Bug#1083095: libc6: SIGSEGV in _dl_open on ARM64 (aarch64) at libc6 2.36-9+deb12u8 called by bash-static 5.2.15-2+b7
Hi, On 2024-10-07 21:26, Jingyuan Liang wrote: > > Another one is to rebuild bash-static against libc6 2.36-9+deb12u8. > > Then we need to define dependencies very carefully, e.g. bash-static > 5.2.15-2+b7 requires libc6 2.36-9+deb12u7 or lower and 5.2.15-2+b8 > requires 2.36-9+deb12u8 or higher. Is it possible to just drop that patch > in Debian's builds and declare libc6 2.36-9+deb12u8 bad? Yes, at this point, I have just proposed two *workarounds*. We need to look for the best solution for the next point release. Regards, Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://aurel32.net
Bug#1083095: libc6: SIGSEGV in _dl_open on ARM64 (aarch64) at libc6 2.36-9+deb12u8 called by bash-static 5.2.15-2+b7
> Another one is to rebuild bash-static against libc6 2.36-9+deb12u8.
Then we need to define dependencies very carefully, e.g. bash-static
5.2.15-2+b7 requires libc6 2.36-9+deb12u7 or lower and 5.2.15-2+b8
requires 2.36-9+deb12u8 or higher. Is it possible to just drop that patch
in Debian's builds and declare libc6 2.36-9+deb12u8 bad?
On Mon, Oct 7, 2024 at 2:58 PM Aurelien Jarno wrote:
> control: found -1 2.36-9+deb12u8
>
> Hi,
>
> On 2024-10-01 13:25, Jingyuan Liang wrote:
> > Package: libc6
> > Version: 2.38-7+gl0
> > Severity: normal
> > X-Debbugs-Cc: jingyuanli...@google.com
> >
> > Dear Maintainer,
> >
> > The issue happened in a containerized context - the system information
> extracted below doesn't apply.
> >
> > If you speak Docker, the build below is a reproduction of the issue;
> otherwise, just skip this.
> >
> > ```
> > FROM debian:bookworm-slim AS bash
> >
> > RUN apt-get update && apt-get install -y --no-install-recommends
> --no-install-suggests bash-static
> >
> > FROM
> gcr.io/distroless/base-debian12@sha256:6ae5fe659f28c6afe9cc2903aebc78a5c6ad3aaa3d9d0369760ac6aaea2529c8
> >
> > COPY --from=bash /bin/bash-static /bin/bash
> >
> > ENTRYPOINT ["/bin/bash"]
> > ```
>
> Thanks for reporting this and for the docker reproducer. This can be
> reproduced in a simpler way by:
> - using "compat" in /etc/nsswitch.conf for the passwd database.
> - executing bash-static or this simple program compiled statically:
>
> | #include
> | #include
> | #include
> |
> | int main()
> | {
> | return getpwuid(getuid()) != NULL;
> | }
>
> The issue has been introduced by the following upstream commit:
>
> | commit 24de733967029fd902c34073d2ab25b900887352
> | Author: Wilco Dijkstra
> | Date: Thu Mar 21 16:48:33 2024 +
> |
> | AArch64: Check kernel version for SVE ifuncs
> |
> | Old Linux kernels disable SVE after every system call. Calling the
> | SVE-optimized memcpy afterwards will then cause a trap to reenable
> SVE.
> | As a result, applications with a high use of syscalls may run slower
> with
> | the SVE memcpy. This is true for kernels between 4.15.0 and before
> 6.2.0,
> | except for 5.14.0 which was patched. Avoid this by checking the
> kernel
> | version and selecting the SVE ifunc on modern kernels.
> |
> | Parse the kernel version reported by uname() into a 24-bit
> kernel.major.minor
> | value without calling any library functions. If uname() is not
> supported or
> | if the version format is not recognized, assume the kernel is modern.
> |
> | Tested-by: Florian Weimer
> | Reviewed-by: Szabolcs Nagy
> | (cherry picked from commit 2e94e2f5d2bf2de124c8ad7da85463355e54ccb2)
>
> A workaround is to use "compat" in /etc/nsswitch.conf if your setup
> allows that ("files" being the default). Another one is to rebuild
> bash-static against libc6 2.36-9+deb12u8.
>
> I have brought up the issue upstream:
> https://sourceware.org/pipermail/libc-alpha/2024-October/160401.html
>
> Regards
> Aurelien
>
> --
> Aurelien Jarno GPG: 4096R/1DDD8C9B
> aurel...@aurel32.net http://aurel32.net
>
Processed: Re: Bug#1083095: libc6: SIGSEGV in _dl_open on ARM64 (aarch64) at libc6 2.36-9+deb12u8 called by bash-static 5.2.15-2+b7
Processing control commands: > found -1 2.36-9+deb12u8 Bug #1083095 [libc6] libc6: SIGSEGV in _dl_open on ARM64 (aarch64) at libc6 2.36-9+deb12u8 called by bash-static 5.2.15-2+b7 Marked as found in versions glibc/2.36-9+deb12u8. -- 1083095: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083095 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1083095: libc6: SIGSEGV in _dl_open on ARM64 (aarch64) at libc6 2.36-9+deb12u8 called by bash-static 5.2.15-2+b7
control: found -1 2.36-9+deb12u8
Hi,
On 2024-10-01 13:25, Jingyuan Liang wrote:
> Package: libc6
> Version: 2.38-7+gl0
> Severity: normal
> X-Debbugs-Cc: jingyuanli...@google.com
>
> Dear Maintainer,
>
> The issue happened in a containerized context - the system information
> extracted below doesn't apply.
>
> If you speak Docker, the build below is a reproduction of the issue;
> otherwise, just skip this.
>
> ```
> FROM debian:bookworm-slim AS bash
>
> RUN apt-get update && apt-get install -y --no-install-recommends
> --no-install-suggests bash-static
>
> FROM
> gcr.io/distroless/base-debian12@sha256:6ae5fe659f28c6afe9cc2903aebc78a5c6ad3aaa3d9d0369760ac6aaea2529c8
>
> COPY --from=bash /bin/bash-static /bin/bash
>
> ENTRYPOINT ["/bin/bash"]
> ```
Thanks for reporting this and for the docker reproducer. This can be
reproduced in a simpler way by:
- using "compat" in /etc/nsswitch.conf for the passwd database.
- executing bash-static or this simple program compiled statically:
| #include
| #include
| #include
|
| int main()
| {
| return getpwuid(getuid()) != NULL;
| }
The issue has been introduced by the following upstream commit:
| commit 24de733967029fd902c34073d2ab25b900887352
| Author: Wilco Dijkstra
| Date: Thu Mar 21 16:48:33 2024 +
|
| AArch64: Check kernel version for SVE ifuncs
|
| Old Linux kernels disable SVE after every system call. Calling the
| SVE-optimized memcpy afterwards will then cause a trap to reenable SVE.
| As a result, applications with a high use of syscalls may run slower with
| the SVE memcpy. This is true for kernels between 4.15.0 and before 6.2.0,
| except for 5.14.0 which was patched. Avoid this by checking the kernel
| version and selecting the SVE ifunc on modern kernels.
|
| Parse the kernel version reported by uname() into a 24-bit
kernel.major.minor
| value without calling any library functions. If uname() is not supported
or
| if the version format is not recognized, assume the kernel is modern.
|
| Tested-by: Florian Weimer
| Reviewed-by: Szabolcs Nagy
| (cherry picked from commit 2e94e2f5d2bf2de124c8ad7da85463355e54ccb2)
A workaround is to use "compat" in /etc/nsswitch.conf if your setup
allows that ("files" being the default). Another one is to rebuild
bash-static against libc6 2.36-9+deb12u8.
I have brought up the issue upstream:
https://sourceware.org/pipermail/libc-alpha/2024-October/160401.html
Regards
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://aurel32.net
Bug#1083095: libc6: SIGSEGV in _dl_open on ARM64 (aarch64) at libc6 2.36-9+deb12u8 called by bash-static 5.2.15-2+b7
Package: libc6
Version: 2.38-7+gl0
Severity: normal
X-Debbugs-Cc: jingyuanli...@google.com
Dear Maintainer,
The issue happened in a containerized context - the system information
extracted below doesn't apply.
If you speak Docker, the build below is a reproduction of the issue; otherwise,
just skip this.
