu1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.15.901-1ubuntu4
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20111201+b5534a1-1

Related branches

Benjamin (nailartcenter) wrote :

StacktraceTop:
 panel_indicator_entry_accessible_get_n_children (accessible=0x920e528) at /build/buildd/unity-4.24.0/services/panel-indicator-entry-accessible.c:256
 atk_object_get_n_accessible_children (accessible=0x920e528) at atkobject.c:800
 ?? ()
 ?? ()

Changed in unity (Ubuntu):
importance: Undecided → Medium
summary: unity-panel-service crashed with SIGSEGV in
- atk_object_get_n_accessible_children()
+ panel_indicator_entry_accessible_get_n_children()
tags: removed: need-i386-retrace
Didier Roche (didrocks) on 2012-02-01
Changed in unity (Ubuntu):
importance: Medium → Critical

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu):
status: New → Confirmed
Robert Roth (evfool) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

visibility: private → public
visibility: public → private
visibility: private → public
Benjamin (nailartcenter) on 2012-03-10
visibility: public → private
visibility: private → public
summary: unity-panel-service crashed with SIGSEGV in
- panel_indicator_entry_accessible_get_n_children()
+ panel_indicator_entry_accessible_get_n_children() from
+ atk_object_get_n_accessible_children()
Changed in unity:
status: New → Confirmed
importance: Undecided → High
Changed in unity (Ubuntu):
importance: Critical → High
Changed in unity:
milestone: none → 5.12.0
Didier Roche (didrocks) on 2012-04-27
Changed in unity:
milestone: 5.12.0 → 5.14.0
Tapatosh Sadhu (tapatosh-sadhu) wrote :

Also affects 11.10

Changed in unity:
status: Confirmed → Triaged
Changed in unity (Ubuntu):
status: Confirmed → Triaged
Omer Akram (om26er) on 2012-07-09
Changed in unity:
importance: High → Critical
Changed in unity (Ubuntu):
importance: High → Critical
Changed in unity:
milestone: 5.14.0 → 6.2
Didier Roche (didrocks) on 2012-08-10
Changed in unity:
milestone: 6.2 → 6.4
Changed in unity:
milestone: 6.4 → 6.6
Changed in unity:
milestone: 6.6 → 7.0

This looks also a libindicator issue to me, on a stacktrace I mostly get this:

#0 0x0000000000406a2f in panel_indicator_entry_accessible_get_n_children (
    accessible=0x2a50840)
    at /home/u/Dev/unity-trunk/services/panel-indicator-entry-accessible.c:256
        __inst = 0x7f25e402e090
        __t = 32191904
        __r = 0
        piea = 0x2a50840
        n_children = 0
        __PRETTY_FUNCTION__ = "panel_indicator_entry_accessible_get_n_children"

With:
(gdb) print piea
$1 = (PanelIndicatorEntryAccessible *) 0x2a50840
(gdb) print piea->priv
$2 = (PanelIndicatorEntryAccessiblePrivate *) 0x2a50890
(gdb) print piea->priv->entry
$3 = (IndicatorObjectEntry *) 0x2a39020
(gdb) print piea->priv->entry->parent_object
$4 = (IndicatorObject *) 0x3

This last pointer looks very odd to me.

Ted Gould (ted) on 2012-09-28
Changed in unity:
assignee: nobody → Ted Gould (ted)
Changed in libindicator:
assignee: nobody → Ted Gould (ted)
Changed in unity (Ubuntu):
assignee: nobody → Ted Gould (ted)
Ted Gould (ted) wrote :

Running under valgrind I think this is likely the issue. Investigating.

==5537== Invalid read of size 1
==5537== at 0x4C2BFA2: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5537== by 0x640DF4F: g_strdup (gstrfuncs.c:363)
==5537== by 0x59D1714: ??? (in /usr/lib/x86_64-linux-gnu/libatk-1.0.so.0.20609.1)
==5537== by 0x59D2E8C: atk_object_set_description (in /usr/lib/x86_64-linux-gnu/libatk-1.0.so.0.20609.1)
==5537== by 0x406307: panel_indicator_entry_accessible_new (in /usr/lib/unity/unity-panel-service.tedsave)
==5537== by 0x405483: ??? (in /usr/lib/unity/unity-panel-service.tedsave)
==5537== by 0x616B13F: g_closure_invoke (gclosure.c:777)
==5537== by 0x617C54F: signal_emit_unlocked_R (gsignal.c:3551)
==5537== by 0x61844AE: g_signal_emit_valist (gsignal.c:3300)
==5537== by 0x6184641: g_signal_emit (gsignal.c:3356)
==5537== by 0x4E373F4: indicator_object_set_visible (in /usr/lib/libindicator3.so.7.0.0)
==5537== by 0x19E90514: ??? (in /usr/lib/indicators3/7/libappmenu.so)
==5537== Address 0x1e6ca6e0 is 0 bytes inside a block of size 10 free'd
==5537== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5537== by 0x63CEF2E: g_bytes_unref (gbytes.c:293)
==5537== by 0x6426520: g_variant_unref (gvariant-core.c:635)
==5537== by 0x63E1566: g_hash_table_insert_internal (ghash.c:1153)
==5537== by 0x10E7EB7B: dbusmenu_menuitem_property_set_variant (in /usr/lib/x86_64-linux-gnu/libdbusmenu-glib.so.4.0.12)
==5537== by 0x10E85CD0: ??? (in /usr/lib/x86_64-linux-gnu/libdbusmenu-glib.so.4.0.12)
==5537== by 0x10E85F3C: ??? (in /usr/lib/x86_64-linux-gnu/libdbusmenu-glib.so.4.0.12)
==5537== by 0x10E85AC9: ??? (in /usr/lib/x86_64-linux-gnu/libdbusmenu-glib.so.4.0.12)
==5537== by 0x5C54F56: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==5537== by 0x5CAF2E9: reply_cb (gdbusproxy.c:2632)
==5537== by 0x5C54F56: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==5537== by 0x5CA5771: g_dbus_connection_call_done (gdbusconnection.c:5339)

