Package: libc6
Version: 2.38-7+gl0
Severity: normal
X-Debbugs-Cc: jingyuanli...@google.com
Dear Maintainer,
The issue happened in a containerized context - the system information
extracted below doesn't apply.
If you speak Docker, the build below is a reproduction of the issue; otherwise,
just skip this.
```
FROM debian:bookworm-slim AS bash
RUN apt-get update && apt-get install -y --no-install-recommends
--no-install-suggests bash-static
FROM
gcr.io/distroless/base-debian12@sha256:6ae5fe659f28c6afe9cc2903aebc78a5c6ad3aaa3d9d0369760ac6aaea2529c8
COPY --from=bash /bin/bash-static /bin/bash
ENTRYPOINT ["/bin/bash"]
```
We're building containers by pulling certain packages / binaries from Debian
without the full package manager. For this particular container, we've taken
libc6 and bash-static plus a few more, but not all (and far from all) packages
that would be seen on a regular system, and we execute bash-static inside the
container. Recently, we found bash-static fails execution in recently built
containers immediately at startup, on ARM (aarch64) only (works on amd64,
didn't test other architectures), with SIGSEGV at startup. The ARM chip is an
Ampere Altra. Upon investigation, we found it started failing since libc6 was
bumped from 2.36-9+deb12u7 to 2.36-9+deb12u8, with bash-static not changed at
5.2.15-2+b7. Tracing the crash, it shows:
```
(gdb) bt
#0 0x00000000004e400c in kill ()
#1 0x0000000000452ab0 in kill_shell (sig=sig@entry=11) at .././sig.c:643
#2 0x0000000000452c34 in termsig_handler (sig=11) at .././sig.c:624
#3 0x0000000000452e60 in termsig_handler (sig=<optimized out>) at
.././sig.c:581
#4 termsig_sighandler (sig=<optimized out>) at .././sig.c:558
#5 <signal handler called>
#6 0x0000000000000000 in ?? ()
#7 0x0000ffffb0c9a718 in _dl_open (file=0xffffb0b90650 "libnss_nis.so.2",
mode=-2147483646, caller_dlopen=0xffffb0df2748 <module_load+152>, nsid=-2,
argc=1, argv=0xffffd9762ef8, env=0xffffd9762f08)
at ./elf/dl-open.c:830
#8 0x0000ffffb0e0eca0 in do_dlopen (ptr=ptr@entry=0xffffd97624e8) at
./elf/dl-libc.c:95
#9 0x0000ffffb0e0e8bc in __GI__dl_catch_exception
(exception=exception@entry=0xffffd9762470, operate=0xffffb0e0ec54 <do_dlopen>,
args=0xffffd97624e8) at ./elf/dl-error-skeleton.c:208
#10 0x0000ffffb0e0e980 in __GI__dl_catch_error (objname=0xffffd97624b8,
errstring=0xffffd97624c0, mallocedp=0xffffd97624b7, operate=<optimized out>,
args=<optimized out>) at ./elf/dl-error-skeleton.c:227
#11 0x0000ffffb0e0ebf8 in dlerror_run (operate=operate@entry=0xffffb0e0ec54
<do_dlopen>, args=args@entry=0xffffd97624e8) at ./elf/dl-libc.c:45
#12 0x0000ffffb0e0edf4 in __libc_dlopen_mode (name=<optimized out>,
mode=<optimized out>) at ./elf/dl-libc.c:162
#13 0x0000ffffb0df2748 in module_load (module=0xffffb0b91fd0) at
./nss/nss_module.c:191
#14 0x0000ffffb0df2c58 in __nss_module_load (module=0xffffb0b91fd0) at
./nss/nss_module.c:310
#15 __nss_module_get_function (module=0xffffb0b91fd0, name=0xffffb0e96780
"setpwent") at ./nss/nss_module.c:336
#16 0x0000ffffb0e92834 in init_nss_interface () at nss_compat/compat-pwd.c:95
#17 init_nss_interface () at nss_compat/compat-pwd.c:91
#18 0x0000ffffb0e940b0 in _nss_compat_getpwuid_r (uid=0, pwd=0x62aeb8 <resbuf>,
buffer=0x1c1845b0 "8\035a", buflen=1024, errnop=0x1c1837c0) at
nss_compat/compat-pwd.c:1063
#19 0x000000000050aca4 in getpwuid_r ()
#20 0x000000000050a4e8 in getpwuid ()
#21 0x0000000000402590 in get_current_user_info () at .././shell.c:1902
#22 0x0000000000402adc in get_current_user_info () at .././shell.c:1937
#23 shell_initialize () at .././shell.c:1965
#24 0x0000000000400e8c in main (argc=1, argv=0xffffd9762ef8, env=<optimized
out>) at .././shell.c:580
(gdb) frame 7
#7 0x0000ffffb0c9a718 in _dl_open (file=0xffffb0b90650 "libnss_nis.so.2",
mode=-2147483646, caller_dlopen=0xffffb0df2748 <module_load+152>, nsid=-2,
argc=1, argv=0xffffd9762ef8, env=0xffffd9762f08)
at ./elf/dl-open.c:830
830 in ./elf/dl-open.c
(gdb) p (void*)_dl_load_lock
$1 = (void *) 0x0
(gdb) p _rtld_global
$2 = {_dl_ns = {{_ns_loaded = 0x0, _ns_nloaded = 0, _ns_main_searchlist = 0x0,
_ns_global_scope_alloc = 0, _ns_global_scope_pending_adds = 0, libc_map = 0x0,
_ns_unique_sym_table = {lock = {mutex = {__data = {
__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 1,
__spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats
16 times>, "\001", '\000' <repeats 30 times>,
__align = 0}}, entries = 0x0, size = 0, n_elements = 0, free =
0x0}, _ns_debug = {base = {r_version = 0, r_map = 0x0, r_brk = 0, r_state =
RT_CONSISTENT, r_ldbase = 0}, r_next = 0x0}}, {
_ns_loaded = 0x0, _ns_nloaded = 0, _ns_main_searchlist = 0x0,
_ns_global_scope_alloc = 0, _ns_global_scope_pending_adds = 0, libc_map = 0x0,
_ns_unique_sym_table = {lock = {mutex = {__data = {__lock = 0,
__count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0,
__list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 47 times>,
__align = 0}}, entries = 0x0, size = 0, n_elements = 0,
free = 0x0}, _ns_debug = {base = {r_version = 0, r_map = 0x0, r_brk =
0, r_state = RT_CONSISTENT, r_ldbase = 0}, r_next = 0x0}} <repeats 15 times>},
_dl_nns = 1, _dl_load_lock = {mutex = {__data = {
__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 1, __spins
= 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 16
times>, "\001", '\000' <repeats 30 times>, __align = 0}},
_dl_load_write_lock = {mutex = {__data = {__lock = 0, __count = 0, __owner =
0, __nusers = 0, __kind = 1, __spins = 0, __list = {__prev = 0x0, __next =
0x0}},
__size = '\000' <repeats 16 times>, "\001", '\000' <repeats 30 times>,
__align = 0}}, _dl_load_tls_lock = {mutex = {__data = {__lock = 0, __count = 0,
__owner = 0, __nusers = 0, __kind = 1, __spins = 0,
__list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 16
times>, "\001", '\000' <repeats 30 times>, __align = 0}}, _dl_load_adds = 0,
_dl_initfirst = 0x0, _dl_profile_map = 0x0,
_dl_num_relocations = 0, _dl_num_cache_relocations = 0, _dl_all_dirs = 0x0,
_dl_rtld_map = {l_addr = 0, l_name = 0x0, l_ld = 0x0, l_next = 0x0, l_prev =
0x0, l_real = 0x0, l_ns = 0, l_libname = 0x0, l_info = {
0x0 <repeats 86 times>}, l_phdr = 0x0, l_entry = 0, l_phnum = 0, l_ldnum
= 0, l_searchlist = {r_list = 0x0, r_nlist = 0}, l_symbolic_searchlist =
{r_list = 0x0, r_nlist = 0}, l_loader = 0x0,
l_versions = 0x0, l_nversions = 0, l_nbuckets = 0, l_gnu_bitmask_idxbits =
0, l_gnu_shift = 0, l_gnu_bitmask = 0x0, {l_gnu_buckets = 0x0, l_chain = 0x0},
{l_gnu_chain_zero = 0x0, l_buckets = 0x0},
l_direct_opencount = 0, l_type = lt_executable, l_dt_relr_ref = 0,
l_relocated = 0, l_init_called = 0, l_global = 0, l_reserved = 0, l_main_map =
0, l_visited = 0, l_map_used = 0, l_map_done = 0,
l_phdr_allocated = 0, l_soname_added = 0, l_faked = 0, l_need_tls_init = 0,
l_auditing = 0, l_audit_any_plt = 0, l_removed = 0, l_contiguous = 0,
l_free_initfini = 0, l_ld_readonly = 0,
l_find_object_processed = 0, l_nodelete_active = false, l_nodelete_pending
= false, l_1_needed = 0, l_rpath_dirs = {dirs = 0x0, malloced = 0},
l_reloc_result = 0x0, l_versyms = 0x0, l_origin = 0x0,
l_map_start = 0, l_map_end = 0, l_text_end = 0, l_scope_mem = {0x0, 0x0,
0x0, 0x0}, l_scope_max = 0, l_scope = 0x0, l_local_scope = {0x0, 0x0},
l_file_id = {dev = 0, ino = 0}, l_runpath_dirs = {dirs = 0x0,
malloced = 0}, l_initfini = 0x0, l_init_called_next = 0x0, l_reldeps =
0x0, l_reldepsmax = 0, l_used = 0, l_feature_1 = 0, l_flags_1 = 0, l_flags = 0,
l_idx = 0, l_mach = {plt = 0, tlsdesc_table = 0x0,
bti_fail = false}, l_lookup_cache = {sym = 0x0, type_class = 0, value =
0x0, ret = 0x0}, l_tls_initimage = 0x0, l_tls_initimage_size = 0,
l_tls_blocksize = 0, l_tls_align = 0, l_tls_firstbyte_offset = 0,
l_tls_offset = 0, l_tls_modid = 0, l_tls_dtor_count = 0, l_relro_addr = 0,
l_relro_size = 0, l_serial = 0}, _dl_rtld_auditstate = {{cookie = 0, bindflags
= 0} <repeats 16 times>}, _dl_stack_flags = 6,
_dl_tls_dtv_gaps = false, _dl_tls_max_dtv_idx = 0, _dl_tls_dtv_slotinfo_list
= 0x0, _dl_tls_static_nelem = 0, _dl_tls_static_used = 0,
_dl_tls_static_optional = 0, _dl_initial_dtv = 0x0,
_dl_tls_generation = 0, _dl_scope_free_list = 0x0, _dl_stack_used = {next =
0x0, prev = 0x0}, _dl_stack_user = {next = 0x0, prev = 0x0}, _dl_stack_cache =
{next = 0x0, prev = 0x0}, _dl_stack_cache_actsize = 0,
_dl_in_flight_stack = 0, _dl_stack_cache_lock = 0}
(gdb) info locals
args = {file = 0x400280 <_init> "\037 \003\325\375{\277\251\375\003", mode =
-646569360, caller_dlopen = 0xffffb0d5a228 <_IO_str_init_static_internal+68>,
map = 0xffffb0b90644, nsid = 0,
original_global_scope_pending_adds = 3648397984, libc_already_loaded = 255,
worker_continue = 255, argc = -1328203540, argv = 0xf, env = 0xf}
exception = {objname = 0x1c183740 "\260[b", errstring = 0x0, message_buffer =
0xffffd9762870 ""}
errcode = <optimized out>
__PRETTY_FUNCTION__ = "_dl_open"
(gdb)
```
I'm not familiar with glibc code so I don't know how to interpret this, but I
noticed that 2.36-9+deb12u8 introduced several ARM changes. I wonder if they
could be related?
Thanks.
-- System Information:
Debian Release: rodete
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.9.10-1rodete5-amd64 (SMP w/128 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libc6 depends on:
ii libgcc-s1 14-20240201-3
Versions of packages libc6 recommends:
ii libidn2-0 2.3.7-2
Versions of packages libc6 suggests:
ii debconf [debconf-2.0] 1.5.86
pn glibc-doc <none>
ii libc-l10n 2.38-7+gl0
pn libnss-nis <none>
pn libnss-nisplus <none>
ii locales 2.38-7+gl0
-- debconf information excluded
