aptd crashed with SIGSEGV in std::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare() -- __strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen-sse4.S:32

Bug #812862 reported by Albert Damen
212
This bug affects 24 people
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Fix Released
High
Unassigned

Bug Description

After doing a daily upgrade, update-manager crashes. The upgrade itself seems to have gone fine.
After the crash (it has been happening before), I noticed there seem to be temporary files left in /var/cache/apt:

albert@saturnus:~$ ls -la /var/cache/apt/
total 334264
drwxr-xr-x 4 root root 4096 2011-07-19 13:51 .
drwxr-xr-x 19 root root 4096 2011-07-09 00:00 ..
drwxr-xr-x 2 root root 4096 2010-05-27 12:28 apt-file
drwxr-xr-x 3 root root 253952 2011-07-19 13:51 archives
-rw-r--r-- 1 root root 39573952 2011-07-19 13:51 pkgcache.bin
-rw-r--r-- 1 root root 38797312 2011-07-19 13:51 pkgcache.bin.7mO3jw
-rw-r--r-- 1 root root 38797312 2011-07-09 00:49 pkgcache.bin.FG1qwN
-rw-r--r-- 1 root root 38797312 2011-07-13 11:29 pkgcache.bin.Km58oV
-rw-r--r-- 1 root root 38797312 2011-07-17 15:25 pkgcache.bin.KPvCey
-rw-r--r-- 1 root root 38797312 2011-07-15 18:47 pkgcache.bin.PxOREy
-rw-r--r-- 1 root root 39845888 2011-07-12 17:32 pkgcache.bin.R455IS
-rw-r--r-- 1 root root 38797312 2011-07-08 18:47 pkgcache.bin.ucU3js
-rw-r--r-- 1 root root 37445119 2011-07-19 13:48 srcpkgcache.bin

If it matters, I have multi-arch enabled, with foreign-architecture i386 in /etc/dpkg/dpkg.cfg

ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: aptdaemon 0.43+bzr662-0ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-5.6-generic 3.0.0-rc7
Uname: Linux 3.0.0-5-generic x86_64
Architecture: amd64
CrashCounter: 1
Date: Tue Jul 19 13:51:34 2011
ExecutablePath: /usr/sbin/aptd
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
InterpreterPath: /usr/bin/python2.7
PackageArchitecture: all
ProcCmdline: /usr/bin/python /usr/sbin/aptd
ProcEnviron:

SegvAnalysis:
 Segfault happened at: 0x7f07af9f17bf: pcmpeqb (%rdi),%xmm1
 PC (0x7f07af9f17bf) ok
 source "(%rdi)" (0x7f07a88905f0) not located in a known VMA region (needed readable region)!
 destination "%xmm1" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: aptdaemon
StacktraceTop:
 ?? () from /lib/x86_64-linux-gnu/libc.so.6
 std::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(char const*) const () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 pkgCacheGenerator::FinishCache(OpProgress*) () from /usr/lib/libapt-pkg.so.4.10
 pkgCacheGenerator::MakeStatusCache(pkgSourceList&, OpProgress*, MMap**, bool) () from /usr/lib/libapt-pkg.so.4.10
 pkgCacheFile::BuildCaches(OpProgress*, bool) () from /usr/lib/libapt-pkg.so.4.10
Title: aptd crashed with SIGSEGV in std::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare()
UpgradeStatus: Upgraded to oneiric on 2011-06-02 (46 days ago)
UserGroups:

Related branches

Revision history for this message
Albert Damen (albrt) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 __strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen-sse4.S:32
 length (this=<value optimized out>, __s=0x7f07a88905f3 <Address 0x7f07a88905f3 out of bounds>) at /build/buildd/gcc-4.6-4.6.1/build/x86_64-linux-gnu/libstdc++-v3/include/bits/char_traits.h:261
 std::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare (this=<value optimized out>, __s=0x7f07a88905f3 <Address 0x7f07a88905f3 out of bounds>) at /build/buildd/gcc-4.6-4.6.1/build/x86_64-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:955
 pkgCacheGenerator::MergeList(pkgCacheGenerator::ListParser&, pkgCache::VerIterator*) () from /usr/lib/libapt-pkg.so.4.10
 ?? ()

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in aptdaemon (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Albert Damen (albrt)
visibility: private → public
Robert Roth (evfool)
tags: added: multiarch
summary: aptd crashed with SIGSEGV in std::basic_string<char,
- std::char_traits<char>, std::allocator<char> >::compare()
+ std::char_traits<char>, std::allocator<char> >::compare() --
+ __strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen-sse4.S:32
Changed in aptdaemon (Ubuntu):
status: New → Confirmed
Revision history for this message
Steve Langasek (vorlon) wrote :

Note that the "multiarch" in the backtrace / bug description is unrelated to the multiarch library implementation in Ubuntu; this refers only to the glibc-internal support for providing multiple optimized implementations of functions.

This could still be related to multiarch, but there's insufficient evidence of that so far.

tags: removed: multiarch
affects: aptdaemon (Ubuntu) → apt (Ubuntu)
Changed in apt (Ubuntu):
importance: Medium → High
Revision history for this message
Michael Vogt (mvo) wrote :

Thanks for your bugreport.

Is this reproducable? I.e. does this happen everytime you run:
$ sudo apt-get update

If so could you please run the attached script??field.comment=Thanks for your bugreport.

Is this reproducable? I.e. does this happen everytime you run:
$ sudo apt-get update

If so could you please run the attached script and see if that crashes as well?

Revision history for this message
GodNobody (godnobody) wrote :

Hey,

i tested the script and also did the "sudo apt-get update"

everything is working fine...but the bug is never the less reproduceable...

The bug seems to be related with ubuntu update-manager but not with apt itself...

So open update-manger click on "check" and there it comes....but only if he "really" updates the package informations...

hth

Revision history for this message
Albert Damen (albrt) wrote :

Michael,

no, it does not crash every time, but it does happen frequently.
I have run the script, see the attached output. The script completed without errors.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 0.8.15.4ubuntu2

---------------
apt (0.8.15.4ubuntu2) oneiric; urgency=low

  * apt-pkg/contrib/fileutl.{cc,h}:
    - add GetModificationTime() helper
  * apt-pkg/pkgcachegen.cc:
    - regenerate the cache if the sources.list changes to ensure
      that changes in the ordering there will be honored by apt
  * apt-pkg/sourcelist.{cc,h}:
    - add pkgSourceList::GetLastModifiedTime() helper
  * apt-pkg/pkgcachegen.{cc,h}:
    - use ref-to-ptr semantic in NewDepends() to ensure that the
      libapt does not segfault if the cache is remapped in between
      (LP: #812862)
 -- Michael Vogt <email address hidden> Fri, 29 Jul 2011 18:25:22 +0200

Changed in apt (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Michael Vogt (mvo) wrote :
Download full text (4.1 KiB)

It appears this is not quite fixed yet, I managed to get a backtrace now:

