| 2019-02-08 15:20:25 |
Heitor Alves de Siqueira |
description |
[Impact]
apt crashes (core dump) during cache creation
[Description]
When executing apt-cache several times on a memory constrained system, apt-cache can sometimes crash with a core dump file. This is related to mmap() failing allocations during cache generation, according to an upstream bug report (803417).
There is an upstream patch for this bug (6789e01e do not segfault in cache generation on mmap failure) and it's included in the apt package for other series (see below), so we only need to backport it to Trusty.
Upstream commit: https://salsa.debian.org/apt-team/apt/commit/6789e01e9370b3b7f65d52138c5657eaa712b4d1
$ git describe --contains 6789e01e9370
1.1_exp16~5
$ rmadison apt
apt | 1.0.1ubuntu2 | trusty | source, amd64, arm64, armhf, i386, powerpc, ppc64el
apt | 1.0.1ubuntu2.19 | trusty-security | source, amd64, arm64, armhf, i386, powerpc, ppc64el
apt | 1.0.1ubuntu2.19 | trusty-updates | source, amd64, arm64, armhf, i386, powerpc, ppc64el
apt | 1.2.10ubuntu1 | xenial | source, amd64, arm64, armhf, i386, powerpc, ppc64el, s390x
apt | 1.6.1 | bionic | source, amd64, arm64, armhf, i386, ppc64el, s390x
apt | 1.7.0 | cosmic | source, amd64, arm64, armhf, i386, ppc64el, s390x
apt | 1.8.0~rc2 | disco | source, amd64, arm64, armhf, i386, ppc64el, s390x
[Test Case]
Unfortunately, this issue is not easy to reproduce. It seems to trigger randomly when "apt-cache policy" is called on a system under memory pressure, triggering the failure path in the mmap() allocations.
[Regression Potential]
The regression potential for this should be low, as it's a change in the failure path for memory allocations. This shouldn't be triggered during normal usage, and we'll thoroughly test the patched package with autopkgtests and perform scripted runs in memory-constrained systems with stress-ng.
We also have a confirmation from an impacted user that the upstream patch fixes their issue without further problems. |
[Impact]
apt crashes (core dump) during cache creation
[Description]
When executing apt-cache several times on a memory constrained system, apt-cache can sometimes crash with a core dump file. This is related to mmap() failing allocations during cache generation, according to an upstream bug report (803417).
There is an upstream patch for this bug (6789e01e do not segfault in cache generation on mmap failure) and it's included in the apt package for other series (see below), so we only need to backport it to Trusty.
Upstream commit: https://salsa.debian.org/apt-team/apt/commit/6789e01e9370b3b7f65d52138c5657eaa712b4d1
$ git describe --contains 6789e01e9370
1.1_exp16~5
$ rmadison apt
apt | 1.0.1ubuntu2 | trusty | source, ...
apt | 1.0.1ubuntu2.19 | trusty-security | source, ...
apt | 1.0.1ubuntu2.19 | trusty-updates | source, ...
apt | 1.2.10ubuntu1 | xenial | source, ...
apt | 1.6.1 | bionic | source, ...
apt | 1.7.0 | cosmic | source, ...
apt | 1.8.0~rc2 | disco | source, ...
[Test Case]
1) Deploy a Trusty (14.04 LTS) vm w/ 128M
2) Fetch latest stress-ng src code
2.1) git clone git://kernel.ubuntu.com/cking/stress-ng
2.2) cd stress-ng
2.3) make clean
2.4) make
3) Stress the mmap() with stress-ng
3.1) ./stress-ng --brk 2 --mmap 5 --vm 1 --mmap-bytes 90%
4) Disable swap (if any)
4.1) swapoff -a
5) for i in `seq 1 10000`;do apt-cache policy vsftpd;done
...
vsftpd:
Installed: (none)
Candidate: 3.0.2-1ubuntu2.14.04.1
Version table:
3.0.2-1ubuntu2.14.04.1 0
500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
3.0.2-1ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
Segmentation fault (core dumped)
Segmentation fault (core dumped)
Segmentation fault (core dumped)
Segmentation fault (core dumped)
Segmentation fault (core dumped)
Segmentation fault (core dumped)
...
[Regression Potential]
The regression potential for this should be low, as it's a change in the failure path for memory allocations. This shouldn't be triggered during normal usage, and we'll thoroughly test the patched package with autopkgtests and perform scripted runs in memory-constrained systems with stress-ng.
We also have a confirmation from an impacted user that the upstream patch fixes their issue without further problems. |
|
