apt_check.py crashed with SIGSEGV in FileName()

Bug #1016040 reported by C de-Avillez on 2012-06-21
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Medium
James Hunt
Quantal
Medium
James Hunt

Bug Description

after dist-upgrade this morning -- popped up after rebooting out of kernel 3.5 back into 3.4.

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: update-notifier-common 0.119ubuntu13
ProcVersionSignature: Ubuntu 3.4.0-5.11-generic 3.4.0
Uname: Linux 3.4.0-5-generic x86_64
ApportVersion: 2.2.4-0ubuntu1
Architecture: amd64
CheckboxSubmission: c8a7d84e13c3b258e707f056604eb0e0
CheckboxSystem: d00f84de8a555815fa1c4660280da308
Date: Thu Jun 21 08:10:17 2012
ExecutablePath: /usr/lib/update-notifier/apt_check.py
InterpreterPath: /usr/bin/python2.7
PackageArchitecture: all
ProcCmdline: /usr/bin/python /usr/lib/update-notifier/apt-check
SegvAnalysis:
 Segfault happened at: 0x7f61e282e3c7 <_ZNK16debPackagesIndex11FindInCacheER8pkgCache+407>: mov 0x0(%rbp),%esi
 PC (0x7f61e282e3c7) ok
 source "0x0(%rbp)" (0x7f6220fae470) not located in a known VMA region (needed readable region)!
 destination "%esi" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: update-notifier
StacktraceTop:
 debPackagesIndex::FindInCache(pkgCache&) const () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12
 ?? () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12
 pkgCacheGenerator::MakeStatusCache(pkgSourceList&, OpProgress*, MMap**, bool) () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12
 pkgCacheFile::BuildCaches(OpProgress*, bool) () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12
 pkgCacheFile::Open(OpProgress*, bool) () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12
Title: apt_check.py crashed with SIGSEGV in debPackagesIndex::FindInCache()
UpgradeStatus: Upgraded to quantal on 2012-06-16 (4 days ago)
UserGroups: adm admin cdrom dialout kismet kvm libvirtd lpadmin plugdev sambashare sudo vboxusers wireshark
modified.conffile..etc.apt.apt.conf.d.10periodic:
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Download-Upgradeable-Packages "1";
 APT::Periodic::AutocleanInterval "0";
mtime.conffile..etc.apt.apt.conf.d.10periodic: 2011-08-30T18:25:25.247774

Related branches

C de-Avillez (hggdh2) wrote :

StacktraceTop:
 FileName (this=<optimized out>) at ../build/include/apt-pkg/cacheiterators.h:361
 debPackagesIndex::FindInCache (this=<optimized out>, Cache=...) at deb/debindexfile.cc:358
 CheckValidity (CacheFile=..., List=..., Start=..., End=..., OutMap=OutMap@entry=0x0) at pkgcachegen.cc:1097
 pkgCacheGenerator::MakeStatusCache (List=..., Progress=0x7fff6ddd3d90, OutMap=0x29c5bb0, AllowMem=<optimized out>) at pkgcachegen.cc:1336
 pkgCacheFile::BuildCaches (this=this@entry=0x29c5ba0, Progress=Progress@entry=0x7fff6ddd3d90, WithLock=false) at cachefile.cc:83

Changed in update-notifier (Ubuntu):
importance: Undecided → Medium
summary: - apt_check.py crashed with SIGSEGV in debPackagesIndex::FindInCache()
+ apt_check.py crashed with SIGSEGV in FileName()
tags: removed: need-amd64-retrace
C de-Avillez (hggdh2) on 2012-06-21
tags: added: qa-manual-testing
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in update-notifier (Ubuntu):
status: New → Confirmed
Para Siva (psivaa) on 2012-09-17
tags: added: rls-q-incoming
Colin Watson (cjwatson) on 2012-09-19
affects: update-notifier (Ubuntu) → apt (Ubuntu)
Colin Watson (cjwatson) on 2012-09-19
tags: removed: rls-q-incoming
James Hunt (jamesodhunt) on 2012-10-02
Changed in apt (Ubuntu Quantal):
assignee: nobody → James Hunt (jamesodhunt)
James Hunt (jamesodhunt) wrote :

I have not yet been able to reproduce this, but the stack trace is suggestive of either memory corruption or a pointer walking beyond the end of a list.

Consider a few choice entries from the 'stat' buffer shown in debPackagesIndex::FindInCache in the stacktrace:

st_nlink = 0 (impossible)
st_blksize = 0 (impossible)
tv_sec = 140058388787402 (eermmm)
st_uid = 32609 (expected st_uid=0)
st_gid = 1 (expected st_gid=0)

These values are either impossible or highly unlikely.

Is this repeatable if a non-privileged user runs the check that is failing?:

    /usr/bin/python /usr/lib/update-notifier/apt-check

It would also be useful to see the output of:

    apt-config dump

I do wonder if this issue was caused due to 'srcpkgcache.bin' being updated at the time /usr/lib/update-notifier/apt-check ran.

Michael Vogt (mvo) wrote :

I did the following in two terminals:

$ while true; do sudo rm /var/cache/apt/*.bin; sudo apt-cache gencaches; sleep 0.1; done
$ while true; do python ./data/apt_check.py ; done

and couldn't trigger a crash

Michael Vogt (mvo) wrote :

James is right that there is a dir::cache::srcpkgcache config option missing - I commited that to update-notifier bzr now.

This is still a bit puzzling as the write of those mmap files should be atomic and, i.e. it should not be posssible for two processes to stomp each others toes.

Rolf Leggewie (r0lf) wrote :

quantal has seen the end of its life and is no longer receiving any updates. Marking the quantal task for this ticket as "Won't Fix".

Changed in apt (Ubuntu Quantal):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers