Bug 401461

Summary: Apper crashed after applying updates
Product: [Unmaintained] apper Reporter: Suren Karapetyan <surenkarapetyan>
Component: generalAssignee: Daniel Nicoletti <dantti12>
Status: RESOLVED FIXED    
Severity: crash CC: arcadiy, jtfjdehf
Priority: NOR Keywords: drkonqi
Version First Reported In: 1.0.0   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: https://commits.kde.org/apper/d486706f3e9f7eefa4d44cd5ace34eeaf7ba2ceb Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: New crash information added by DrKonqi

Description Suren Karapetyan 2018-11-27 09:45:09 UTC 
Application: apper (1.0.0)

Qt Version: 5.11.1
Frameworks Version: 5.52.0
Operating System: Linux 4.18.18-200.fc28.x86_64 x86_64
Distribution (Platform): Fedora RPMs

-- Information about the crash:
- What I was doing when the application crashed:
Was updating the system.
The update finished fine, then the loader was shown for some time after which the crash happended.

-- Backtrace:
Application: Apper (apper), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
28	  return SYSCALL_CANCEL (nanosleep, requested_time, remaining);
[Current thread is 1 (Thread 0x7f7c3eb33940 (LWP 7467))]

Thread 5 (Thread 0x7f7c08fee700 (LWP 7471)):
#0  0x00007f7c3931551c in futex_wait_cancelable (private=0, expected=0, futex_word=0x5633bdd76038) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  0x00007f7c3931551c in __pthread_cond_wait_common (abstime=0x0, mutex=0x5633bdd75fe8, cond=0x5633bdd76010) at pthread_cond_wait.c:502
#2  0x00007f7c3931551c in __pthread_cond_wait (cond=0x5633bdd76010, mutex=0x5633bdd75fe8) at pthread_cond_wait.c:655
#3  0x00007f7c0e1782d3 in util_queue_thread_func () at /usr/lib64/dri/r600_dri.so
#4  0x00007f7c0e177feb in impl_thrd_routine () at /usr/lib64/dri/r600_dri.so
#5  0x00007f7c3930f594 in start_thread (arg=<optimized out>) at pthread_create.c:463
#6  0x00007f7c3ab31e6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7f7c097ef700 (LWP 7470)):
#0  0x00007f7c3931551c in futex_wait_cancelable (private=0, expected=0, futex_word=0x5633bdf063e0) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  0x00007f7c3931551c in __pthread_cond_wait_common (abstime=0x0, mutex=0x5633bdf06390, cond=0x5633bdf063b8) at pthread_cond_wait.c:502
#2  0x00007f7c3931551c in __pthread_cond_wait (cond=0x5633bdf063b8, mutex=0x5633bdf06390) at pthread_cond_wait.c:655
#3  0x00007f7c0e1782d3 in util_queue_thread_func () at /usr/lib64/dri/r600_dri.so
#4  0x00007f7c0e177feb in impl_thrd_routine () at /usr/lib64/dri/r600_dri.so
#5  0x00007f7c3930f594 in start_thread (arg=<optimized out>) at pthread_create.c:463
#6  0x00007f7c3ab31e6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7f7c1d01f700 (LWP 7469)):
#0  0x00007f7c3ab273e9 in __GI___poll (fds=0x7f7c1001a9b0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f7c3498cbc6 in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0
#2  0x00007f7c3498ccf0 in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#3  0x00007f7c3bc1f2ab in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt5Core.so.5
#4  0x00007f7c3bbcdb7b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt5Core.so.5
#5  0x00007f7c3ba356b6 in QThread::exec() () at /lib64/libQt5Core.so.5
#6  0x00007f7c3c10e7b9 in QDBusConnectionManager::run() () at /lib64/libQt5DBus.so.5
#7  0x00007f7c3ba3eb4b in QThreadPrivate::start(void*) () at /lib64/libQt5Core.so.5
#8  0x00007f7c3930f594 in start_thread (arg=<optimized out>) at pthread_create.c:463
#9  0x00007f7c3ab31e6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7f7c2061f700 (LWP 7468)):
#0  0x00007f7c3ab273e9 in __GI___poll (fds=fds@entry=0x7f7c2061eb78, nfds=nfds@entry=1, timeout=timeout@entry=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f7c3354c04f in poll (__timeout=-1, __nfds=1, __fds=0x7f7c2061eb78) at /usr/include/bits/poll2.h:46
#2  0x00007f7c3354c04f in _xcb_conn_wait (c=0x5633bdb9c480, cond=<optimized out>, vector=0x0, count=0x0) at xcb_conn.c:479
#3  0x00007f7c3354dcaa in xcb_wait_for_event (c=0x5633bdb9c480) at xcb_in.c:697
#4  0x00007f7c230185a9 in QXcbEventReader::run() () at /lib64/libQt5XcbQpa.so.5
#5  0x00007f7c3ba3eb4b in QThreadPrivate::start(void*) () at /lib64/libQt5Core.so.5
#6  0x00007f7c3930f594 in start_thread (arg=<optimized out>) at pthread_create.c:463
#7  0x00007f7c3ab31e6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7f7c3eb33940 (LWP 7467)):
[KCrash Handler]
#6  0x00007f7c400c717b in QHash<QString, PackageModel::InternalPackage>::erase(QHash<QString, PackageModel::InternalPackage>::const_iterator) () at /usr/lib64/apper/libapper_private.so
#7  0x00007f7c400c0f4b in PackageModel::clearSelectedNotPresent() () at /usr/lib64/apper/libapper_private.so
#8  0x00005633bcc3d3de in Updater::getUpdatesFinished() ()
#9  0x00007f7c3bbf6f43 in QMetaObject::activate(QObject*, int, int, void**) () at /lib64/libQt5Core.so.5
#10 0x00007f7c3fe4f383 in PackageKit::Transaction::finished(PackageKit::Transaction::Exit, unsigned int) () at /lib64/libpackagekitqt5.so.1
#11 0x00007f7c3fe53549 in PackageKit::TransactionPrivate::finished(unsigned int, unsigned int) () at /lib64/libpackagekitqt5.so.1
#12 0x00007f7c3fe51a35 in PackageKit::Transaction::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) () at /lib64/libpackagekitqt5.so.1
#13 0x00007f7c3bbf6e1e in QMetaObject::activate(QObject*, int, int, void**) () at /lib64/libQt5Core.so.5
#14 0x00007f7c3fe66859 in OrgFreedesktopPackageKitTransactionInterface::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) () at /lib64/libpackagekitqt5.so.1
#15 0x00007f7c3fe689f3 in OrgFreedesktopPackageKitTransactionInterface::qt_metacall(QMetaObject::Call, int, void**) () at /lib64/libpackagekitqt5.so.1
#16 0x00007f7c3c11a38a in QDBusConnectionPrivate::deliverCall(QObject*, int, QDBusMessage const&, QVector<int> const&, int) () at /lib64/libQt5DBus.so.5
#17 0x00007f7c3bbf7b26 in QObject::event(QEvent*) () at /lib64/libQt5Core.so.5
#18 0x00007f7c3c7f9475 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /lib64/libQt5Widgets.so.5
#19 0x00007f7c3c800b90 in QApplication::notify(QObject*, QEvent*) () at /lib64/libQt5Widgets.so.5
#20 0x00007f7c3bbcec36 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /lib64/libQt5Core.so.5
#21 0x00007f7c3bbd1e0b in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /lib64/libQt5Core.so.5
#22 0x00007f7c3bc1f507 in postEventSourceDispatch(_GSource*, int (*)(void*), void*) () at /lib64/libQt5Core.so.5
#23 0x00007f7c3498c88d in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#24 0x00007f7c3498cc58 in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0
#25 0x00007f7c3498ccf0 in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#26 0x00007f7c3bc1f293 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt5Core.so.5
#27 0x00007f7c230ab7c5 in QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt5XcbQpa.so.5
#28 0x00007f7c3bbcdb7b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt5Core.so.5
#29 0x00007f7c3bbd5c46 in QCoreApplication::exec() () at /lib64/libQt5Core.so.5
#30 0x00005633bcc2fbda in main ()

Reported using DrKonqi
Comment 1 Patrick Silva 2018-11-28 09:48:17 UTC 
*** Bug 401381 has been marked as a duplicate of this bug. ***
Comment 2 Arcadiy Ivanov 2019-03-01 13:50:14 UTC 
Created attachment 118457 [details]
New crash information added by DrKonqi

apper (1.0.0) using Qt 5.11.3

- What I was doing when the application crashed:

Applying updates that involved kernel updates and related removal of all kernel and old out-of-tree kernel modules (NVidia, BBSwitch).
Platform: Fedora 29

-- Backtrace (Reduced):
#6  0x00007f3ac74ff357 in QHashData::nextNode(QHashData::Node*) () from /lib64/libQt5Core.so.5
#7  0x00007f3ac933cb3a in QHash<QString, PackageModel::InternalPackage>::iterator::operator++ (this=<synthetic pointer>) at /usr/include/qt5/QtCore/qhash.h:328
#8  QHash<QString, PackageModel::InternalPackage>::erase (this=this@entry=0x55e3ab03fb00, it=..., it@entry=...) at /usr/include/qt5/QtCore/qhash.h:865
#9  0x00007f3ac933693b in QHash<QString, PackageModel::InternalPackage>::erase (it=..., this=0x55e3ab03fb00) at /usr/include/qt5/QtCore/qhash.h:475
#10 PackageModel::clearSelectedNotPresent (this=0x55e3ab03fac0) at /usr/src/debug/apper-1.0.0-3.fc29.x86_64/libapper/PackageModel.cpp:494
Comment 3 Albert Astals Cid 2019-03-21 22:11:14 UTC 
Git commit d486706f3e9f7eefa4d44cd5ace34eeaf7ba2ceb by Albert Astals Cid, on behalf of Alexander Kernozhitsky.
Committed on 21/03/2019 at 22:11.
Pushed by aacid into branch 'master'.

Prevent crashing Apper on PackageModel::clearSelectedNotPresent()

Summary:
m_checkedPackages.erase() is called, but the iterator is not increased, therefore on the next iteration we use an invalid iterator
Related: bug 405433, bug 402170

Test Plan: I just rebuilt Apper, ran it and installed the updates with it. The bug does not appear.

Reviewers: dantti, apol

Reviewed By: dantti

Differential Revision: https://phabricator.kde.org/D19951

M  +1    -1    libapper/PackageModel.cpp

https://commits.kde.org/apper/d486706f3e9f7eefa4d44cd5ace34eeaf7ba2ceb
Comment 4 Jukka Lahtinen 2019-06-09 09:13:35 UTC 
I hope we will soon get the fix to the Fedora repository..
I updated to Fedora 30 in May, and this still happens. Apper 1.0.0-4 , no newer version in the repository.
Comment 5 Suren Karapetyan 2019-11-17 20:58:51 UTC 
Are there any plans to do a fresh release with this fix?
Asking because at least for Fedora the issue isn't solved yet.