FS#26327 - pacman 4.0.0rc2 *** stack smashing detected ***: pacman terminated

Attached to Project: Pacman
Opened by Axilleas Pipinellis (markelos) - Friday, 07 October 2011, 14:06 GMT
Last edited by Dave Reisner (falconindy) - Tuesday, 11 October 2011, 01:46 GMT
Task Type Bug Report
Category Backend/Core
Status Closed
Assigned To Dave Reisner (falconindy)
Architecture i686
Severity Low
Priority Normal
Reported Version git
Due in Version 4.0.0
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

This message appeared on my netbook after a *successful* Syu.

*** stack smashing detected ***: pacman terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x45)[0xb7766a45]
/lib/libc.so.6(+0xe89f7)[0xb77669f7]
/usr/lib/libcurl.so.4(+0x4c6c1)[0xb766b6c1]
/usr/lib/libcurl.so.4(+0x29125)[0xb7648125]
/usr/lib/libcurl.so.4(curl_mvsnprintf+0x45)[0xb7648175]
/usr/lib/libcurl.so.4(curl_msnprintf+0x33)[0xb7646d33]
/usr/lib/libcurl.so.4(Curl_failf+0xd6)[0xb7635856]
/usr/lib/libcurl.so.4(Curl_speedcheck+0x13d)[0xb7641fcd]
/usr/lib/libcurl.so.4(Curl_pp_easy_statemach+0xef)[0xb7665ccf]
/usr/lib/libcurl.so.4(+0x17138)[0xb7636138]
/usr/lib/libcurl.so.4(+0x17259)[0xb7636259]
/usr/lib/libcurl.so.4(Curl_disconnect+0xd7)[0xb763c767]
/usr/lib/libcurl.so.4(+0x1d93c)[0xb763c93c]
/usr/lib/libcurl.so.4(Curl_close+0x9f)[0xb763ec4f]
/usr/lib/libcurl.so.4(curl_easy_cleanup+0x1f)[0xb764e06f]
/usr/lib/libalpm.so.7(+0x17385)[0xb77fe385]
/usr/lib/libalpm.so.7(alpm_release+0x6f)[0xb77ede0f]
pacman[0x80508b9]
pacman[0x804b9c3]
/lib/libc.so.6(__libc_start_main+0xf3)[0xb7697223]
pacman[0x804cfe9]
======= Memory map: ========
08048000-08060000 r-xp 00000000 08:03 783770 /usr/bin/pacman
08060000-08061000 r--p 00017000 08:03 783770 /usr/bin/pacman
08061000-08062000 rw-p 00018000 08:03 783770 /usr/bin/pacman
09b50000-0bad2000 rw-p 00000000 00:00 0 [heap]
b6835000-b6851000 r-xp 00000000 08:03 804205 /usr/lib/libgcc_s.so.1
b6851000-b6852000 rw-p 0001b000 08:03 804205 /usr/lib/libgcc_s.so.1
b6852000-b6865000 r-xp 00000000 08:03 915559 /lib/libresolv-2.14.so
b6865000-b6866000 r--p 00012000 08:03 915559 /lib/libresolv-2.14.so
b6866000-b6867000 rw-p 00013000 08:03 915559 /lib/libresolv-2.14.so
b6867000-b6869000 rw-p 00000000 00:00 0
b688d000-b688e000 ---p 00000000 00:00 0
b688e000-b708e000 rw-p 00000000 00:00 0
b708e000-b728e000 r--p 00000000 08:03 842617 /usr/lib/locale/locale-archive
b728e000-b7290000 rw-p 00000000 00:00 0
b7290000-b7293000 r-xp 00000000 08:03 914426 /lib/libgpg-error.so.0.8.0
b7293000-b7294000 rw-p 00002000 08:03 914426 /lib/libgpg-error.so.0.8.0
b7294000-b72a3000 r-xp 00000000 08:03 812164 /usr/lib/libassuan.so.0.2.0
b72a3000-b72a4000 rw-p 0000f000 08:03 812164 /usr/lib/libassuan.so.0.2.0
b72a4000-b72bb000 r-xp 00000000 08:03 915560 /lib/libpthread-2.14.so
b72bb000-b72bc000 r--p 00016000 08:03 915560 /lib/libpthread-2.14.so
b72bc000-b72bd000 rw-p 00017000 08:03 915560 /lib/libpthread-2.14.so
b72bd000-b72bf000 rw-p 00000000 00:00 0
b72bf000-b72c2000 r-xp 00000000 08:03 918561 /lib/libdl-2.14.so
b72c2000-b72c3000 r--p 00002000 08:03 918561 /lib/libdl-2.14.so
b72c3000-b72c4000 rw-p 00003000 08:03 918561 /lib/libdl-2.14.so
b72c4000-b72cb000 r-xp 00000000 08:03 919174 /lib/librt-2.14.so
b72cb000-b72cc000 r--p 00006000 08:03 919174 /lib/librt-2.14.so
b72cc000-b72cd000 rw-p 00007000 08:03 919174 /lib/librt-2.14.so
b72cd000-b72ce000 rw-p 00000000 00:00 0
b72ce000-b72f4000 r-xp 00000000 08:03 816019 /usr/lib/libssh2.so.1.0.1
b72f4000-b72f5000 r--p 00026000 08:03 816019 /usr/lib/libssh2.so.1.0.1
b72f5000-b72f6000 rw-p 00027000 08:03 816019 /usr/lib/libssh2.so.1.0.1
b72f6000-b731e000 r-xp 00000000 08:03 918555 /lib/libm-2.14.so
b731e000-b731f000 r--p 00027000 08:03 918555 /lib/libm-2.14.so
b731f000-b7320000 rw-p 00028000 08:03 918555 /lib/libm-2.14.so
b7320000-b74ae000 r-xp 00000000 08:03 802375 /usr/lib/libcrypto.so.1.0.0
b74ae000-b74bd000 r--p 0018d000 08:03 802375 /usr/lib/libcrypto.so.1.0.0
b74bd000-b74c3000 rw-p 0019c000 08:03 802375 /usr/lib/libcrypto.so.1.0.0
b74c3000-b74c6000 rw-p 00000000 00:00 0
b74c6000-b74dc000 r-xp 00000000 08:03 789245 /usr/lib/libz.so.1.2.5
b74dc000-b74dd000 r--p 00015000 08:03 789245 /usr/lib/libz.so.1.2.5
b74dd000-b74de000 rw-p 00016000 08:03 789245 /usr/lib/libz.so.1.2.5
b74de000-b74ed000 r-xp 00000000 08:03 919485 /lib/libbz2.so.1.0.6
b74ed000-b74ee000 rw-p 0000f000 08:03 919485 /lib/libbz2.so.1.0.6
b74ee000-b74ef000 rw-p 00000000 00:00 0
b74ef000-b7514000 r-xp 00000000 08:03 801303 /usr/lib/liblzma.so.5.0.3
b7514000-b7515000 rw-p 00024000 08:03 801303 /usr/lib/liblzma.so.5.0.3
b7515000-b753b000 r-xp 00000000 08:03 803695 /usr/lib/libexpat.so.1.5.2
b753b000-b753d000 rw-p 00026000 08:03 803695 /usr/lib/libexpat.so.1.5.2
b753d000-b7541000 r-xp 00000000 08:03 930593 /lib/libattr.so.1.1.0
b7541000-b7542000 rw-p 00003000 08:03 930593 /lib/libattr.so.1.1.0
b7542000-b7549000 r-xp 00000000 08:03 914787 /lib/libacl.so.1.1.0
b7549000-b754a000 rw-p 00006000 08:03 914787 /lib/libacl.so.1.1.0
b754a000-b7590000 r-xp 00000000 08:03 803727 /usr/lib/libarchive.so.2.8.5
b7590000-b7591000 r--p 00045000 08:03 803727 /usr/lib/libarchive.so.2.8.5
b7591000-b7592000 rw-p 00046000 08:03 803727 /usr/lib/libarchive.so.2.8.5
b7592000-b7593000 rw-p 00000000 00:00 0
b7593000-b75e5000 r-xp 00000000 08:03 783957 /usr/lib/libssl.so.1.0.0
b75e5000-b75e6000 ---p 00052000 08:03 783957 /usr/lib/libssl.so.1.0.0
b75e6000-b75e8000 r--p 00052000 08:03 783957 /usr/lib/libssl.so.1.0.0
b75e8000-b75eb000 rw-p 00054000 08:03 783957 /usr/lib/libssl.so.1.0.0
b75eb000-b75ec000 rw-p 00000000 00:00 0
b75ec000-b761e000 r-xp 00000000 08:03 803613 /usr/lib/libgpgme.so.11.8.0
b761e000-b761f000 rw-p 00031000 08:03 803613 /usr/lib/libgpgme.so.11.8.0
b761f000-b767c000 r-xp 00000000 08:03 845615 /usr/lib/libcurl.so.4.2.0
b767c000-b767d000 r--p 0005d000 08:03 845615 /usr/lib/libcurl.so.4.2.0
b767d000-b767e000 rw-p 0005e000 08:03 845615 /usr/lib/libcurl.so.4.2.0
b767e000-b77e0000 r-xp 00000000 08:03 918554 /lib/libc-2.14.so
b77e0000-b77e1000 ---p 00162000 08:03 918554 /lib/libc-2.14.so
b77e1000-b77e3000 r--p 00162000 08:03 918554 /lib/libc-2.14.so
b77e3000-b77e4000 rw-p 00164000 08:03 918554 /lib/libc-2.14.so
b77e4000-b77e7000 rw-p 00000000 00:00 0
b77e7000-b7816000 r-xp 00000000 08:03 784116 /usr/lib/libalpm.so.7.0.0
b7816000-b7817000 r--p 0002e000 08:03 784116 /usr/lib/libalpm.so.7.0.0
b7817000-b7818000 rw-p 0002f000 08:03 784116 /usr/lib/libalpm.so.7.0.0
b7824000-b7825000 rw-p 00000000 00:00 0
b7825000-b782a000 r-xp 00000000 08:03 918566 /lib/libnss_dns-2.14.so
b782a000-b782b000 r--p 00004000 08:03 918566 /lib/libnss_dns-2.14.so
b782b000-b782c000 rw-p 00005000 08:03 918566 /lib/libnss_dns-2.14.so
b782c000-b7837000 r-xp 00000000 08:03 915557 /lib/libnss_files-2.14.so
b7837000-b7838000 r--p 0000a000 08:03 915557 /lib/libnss_files-2.14.so
b7838000-b7839000 rw-p 0000b000 08:03 915557 /lib/libnss_files-2.14.so
b783a000-b783d000 rw-p 00000000 00:00 0
b783d000-b783e000 r-xp 00000000 00:00 0 [vdso]
b783e000-b785d000 r-xp 00000000 08:03 918557 /lib/ld-2.14.so
b785d000-b785e000 r--p 0001e000 08:03 918557 /lib/ld-2.14.so
b785e000-b785f000 rw-p 0001f000 08:03 918557 /lib/ld-2.14.so
bfa20000-bfa41000 rw-p 00000000 00:00 0 [stack]


