[Git][glibc-team/glibc][glibc-2.35] 3 commits: hurd-i386/git-readlink-fifo.diff: Fix atomicity
Samuel Thibault pushed to branch glibc-2.35 at GNU Libc Maintainers / glibc Commits: e42ad945 by Samuel Thibault at 2022-09-15T21:59:29+02:00 hurd-i386/git-readlink-fifo.diff: Fix atomicity - - - - - 9bb6302c by Samuel Thibault at 2022-09-15T22:00:12+02:00 Merge branch sid of salsa.debian.org:glibc-team/glibc into glibc-2.35 - - - - - 22a1effa by Samuel Thibault at 2022-09-15T22:05:15+02:00 Merge branch glibc-2.35 of salsa.debian.org:glibc-team/glibc into glibc-2.35 - - - - - 1 changed file: - debian/patches/hurd-i386/git-readlink-fifo.diff View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/691e62f353636698b0f1a9fe23ff10c982008a75...22a1effa6ad8ae42e1a4a2b8ff6fd1ec55bc74f5 -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/691e62f353636698b0f1a9fe23ff10c982008a75...22a1effa6ad8ae42e1a4a2b8ff6fd1ec55bc74f5 You're receiving this email because of your account on salsa.debian.org.
[Git][glibc-team/glibc][sid] hurd-i386/git-readlink-fifo.diff: Fix atomicity
Samuel Thibault pushed to branch sid at GNU Libc Maintainers / glibc Commits: e42ad945 by Samuel Thibault at 2022-09-15T21:59:29+02:00 hurd-i386/git-readlink-fifo.diff: Fix atomicity - - - - - 1 changed file: - debian/patches/hurd-i386/git-readlink-fifo.diff View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/e42ad94514c1468fc42a3ebe7ae8fa03fe5beead -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/e42ad94514c1468fc42a3ebe7ae8fa03fe5beead You're receiving this email because of your account on salsa.debian.org.
Bug#1019855: Fwd: libc6: immediately crashes with SIGILL on 4th gen Intel Core CPUs (seems related to AVX2 instructions), bricking the whole system
Hi, On 2022-09-15 20:59, debian-bug-rep...@p0358.net wrote: > > The first thing would be to provide the output of /proc/cpuinfo > > Pasting below (please **NOTE** that "avx2" would normally be there, but is > currently missing due to this kernel option `clearcpuid=293` with which I > booted the PC now -- I can **100%** confirm "avx2" was there before, but > don't want to reboot for now to remove this kernel flag): > > # cat /proc/cpuinfo > processor : 0 > vendor_id : GenuineIntel > cpu family : 6 > model : 60 > model name : Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz > stepping: 3 > microcode : 0x12 > cpu MHz : 2394.664 > cache size : 3072 KB > physical id : 0 > siblings: 4 > core id : 0 > cpu cores : 2 > apicid : 0 > initial apicid : 0 > fpu : yes > fpu_exception : yes > cpuid level : 13 > wp : yes > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca > cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx > pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology > nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 > ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt xsave avx f16c > rdrand lahf_lm abm cpuid_fault epb invpcid_single pti tpr_shadow vnmi > flexpriority ept vpid ept_ad fsgsbase tsc_adjust smep erms invpcid xsaveopt > dtherm arat pln pts > vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb > flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple > bugs: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf > mds swapgs itlb_multihit srbds > bogomips: 4789.10 > clflush size: 64 > cache_alignment : 64 > address sizes : 39 bits physical, 48 bits virtual > power management: Thanks. > > If you believe the issue is due to AVX2, clearcpuid won't help, as it > > just clear the corresponding flags from the kernel point of view, but > > the cpuid instruction will just continue to behave the same. The way to > > do disable that features at the glibc level is to set the GLIBC_TUNABLES > > environment variable to "glibc.cpu.hwcaps=-AVX2_Usable". > > This works! Indeed the clearcpuid flags itself on its own did nothing as you > mentioned too. This workaround is great to know then for the time being. Great, that's narrowing down the problem. > > Same from there due to ASLR. It seems to fail in at least two different > > locations. Do you have some extra lines around, sometimes the kernel > > dump the addresses around the instruction pointer? > > Generally these lines all followed similar pattern, and there was nothing > printed below or after, just this single line per crash. I will paste a few > more below. Isn't the "+15a000" the relative offset in libc .so though? It The +15a000 is the size of the libc.so.6 mapping in the virtual memory. > does seem like an oddly round number, but I loaded the library in IDA > disassembler and the instructions at this offset do seem to be related to > AVX2 (linking screenshot which I also pasted on the linked GitHub issue) > (the highlighted instruction in gray seems to be the one at this > aforementioned offset): > https://user-images.githubusercontent.com/5182588/190256853-29ae80aa-0089-4da2-a430-990e2693d15c.png > > If my above hypithesis is correct, then I looked at the mother function in > x-refs and it does seem to be defined in rtld_global_ro table, and its name > is "__strncmp_avx2". Was something changed in this function between the > updates? > > Pasting more kernel lines: > kernel: [852124.361775] traps: dhclient[1583381] trap invalid opcode > ip:7fe19118051d sp:7ffee6e36238 error:0 in libc-2.31.so[7fe191044000+15a000] > kernel: [852124.468314] traps: nft[1583398] trap invalid opcode > ip:7fe3418fe51d sp:7fff11342df8 error:0 in libc-2.31.so[7fe3417c2000+15a000] > kernel: [852124.572700] traps: systemd-shutdow[1377424] trap invalid opcode > ip:7fde88b724ad sp:7ffc13767028 error:0 in libc-2.31.so[7fde88a3a000+15a000] > kernel: [ 270.477024] traps: bun[2055] trap invalid opcode ip:2e363f4 > sp:7ffe2320d640 error:0 in bun[2a6f000+2ce2000] > kernel: [ 279.884807] traps: systemd[2115] trap invalid opcode > ip:7faf645ec4ad sp:7ffe12e06c48 error:0 in libc-2.31.so[7faf644b4000+15a000] > kernel: [ 299.637575] traps: bun[2296] trap invalid opcode ip:2e363f4 > sp:7ffd0c0bc9c0 error:0 in bun[2a6f000+2ce2000] > kernel: [ 331.036417] traps: bash[2462] trap invalid opcode ip:7ff42840051d > sp:7ffd34ad7278 error:0 in libc-2.31.so[7ff4282c4000+15a000] > kernel: [ 357.184428] traps: bash[2652] trap invalid opcode ip:7f717873751d > sp:7fffd34c8848 error:0 in libc-2.31.so[7f71785fb000+15a000] > kernel: [ 645.517556] traps: bash[3508] trap invalid opcode ip:7f4b6ee8851d > sp:7ffd74beb6e8 error:0 in libc-2.31.so[7f4b6ed4c000+15a000] > kernel: [ 876.760209] traps: bash[4225]
Bug#1019855: Fwd: libc6: immediately crashes with SIGILL on 4th gen Intel Core CPUs (seems related to AVX2 instructions), bricking the whole system
> The first thing would be to provide the output of /proc/cpuinfo Pasting below (please **NOTE** that "avx2" would normally be there, but is currently missing due to this kernel option `clearcpuid=293` with which I booted the PC now -- I can **100%** confirm "avx2" was there before, but don't want to reboot for now to remove this kernel flag): # cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz stepping: 3 microcode : 0x12 cpu MHz : 2394.664 cache size : 3072 KB physical id : 0 siblings: 4 core id : 0 cpu cores : 2 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt xsave avx f16c rdrand lahf_lm abm cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust smep erms invpcid xsaveopt dtherm arat pln pts vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple bugs: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit srbds bogomips: 4789.10 clflush size: 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz stepping: 3 microcode : 0x12 cpu MHz : 2400.000 cache size : 3072 KB physical id : 0 siblings: 4 core id : 0 cpu cores : 2 apicid : 1 initial apicid : 1 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt xsave avx f16c rdrand lahf_lm abm cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust smep erms invpcid xsaveopt dtherm arat pln pts vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple bugs: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit srbds bogomips: 4789.10 clflush size: 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: processor : 2 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz stepping: 3 microcode : 0x12 cpu MHz : 2400.000 cache size : 3072 KB physical id : 0 siblings: 4 core id : 1 cpu cores : 2 apicid : 2 initial apicid : 2 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt xsave avx f16c rdrand lahf_lm abm cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust smep erms invpcid xsaveopt dtherm arat pln pts vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple bugs: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit srbds bogomips: 4789.10 clflush size: 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: processor : 3 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz stepping: 3 microcode : 0x12 cpu MHz : 2400.000 cache size : 3072 KB physical id : 0 siblings: 4 core id : 1 cpu cores : 2 apicid : 3 initial apicid : 3 fpu : yes fpu_exception : yes cpuid
Bug#1019855: Fwd: libc6: immediately crashes with SIGILL on 4th gen Intel Core CPUs (seems related to AVX2 instructions), bricking the whole system
Hi, On 2022-09-15 01:37, debian-bug-rep...@p0358.net wrote: > Package: libc6 > Version: 2.31-13+deb11u4 > Severity: critical > > Dear Maintainer, > > After an upgrade to version +deb11u4 on my system running Haswell > (4th gen Intel Core) CPU, most of the programs including bash or dpkg > are immediately crashing with SIGILL. The problem seems to be caused/ > related to AVX2 and changes made to some functions utilizing this > instruction set. I don't know much about Debian bug reporting, so forgive me > any mistakes I've made. > The issue is on both host, LXC and Docker. > I have described more on this link: > https://github.com/debuerreotype/docker-debian-artifacts/issues/175 > where I also linked my coredump from example program and described stuff > more thoroughly. First of all, sorry about the issue, it should not have slipped in a stable release. Unfortunately I am not able to reproduce the issue. I have tried on 3rd gen or 5th gen Intel Core CPUs, but failed to reproduce it. Therefore I will need your help to understand the issue. The first thing would be to provide the output of /proc/cpuinfo > Coredump link directly just in case: > https://github.com/debuerreotype/docker-debian-artifacts/files/9569748/core.bash.10.2663c40e671041e6b40c882a70b83c3f.1480736.166318582400.zip Unfortunately I am not able to use this core dump to get the instruction that trigger the SIGILL, even after installing debug symbols packages. > Also log lines from kernel: > kernel: [834669.721253] traps: dpkg[1455373] trap invalid opcode > ip:7fa39701951d sp:7ffc4ad26e58 error:0 in libc-2.31.so[7fa396edd000+15a000] > kernel: [834669.732958] traps: dpkg[1455374] trap invalid opcode > ip:7f529ca9551d sp:7fffb6f0a238 error:0 in libc-2.31.so[7f529c959000+15a000] > kernel: [834669.840128] traps: dpkg[1455375] trap invalid opcode > ip:7f1874cc951d sp:7fffc2c2f5d8 error:0 in libc-2.31.so[7f1874b8d000+15a000] > kernel: [834669.907918] traps: dpkg[1455378] trap invalid opcode > ip:7f3b4f8d851d sp:7fff3ec970f8 error:0 in libc-2.31.so[7f3b4f79c000+15a000] > kernel: [834712.152139] traps: passwd[1455693] trap invalid opcode > ip:7fefee4b52b7 sp:7cb506b8 error:0 in libc-2.31.so[7fefee37d000+15a000] Same from there due to ASLR. It seems to fail in at least two different locations. Do you have some extra lines around, sometimes the kernel dump the addresses around the instruction pointer? > Not sure what exactly might be causing the issue, but if these changes > aren't pulled, potentially anyone with this or similar CPU as me will > upgrade and end up with bricked system. The changes that are in this stable release have been (or at least were supposed to, given the bug you reported) in testing/sid for a few months. Are you able to do a test with debian sid, for instance in docker? > I will proceed to try using `clearcpuid=293` kernel flag myself, but > consider how many distros depend on Debian, live CDs etc, with people unable > to figure out why their system became useless, unable to trace the source, > and blaming it just on Linux... If you believe the issue is due to AVX2, clearcpuid won't help, as it just clear the corresponding flags from the kernel point of view, but the cpuid instruction will just continue to behave the same. The way to do disable that features at the glibc level is to set the GLIBC_TUNABLES environment variable to "glibc.cpu.hwcaps=-AVX2_Usable". Regards Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
[Git][glibc-team/glibc][glibc-2.35] debian/patches/git-updates.diff: update from upstream stable branch.
Aurelien Jarno pushed to branch glibc-2.35 at GNU Libc Maintainers / glibc Commits: 691e62f3 by Aurelien Jarno at 2022-09-15T08:07:17+02:00 debian/patches/git-updates.diff: update from upstream stable branch. - - - - - 2 changed files: - debian/changelog - debian/patches/git-updates.diff View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/691e62f353636698b0f1a9fe23ff10c982008a75 -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/691e62f353636698b0f1a9fe23ff10c982008a75 You're receiving this email because of your account on salsa.debian.org.