Bug#911731: packagekitd: random crash (SIGABRT) during unattended-upgrades minimal steps upgrade

[Stephan Hohe]

Hi,

I also saw a crash with this stack trace and investigated. The crash
happens when warnings are passed from apt to packagekit. It seems like
destruction of temporaries in show_error() gets messed up for -O2.

The function doesn't return a value despite being declared as bool,
which is technically undefined behavior and might confuse the optimizer (?).
Changing the function return type to void fixed the crash for me, see this
upstream pull request:

https://github.com/hughsie/PackageKit/pull/306

/Stephan

Bug#911731: packagekitd: random crash (SIGABRT) during unattended-upgrades minimal steps upgrade

[Paul Wise]

Package: packagekit
Version: 1.1.11-1
Severity: normal
File: /usr/lib/packagekit/packagekitd
Usertags: crash

Yesterday during an unattended-upgrades minimal steps upgrade,
packagekitd crashed randomly with a SIGABRT.

If the information below is not useful, please close this bug.

$ ll 
/var/crash/0/16396-0-0-6-1540269143-chianamo--usr-lib-packagekit-packagekitd.core
-rw--- 1 pabs pabs 74M Oct 23 12:32 
/var/crash/0/16396-0-0-6-1540269143-chianamo--usr-lib-packagekit-packagekitd.core

$ grep -A27 '2018-10-23  12:30' /var/log/apt/history.log
Start-Date: 2018-10-23  12:30:15
Commandline: /usr/bin/unattended-upgrade
Upgrade: cups-filters-core-drivers:amd64 (1.21.3-1, 1.21.3-2)
End-Date: 2018-10-23  12:30:29

Start-Date: 2018-10-23  12:31:06
Commandline: /usr/bin/unattended-upgrade
Upgrade: libapparmor-perl:amd64 (2.13-8, 2.13.1-1)
End-Date: 2018-10-23  12:31:14

Start-Date: 2018-10-23  12:31:55
Commandline: /usr/bin/unattended-upgrade
Upgrade: libcupsfilters1:amd64 (1.21.3-1, 1.21.3-2)
End-Date: 2018-10-23  12:32:05

Start-Date: 2018-10-23  12:32:43
Commandline: /usr/bin/unattended-upgrade
Upgrade: libfontembed1:amd64 (1.21.3-1, 1.21.3-2)
End-Date: 2018-10-23  12:32:49

Start-Date: 2018-10-23  12:33:26
Commandline: /usr/bin/unattended-upgrade
Upgrade: libopenmpt-modplug1:amd64 (0.3.12-1, 0.3.13-1)
End-Date: 2018-10-23  12:33:34

Start-Date: 2018-10-23  12:34:10
Commandline: /usr/bin/unattended-upgrade
Upgrade: libqt5help5:amd64 (5.11.1-6, 5.11.2-3)
End-Date: 2018-10-23  12:34:16

$ gdb -batch -n -ex 'set pagination off' -ex bt -ex 'thread apply all bt full' 
--core 
/var/crash/0/16396-0-0-6-1540269143-chianamo--usr-lib-packagekit-packagekitd.core
 /usr/lib/packagekit/packagekitd
[New LWP 22817]
[New LWP 16396]
[New LWP 16397]
[New LWP 16398]
[New LWP 22813]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/lib/packagekit/packagekitd'.
Program terminated with signal SIGABRT, Aborted.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
[Current thread is 1 (Thread 0x7fc77efdb700 (LWP 22817))]
#0  0x7fc78132ef3b in __GI_raise (sig=sig@entry=6) at 
../sysdeps/unix/sysv/linux/raise.c:51
#1  0x7fc7813302f1 in __GI_abort () at abort.c:79
#2  0x7fc77e2d4943 in __gnu_cxx::__verbose_terminate_handler() () at 
../../../../src/libstdc++-v3/libsupc++/vterminate.cc:95
#3  0x7fc77e2da896 in __cxxabiv1::__terminate(void (*)()) 
(handler=) at 
../../../../src/libstdc++-v3/libsupc++/eh_terminate.cc:47
#4  0x7fc77e2da8d1 in std::terminate() () at 
../../../../src/libstdc++-v3/libsupc++/eh_terminate.cc:57
#5  0x7fc77e2dab04 in __cxxabiv1::__cxa_throw(void*, std::type_info*, void 
(*)(void*)) (obj=obj@entry=0x7fc774037120, tinfo=0x7fc77e3be9a0 , dest=0x7fc77e2ef5f0 ) 
at ../../../../src/libstdc++-v3/libsupc++/eh_throw.cc:95
#6  0x7fc77e2d6805 in std::__throw_length_error(char const*) () at 
/usr/lib/x86_64-linux-gnu/libstdc++.so.6
#7  0x7fc77e366e4e in std::__cxx11::basic_string, std::allocator >::_M_check_length(unsigned long, 
unsigned long, char const*) const (__s=0x7fc77e384f81 
"basic_string::_M_replace", __n2=, __n1=0, this=0x7fc77efda960) 
at 
/build/gcc-8-xSRyaH/gcc-8-8.2.0/build/x86_64-linux-gnu/libstdc++-v3/include/bits/char_traits.h:285
#8  0x7fc77e366e4e in std::__cxx11::basic_string, std::allocator >::_M_replace(unsigned long, 
unsigned long, char const*, unsigned long) (this=this@entry=0x7fc77efda960, 
__pos=__pos@entry=0, __len1=__len1@entry=0, __s=, 
__len2=) at 
/build/gcc-8-xSRyaH/gcc-8-8.2.0/build/x86_64-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:425
#9  0x7fc77f074c52 in std::__cxx11::basic_string, std::allocator >::replace(unsigned long, unsigned 
long, char const*, unsigned long) (__n2=, __s=, 
__n1=0, __pos=0, this=0x7fc77efda960) at 
/usr/include/c++/8/bits/basic_string.h:1918
#10 0x7fc77f074c52 in std::__cxx11::basic_string, std::allocator 
>::replace(__gnu_cxx::__normal_iterator, std::allocator > 
>, __gnu_cxx::__normal_iterator, std::allocator > >, char*, char*) 
(__k2=, __k1=, __i2=..., __i1=..., 
this=0x7fc77efda960) at /usr/include/c++/8/bits/basic_string.h:2112
#11 0x7fc77f074c52 in std::__cxx11::basic_string, std::allocator >::assign(char*, 
char*) (__last=, __first=, this=0x7fc77efda960) 
at /usr/include/c++/8/bits/basic_string.h:1462
#12 0x7fc77f074c52 in std::__cxx11::basic_stringbuf, std::allocator >::str() const 
(this=0x7fc77efda988) at /usr/include/c++/8/sstream:174
#13 0x7fc77f074c52 in std::__cxx11::basic_stringstream, std::allocator >::str() const 
(this=0x7fc77efda970) at /usr/include/c++/8/sstream:780
#14 0x7fc77f074c52 in show_errors(PkBackendJob*, PkErrorEnum, bool) 
(job=0x55acd99e5ee0 [PkBackendJob], errorCode=PK_ERROR_ENUM_CANNOT_GET_LOCK, 
errModify=200) at apt-messages.cpp:55
#15 0x7fc77f094fe0 in