Bug#923527: bliss: example segfaults in gmp

[Jerome BENOIT]

Hello All,

thanks a lot for your constructive feedbacks.

I will have a look this week end.
And, if applicable, I will upload a new package.

Cheers,
Jerome

On 26/03/2019 14:53, Bernhard Übelacker wrote:
> Hello David Bremner,
> now the hint in the subject makes sense ;-)
> I can perfectly reproduce the crash now.
> 
> I compared the arguments from the build log [1]
> and reduced it until the crash happens and
> the important part is the "-D BLISS_USE_GMP".
> 
> Therefore /usr/share/doc/bliss-doc/examples/Makefile could
> maybe completed with a CXXFLAGS line similar to one below,
> to avoid that situation.
> 
> Kind regards,
> Bernhard
> 
> 
> [1] 
> https://buildd.debian.org/status/fetch.php?pkg=bliss=amd64=0.73-2=1542196885=0
> 
> 
> root@debian:/usr/share/doc/bliss-doc/examples# git diff
> diff --git a/Makefile b/Makefile
> index 2a676ba..d290e31 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -26,6 +26,18 @@ default: all
>  
>  LDLIBS = -lbliss -lgmp
>  
> +#CXXFLAGS = -Wdate-time -D_FORTIFY_SOURCE=2 -DBLISS_COMPILED_DATE="\"Debian 
> \"" -D BLISS_USE_GMP  -g -O2 -fstack-protector-strong -Wformat 
> -Werror=format-security
> +# works
> +
> +#CXXFLAGS = -D BLISS_USE_GMP  -g -O2 -fstack-protector-strong -Wformat 
> -Werror=format-security
> +# works
> +
> +#CXXFLAGS = -g -O2 -fstack-protector-strong -Wformat -Werror=format-security
> +# fails
> +
> +CXXFLAGS = -D BLISS_USE_GMP
> +# works
> +
>  all: build
>  
>  build: $(PROGRAMS)
> 
> 

-- 
Jerome BENOIT | calculus+at-rezozer^dot*net
https://qa.debian.org/developer.php?login=calcu...@rezozer.net
AE28 AE15 710D FF1D 87E5  A762 3F92 19A6 7F36 C68B



signature.asc
Description: OpenPGP digital signature

Bug#923527: bliss: example segfaults in gmp

[Bernhard Übelacker]

Hello David Bremner,
now the hint in the subject makes sense ;-)
I can perfectly reproduce the crash now.

I compared the arguments from the build log [1]
and reduced it until the crash happens and
the important part is the "-D BLISS_USE_GMP".

Therefore /usr/share/doc/bliss-doc/examples/Makefile could
maybe completed with a CXXFLAGS line similar to one below,
to avoid that situation.

Kind regards,
Bernhard


[1] 
https://buildd.debian.org/status/fetch.php?pkg=bliss=amd64=0.73-2=1542196885=0


root@debian:/usr/share/doc/bliss-doc/examples# git diff
diff --git a/Makefile b/Makefile
index 2a676ba..d290e31 100644
--- a/Makefile
+++ b/Makefile
@@ -26,6 +26,18 @@ default: all
 
 LDLIBS = -lbliss -lgmp
 
+#CXXFLAGS = -Wdate-time -D_FORTIFY_SOURCE=2 -DBLISS_COMPILED_DATE="\"Debian 
\"" -D BLISS_USE_GMP  -g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security
+# works
+
+#CXXFLAGS = -D BLISS_USE_GMP  -g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security
+# works
+
+#CXXFLAGS = -g -O2 -fstack-protector-strong -Wformat -Werror=format-security
+# fails
+
+CXXFLAGS = -D BLISS_USE_GMP
+# works
+
 all: build
 
 build: $(PROGRAMS)


# Buster amd64 qemu VM 2019-03-26

apt update
apt dist-upgrade

apt install dpkg-dev devscripts mc systemd-coredump gdb valgrind bliss 
bliss-doc libbliss-dev bliss-dbgsym libbliss2-dbgsym libgmp10-dbgsym



cd /usr/share/doc/bliss-doc/examples
make

root@debian:/usr/share/doc/bliss-doc/examples# make
g++ bliss.cc  -lbliss -lgmp -o bliss





mkdir /tmp/source/libgmp10/orig -p
cd/tmp/source/libgmp10/orig
apt source libgmp10
cd


#




wget 
"https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=923527;filename=foo.in;msg=15;
 -O foo.in


benutzer@debian:~$ /usr/share/doc/bliss-doc/examples/bliss foo.in 
Speicherzugriffsfehler (Speicherabzug geschrieben)



root@debian:~# coredumpctl list
TIMEPID   UID   GID SIG COREFILE  EXE
Tue 2019-03-26 11:23:31 CET   14934  1000  1000  11 present   
/usr/share/doc/bliss-doc/examples/bliss



[  451.341549] bliss[14934]: segfault at 3fff ip 7febc293c0f9 sp 
7ffd303fe908 error 6 in libgmp.so.10.3.2[7febc2923000+5e000]
[  451.341558] Code: ff 48 89 c1 e9 55 ff ff ff 0f 1f 84 00 00 00 00 00 48 8d 
56 10 e9 b7 70 fe ff 0f 1f 80 00 00 00 00 48 8b 47 08 48 85 f6 78 17 <48> 89 30 
0f 95 c0 0f b6 c0 89 47 04 c3 66 2e 0f 1f 84 00 00 00 00



root@debian:~# coredumpctl gdb 14934
   PID: 14934 (bliss)
   UID: 1000 (benutzer)
   GID: 1000 (benutzer)
Signal: 11 (SEGV)
 Timestamp: Tue 2019-03-26 11:23:31 CET (4min 57s ago)
  Command Line: /usr/share/doc/bliss-doc/examples/bliss foo.in
Executable: /usr/share/doc/bliss-doc/examples/bliss
 Control Group: /user.slice/user-1000.slice/session-3.scope
  Unit: session-3.scope
 Slice: user-1000.slice
   Session: 3
 Owner UID: 1000 (benutzer)
   Boot ID: 5b54465ced1e488b84113e9382cd085d
Machine ID: 32f43b50ac8c4b21941bc0b02f8e7811
  Hostname: debian
   Storage: 
/var/lib/systemd/coredump/core.bliss.1000.5b54465ced1e488b84113e9382cd085d.14934.155359581100.lz4
   Message: Process 14934 (bliss) of user 1000 dumped core.

Stack trace of thread 14934:
#0  0x7febc293c0f9 __gmpz_set_si (libgmp.so.10)
#1  0x7febc29aac10 _ZN5bliss6BigNum6assignEi (libbliss.so.2)
#2  0x7febc29ada3c 
_ZN5bliss13AbstractGraph18find_automorphismsERNS_5StatsEPFvPvjPKjES3_ 
(libbliss.so.2)
#3  0x5561cbde2cd0 main (bliss)
#4  0x7febc245a09b __libc_start_main (libc.so.6)
#5  0x5561cbde21da _start (bliss)

GNU gdb (Debian 8.2.1-2) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/share/doc/bliss-doc/examples/bliss...(no debugging 
symbols found)...done.
[New LWP 14934]
Core was generated by `/usr/share/doc/bliss-doc/examples/bliss foo.in'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x7febc293c0f9 in __gmpz_set_si () from 
/usr/lib/x86_64-linux-gnu/libgmp.so.10
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0  0x7febc293c0f9 in __gmpz_set_si () from 
/usr/lib/x86_64-linux-gnu/libgmp.so.10
#1  0x7febc29aac10 in bliss::AbstractGraph::search(bool, 

Bug#923527: bliss: example segfaults in gmp

[David Bremner]

Bernhard Übelacker  writes:

> Hello David Bremner,
>
>
> I guess from frame 3 having debug information, you either installed
> the dbgsym package or rebuilt the bliss binary package locally?

I compiled /usr/share/doc/bliss-doc/examples/bliss.cc, aka bliss.cc in
the source.

Indeed /usr/bin/bliss works fine on the sample input.

Bug#923527: bliss: example segfaults in gmp

[Bernhard Übelacker]

Hello David Bremner,

>> Maybe something got lost in the input file,
>> so you could attach it to the email?
> ok

Thanks for the file, but unfortunately that makes no
difference - works fine in my test VM.


>> Is the backtrace you copied all of the output or
>> did you remove the frame in function main?
> Here is the full backtrace
> Program received signal SIGSEGV, Segmentation fault.
> 0x7fd9b3fea0f9 in __gmpz_set_si () from 
> /usr/lib/x86_64-linux-gnu/libgmp.so.10
> (gdb) bt
> #0  0x7fd9b3fea0f9 in __gmpz_set_si () from 
> /usr/lib/x86_64-linux-gnu/libgmp.so.10
> #1  0x7fd9b453ac10 in bliss::AbstractGraph::search(bool, bliss::Stats&) 
> () from /usr/lib/x86_64-linux-gnu/libbliss.so.2
> #2  0x7fd9b453da3c in 
> bliss::AbstractGraph::find_automorphisms(bliss::Stats&, void (*)(void*, 
> unsigned int, unsigned int const*), void*) () from 
> /usr/lib/x86_64-linux-gnu/libbliss.so.2
> #3  0x55d66f737cd0 in main (argc=2, argv=0x7ffc262cb408) at bliss.cc:297

I guess from frame 3 having debug information, you either installed
the dbgsym package or rebuilt the bliss binary package locally?

