Package: libc6
Version: 2.40-4
Severity: serious
Control: notfound -1 2.39-7
Dear Maintainer,
in investigating the root cause for #1082751 I found that current nbdkit
built on unstable/mips64el segfaults in printf() with libc6/2.40-4 – but
not with 2.39.
,----
| nbdkit [-4|--ipv4-only] [-6|--ipv6-only]
| [-D|--debug PLUGIN|FILTER|nbdkit.FLAG=N]
| [--exit-with-parent] [-e|--exportname EXPORTNAME]
| [--filter=FILTER ...] [-f|--foreground]
| [-g|--group GROUP] [-i|--ipaddr IPADDR]
| [--log=stderr|syslog|null] [--mask-handshake=MASK]
| [-n|--newstyle] [--no-mc|--no-meta-contexts]
| [--no-sr|--no-structured-replies] [-o|--oldstyle]
| [-P|--pidfile PIDFILE] [-p|--port PORT] [--print-uri]
| [-r|--readonly] [--run 'COMMAND ARGS ...']
| [--selinux-label=LABEL] [-s|--single] [--swap]
| [-t|--threads THREADS] [--tls=off|on|require]
| [--tls-certificates=/path/to/certificates]
| [--tls-psk=/path/to/pskfile] [--tls-verify-peer]
| [-U|--unix SOCKET|-] [-u|--user USER]
| [-v|--verbose] [--vsock]
| PLUGIN [[KEY=]VALUE [KEY=VALUE [...]]]
|
| nbdkit --dump-config
|
| nbdkit PLUGIN --dump-plugin
|
| nbdkit --help
|
| nbdkit [-V|--version]
|
| Program received signal SIGSEGV, Segmentation fault.
`----
The stacktrace suggests to me that the crash happens within glibc's I/O
buffer handling; main's argc has apparently be overwritten with a
nonsensical value.
,----
| (gdb) bt
| #0 0x000000fff7c08208 in _IO_old_file_overflow (f=0xfff7c61748
<_IO_stdout_>, ch=10)
| at oldfileops.c:395
| #1 0x000000fff7af623c in __GI__IO_puts (
| str=0xaaaaac23f8 "nbdkit [-4|--ipv4-only] [-6|--ipv6-only]\n
[-D|--debug PLUGIN|FILTER|nbdkit.FLAG=N]\n [--exit-with-parent]
[-e|--exportname EXPORTNAME]\n [--filter=FILTER ...] [-f|--foreground]\n
"...) at ioputs.c:41
| #2 0x000000aaaaab29d0 in printf (__fmt=<synthetic pointer>)
| at /usr/include/mips64el-linux-gnuabi64/bits/stdio2.h:118
| #3 usage () at main.c:152
| #4 0x000000aaaaaa7560 in main (argc=-138012856, argv=0xffffffcbc8) at
main.c:556
`----
Running nbdkit from stable in an unstable chroot on eberlin leads to a
segfault in the same location, IIRC with a stacktrace that looks the
same.
I tried downgrading libc6 and related packages to 2.39-7 which had been
used in the last good build of the nbdkit package. That got rid of the
segfault. (I had to do this using qemu full-system emulation, since I'm
not aware of a way to downgrade packages in porterbox chroots.)
I tried, so far unsuccessfully, to replicate the issue with a
hello-world-style program. However, patching some printf statements to
the top of nbdkit's main function (before any explicit initialization)
also leads to a crash in those statements.
(Running under Valgrind in the porterbox chroot has so far not been
helpful – it aborts with SIGILL, this doesn't seem to have anything to
do with the issue at hand.)
If I can try anything else to help track this down, please let me know!
Cheers,
-Hilko
