apt segfaults when generating cache file

Bug #1815129 reported by Heitor Alves de Siqueira on 2019-02-07
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Debian)
Fix Released
Unknown
apt (Ubuntu)
Undecided
Unassigned
Trusty
Medium
Julian Andres Klode

Bug Description

[Impact]
apt crashes (core dump) during cache creation

[Description]
When executing apt-cache several times on a memory constrained system, apt-cache can sometimes crash with a core dump file. This is related to mmap() failing allocations during cache generation, according to an upstream bug report (803417).
There is an upstream patch for this bug (6789e01e do not segfault in cache generation on mmap failure) and it's included in the apt package for other series (see below), so we only need to backport it to Trusty.

Upstream commit: https://salsa.debian.org/apt-team/apt/commit/6789e01e9370b3b7f65d52138c5657eaa712b4d1

$ git describe --contains 6789e01e9370
1.1_exp16~5

$ rmadison apt
 apt | 1.0.1ubuntu2 | trusty | source, ...
 apt | 1.0.1ubuntu2.19 | trusty-security | source, ...
 apt | 1.0.1ubuntu2.19 | trusty-updates | source, ...
 apt | 1.2.10ubuntu1 | xenial | source, ...
 apt | 1.6.1 | bionic | source, ...
 apt | 1.7.0 | cosmic | source, ...
 apt | 1.8.0~rc2 | disco | source, ...

[Test Case]
1) Deploy a Trusty (14.04 LTS) vm w/ 128M
2) Fetch latest stress-ng src code
 2.1) git clone git://kernel.ubuntu.com/cking/stress-ng
 2.2) cd stress-ng
 2.3) make clean
 2.4) make
3) Stress the mmap() with stress-ng
 3.1) ./stress-ng --brk 2 --mmap 5 --vm 1 --mmap-bytes 90%
4) Disable swap (if any)
 4.1) swapoff -a
5) for i in `seq 1 10000`;do apt-cache policy vsftpd;done
...
vsftpd:
  Installed: (none)
  Candidate: 3.0.2-1ubuntu2.14.04.1
  Version table:
     3.0.2-1ubuntu2.14.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
     3.0.2-1ubuntu2 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
Segmentation fault (core dumped)
Segmentation fault (core dumped)
Segmentation fault (core dumped)
Segmentation fault (core dumped)
Segmentation fault (core dumped)
Segmentation fault (core dumped)
...

[Regression Potential]
The regression potential for this should be low, as it's a change in the failure path for memory allocations. This shouldn't be triggered during normal usage, and we'll thoroughly test the patched package with autopkgtests and perform scripted runs in memory-constrained systems with stress-ng.
We also have a confirmation from an impacted user that the upstream patch fixes their issue without further problems.

Eric Desrochers (slashd) on 2019-02-07
Changed in apt (Ubuntu Trusty):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Heitor R. Alves de Siqueira (halves)
Changed in apt (Ubuntu):
status: New → Fix Released
tags: added: sts
Eric Desrochers (slashd) on 2019-02-07
Changed in apt (Ubuntu Trusty):
assignee: Heitor R. Alves de Siqueira (halves) → nobody
assignee: nobody → Julian Andres Klode (juliank)
description: updated
Julian Andres Klode (juliank) wrote :

FWIW, you should also be able to turn off overcommitting in the kernel and/or set a ulimit -v to make things easier to reproduce.

Changed in apt (Debian):
status: Unknown → Fix Released

Hello Heitor, or anyone else affected,

Accepted apt into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.0.1ubuntu2.20 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-trusty to verification-done-trusty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-trusty. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in apt (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-trusty

Tested on apt-1.0.1ubuntu2.20 from trusty-proposed. Tried reproducing according to the test case from description, and verified that apt-cache does not crash:

ubuntu@apt-stress:~/stress-ng$ dpkg -l | grep apt
ii apt 1.0.1ubuntu2.20

(while having stress-ng running)
ubuntu@apt-stress:~/stress-ng$ for i in `seq 1 10000`;do apt-cache policy vsftpd;done
E: Couldn't make mmap of 30021560 bytes - MMap-mmap (12: Cannot allocate memory)
E: The package lists or status file could not be parsed or opened.

tags: added: verification-done-trusty
removed: verification-needed verification-needed-trusty
tags: added: verification-needed

There are two armhf autopkgtest regressions for apt-1.0.1ubuntu2.20, in tests for apt [0] and autopkgtest [1]. From the autopkgtest pages we can see that these regressions were introduced long before this SRU, so it seems like a long standing issue unrelated to this patch.

[0] http://autopkgtest.ubuntu.com/packages/a/apt/trusty/armhf
[1] http://autopkgtest.ubuntu.com/packages/a/autopkgtest/trusty/armhf

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 1.0.1ubuntu2.20

---------------
apt (1.0.1ubuntu2.20) trusty; urgency=medium

  [ Julian Andres Klode ]
  * Fix crashes in apt search, cache file (LP: #1815187)
  * Clean up some build artifacts and regenerate the po files

  [ Heitor R. Alves de Siqueira ]
  * backport "do not segfault in cache generation on mmap failure"
    (Closes: 803417) (LP: #1815129)

 -- Julian Andres Klode <email address hidden> Fri, 08 Feb 2019 13:12:26 +0100

Changed in apt (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for apt has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.