apt_check.py crashed with SIGSEGV in FileName()

Bug #1016040 reported by C de-Avillez on 2012-06-21
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Medium
James Hunt
Quantal
Medium
James Hunt

Bug Description

after dist-upgrade this morning -- popped up after rebooting out of kernel 3.5 back into 3.4.

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: update-notifier-common 0.119ubuntu13
ProcVersionSignature: Ubuntu 3.4.0-5.11-generic 3.4.0
Uname: Linux 3.4.0-5-generic x86_64
ApportVersion: 2.2.4-0ubuntu1
Architecture: amd64
CheckboxSubmission: c8a7d84e13c3b258e707f056604eb0e0
CheckboxSystem: d00f84de8a555815fa1c4660280da308
Date: Thu Jun 21 08:10:17 2012
ExecutablePath: /usr/lib/update-notifier/apt_check.py
InterpreterPath: /usr/bin/python2.7
PackageArchitecture: all
ProcCmdline: /usr/bin/python /usr/lib/update-notifier/apt-check
SegvAnalysis:
 Segfault happened at: 0x7f61e282e3c7 <_ZNK16debPackagesIndex11FindInCacheER8pkgCache+407>: mov 0x0(%rbp),%esi
 PC (0x7f61e282e3c7) ok
 source "0x0(%rbp)" (0x7f6220fae470) not located in a known VMA region (needed readable region)!
 destination "%esi" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: update-notifier
StacktraceTop:
 debPackagesIndex::FindInCache(pkgCache&) const () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12
 ?? () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12
 pkgCacheGenerator::MakeStatusCache(pkgSourceList&, OpProgress*, MMap**, bool) () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12
 pkgCacheFile::BuildCaches(OpProgress*, bool) () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12
 pkgCacheFile::Open(OpProgress*, bool) () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12
Title: apt_check.py crashed with SIGSEGV in debPackagesIndex::FindInCache()
UpgradeStatus: Upgraded to quantal on 2012-06-16 (4 days ago)
UserGroups: adm admin cdrom dialout kismet kvm libvirtd lpadmin plugdev sambashare sudo vboxusers wireshark
modified.conffile..etc.apt.apt.conf.d.10periodic:
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Download-Upgradeable-Packages "1";
 APT::Periodic::AutocleanInterval "0";
mtime.conffile..etc.apt.apt.conf.d.10periodic: 2011-08-30T18:25:25.247774

Related branches

Revision history for this message
C de-Avillez (hggdh2) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 FileName (this=<optimized out>) at ../build/include/apt-pkg/cacheiterators.h:361
 debPackagesIndex::FindInCache (this=<optimized out>, Cache=...) at deb/debindexfile.cc:358
 CheckValidity (CacheFile=..., List=..., Start=..., End=..., OutMap=OutMap@entry=0x0) at pkgcachegen.cc:1097
 pkgCacheGenerator::MakeStatusCache (List=..., Progress=0x7fff6ddd3d90, OutMap=0x29c5bb0, AllowMem=<optimized out>) at pkgcachegen.cc:1336
 pkgCacheFile::BuildCaches (this=this@entry=0x29c5ba0, Progress=Progress@entry=0x7fff6ddd3d90, WithLock=false) at cachefile.cc:83

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in update-notifier (Ubuntu):
importance: Undecided → Medium
summary: - apt_check.py crashed with SIGSEGV in debPackagesIndex::FindInCache()
+ apt_check.py crashed with SIGSEGV in FileName()
tags: removed: need-amd64-retrace
C de-Avillez (hggdh2) on 2012-06-21
tags: added: qa-manual-testing
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in update-notifier (Ubuntu):
status: New → Confirmed
Para Siva (psivaa) on 2012-09-17
tags: added: rls-q-incoming
Colin Watson (cjwatson) on 2012-09-19
affects: update-notifier (Ubuntu) → apt (Ubuntu)
Colin Watson (cjwatson) on 2012-09-19
tags: removed: rls-q-incoming
James Hunt (jamesodhunt) on 2012-10-02
Changed in apt (Ubuntu Quantal):
assignee: nobody → James Hunt (jamesodhunt)
Revision history for this message
James Hunt (jamesodhunt) wrote :

I have not yet been able to reproduce this, but the stack trace is suggestive of either memory corruption or a pointer walking beyond the end of a list.

Consider a few choice entries from the 'stat' buffer shown in debPackagesIndex::FindInCache in the stacktrace:

st_nlink = 0 (impossible)
st_blksize = 0 (impossible)
tv_sec = 140058388787402 (eermmm)
st_uid = 32609 (expected st_uid=0)
st_gid = 1 (expected st_gid=0)

These values are either impossible or highly unlikely.

Is this repeatable if a non-privileged user runs the check that is failing?:

    /usr/bin/python /usr/lib/update-notifier/apt-check

It would also be useful to see the output of:

    apt-config dump

I do wonder if this issue was caused due to 'srcpkgcache.bin' being updated at the time /usr/lib/update-notifier/apt-check ran.

Revision history for this message
Michael Vogt (mvo) wrote :

I did the following in two terminals:

$ while true; do sudo rm /var/cache/apt/*.bin; sudo apt-cache gencaches; sleep 0.1; done
$ while true; do python ./data/apt_check.py ; done

and couldn't trigger a crash

Revision history for this message
Michael Vogt (mvo) wrote :

James is right that there is a dir::cache::srcpkgcache config option missing - I commited that to update-notifier bzr now.

This is still a bit puzzling as the write of those mmap files should be atomic and, i.e. it should not be posssible for two processes to stomp each others toes.

Revision history for this message
Rolf Leggewie (r0lf) wrote :

quantal has seen the end of its life and is no longer receiving any updates. Marking the quantal task for this ticket as "Won't Fix".

Changed in apt (Ubuntu Quantal):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers