Bug#1003610: libc6 crashes with VIA C7 and VIA Eden processors starting with 2.33
Am 2022-01-13 23:07, schrieb Aurelien Jarno: On 2022-01-13 14:20, Wolfgang Walter wrote: Am 2022-01-12 16:46, schrieb Aurelien Jarno: > On 2022-01-12 16:14, Wolfgang Walter wrote: > > Package: libc6 > > Version: 2.33-2 > > Severity: important > > > > After upgrading from libc6 2.32 to 2.33 all machines with a VIA C7 > > or VIA > > Eden show segfaults in libc (i.e. hostname fails to work, or rebooting > > fails). Machines with VIA Nehemiah work fine. > > Could you please provide more details? At least the content of dmesg > when it happens or ideally a core dump or a backtrace. Not easy. These machines just boot into a initramfs (which is a very minimal debian sid) from an usb-stick and nothing survives a reboot. /bin/sh points to bash. The system does not use systemd but sysv. The login prompt is: (none) login: I cannot log into the machine, login seems also be broken, it always says "login incorrect". If I try to reboot by entering ctrl-alt-del the reboot fails with: INIT: Switching to runlevel: 6 INIT: No inittab.d directory found INIT: Sending processes configured via /etc/inittab the TERM signal [ 305.550677][ T1235] rc[1235]: segfault at 1c81000 ip b7ebf634 sp bfb5ce78 error 6 in libc-2.33.so[b7d8e000+158000] [ 305.550791][ T1235] Code: 95 04 00 03 1c 8b 01 ca ff e3 29 d9 8d b4 26 00 00 00 00 8d 76 00 0f 18 8a c0 03 00 00 0f 18 8a 80 03 00 00 81 eb 80 00 00 00 <66> 0f 7f 02 66 0f 7f 42 10 66 0f 7f 42 20 66 0f 7f 42 30 66 0f 7f Give root password for maintenance (or press Control-D to continue): Thanks. This codes corresponds to memset_sse2: 14e607: 81 c3 69 95 04 00 add$0x49569,%ebx 14e60d: 03 1c 8badd(%ebx,%ecx,4),%ebx 14e610: 01 ca add%ecx,%edx 14e612: ff e3 jmp*%ebx 14e614: 29 d9 sub%ebx,%ecx 14e616: 8d b4 26 00 00 00 00lea0x0(%esi,%eiz,1),%esi 14e61d: 8d 76 00lea0x0(%esi),%esi 14e620: 0f 18 8a c0 03 00 00prefetcht0 0x3c0(%edx) 14e627: 0f 18 8a 80 03 00 00prefetcht0 0x380(%edx) 14e62e: 81 eb 80 00 00 00 sub$0x80,%ebx =>14e634: 66 0f 7f 02 movdqa %xmm0,(%edx) 14e638: 66 0f 7f 42 10 movdqa %xmm0,0x10(%edx) 14e63d: 66 0f 7f 42 20 movdqa %xmm0,0x20(%edx) 14e642: 66 0f 7f 42 30 movdqa %xmm0,0x30(%edx) 14e647: 66 0f 7f 42 40 movdqa %xmm0,0x40(%edx) But I cannot login (Login incorrect). If I enter control-d instead, I get "sulogin: cannot read /dev/tty1: Operation not permitted". The very same usb stick boots just fine with non VIA 7 / VIA Eden processors. I modified it a bit an set --autologin for one getty. This did not worḱ, I get a lot of things like [ ..][ T1231] login[1231]: segfault at bfd3d000 ip b7eb5656 sp bfd36978 error 6 in libc-2.33.so[b7d84000+158000] or [ ][ T1241] sh[1241]: segfault at 12ac000 ip b7e03638 sp bff99ff8 error 6 in libc-2.33.so[b7cd2000+158000] Now I tried getty -n -l /bin/dash. This worked. If I try to start bash, bash crashes with a segmentation fault. I have no debugger and no debugging symbols in this image at the moment, only strace If I strace -f bash I get: The last thing done is reading the first line of passwd, closing the file. Then there is a SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x12d9000} When I do a strace -f bash 2> /tmp/blub the last system call is uname(), then again a SEGV_MAPPERR When bash segfaults I get no log that it crashed in libc6. ls, rm, mount etc seem to work. But vim crashes in libc6, again at +158000 and with Code "1c 8b 01 ca ff e3 29 d9 8d b4 26 00 00 00 00 8d 76 00 0f 18 8a c0 03 00 00 0f 18 8a 80 03 00 00 81 eb 80 00 00 00 <66> 0f 7f 02 66 0f 7f 42 10 66 0f 7f 42 20 66 0f 7f 42 30 66 0f" Also ip link ls crashes, again in libc6, again at +158000 and with Code "0f 18 8a 80 03 00 00 81 eb 80 00 00 00 00 66 0f 7f 02 66 0f 7f 42 10 66 0f 7f 42 20 66 0f 7f 42 30 66 0f 7f 42 40 66 0f 7f 42 50 <66> 0f 7f 02 66 0f 7f 42 70 71 c2 80 00 00 00 81 fb 80 00 00 00" or ip addr ls or less, perl, ssh, sshd, rsyslogd The Code is not always the same, but <66> 0f 7f 42 seems to be and the crash in libc-2.33.so[x+158000] The above crashes are in memset_sse2 or bzero_sse2, I do not have enough details to confirm, but that's not that important. Thanks a lot for those details, they definitely help to understand things a bit better, although things are not fully clear yet. The memset_sse2 and bzero_sse2 are called only on a SSE2 capable CPU, which is the case of the VIA C7, and that matches the fact the crash is a segmentation fault and not an illegal instruction. The addresses seems to be correctly aligned as required by SSE2 instructions. I do not (yet?) understand why upgrading from 2.32 to 2.33 causes such an issue, as the code of those functions
Bug#1003610: libc6 crashes with VIA C7 and VIA Eden processors starting with 2.33
On 2022-01-13 14:20, Wolfgang Walter wrote: > Am 2022-01-12 16:46, schrieb Aurelien Jarno: > > On 2022-01-12 16:14, Wolfgang Walter wrote: > > > Package: libc6 > > > Version: 2.33-2 > > > Severity: important > > > > > > After upgrading from libc6 2.32 to 2.33 all machines with a VIA C7 > > > or VIA > > > Eden show segfaults in libc (i.e. hostname fails to work, or rebooting > > > fails). Machines with VIA Nehemiah work fine. > > > > Could you please provide more details? At least the content of dmesg > > when it happens or ideally a core dump or a backtrace. > > Not easy. These machines just boot into a initramfs (which is a very minimal > debian sid) from an usb-stick and nothing survives a reboot. /bin/sh points > to bash. > > The system does not use systemd but sysv. > > The login prompt is: > > (none) login: > > > I cannot log into the machine, login seems also be broken, it always says > "login incorrect". > > If I try to reboot by entering ctrl-alt-del the reboot fails with: > > INIT: Switching to runlevel: 6 > INIT: No inittab.d directory found > INIT: Sending processes configured via /etc/inittab the TERM signal > [ 305.550677][ T1235] rc[1235]: segfault at 1c81000 ip b7ebf634 sp bfb5ce78 > error 6 in libc-2.33.so[b7d8e000+158000] > [ 305.550791][ T1235] Code: 95 04 00 03 1c 8b 01 ca ff e3 29 d9 8d b4 26 00 > 00 00 00 8d 76 00 0f 18 8a c0 03 00 00 0f 18 8a 80 03 00 00 81 eb 80 00 00 > 00 <66> 0f 7f 02 66 0f 7f 42 10 66 0f 7f 42 20 66 0f 7f 42 30 66 0f 7f > Give root password for maintenance > (or press Control-D to continue): Thanks. This codes corresponds to memset_sse2: 14e607: 81 c3 69 95 04 00 add$0x49569,%ebx 14e60d: 03 1c 8badd(%ebx,%ecx,4),%ebx 14e610: 01 ca add%ecx,%edx 14e612: ff e3 jmp*%ebx 14e614: 29 d9 sub%ebx,%ecx 14e616: 8d b4 26 00 00 00 00lea0x0(%esi,%eiz,1),%esi 14e61d: 8d 76 00lea0x0(%esi),%esi 14e620: 0f 18 8a c0 03 00 00prefetcht0 0x3c0(%edx) 14e627: 0f 18 8a 80 03 00 00prefetcht0 0x380(%edx) 14e62e: 81 eb 80 00 00 00 sub$0x80,%ebx =>14e634: 66 0f 7f 02 movdqa %xmm0,(%edx) 14e638: 66 0f 7f 42 10 movdqa %xmm0,0x10(%edx) 14e63d: 66 0f 7f 42 20 movdqa %xmm0,0x20(%edx) 14e642: 66 0f 7f 42 30 movdqa %xmm0,0x30(%edx) 14e647: 66 0f 7f 42 40 movdqa %xmm0,0x40(%edx) > But I cannot login (Login incorrect). If I enter control-d instead, I get > "sulogin: cannot read /dev/tty1: Operation not permitted". > > The very same usb stick boots just fine with non VIA 7 / VIA Eden > processors. > > > I modified it a bit an set --autologin for one getty. This did not worḱ, I > get a lot of things like > > [ ..][ T1231] login[1231]: segfault at bfd3d000 ip b7eb5656 sp > bfd36978 error 6 in libc-2.33.so[b7d84000+158000] > > or > > [ ][ T1241] sh[1241]: segfault at 12ac000 ip b7e03638 sp bff99ff8 > error 6 in libc-2.33.so[b7cd2000+158000] > > > Now I tried getty -n -l /bin/dash. This worked. > > If I try to start bash, bash crashes with a segmentation fault. I have no > debugger and no debugging symbols in this image at the moment, only strace > > If I strace -f bash I get: > > The last thing done is reading the first line of passwd, closing the file. > Then there is a SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, > si_addr=0x12d9000} > > When I do a strace -f bash 2> /tmp/blub the last system call is uname(), > then again a SEGV_MAPPERR > > When bash segfaults I get no log that it crashed in libc6. > > ls, rm, mount etc seem to work. > > But vim crashes in libc6, again at +158000 and with Code "1c 8b 01 ca ff e3 > 29 d9 8d b4 26 00 00 00 00 8d 76 00 0f 18 8a c0 03 00 00 0f 18 8a 80 03 00 > 00 81 eb 80 00 00 00 <66> 0f 7f 02 66 0f 7f 42 10 66 0f 7f 42 20 66 0f 7f 42 > 30 66 0f" > > Also ip link ls crashes, again in libc6, again at +158000 and with Code "0f > 18 8a 80 03 00 00 81 eb 80 00 00 00 00 66 0f 7f 02 66 0f 7f 42 10 66 0f 7f > 42 20 66 0f 7f 42 30 66 0f 7f 42 40 66 0f 7f 42 50 <66> 0f 7f 02 66 0f 7f 42 > 70 71 c2 80 00 00 00 81 fb 80 00 00 00" > > or ip addr ls > > or less, perl, ssh, sshd, rsyslogd > > The Code is not always the same, but <66> 0f 7f 42 seems to be and the crash > in libc-2.33.so[x+158000] > The above crashes are in memset_sse2 or bzero_sse2, I do not have enough details to confirm, but that's not that important. Thanks a lot for those details, they definitely help to understand things a bit better, although things are not fully clear yet. The memset_sse2 and bzero_sse2 are called only on a SSE2 capable CPU, which is the case of the VIA C7, and that matches the fact the crash is a segmentation fault and not an illegal instruction. The addresses seems to be correctly aligned as required by SSE2 instructions. I do
Bug#1003610: libc6 crashes with VIA C7 and VIA Eden processors starting with 2.33
Am 2022-01-12 16:46, schrieb Aurelien Jarno: On 2022-01-12 16:14, Wolfgang Walter wrote: Package: libc6 Version: 2.33-2 Severity: important After upgrading from libc6 2.32 to 2.33 all machines with a VIA C7 or VIA Eden show segfaults in libc (i.e. hostname fails to work, or rebooting fails). Machines with VIA Nehemiah work fine. Could you please provide more details? At least the content of dmesg when it happens or ideally a core dump or a backtrace. Not easy. These machines just boot into a initramfs (which is a very minimal debian sid) from an usb-stick and nothing survives a reboot. /bin/sh points to bash. The system does not use systemd but sysv. The login prompt is: (none) login: I cannot log into the machine, login seems also be broken, it always says "login incorrect". If I try to reboot by entering ctrl-alt-del the reboot fails with: INIT: Switching to runlevel: 6 INIT: No inittab.d directory found INIT: Sending processes configured via /etc/inittab the TERM signal [ 305.550677][ T1235] rc[1235]: segfault at 1c81000 ip b7ebf634 sp bfb5ce78 error 6 in libc-2.33.so[b7d8e000+158000] [ 305.550791][ T1235] Code: 95 04 00 03 1c 8b 01 ca ff e3 29 d9 8d b4 26 00 00 00 00 8d 76 00 0f 18 8a c0 03 00 00 0f 18 8a 80 03 00 00 81 eb 80 00 00 00 <66> 0f 7f 02 66 0f 7f 42 10 66 0f 7f 42 20 66 0f 7f 42 30 66 0f 7f Give root password for maintenance (or press Control-D to continue): But I cannot login (Login incorrect). If I enter control-d instead, I get "sulogin: cannot read /dev/tty1: Operation not permitted". The very same usb stick boots just fine with non VIA 7 / VIA Eden processors. I modified it a bit an set --autologin for one getty. This did not worḱ, I get a lot of things like [ ..][ T1231] login[1231]: segfault at bfd3d000 ip b7eb5656 sp bfd36978 error 6 in libc-2.33.so[b7d84000+158000] or [ ][ T1241] sh[1241]: segfault at 12ac000 ip b7e03638 sp bff99ff8 error 6 in libc-2.33.so[b7cd2000+158000] Now I tried getty -n -l /bin/dash. This worked. If I try to start bash, bash crashes with a segmentation fault. I have no debugger and no debugging symbols in this image at the moment, only strace If I strace -f bash I get: The last thing done is reading the first line of passwd, closing the file. Then there is a SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x12d9000} When I do a strace -f bash 2> /tmp/blub the last system call is uname(), then again a SEGV_MAPPERR When bash segfaults I get no log that it crashed in libc6. ls, rm, mount etc seem to work. But vim crashes in libc6, again at +158000 and with Code "1c 8b 01 ca ff e3 29 d9 8d b4 26 00 00 00 00 8d 76 00 0f 18 8a c0 03 00 00 0f 18 8a 80 03 00 00 81 eb 80 00 00 00 <66> 0f 7f 02 66 0f 7f 42 10 66 0f 7f 42 20 66 0f 7f 42 30 66 0f" Also ip link ls crashes, again in libc6, again at +158000 and with Code "0f 18 8a 80 03 00 00 81 eb 80 00 00 00 00 66 0f 7f 02 66 0f 7f 42 10 66 0f 7f 42 20 66 0f 7f 42 30 66 0f 7f 42 40 66 0f 7f 42 50 <66> 0f 7f 02 66 0f 7f 42 70 71 c2 80 00 00 00 81 fb 80 00 00 00" or ip addr ls or less, perl, ssh, sshd, rsyslogd The Code is not always the same, but <66> 0f 7f 42 seems to be and the crash in libc-2.33.so[x+158000] Thanks, Aurelien Regards, -- Wolfgang Walter Studentenwerk München Anstalt des öffentlichen Rechts
Bug#1003610: libc6 crashes with VIA C7 and VIA Eden processors starting with 2.33
On 2022-01-12 16:14, Wolfgang Walter wrote: > Package: libc6 > Version: 2.33-2 > Severity: important > > After upgrading from libc6 2.32 to 2.33 all machines with a VIA C7 or VIA > Eden show segfaults in libc (i.e. hostname fails to work, or rebooting > fails). Machines with VIA Nehemiah work fine. Could you please provide more details? At least the content of dmesg when it happens or ideally a core dump or a backtrace. Thanks, Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
Bug#1003610: libc6 crashes with VIA C7 and VIA Eden processors starting with 2.33
Package: libc6 Version: 2.33-2 Severity: important After upgrading from libc6 2.32 to 2.33 all machines with a VIA C7 or VIA Eden show segfaults in libc (i.e. hostname fails to work, or rebooting fails). Machines with VIA Nehemiah work fine. I tested again starting with an older version of sid, upgrading all packages but libc6 (pinned to 2.32) (some other packaages could not been updated because they already depend on 2.33). This works fine. Regards, -- Wolfgang Walter Studentenwerk München Anstalt des öffentlichen Rechts