The same message appeared one more time yesterday.
I did an Syu five minutes ago with --debug enabled but the backtrace didn't appear. I don't know if you can reproduce it.
This task depends upon

Closed by  Dave Reisner (falconindy)
Tuesday, 11 October 2011, 01:46 GMT
Reason for closing:  Fixed
Additional comments about closing:  http://projects.archlinux.org/pacman.git /commit/?id=abfa8370c000
Comment by Dan McGee (toofishes) - Friday, 07 October 2011, 14:08 GMT
We need a gdb backtrace more than anything. It is a pain if this isn't totally reproducible, but you'll want to run with `gdb --args pacman -Syu`, and do "start", "continue", proceed as normal, and if things blow up, type "bt full".
Comment by Dave Reisner (falconindy) - Friday, 07 October 2011, 14:10 GMT
What protocol is in use here? FTP or HTTP?
Comment by Axilleas Pipinellis (markelos) - Friday, 07 October 2011, 14:17 GMT
ftp://archlinux.mirror.kangaroot.net/pub/archlinux/$repo/os/$arch is at the top of my mirrorlist so I guess ftp.
I will try with gdb in next update hoping to be lucky enough and reproduce it.
Comment by Dave Reisner (falconindy) - Friday, 07 October 2011, 14:21 GMT
FWIW, this won't happen with HTTP. It's a curl bug that we thought we had squashed [1] via a workaround on our side, but it's reappearing in a different guise which gives further evidence to Dan's original suspicion that curl is doing something wrong. I'll need to take this upstream.

[1] http://projects.archlinux.org/pacman.git/commit/?id=edd9ed6a
Comment by Axilleas Pipinellis (markelos) - Friday, 07 October 2011, 14:23 GMT
Here's what gdb showed:

(gdb) start
Temporary breakpoint 1 at 0x804b350: file pacman.c, line 759.
Starting program: /usr/bin/pacman -Syu
[Thread debugging using libthread_db enabled]

Temporary breakpoint 1, main (argc=2, argv=0xbffffb84) at pacman.c:759
759 pacman.c: No such file or directory.
in pacman.c
(gdb) continue
Continuing.
:: Synchronizing package databases...
[New Thread 0xb782eb70 (LWP 6618)]
[Thread 0xb782eb70 (LWP 6618) exited]
hyde is up to date
[New Thread 0xb782eb70 (LWP 6619)]
[Thread 0xb782eb70 (LWP 6619) exited]
adslgr32 is up to date
[New Thread 0xb782eb70 (LWP 6620)]
[Thread 0xb782eb70 (LWP 6620) exited]
xyne-any is up to date
[New Thread 0xb782eb70 (LWP 6621)]
[Thread 0xb782eb70 (LWP 6621) exited]
core is up to date
extra is up to date
community is up to date
:: Starting full system upgrade...
warning: 915resolution-static: local (0.5.3-7) is newer than adslgr32 (0.5.3-6)
warning: cower-git: local (20110911-1) is newer than adslgr32 (20110818-1)
warning: pacman: local (4.0.0rc2-1) is newer than core (3.5.4-4)
there is nothing to do
[Inferior 1 (process 6524) exited normally]
Comment by Dave Reisner (falconindy) - Friday, 07 October 2011, 14:28 GMT
Out of wild curiosity, what the heck is adslgr32?

Is there anything we should know about your curl build? Is this the stock Arch build from testing/extra?
Comment by Axilleas Pipinellis (markelos) - Friday, 07 October 2011, 16:49 GMT
lol, it's the unofficial greek repository [1][2]
I don't have [testing] enabled

Name : curl
Version : 7.22.0-1
URL : http://curl.haxx.se
Licenses : MIT
Groups : None
Provides : None
Depends On : zlib openssl bash ca-certificates libssh2
Optional Deps : None
Required By : aurphan burp cmake conky cower-git feh flashplugin git gnupg gnupg2 libmediainfo libofa libreoffice-common newsbeuter octave pacman php raptor raptor1 rtorrent-extended xmlrpc-c
Conflicts With : None
Replaces : None
Installed Size : 1588.00 KiB
Packager : Dave Reisner <dreisner at archlinux.org>
Architecture : i686
Build Date : Tue 13 Sep 2011 11:45:19 PM EEST
Install Date : Fri 16 Sep 2011 02:26:31 AM EEST
Install Reason : Installed as a dependency for another package
Install Script : No
Description : An URL retrival utility and library

[1] https://gitorious.org/arch-linux-greece
[2] http://archlinuxgr.tiven.org/archlinux/
Comment by Dave Reisner (falconindy) - Friday, 07 October 2011, 21:03 GMT
Is this a particularly slow connection, or do transfers take a while to finish when this crashes? I can't reproduce this, but I'm following the codepath that your backtrace is hitting and it's a bit baffling...
Comment by Axilleas Pipinellis (markelos) - Friday, 07 October 2011, 22:20 GMT
I have a 17Mbit connection and I get an average of 700K/s per update. I can't really recall whether transfers took a while when this appeared. And I can't seem to reproduce it as well.
Could this be a slow connection problem?
Comment by Dave Reisner (falconindy) - Friday, 07 October 2011, 22:32 GMT
The codepath that this crash is hitting is related to the speedcheck functionality (because we set low speed limits for downloads), which is why I bring it up.
Comment by Dave Reisner (falconindy) - Monday, 10 October 2011, 03:37 GMT
I think this is our fault after all. I still can't reproduce, but I have a suspicion the patch linked below makes this go away.

http://mailman.archlinux.org/pipermail/pacman-dev/2011-October/014556.html

Loading...