Ubuntu
git package

git assert failure: munmap_chunk(): invalid pointer

Bug #1805914 reported by Anders Kaseorg on 2018-11-30

This bug affects 1 person

	Status	Importance	Assigned to
git (Ubuntu)	Fix Released	Medium	Unassigned
Cosmic	Won't Fix	Undecided	Unassigned
glibc (Ubuntu)	Fix Released	Undecided	Unassigned
Cosmic	Won't Fix	Undecided	Unassigned
gnulib (Ubuntu)	Fix Released	Undecided	Unassigned
Cosmic	Won't Fix	Undecided	Unassigned

Bug Description

This seems to be reproducible with

git clone https://github.com/zulip/zulip.git
cd zulip
git grep -i 'redirect.*login'

Valgrind log attached.

ProblemType: Crash
DistroRelease: Ubuntu 18.10
Package: git 1:2.19.1-1ubuntu1.1
ProcVersionSignature: Ubuntu 4.18.0-11.12-generic 4.18.12
Uname: Linux 4.18.0-11-generic x86_64
NonfreeKernelModules: openafs
ApportVersion: 2.20.10-0ubuntu13.1
Architecture: amd64
AssertionMessage: munmap_chunk(): invalid pointer
CurrentDesktop: GNOME
Date: Thu Nov 29 16:02:46 2018
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/git
InstallationDate: Installed on 2016-02-19 (1014 days ago)
InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160218)
ProcCmdline: git grep -i redirect.*login
Signal: 6
SourcePackage: git
StacktraceTop:
__libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f3162540c00 "%s\n") at ../sysdeps/posix/libc_fatal.c:181
malloc_printerr (str=str@entry=0x7f3162542848 "munmap_chunk(): invalid pointer") at malloc.c:5336
munmap_chunk (p=<optimized out>) at malloc.c:2830
grep_source_clear (gs=gs@entry=0x55757aa67a38 <todo+2200>) at grep.c:2087
work_done (w=<optimized out>) at builtin/grep.c:160
Title: git assert failure: munmap_chunk(): invalid pointer
UpgradeStatus: Upgraded to cosmic on 2018-08-17 (104 days ago)
UserGroups: adm audio bumblebee cdrom dip docker libvirt libvirtd lpadmin lxd mock plugdev sambashare sbuild sudo wireshark
modified.conffile..etc.apport.crashdb.conf: [modified]
mtime.conffile..etc.apport.crashdb.conf: 2018-07-03T15:41:08.765813

Tags:

Revision history for this message

Anders Kaseorg (andersk) wrote on 2018-11-30:

valgrind.log Edit (26.1 KiB, text/plain)
Dependencies.txt Edit (2.5 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (934 bytes, text/plain; charset="utf-8")
JournalErrors.txt Edit (143.9 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.2 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (344 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (6.2 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (1.3 KiB, text/plain; charset="utf-8")
Registers.txt Edit (1.0 KiB, text/plain; charset="utf-8")
Stacktrace.txt Edit (2.9 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (63.1 KiB, text/plain; charset="utf-8")

information type:

Private → Public

Revision history for this message

Apport retracing service (apport) wrote on 2018-11-30:

StacktraceTop:
__libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f3162540c00 "%s\n") at ../sysdeps/posix/libc_fatal.c:181
malloc_printerr (str=str@entry=0x7f3162542848 "munmap_chunk(): invalid pointer") at malloc.c:5336
munmap_chunk (p=<optimized out>) at malloc.c:2830
grep_source_clear (gs=gs@entry=0x55757aa67a38 <todo+2200>) at grep.c:2087
work_done (w=<optimized out>) at builtin/grep.c:160

Revision history for this message

Apport retracing service (apport) wrote on 2018-11-30: Stacktrace.txt

Stacktrace.txt Edit (2.9 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2018-11-30: StacktraceSource.txt

StacktraceSource.txt Edit (2.5 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2018-11-30: ThreadStacktrace.txt

ThreadStacktrace.txt Edit (63.3 KiB, text/plain)

Changed in git (Ubuntu):
importance:	Undecided → Medium
tags:	removed: need-amd64-retrace

Revision history for this message

Anders Kaseorg (andersk) wrote on 2018-11-30:

Reproduced on different hardware. It’s not entirely deterministic, and seems to disappear entirely with --threads=1, so it must be some kind of race condition.

Revision history for this message

Anders Kaseorg (andersk) wrote on 2018-11-30:

Bisecting git.git shows v1.9-rc0~63^2 as the first bad commit:

https://github.com/git/git/commit/9c0495d23e6999375976ca44e3812fc65b73626e

That commit merely removes a setlocale(LC_CTYPE, "C") call on sufficiently new glibc, so the real bug is elsewhere.

Revision history for this message

Anders Kaseorg (andersk) wrote on 2018-12-04:

The crash occurs with glibc 2.28 and not with glibc 2.27. Bisecting glibc.git shows glibc-2.28~122 as the first bad commit:

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=eb04c21373e2a2885f3d52ff192b0499afe3c672
“posix: Sync gnulib regex implementation”

I verified that it was fixed in glibc master (post-2.28) with:

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=bc680b336971305cb39896b30d72dc7101b62242
“regex: fix uninitialized memory access”

which was backported to the 2.28 stable branch (two commits after the snapshot in cosmic/disco!):

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=58559f14437d2aa71753a29fed435efa06aa4576

Please add this patch.

Revision history for this message

Adam Conrad (adconrad) wrote on 2019-09-16:

Closing as fixed, since glibc 2.29 shipped in disco, and cosmic is EOL.

Changed in git (Ubuntu Cosmic):
status:	New → Won't Fix
Changed in glibc (Ubuntu Cosmic):
status:	New → Won't Fix
Changed in gnulib (Ubuntu Cosmic):
status:	New → Won't Fix
Changed in gnulib (Ubuntu):
status:	New → Fix Released
Changed in glibc (Ubuntu):
status:	New → Fix Released
Changed in git (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntugit package

git assert failure: munmap_chunk(): invalid pointer

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
git package