Bug 762150

Summary: libzypp: crashes during package install
Product: [openSUSE] openSUSE 12.2 Reporter: Jeff Mahoney <jeffm>
Component: libzypp Assignee: E-mail List <zypp-maintainers>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: jslaby
Version: Factory   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
Whiteboard:
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Jeff Mahoney 2012-05-14 16:10:16 UTC 
I've observed several crashes during zypper in runs. They may not be related but since they both point to PoolImpl, I've included them both in this report.

The first was a straight segmentation fault, via zypper in libaccountsservice-devel, a package which doesn't exist.

#0  ref (this=0x100000003)
    at /usr/src/debug/libzypp-11.6.0/zypp/base/ReferenceCounted.h:67
#1  add_ref (ptr_r=0x100000003)
    at /usr/src/debug/libzypp-11.6.0/zypp/base/ReferenceCounted.h:87
#2  zypp::intrusive_ptr_add_ref (ptr_r=0x100000003)
    at /usr/src/debug/libzypp-11.6.0/zypp/ResObject.cc:27
#3  0x00007f3416ea6728 in intrusive_ptr (rhs=<optimized out>,
    this=0x7fff0a8f4880) at /usr/include/boost/smart_ptr/intrusive_ptr.hpp:91
#4  resolvable (this=<optimized out>)
    at /usr/src/debug/libzypp-11.6.0/zypp/PoolItem.cc:63
#5  zypp::PoolItem::resolvable (this=<optimized out>)
    at /usr/src/debug/libzypp-11.6.0/zypp/PoolItem.cc:281
#6  0x00007f3416ef111d in satSolvable (this=0x7fff0a8f4860)
    at /usr/src/debug/libzypp-11.6.0/zypp/PoolItem.h:115
#7  zypp::(anonymous namespace)::makeSelectablePtr (begin_r=..., end_r=...)
    at /usr/src/debug/libzypp-11.6.0/zypp/ResPoolProxy.cc:78
#8  0x00007f3416ef1ae4 in Impl (poolImpl_r=<optimized out>, pool_r=access outside bounds of object referenced via synthetic pointer
)
    at /usr/src/debug/libzypp-11.6.0/zypp/ResPoolProxy.cc:118
#9  zypp::ResPoolProxy::ResPoolProxy (this=0x24ae380, pool_r=<optimized out>,
    poolImpl_r=<optimized out>)
    at /usr/src/debug/libzypp-11.6.0/zypp/ResPoolProxy.cc:258
#10 0x00007f3416eeb20e in proxy (self=access outside bounds of object referenced via synthetic pointer
)
    at /usr/src/debug/libzypp-11.6.0/zypp/pool/PoolImpl.h:196
#11 zypp::ResPool::proxy (this=<optimized out>)
    at /usr/src/debug/libzypp-11.6.0/zypp/ResPool.cc:55
#12 0x00000000004d7546 in Summary::readPool (this=0x7fff0a8f60b0, pool=...)
    at /usr/src/debug/zypper-1.7.2/src/Summary.cc:274
#13 0x00000000004d975d in Summary::Summary (this=0x7fff0a8f60b0,
    pool=<optimized out>, options=<optimized out>)
    at /usr/src/debug/zypper-1.7.2/src/Summary.cc:53
#14 0x00000000004b8555 in solve_and_commit (zypper=...)
    at /usr/src/debug/zypper-1.7.2/src/solve-commit.cc:560
#15 0x000000000044e0f1 in Zypper::doCommand (this=0x249e130)
    at /usr/src/debug/zypper-1.7.2/src/Zypper.cc:3562
#16 0x0000000000455e18 in Zypper::safeDoCommand (this=0x249e130)
    at /usr/src/debug/zypper-1.7.2/src/Zypper.cc:860
#17 0x0000000000433b59 in Zypper::main (this=0x249e130, argc=<optimized out>,
    argv=<optimized out>) at /usr/src/debug/zypper-1.7.2/src/Zypper.cc:132
#18 0x00000000004334bc in main (argc=3, argv=0x7fff0a8f88a8)
    at /usr/src/debug/zypper-1.7.2/src/main.cc:109

(gdb) info reg
rax            0x47b7990        75200912
rbx            0x4c1c250        79807056
rcx            0x4c1e8f0        79816944
rdx            0x47b7990        75200912
rsi            0x7fff0a8f4860   140733370550368
rdi            0x100000003      4294967299
rbp            0x6b16438        0x6b16438
rsp            0x7fff0a8f48d0   0x7fff0a8f48d0
r8             0x57609c0        91621824
r9             0x101010101010101        72340172838076673
r10            0x34bc1  216001
r11            0x7f3415a64142   139861678244162
r12            0x4c1e8f0        79816944
r13            0x6b16184        112288132
r14            0x57609c0        91621824
r15            0x7fff0a8f4970   140733370550640
rip            0x7f3416ef1ae4   0x7f3416ef1ae4 <zypp::ResPoolProxy::ResPoolProxy(zypp::ResPool, zypp::pool::PoolImpl const&)+724>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

=====
The second was via glibc malloc debugging and with zypper in boost-devel, which does exist. Interesting, to me at least, was that I was installing that package to aid in debugging the first crash. 
#0  0x00007f10fbf2bd95 in __GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007f10fbf2d218 in __GI_abort () at abort.c:91
#2  0x00007f10fbf6a02b in __libc_message (do_abort=2, fmt=
    0x7f10fc05b700 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#3  0x00007f10fbf6fbc6 in malloc_printerr (action=3, str=
    0x7f10fc05b8a0 "free(): invalid next size (normal)", ptr=<optimized out>)
    at malloc.c:5007
#4  0x00007f10fd20a0c0 in deallocate (__p=0x4087800, this=<optimized out>)
    at /usr/include/c++/4.7/ext/new_allocator.h:100
#5  _M_put_node (__p=0x4087800, this=<optimized out>)
    at /usr/include/c++/4.7/bits/stl_tree.h:373
#6  _M_destroy_node (__p=0x4087800, this=<optimized out>)
    at /usr/include/c++/4.7/bits/stl_tree.h:420
#7  _M_erase (__x=0x4087800, this=0x4084180)
    at /usr/include/c++/4.7/bits/stl_tree.h:1084
#8  _M_erase (__x=0x40874a0, this=0x4084180)
    at /usr/include/c++/4.7/bits/stl_tree.h:1082
#9  std::_Rb_tree<std::string, std::string, std::_Identity<std::string>, std::less<std::string>, std::allocator<std::string> >::_M_erase (this=0x4084180, __x=
    0x40873a0) at /usr/include/c++/4.7/bits/stl_tree.h:1082
#10 0x00007f10fd449df1 in ~_Rb_tree (this=0x4084180, __in_chrg=<optimized out>)
    at /usr/include/c++/4.7/bits/stl_tree.h:646
#11 ~set (this=0x4084180, __in_chrg=<optimized out>)
    at /usr/include/c++/4.7/bits/stl_set.h:91
#12 checked_delete<std::set<std::basic_string<char> > > (x=0x4084180)
    at /usr/include/boost/checked_delete.hpp:34
#13 ~scoped_ptr (this=0x7f10fd7a1cb0, __in_chrg=<optimized out>)
    at /usr/include/boost/smart_ptr/scoped_ptr.hpp:80
#14 zypp::sat::detail::PoolImpl::~PoolImpl (this=0x7f10fd7a1be0, 
    __in_chrg=<optimized out>)
    at /usr/src/debug/libzypp-11.6.0/zypp/sat/detail/PoolImpl.cc:203
#15 0x00007f10fbf2ecbf in __cxa_finalize (d=0x7f10fd799ba0)
    at cxa_finalize.c:56
#16 0x00007f10fd1fe1a3 in __do_global_dtors_aux ()
   from /usr/lib64/libzypp.so.1106.0.0
#17 0x00007fffd5b73860 in ?? ()
#18 0x00007f10fd7b1ddf in _dl_fini () at dl-fini.c:254
Backtrace stopped: frame did not save the PC
Comment 1 Jiri Slaby 2012-05-29 14:18:02 UTC 
This looks like what we all are seeing...

*** This bug has been marked as a duplicate of bug 761873 ***