Ubuntu
autopilot-gtk package

ubiquity crashed with SIGSEGV in GtkNode::MatchStringProperty()

Bug #1267116 reported by Jean-Baptiste Lallement
22
This bug affects 1 person
Affects Status Importance Assigned to Milestone
autopilot-gtk (Ubuntu)
Confirmed
High
Unassigned

Bug Description

crash during automated tests:

https://jenkins.qa.ubuntu.com/job/ubiquity_ap-ubuntu_devel_daily-test_english_lvm/62/ARCH=i386,label=rabisu/artifact/results/var/crash/

ProblemType: Crash
DistroRelease: Ubuntu 14.04
Package: ubiquity 2.17.3
Uname: Linux 3.12.0-7-generic i686
Architecture: i386
Date: Wed Jan 8 09:20:05 2014
ExecutablePath: /usr/lib/ubiquity/bin/ubiquity
ExecutableTimestamp: 1388748307
InterpreterPath: /usr/bin/python3.3
ProcCmdline: /usr/bin/python3 /usr/lib/ubiquity/bin/ubiquity --autopilot
ProcCwd: /home/ubuntu/ubiquity-autopilot/autopilot
ProcEnviron:
 LANGUAGE=en_US
 TERM=unknown
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: ubiquity
StacktraceTop:
 GtkNode::MatchStringProperty(std::string const&, std::string const&) const () from /usr/lib/i386-linux-gnu/gtk-3.0/modules/libautopilot.so
 xpathselect::XPathQueryPart::Matches(std::shared_ptr<xpathselect::Node const> const&) const () from /usr/lib/i386-linux-gnu/libxpathselect.so.1.4
 SelectNodes () from /usr/lib/i386-linux-gnu/libxpathselect.so.1.4
 GetNodesThatMatchQuery(std::string const&) () from /usr/lib/i386-linux-gnu/gtk-3.0/modules/libautopilot.so
 Introspect(std::string const&) () from /usr/lib/i386-linux-gnu/gtk-3.0/modules/libautopilot.so
UserGroups:

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :
information type: Private → Public
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 GtkNode::MatchStringProperty (this=0x988dd10, name=..., value=...) at /build/buildd/autopilot-gtk-1.4+14.04.20140107/lib/GtkNode.cpp:302
 ~basic_string (this=0xbf9b23e8, __in_chrg=<optimized out>) at /usr/include/c++/4.8/bits/basic_string.h:539
 internal_visit<std::basic_string<char> > (this=<optimized out>, operand=...) at /usr/include/boost/variant/variant.hpp:315
 visitation_impl_invoke_impl<boost::detail::variant::destroyer, void*, std::basic_string<char> > (visitor=..., storage=0xbf9b23e8) at /usr/include/boost/variant/detail/visitation_impl.hpp:130
 visitation_impl_invoke<boost::detail::variant::destroyer, void*, std::basic_string<char>, boost::variant<std::basic_string<char>, bool, int>::has_fallback_type_> (internal_which=<optimized out>, visitor=..., t=0x0, storage=0xbf9b23e8) at /usr/include/boost/variant/detail/visitation_impl.hpp:173

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in ubiquity (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Revision history for this message
Martin Pitt (pitti) wrote :

For the record, the only occurances of std::string in GtkNode::MatchStringProperty are now the method arguments; they are const references though, and shouldn't be handled at all at method exit. The stack trace doesn't make too much sense to me, though (i. e., why does the std::string destructor call GtkNode::MatchStringProperty()?)

affects: ubiquity (Ubuntu) → autopilot-gtk (Ubuntu)
Revision history for this message
Dan Chapman  (dpniel) wrote :

I'm not entirely sure this is a bug in autopilot-gtk.

See http://paste.ubuntu.com/6725605/. Where you can see that the segfault occurs before the autopilot test executes the progress bar tests. Which is where we get the MatchStringProperty fail when trying to match the webkitwindow's name.

I cannot find anything sinister that would cause the atk_object_set_parent in Gtk/Atk and WebKitGtk, I even ran various tests against the GtkWidgets that use set_parent, which resulted in no problems. I also went through at-spi2-atk, thinking maybe if there was an invalid pointer a d-bus connection was being closed, but even that seemed to be ok.

I'm wondering if this is something to do with bug 1260396, and also with this bug starting to appear after the update to Gtk 3.10. on 10th December. The point where the segfault is occurring is the point I highlight in bug 1260396 where the window flickers back from full screen width to the correct size.

Could this be caused by slow rendering/transitioning of the window coming back to to its default size??? i.e a parent object not entirely in place before the atk object cache is being 're-synced'??

Revision history for this message
Nicholas Skaggs (nskaggs) wrote :

I've recommended to Dan to try and work around this issue inside the ubiquity tests for the moment. The fixes for the bug Dan mentioned above have landed but the issue continues in the ubiquity tests.

Given our inability to reproduce this issue, it will be hard to find a direct fix. Thus far, none of the attempts have completely eliminated it.

Martin Pitt (pitti)
Changed in autopilot-gtk (Ubuntu):
importance: Medium → High
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.