Ted Gould (ted) on 2012-09-28
affects: libindicator → indicator-appmenu
Changed in indicator-appmenu:
status: New → In Progress
Changed in unity:
status: Triaged → In Progress
Changed in indicator-appmenu:
importance: Undecided → Critical
Ted Gould (ted) on 2012-09-28
Changed in indicator-appmenu (Ubuntu):
status: New → Confirmed
Changed in unity (Ubuntu):
status: Triaged → Confirmed
Changed in indicator-appmenu (Ubuntu):
importance: Undecided → Critical
assignee: nobody → Ted Gould (ted)
Changed in unity:
status: In Progress → Fix Committed
Lars Karlitski (larsu) on 2012-10-02
Changed in indicator-appmenu:
milestone: none → 12.10.2
Lars Karlitski (larsu) on 2012-10-02
Changed in indicator-appmenu:
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package unity - 6.8.0-0ubuntu1

---------------
unity (6.8.0-0ubuntu1) quantal-proposed; urgency=low

  [ Ángel Guzmán Maeso ]
  * debian/unity-crashdb.conf:
    - Update dictionary option for follow latest apport spec

  [ Łukasz 'sil2100' Zemczak ]
  * New upstream release.
    - unity 6.8 candidate segfaults on "app expose" with low gfx mode
      (LP: #1060148)
    - [regression] Dash - Left separator is missing (LP: #1057798)
    - unity-panel-service crashed with SIGSEGV in
      panel_indicator_entry_accessible_get_n_children() from
      atk_object_get_n_accessible_children() (LP: #913324)
    - [regression] If unity is started with maximized dash, unmaximizing the
      dash does not wrap rows (LP: #1053116)
    - Dash lens buttons don't work after changing form factor to maximize on
      desktop (LP: #1053316)
    - Clicking on Workspace Switcher icon when the expo is showing, not always
      closes it 1059759 convert files list deprecated keys (LP: #1059594)
    - Unity through llvmpipe is slow (LP: #1046497)
    - compiz crashed with SIGSEGV in unity::QuicklistView::Show() from
      unity::QuicklistManager::ShowQuicklist() (LP: #1055995)
    - compiz crashed with SIGSEGV from
      unity::dash::HomeLens::Impl::LensSearchFinished() (LP: #1054219)
    - [regression] Starting an app & then locking to launcher is not persistent
      across sessions (LP: #1054645)
    - [regression] Dash, Launcher, Menu Bar - Unintended shadows are rendered
      for the Unity Launcher and Panel, when the dash is open (LP: #1043260)
    - [Unity 6.x] Active blur doesn't update if you disable CCSM > OpenGL >
      Framebuffer object (LP: #1039999)
    - Alt+Tab/Alt+grave brings other window to the front but loses focus
      entirely. (LP: #1035628)
    - Spread - Scaling all the windows is too slow (LP: #1055643)
    - Window management - Middle clicking on a window inside the spread should
      close that window (equivalent action to clicking on the close button)
      (LP: #1052821)
    - Scale window decorations don't have properly rounded corners
      (LP: #1055610)
    - Scale window decorations text does not match theme style (Radiance)
      (LP: #1055609)
    - Spread window decorations does not match the theme when changed
      (LP: #1055605)
    - scaled window decorations are sometimes wider than the window
      (LP: #1053225)
    - Launcher should not auto-hide after dragging an icon, if mouse is still
      over it (LP: #1053978)
    - unity spread window on second click not working when ibus language panel
      is shown. (LP: #1035895)
    - windows.push_back(<uninitialized value>) in
      BamfLauncherIcon::GetFocusableWindows (LP: #1053220)
    - Category emblems are blurry (LP: #1056874)
    - Rendering flaws of the dash previews (LP: #1055455)
    - [UIFe] Social Lens doesn't have authorised and meaningful icon
      (LP: #1056191)
    - [dash] Preview fade out animation hangs occasionally (LP: #1058145)
    - Dash - rendering of ribbons shouldn't be relative (LP: #1057971)
    - Horizontal alignment search box and views below (LP: #1055544)
    - Compiz crashed in cairo_save() from
      unity::Unit...

Read more...

Changed in unity (Ubuntu):
status: Confirmed → Fix Released
jura (zinlun) on 2013-01-07
Changed in indicator-appmenu (Ubuntu):
status: Confirmed → Fix Released
Adolfo Jayme (fitojb) on 2013-01-07
Changed in indicator-appmenu (Ubuntu):
status: Fix Released → Confirmed
Daniel van Vugt (vanvugt) wrote :

Wait a minute. This is not fixed at all in lp:unity/5.0

Benjamin (nailartcenter) wrote :

perhaps useful

Benjamin (nailartcenter) wrote :

maybe more useful because crashed again after use PeaZip

Stephen M. Webb (bregma) on 2013-02-17
Changed in unity:
status: Fix Committed → Fix Released
Changed in unity:
status: Fix Released → Fix Committed
Stephen M. Webb (bregma) on 2013-04-03
Changed in unity:
status: Fix Committed → Fix Released
Ted Gould (ted) on 2013-10-15
Changed in indicator-appmenu (Ubuntu):
status: Confirmed → Invalid
EDEMPCO (edemco) wrote :

I was wondering about activity on this bug. The bug has many duplicates and a high heat number. The last activity seen here is for October of last year. Ubuntu 12.04 is scheduled to be serviced for a few more years. I have been suffering with this problem for a year. Is there any progress to report?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers