Ubuntu
unity package

unity-panel-service crashed with SIGABRT in __kernel_vsyscall()

Bug #741726 reported by dmiranda on 2011-03-24

140

This bug affects 24 people

	Status	Importance	Assigned to	Milestone
DBus Menu	Fix Released	Undecided	Unassigned
Unity	Invalid	Undecided	Unassigned	Unity 3.8.2
Unity Foundations	Fix Released	Undecided	Ted Gould	Unity Foundations unity-3.8.2 "2011-03-31"
libdbusmenu (Ubuntu)	Fix Released	Medium	Unassigned	Ubuntu ubuntu-11.04-beta-1
unity (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

Binary package hint: unity

Appmenu crashes when using kile

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: unity 3.6.8-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-7.38-generic 2.6.38
Uname: Linux 2.6.38-7-generic i686
NonfreeKernelModules: wl
Architecture: i386
CompizPlugins: [core,bailer,detection,composite,opengl,compiztoolbox,decor,move,place,grid,resize,session,vpswitch,imgpng,regex,gnomecompat,mousepoll,wall,animation,expo,workarounds,ezoom,staticswitcher,fade,scale,unityshell]
CompositorRunning: compiz
CrashCounter: 1
DRM.card0.LVDS.1:
status: connected
enabled: enabled
dpms: On
modes: 1024x600
edid-base64: AP///////wANrwcQAAAAAAMTAQOAFgx4Cs9FkFlXlSkfUFQAAAABAQEBAQEBAQEBAQEBAQEBLBUAakFYNCBtSH0A3n0AAAAYAAAA/gBOMTAxTDYtTDAxCiAgAAAA/gBDTU8KICAgICAgICAgAAAA/gBOMTAxTDYtTDAxCiAgAMQ=
DRM.card0.VGA.1:
status: disconnected
enabled: disabled
dpms: Off
modes:
edid-base64:
Date: Thu Mar 24 10:42:14 2011
DistUpgraded: Log time: 2011-03-07 19:02:00.546826
DistroCodename: natty
DistroVariant: ubuntu
ExecutablePath: /usr/lib/unity/unity-panel-service
GraphicsCard:
Intel Corporation N10 Family Integrated Graphics Controller [8086:a011] (prog-if 00 [VGA controller])
Subsystem: Samsung Electronics Co Ltd Device [144d:c072]
Subsystem: Samsung Electronics Co Ltd Device [144d:c072]
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
InstallationMedia_: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
InstallationMedia__: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
MachineType: SAMSUNG ELECTRONICS CO., LTD. N150P/N210P/N220P
ProcCmdline: /usr/lib/unity/unity-panel-service
ProcEnviron:
SHELL=/bin/bash
LANGUAGE=pt_BR:pt_PT:en_US:en
LANG=pt_BR.UTF-8
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.38-7-generic root=UUID=f6741db8-8d59-4add-9c44-db1b6ce0751e ro quiet splash vt.handoff=7
ProcVersionSignature_: Ubuntu 2.6.38-7.38-generic 2.6.38
ProcVersionSignature__: Ubuntu 2.6.38-7.38-generic 2.6.38
Renderer: Unknown
Signal: 6
SourcePackage: unity
StacktraceTop:
__kernel_vsyscall ()
raise () from /lib/i386-linux-gnu/libc.so.6
abort () from /lib/i386-linux-gnu/libc.so.6
g_assertion_message () from /lib/i386-linux-gnu/libglib-2.0.so.0
g_assertion_message_expr () from /lib/i386-linux-gnu/libglib-2.0.so.0
Title: unity-panel-service crashed with SIGABRT in __kernel_vsyscall()
UpgradeStatus: Upgraded to natty on 2011-03-08 (16 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 04/30/2010
dmi.bios.vendor: Phoenix Technologies Ltd.
dmi.bios.version: 01KY.M008.20100430.RHU
dmi.board.asset.tag: SAMSUNG
dmi.board.name: N150P/N210P/N220P
dmi.board.vendor: SAMSUNG ELECTRONICS CO., LTD.
dmi.board.version: Not Applicable
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: SAMSUNG ELECTRONICS CO., LTD.
dmi.chassis.version: N/A
dmi.modalias: dmi:bvnPhoenixTechnologiesLtd.:bvr01KY.M008.20100430.RHU:bd04/30/2010:svnSAMSUNGELECTRONICSCO.,LTD.:pnN150P/N210P/N220P:pvrNotApplicable:rvnSAMSUNGELECTRONICSCO.,LTD.:rnN150P/N210P/N220P:rvrNotApplicable:cvnSAMSUNGELECTRONICSCO.,LTD.:ct10:cvrN/A:
dmi.product.name: N150P/N210P/N220P
dmi.product.version: Not Applicable
dmi.sys.vendor: SAMSUNG ELECTRONICS CO., LTD.
version.compiz: compiz 1:0.9.4git20110322-0ubuntu5
version.libdrm2: libdrm2 2.4.23-1ubuntu5
version.libgl1-mesa-glx: libgl1-mesa-glx 7.10.1-0ubuntu3
version.xserver-xorg: xserver-xorg 1:7.6~3ubuntu11
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.14.0-0ubuntu4
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.14.0-4ubuntu4
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20110107+b795ca6e-0ubuntu6

Tags:

Related branches

lp:~ted/libdbusmenu/lp741726

Merged into lp:libdbusmenu/0.5 at revision 283

Conor Curran (community): Approve on 2011-03-24

lp:~mterry/libdbusmenu/741726

Merged into lp:libdbusmenu/0.5 at revision 284

Mikkel Kamstrup Erlandsen (community): Approve on 2011-03-28

lp:ubuntu/natty/libdbusmenu

lp:~dbusmenu-team/libdbusmenu/ubuntu

Rejected for merging into lp:~ubuntu-desktop/libdbusmenu/ubuntu

Ken VanDine: Disapprove on 2011-10-13

Superseded for merging into lp:libdbusmenu/0.5

Ken VanDine: Pending requested 2011-01-27

Diff: 67319 lines (+66205/-527)

110 files modified

.bzrignore (+0/-229)
AUTHORS (+17/-0)
ChangeLog (+5918/-0)
Makefile.in (+821/-0)
aclocal.m4 (+10063/-0)
autogen.sh (+0/-12)
compile (+143/-0)
config.guess (+1502/-0)
config.h.in (+86/-0)
config.sub (+1714/-0)
configure (+16483/-0)
debian/changelog (+657/-0)
debian/control (+225/-0)
debian/copyright (+40/-0)
debian/gir1.2-dbusmenu-glib-0.4.install (+1/-0)
debian/gir1.2-dbusmenu-gtk-0.4.install (+1/-0)
debian/gir1.2-dbusmenu-gtk3-0.4.install (+1/-0)
debian/libdbusmenu-glib-dev.install (+6/-0)
debian/libdbusmenu-glib-doc.install (+1/-0)
debian/libdbusmenu-glib3.install (+1/-0)
debian/libdbusmenu-gtk-dev.install (+6/-0)
debian/libdbusmenu-gtk-doc.install (+1/-0)
debian/libdbusmenu-gtk3-3.install (+1/-0)
debian/libdbusmenu-gtk3-dev.install (+5/-0)
debian/libdbusmenu-gtk3.install (+1/-0)
debian/libdbusmenu-jsonloader-dev.install (+4/-0)
debian/libdbusmenu-jsonloader3.install (+1/-0)
debian/libdbusmenu-tools.install (+3/-0)
debian/rules (+45/-0)
debian/source/format (+1/-0)
debian/watch (+2/-0)
depcomp (+630/-0)
docs/Makefile.in (+613/-0)
docs/libdbusmenu-glib/Makefile.in (+613/-0)
docs/libdbusmenu-glib/reference/Makefile.in (+689/-0)
docs/libdbusmenu-glib/reference/html/annotation-glossary.html (+71/-0)
docs/libdbusmenu-glib/reference/html/api-index-full.html (+406/-0)
docs/libdbusmenu-glib/reference/html/ch01.html (+48/-0)
docs/libdbusmenu-glib/reference/html/index.html (+46/-0)
docs/libdbusmenu-glib/reference/html/index.sgml (+120/-0)
docs/libdbusmenu-glib/reference/html/libdbusmenu-glib-DbusmenuClient.html (+427/-0)
docs/libdbusmenu-glib/reference/html/libdbusmenu-glib-DbusmenuClientMenuitem.html (+92/-0)
docs/libdbusmenu-glib/reference/html/libdbusmenu-glib-DbusmenuMenuitem.html (+1326/-0)
docs/libdbusmenu-glib/reference/html/libdbusmenu-glib-DbusmenuMenuitemProxy.html (+154/-0)
docs/libdbusmenu-glib/reference/html/libdbusmenu-glib-DbusmenuServer.html (+260/-0)
docs/libdbusmenu-glib/reference/html/libdbusmenu-glib.devhelp (+109/-0)
docs/libdbusmenu-glib/reference/html/libdbusmenu-glib.devhelp2 (+109/-0)
docs/libdbusmenu-glib/reference/html/object-tree.html (+32/-0)
docs/libdbusmenu-glib/reference/html/style.css (+266/-0)
docs/libdbusmenu-glib/reference/tmpl/client-menuitem.sgml (+52/-0)
docs/libdbusmenu-glib/reference/tmpl/client.sgml (+168/-0)
docs/libdbusmenu-glib/reference/tmpl/menuitem-proxy.sgml (+57/-0)
docs/libdbusmenu-glib/reference/tmpl/menuitem.sgml (+520/-0)
docs/libdbusmenu-glib/reference/tmpl/server.sgml (+112/-0)
docs/libdbusmenu-glib/reference/version.xml (+1/-0)
docs/libdbusmenu-glib/reference/xml/annotation-glossary.xml (+64/-0)
docs/libdbusmenu-glib/reference/xml/api-index-deprecated.xml (+8/-0)
docs/libdbusmenu-glib/reference/xml/api-index-full.xml (+105/-0)
docs/libdbusmenu-glib/reference/xml/client-menuitem.xml (+70/-0)
docs/libdbusmenu-glib/reference/xml/client.xml (+322/-0)
docs/libdbusmenu-glib/reference/xml/menuitem-proxy.xml (+103/-0)
docs/libdbusmenu-glib/reference/xml/menuitem.xml (+915/-0)
docs/libdbusmenu-glib/reference/xml/server.xml (+199/-0)
docs/libdbusmenu-gtk/Makefile.in (+613/-0)
docs/libdbusmenu-gtk/reference/Makefile.in (+685/-0)
docs/libdbusmenu-gtk/reference/html/api-index-full.html (+122/-0)
docs/libdbusmenu-gtk/reference/html/ch01.html (+42/-0)
docs/libdbusmenu-gtk/reference/html/index.html (+39/-0)
docs/libdbusmenu-gtk/reference/html/index.sgml (+33/-0)
docs/libdbusmenu-gtk/reference/html/libdbusmenu-gtk-DbusmenuGtkClient.html (+316/-0)
docs/libdbusmenu-gtk/reference/html/libdbusmenu-gtk-DbusmenuGtkMenu.html (+169/-0)
docs/libdbusmenu-gtk/reference/html/libdbusmenu-gtk-menuitem.html (+256/-0)
docs/libdbusmenu-gtk/reference/html/libdbusmenu-gtk.devhelp (+36/-0)
docs/libdbusmenu-gtk/reference/html/libdbusmenu-gtk.devhelp2 (+36/-0)
docs/libdbusmenu-gtk/reference/html/object-tree.html (+42/-0)
docs/libdbusmenu-gtk/reference/html/style.css (+266/-0)
docs/libdbusmenu-gtk/reference/libdbusmenu-gtk-sections.txt (+70/-0)
docs/libdbusmenu-gtk/reference/libdbusmenu-gtk.types (+3/-0)
docs/libdbusmenu-gtk/reference/tmpl/client.sgml (+115/-0)
docs/libdbusmenu-gtk/reference/tmpl/genericmenuitem.sgml (+22/-0)
docs/libdbusmenu-gtk/reference/tmpl/libdbusmenu-gtk-unused.sgml (+118/-0)
docs/libdbusmenu-gtk/reference/tmpl/menu.sgml (+67/-0)
docs/libdbusmenu-gtk/reference/tmpl/menuitem.sgml (+84/-0)
docs/libdbusmenu-gtk/reference/version.xml (+1/-0)
docs/libdbusmenu-gtk/reference/xml/api-index-deprecated.xml (+8/-0)
docs/libdbusmenu-gtk/reference/xml/api-index-full.xml (+33/-0)
docs/libdbusmenu-gtk/reference/xml/client.xml (+214/-0)
docs/libdbusmenu-gtk/reference/xml/genericmenuitem.xml (+36/-0)
docs/libdbusmenu-gtk/reference/xml/menu.xml (+118/-0)
docs/libdbusmenu-gtk/reference/xml/menuitem.xml (+165/-0)
install-sh (+520/-0)
libdbusmenu-glib/Doxyfile (+0/-257)
libdbusmenu-glib/Makefile.in (+958/-0)
libdbusmenu-glib/client-marshal.c (+131/-0)
libdbusmenu-glib/client-marshal.h (+28/-0)
libdbusmenu-glib/dbus-menu-clean.xml.c (+132/-0)
libdbusmenu-glib/dbus-menu-clean.xml.h (+1/-0)
libdbusmenu-glib/menuitem-marshal.c (+170/-0)
libdbusmenu-glib/menuitem-marshal.h (+45/-0)
libdbusmenu-glib/server-marshal.c (+164/-0)
libdbusmenu-glib/server-marshal.h (+36/-0)
libdbusmenu-gtk/Makefile.in (+1005/-0)
ltmain.sh (+8413/-0)
missing (+376/-0)
mkinstalldirs (+162/-0)
po/Makefile.in.in (+217/-0)
tests/Makefile.in (+2204/-0)
tools/Makefile.in (+858/-0)
tools/testapp/CMakeLists.txt (+0/-29)
tools/testapp/Makefile.in (+619/-0)

Revision history for this message

dmiranda (dmiranda) wrote on 2011-03-24:

BootDmesg.txt Edit (57.0 KiB, text/plain; charset="utf-8")
CurrentDmesg.txt Edit (16.6 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (5.7 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (433 bytes, text/plain; charset="utf-8")
DkmsStatus.txt Edit (378 bytes, text/plain; charset="utf-8")
GconfCompiz.txt Edit (36.5 KiB, text/plain; charset="utf-8")
Lspci.txt Edit (11.8 KiB, text/plain; charset="utf-8")
Lsusb.txt Edit (427 bytes, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (1.5 KiB, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (1.4 KiB, text/plain; charset="utf-8")
ProcMaps.txt Edit (34.1 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (3.4 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (783 bytes, text/plain; charset="utf-8")
Registers.txt Edit (464 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (2.5 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (6.5 KiB, text/plain; charset="utf-8")
UdevDb.txt Edit (76.5 KiB, text/plain; charset="utf-8")
UdevLog.txt Edit (235.5 KiB, text/plain; charset="utf-8")
UnitySupportTest.txt Edit (985 bytes, text/plain; charset="utf-8")
XorgLog.txt Edit (27.1 KiB, text/plain; charset="utf-8")
XorgLogOld.txt Edit (37.6 KiB, text/plain; charset="utf-8")
Xrandr.txt Edit (2.0 KiB, text/plain; charset="utf-8")
XsessionErrors.txt Edit (2.3 KiB, text/plain; charset="utf-8")
peripherals.txt Edit (1.7 KiB, text/plain; charset="utf-8")
xdpyinfo.txt Edit (9.8 KiB, text/plain; charset="utf-8")

Revision history for this message

Apport retracing service (apport) wrote on 2011-03-24:

StacktraceTop:
__kernel_vsyscall ()
raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
abort () at abort.c:92
g_assertion_message (domain=0xc946e6 "GLib", file=0xcdc7f0 "/build/buildd/glib2.0-2.28.4/./glib/gvarianttypeinfo.c", line=186, func=0xcdca70 "g_variant_type_info_check", message=<value optimized out>) at /build/buildd/glib2.0-2.28.4/./glib/gtestutils.c:1358
g_assertion_message_expr (domain=0xc946e6 "GLib", file=0xcdc7f0 "/build/buildd/glib2.0-2.28.4/./glib/gvarianttypeinfo.c", line=186, func=0xcdca70 "g_variant_type_info_check", expr=0xcdc7b9 "0 <= index && index < 24") at /build/buildd/glib2.0-2.28.4/./glib/gtestutils.c:1369

Revision history for this message

Apport retracing service (apport) wrote on 2011-03-24: Stacktrace.txt

Stacktrace.txt Edit (7.5 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2011-03-24: ThreadStacktrace.txt

ThreadStacktrace.txt Edit (19.1 KiB, text/plain)

Changed in unity (Ubuntu):
importance:	Undecided → Medium
tags:	removed: need-i386-retrace

Sebastien Bacher (seb128) on 2011-03-24

visibility:

private → public

Revision history for this message

Michael Terry (mterry) wrote on 2011-03-25:

So Ted asked me to look at this, in the hopes another set of eyeballs would help.

I'm leery that the linked branch will do much. The type of the properties is already checked in get_properties_callback(). And the g_variant_iter_loop() format_string argument in the stack trace is "v}" which is clearly wrong. Looks like memory got corrupted somewhere upstack rather than unexpected variants in the properties list.

There aren't that many near opportunities for memory corruption. The 'data' argument to the function seems to be correctly ref'd before the callback is setup so it seems to be valid memory for the dbusmenu_menuitem_properties_list() call. That would leave get_properties_callback()...

What about line 604?

601 GVariant * child = g_variant_get_child_value(params, 0);
602 GVariantIter iter;
603 g_variant_iter_init(&iter, child);
604 g_variant_unref(child);
605 while ((child = g_variant_iter_next_value(&iter)) != NULL) {

Seems suspicious to unref the child there, since the docs say the iter is only valid as long as child is.

Additionally, though this wouldn't cause the crash, on line 1381, the "have_error == FALSE" check should be moved up to the surrounding "properties != NULL" check; otherwise you'll leak the first key/value pair if have_error is TRUE.

Revision history for this message

David Barth (dbarth) wrote on 2011-03-28:

This is a "ted + mterry" thing, ie Michael seems to have a patch for it, but there may be a dbusmenu side as well.

Changed in unity-foundations:
assignee:	nobody → Ted Gould (ted)
Changed in unity:
assignee:	nobody → Michael Terry (mterry)
milestone:	none → 3.8.2
Changed in unity-foundations:
milestone:	none → unity-3.8.0-beta

Ken VanDine (ken-vandine) on 2011-03-28

Changed in libdbusmenu (Ubuntu):
importance:	Undecided → Medium
milestone:	none → ubuntu-11.04-beta-1
status:	New → Triaged

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-03-28:

This bug was fixed in the package libdbusmenu - 0.4.0-0ubuntu2

---------------
libdbusmenu (0.4.0-0ubuntu2) natty; urgency=low

* Cherry picked fix for potential memory issues to fix unity-panel-service
crashed with SIGABRT in __kernel_vsyscall() (LP: #741726)
-- Ken VanDine <email address hidden> Mon, 28 Mar 2011 14:56:59 -0400

Changed in libdbusmenu (Ubuntu):
status:	Triaged → Fix Released

Sebastien Bacher (seb128) on 2011-03-30

Changed in unity (Ubuntu):
status:	New → Fix Released

Michael Terry (mterry) on 2011-03-30

Changed in unity:
assignee:	Michael Terry (mterry) → nobody
status:	New → Invalid
Changed in dbusmenu:
status:	New → Fix Committed

Ted Gould (ted) on 2011-03-31

Changed in dbusmenu:
status:	Fix Committed → Fix Released

David Barth (dbarth) on 2011-04-04

Changed in unity-foundations:
status:	New → Fix Released

Marco Trevisan (Treviño) (3v1n0) on 2014-09-01

Changed in unity (Ubuntu):
status:	Fix Released → Invalid
importance:	Medium → Undecided

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuunity package

unity-panel-service crashed with SIGABRT in __kernel_vsyscall()

Bug Description

Related branches

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
unity package