As the address offset ...cd0 does not appear in the current
debian binary package's main function, I guess you did a
rebuild with debug information enabled?

Just to be sure, what does a 'which bliss' return?

Can you reproduce the crash also with the official
debian package bliss?

If yes, possibly you can install these dbgsym packages [1]:
bliss-dbgsym libbliss2-dbgsym libgmp10-dbgsym

And forward the output of these gdb commands,
when the crash happened:
info reg
info share
bt full

Kind regards,
Bernhard

[1] https://wiki.debian.org/HowToGetABacktrace#Installing_the_debugging_symbols

Bug#923527: bliss: example segfaults in gmp

[David Bremner]

Bernhard Übelacker  writes:

> Hello David Bremner,
>
> Do you still get this crash?

yes

> Is my bliss command line wrong?

it looks ok, same as mine

> Maybe something got lost in the input file,
> so you could attach it to the email?
>

ok

> Is the backtrace you copied all of the output or
> did you remove the frame in function main?

Here is the full backtrace

Program received signal SIGSEGV, Segmentation fault.
0x7fd9b3fea0f9 in __gmpz_set_si () from 
/usr/lib/x86_64-linux-gnu/libgmp.so.10
(gdb) bt
#0  0x7fd9b3fea0f9 in __gmpz_set_si () from 
/usr/lib/x86_64-linux-gnu/libgmp.so.10
#1  0x7fd9b453ac10 in bliss::AbstractGraph::search(bool, bliss::Stats&) ()
   from /usr/lib/x86_64-linux-gnu/libbliss.so.2
#2  0x7fd9b453da3c in 
bliss::AbstractGraph::find_automorphisms(bliss::Stats&, void (*)(void*, 
unsigned int, unsigned int const*), void*) () from 
/usr/lib/x86_64-linux-gnu/libbliss.so.2
#3  0x55d66f737cd0 in main (argc=2, argv=0x7ffc262cb408) at bliss.cc:297



foo.in
Description: Binary data

Bug#923527: bliss: example segfaults in gmp

[Bernhard Übelacker]

Hello David Bremner,
I just tried to reproduce this crash, while I am not
involved in packaging and without knowledge of bliss.

I always this output:

benutzer@debian:~$ bliss myciel3.col
Generator: (2,4)(3,5)(7,9)(8,10)
Generator: (1,2)(3,4)(6,7)(8,9)
Nodes:  6
Leaf nodes: 4
Bad nodes:  0
Canrep updates: 1
Generators: 2
Max level:  2
|Aut|:  10
Total time: 0.00 seconds
benutzer@debian:~$


Do you still get this crash?
Is my bliss command line wrong?
Maybe something got lost in the input file,
so you could attach it to the email?

Is the backtrace you copied all of the output or
did you remove the frame in function main?

Kind regards,
Bernhard

Bug#923527: bliss: example segfaults in gmp

[David Bremner]

Package: bliss
Version: 0.73-2
Severity: important

I have seen the same kind of gmp related segfault [3] running the included
example bliss.cc [2] and sympol [1].

I'm not sure if I'm just unlucky, or if the current build of libbliss
is really broken. I'll try to use it via polymake later.

[1] http://www.math.uni-rostock.de/~rehn/software/sympol.html

[2] Here is the input I used.


c FILE: myciel3.col
c SOURCE: Michael Trick (tr...@cmu.edu)
c DESCRIPTION: Graph based on Mycielski transformation. 
c Triangle free (clique number 2) but increasing
c coloring number
p edge 11 20
e 1 2
e 1 4
e 1 7
e 1 9
e 2 3
e 2 6
e 2 8
e 3 5
e 3 7
e 3 10
e 4 5
e 4 6
e 4 10
e 5 8
e 5 9
e 6 11
e 7 11
e 8 11
e 9 11
e 10 11

[3] Here's the backtrace

#0  0x77f290f9 in __gmpz_set_si () from 
/usr/lib/x86_64-linux-gnu/libgmp.so.10
#1  0x77f97c10 in bliss::AbstractGraph::search(bool, bliss::Stats&) ()
   from /usr/lib/x86_64-linux-gnu/libbliss.so.2
#2  0x77f9aa3c in 
bliss::AbstractGraph::find_automorphisms(bliss::Stats&, void (*)(void*, 
unsigned int, unsigned int const*), void*) () from 
/usr/lib/x86_64-linux-gnu/libbliss.so.2


-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bliss depends on:
ii  libbliss2   0.73-2
ii  libc6   2.28-7
ii  libgcc1 1:8.2.0-21
ii  libgmp102:6.1.2+dfsg-4
ii  libstdc++6  8.2.0-21

bliss recommends no packages.

bliss suggests no packages.

-- no debconf information