(gdb) bt full
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:32
No locals.
#1 0x00007ffff556ee21 in std::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(char const*) const ()
   from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
No symbol table info available.
#2 0x00007ffff7b4b1eb in operator==<char, std::char_traits<char>, std::allocator<char> > (this=0x7fffffffc310, Progress=<value optimised out>)
    at /usr/include/c++/4.6/bits/basic_string.h:2462
No locals.
#3 pkgCacheGenerator::FinishCache (this=0x7fffffffc310,
    Progress=<value optimised out>) at pkgcachegen.cc:649
        D = <incomplete type>
        A = {_M_current = 0x907978}
        Arch = 0x7fffe622e3c8 <Address 0x7fffe622e3c8 out of bounds>
        OldDepLast = 0x7fffea7c9a70
        coInstall = false
        allPkg = <incomplete type>
        V = {<pkgCache::Iterator<pkgCache::Version, pkgCache::VerIterator>> = {<std::iterator<std::forward_iterator_tag, pkgCache::Version, long, pkgCache::Version*, pkgCache::Version&>> = {<No data fields>}, _vptr.Iterator = 0x49d390,
            S = 0x7fffe90d9998, Owner = 0x7fffffffc3e8}, <No data fields>}
        PkgName = {static npos = <optimized out>,
          _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x16a02b8 "gromit"}}
        P = {<pkgCache::Iterator<pkgCache::Package, pkgCache::PkgIterator>> = {<std::iterator<std::forward_iterator_tag, pkgCache::Package, long, pkgCache::Package*, pkgCache::Package&>> = {<No data fields>}, _vptr.Iterator = 0x6bb090,
            S = 0x7fffe8daafb8, Owner = 0x7fffffffc3e8}, HashIndex = 0}
        G = {<pkgCache::Iterator<pkgCache::Group, pkgCache::GrpIterator>> = {<std::iterator<std::forward_iterator_tag, pkgCache::Group, long, pkgCache::Group*, pkgCache::Group&>> = {<No data fields>}, _vptr.Iterator = 0x7ffff7dd5ef0,
            S = 0x7fffe8d93204, Owner = 0x7fffffffc3e8}, HashIndex = 1646}
        archs = {<std::_Vector_base<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >> = {
            _M_impl = {<std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > >> = {<__gnu_cxx::new_allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > >> = {<No data fields>}, <No data fields>}, _M_start = 0x907970, _M_finish = 0x907980,
              _M_end_of_storage = 0x907980}}, <No data fields>}
#4 0x00007ffff7b4d239 in pkgCacheGenerator::MakeStatusCache (
    List=<value optimised out>, Progress=0x8f6e50, OutMap=0x0, AllowMem=224)
    at pkgcachegen.cc:1291
        Gen = {UniqHash = {0x7fffe88d43d8, 0x7fffe88d43b0, 0x0,
            0x7fffe88d4408, 0x7fffe88d43c8, 0x7fffe88d4478, 0x0,
            0x7fffe88d4498, 0x7fffe88d4ec0, 0x0, 0x7fffe88d43f0,
            0x7fffe88d43f8, 0x7fffe88d4868, 0x7fffe88d43b8, 0x7fffe88d43d0,
            0x7fffe88d4ec8, 0x7fffe88d4e78, 0x0, 0x7fffe88d4400,
            0x7fffe88d44b8, 0x7fffe88d43a8, 0x7fffe88d4430...

Read more...

Changed in apt (Ubuntu):
status: Fix Released → Triaged
Revision history for this message
Michael Vogt (mvo) wrote :

In my testcase (with synaptic) it happens in for:
(gdb) print PkgName
$4 = {static npos = <optimized out>,
  _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x16a02b8 "gromit"}}

And the cache is remamped:
...
Do we have write-access to the cache files? YES
sources.list is newer than the cache
pkgcache.bin is NOT valid
Open filebased MMap
sources.list is newer than the cache
srcpkgcache.bin is NOT valid - rebuild
Remaping from 0x7fffe98cc000 to 0x7fffe7017000
Remaping from 0x7fffe7017000 to 0x7fffe96cc000
Remaping from 0x7fffe96cc000 to 0x7fffe6e17000
Remaping from 0x7fffe6e17000 to 0x7fffe94cc000
Remaping from 0x7fffe94cc000 to 0x7fffe6c17000
Remaping from 0x7fffe6c17000 to 0x7fffe92cc000
Remaping from 0x7fffe92cc000 to 0x7fffe6a17000
Remaping from 0x7fffe6a17000 to 0x7fffe90cc000

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 0.8.15.5ubuntu1

---------------
apt (0.8.15.5ubuntu1) oneiric; urgency=low

  * apt-pkg/pkgcachegen.{cc,h}:
    - fix crash when P.Arch() was used but the cache got remapped
      (LP: #812862)

apt (0.8.15.5) unstable; urgency=low

  [ David Kalnischkies ]
  * apt-pkg/deb/deblistparser.cc:
    - do not assume that the last char on a line is a \n (Closes: #633350)
 -- Michael Vogt <email address hidden> Mon, 01 Aug 2011 15:18:50 +0200

Changed in apt (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers