apt-get crashed with SIGSEGV in strlen()

Bug #1497534 reported by gianfry71
144
This bug affects 15 people
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Invalid
High
Unassigned
Wily
Won't Fix
High
Unassigned

Bug Description

ubuntu 15.10 new upgrade

ProblemType: Crash
DistroRelease: Ubuntu 15.10
Package: apt 1.0.9.10ubuntu6
ProcVersionSignature: Ubuntu 4.2.0-10.11-generic 4.2.0
Uname: Linux 4.2.0-10-generic x86_64
ApportVersion: 2.18.1-0ubuntu1
Architecture: amd64
Date: Sat Sep 19 12:26:47 2015
ExecutablePath: /usr/bin/apt-get
InstallationDate: Installed on 2014-12-30 (262 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
ProcCmdline: apt-get --yes autoremove
ProcEnviron:
 PATH=(custom, no user)
 LANG=it_IT.UTF-8
 LANGUAGE=it_IT
 SHELL=/bin/bash
 TERM=unknown
SegvAnalysis:
 Segfault happened at: 0x7f73ded537fa <strlen+298>: movdqa (%rax),%xmm8
 PC (0x7f73ded537fa) ok
 source "(%rax)" (0x5622126b7000) not located in a known VMA region (needed readable region)!
 destination "%xmm8" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: apt
StacktraceTop:
 strlen () at ../sysdeps/x86_64/strlen.S:214
 debTranslationsIndex::IndexURI[abi:cxx11](char const*) const () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.16
 debTranslationsIndex::Exists() const () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.16
 ?? () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.16
 pkgCacheGenerator::MakeStatusCache(pkgSourceList&, OpProgress*, MMap**, bool) () from /usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.16
Title: apt-get crashed with SIGSEGV in strlen()
UpgradeStatus: Upgraded to wily on 2015-09-19 (0 days ago)
UserGroups:

Revision history for this message
gianfry71 (gianfry71) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceTop.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in apt (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apt (Ubuntu):
status: New → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

that seems to have started in wily with 1.0.9.10ubuntu6
https://errors.ubuntu.com/problem/c2b1c1d95693e0fba2814078a11876ad0abbab77

information type: Private → Public
Changed in apt (Ubuntu):
importance: Medium → High
tags: added: rls-w-incoming
Changed in apt (Ubuntu):
assignee: nobody → Adam Conrad (adconrad)
status: Confirmed → New
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apt (Ubuntu):
status: New → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

same as bug #1496308?

Changed in apt (Ubuntu):
assignee: Adam Conrad (adconrad) → Canonical Foundations Team (canonical-foundations)
Revision history for this message
Steve Langasek (vorlon) wrote :

StackTraceSource.txt shows the failure is because at the time debTranslationsIndex::Exists() is called, Language points to an invalid string.

Tracking this down will be non-trivial without a reproducer case. Is anyone who's seen this bug able to reproduce it at will? This bug report shows the problem was triggered by running 'apt-get --yes autoremove' as root (in an Italian locale). If the problem is reproducible, can someone please try running apt-get under valgrind?

Changed in apt (Ubuntu Wily):
status: Confirmed → Incomplete
Revision history for this message
Sebastien Bacher (seb128) wrote :

the duplicates have include "apt-get dist-upgrade" under en_US.UTF-8 locale and "apt upgrade" cases, so it's limited to one command/mode

Revision history for this message
Sebastien Bacher (seb128) wrote :

(nor to a locale)

Revision history for this message
David Kalnischkies (donkult) wrote :

I haven't seen a crash myself, just "garbage" results (mostly apt trying to use Translation-rowf%&$ files), but in all likelihood this is the result of gcc5 changing to a c++11-compatible std::string implementation – which the previous copy-on-write implementation isn't. apt was depending on this behavior to store for which language the Translation is aka the result of a X.c_str() call in a char* where X runs out of scope shortly after – but X was just a copy of a globally stored std::string (in that case in the deeps of _config). strlen on such a wild pointer has at least a chance of segfaulting…

See also #1486061.

tags: added: bugpattern-needed
Revision history for this message
Brian Murray (brian-murray) wrote :

The only incidents of this crash report were from Ubuntu 15.10 which is a no longer supported release of Ubuntu. I also checked the Error Tracker for other crashes about apt and did not see any matching this particular crash.

Changed in apt (Ubuntu Wily):
status: Incomplete → Won't Fix
assignee: Canonical Foundations Team (canonical-foundations) → nobody
Changed in apt (Ubuntu):
assignee: Canonical Foundations Team (canonical-foundations) → nobody
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.