```
FROM debian:bookworm-slim AS bash
RUN apt-get update && apt-get install -y --no-install-recommends
--no-install-suggests bash-static
FROM
gcr.io/distroless/base-debian12@sha256:6ae5fe659f28c6afe9cc2903aebc78a5c6ad3aaa3d9d0369760ac6aaea2529c8
COPY --from=bash /bin/bash-static /bin/bash
ENTRYPOINT ["/bin/bash"]
```
We're building containers by pulling certain packages / binaries from Debian
without the full package manager. For this particular container, we've taken
libc6 and bash-static plus a few more, but not all (and far from all) packages
that would be seen on a regular system, and we execute bash-static inside the
container. Recently, we found bash-static fails execution in recently built
containers immediately at startup, on ARM (aarch64) only (works on amd64,
didn't test other architectures), with SIGSEGV at startup. The ARM chip is an
Ampere Altra. Upon investigation, we found it started failing since libc6 was
bumped from 2.36-9+deb12u7 to 2.36-9+deb12u8, with bash-static not changed at
5.2.15-2+b7. Tracing the crash, it shows:
```
(gdb) bt
#0 0x004e400c in kill ()
#1 0x00452ab0 in kill_shell (sig=sig@entry=11) at .././sig.c:643
#2 0x00452c34 in termsig_handler (sig=11) at .././sig.c:624
#3 0x00452e60 in termsig_handler (sig=) at
.././sig.c:581
#4 termsig_sighandler (sig=) at .././sig.c:558
#5
#6 0x in ?? ()
#7 0xb0c9a718 in _dl_open (file=0xb0b90650 "libnss_nis.so.2",
mode=-2147483646, caller_dlopen=0xb0df2748 , nsid=-2,
argc=1, argv=0xd9762ef8, env=0xd9762f08)
at ./elf/dl-open.c:830
#8 0xb0e0eca0 in do_dlopen (ptr=ptr@entry=0xd97624e8) at
./elf/dl-libc.c:95
#9 0xb0e0e8bc in __GI__dl_catch_exception
(exception=exception@entry=0xd9762470, operate=0xb0e0ec54 ,
args=0xd97624e8) at ./elf/dl-error-skeleton.c:208
#10 0xb0e0e980 in __GI__dl_catch_error (objname=0xd97624b8,
errstring=0xd97624c0, mallocedp=0xd97624b7, operate=,
args=) at ./elf/dl-error-skeleton.c:227
#11 0xb0e0ebf8 in dlerror_run (operate=operate@entry=0xb0e0ec54
, args=args@entry=0xd97624e8) at ./elf/dl-libc.c:45
#12 0xb0e0edf4 in __libc_dlopen_mode (name=,
mode=) at ./elf/dl-libc.c:162
#13 0xb0df2748 in module_load (module=0xb0b91fd0) at
./nss/nss_module.c:191
#14 0xb0df2c58 in __nss_module_load (module=0xb0b91fd0) at
./nss/nss_module.c:310
#15 __nss_module_get_function (module=0xb0b91fd0, name=0xb0e96780
"setpwent") at ./nss/nss_module.c:336
#16 0xb0e92834 in init_nss_interface () at nss_compat/compat-pwd.c:95
#17 init_nss_interface () at nss_compat/compat-pwd.c:91
#18 0xb0e940b0 in _nss_compat_getpwuid_r (uid=0, pwd=0x62aeb8 ,
buffer=0x1c1845b0 "8\035a", buflen=1024, errnop=0x1c1837c0) at
nss_compat/compat-pwd.c:1063
#19 0x0050aca4 in getpwuid_r ()
#20 0x0050a4e8 in getpwuid ()
#21 0x00402590 in get_current_user_info () at .././shell.c:1902
#22 0x00402adc in get_current_user_info () at .././shell.c:1937
#23 shell_initialize () at .././shell.c:1965
#24 0x00400e8c in main (argc=1, argv=0xd9762ef8, env=) at .././shell.c:580
(gdb) frame 7
#7 0xb0c9a718 in _dl_open (file=0xb0b90650 "libnss_nis.so.2",
mode=-2147483646, caller_dlopen=0xb0df2748 , nsid=-2,
argc=1, argv=0xd9762ef8, env=0xd9762f08)
at ./elf/dl-open.c:830
830 in ./elf/dl-open.c
(gdb) p (void*)_dl_load_lock
$1 = (void *) 0x0
(gdb) p _rtld_global
$2 = {_dl_ns = {{_ns_loaded = 0x0, _ns_nloaded = 0, _ns_main_searchlist = 0x0,
_ns_global_scope_alloc = 0, _ns_global_scope_pending_adds = 0, libc_map = 0x0,
_ns_unique_sym_table = {lock = {mutex = {__data = {
__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 1,
__spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' , "\001", '\000' ,
__align = 0}}, entries = 0x0, size = 0, n_elements = 0, free =
0x0}, _ns_debug = {base = {r_version = 0, r_map = 0x0, r_brk = 0, r_state =
RT_CONSISTENT, r_ldbase = 0}, r_next = 0x0}}, {
_ns_loaded = 0x0, _ns_nloaded = 0, _ns_main_searchlist = 0x0,
_ns_global_scope_alloc = 0, _ns_global_scope_pending_adds = 0, libc_map = 0x0,
_ns_unique_sym_table = {lock = {mutex = {__data = {__lock = 0,
__count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0,
__list = {__prev = 0x0, __next = 0x0}}, __size = '\000' ,
__align = 0}}, entries = 0x0, size = 0, n_elements = 0,
free = 0x0}, _ns_debug = {base = {r_version = 0, r_map = 0x0, r_brk =
0, r_state = RT_CONSISTENT, r_ldbase = 0}, r_next = 0x0}} },
_dl
