Bug#903554: libc6: segfault in ld-2.24.so when running 'xl' from Xen, only on Skylake CPUs (upstream bug BZ#22636)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#903554: libc6: segfault in ld-2.24.so when running 'xl' from Xen, only on Skylake CPUs (upstream bug BZ#22636)
From: Lucas Nussbaum <lucas@debian.org>
Date: Wed, 11 Jul 2018 11:41:17 +0200
Message-id: <[🔎] 20180711094117.zbmzs427mousurzu@xanadu.blop.info>
Reply-to: Lucas Nussbaum <lucas@debian.org>, 903554@bugs.debian.org

Package: libc6
Version: 2.24-11+deb9u3
Severity: normal

Dear Maintainer,

When I use 'xl create' or 'xl destroy' to manage Xen domUs, xl segfaults
with:

(gdb) run create /etc/xen/domU.cfg
Starting program: /usr/lib/xen-4.8/bin/xl create /etc/xen/domU.cfg
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Parsing config from /etc/xen/domU.cfg
[New Thread 0x7ffff7ff4700 (LWP 3311)]

Thread 2 "xl" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7ff4700 (LWP 3311)]
0x00007ffff7de2ff5 in _dl_lookup_symbol_x (undef_name=0x7ffff5478c63 "_Unwind_Find_FDE", undef_map=0x555555788310, 
    ref=ref@entry=0x7ffff7ff2128, symbol_scope=0x555555788668, version=0x555555788a50, type_class=type_class@entry=1, flags=5, 
    skip_map=0x0) at dl-lookup.c:833

Despite the segfault, it seems that the domU is running fine, which
might explain why this wasn't reported yet AFAIK.

In the exact same software environment, I cannot reproduce this on
pre-Skylake CPUs.

I could confirm that:
- upgrading glibc to 2.26-5 fixes the problem.
- 2.26-4 is still affected.

I looked at the changes between 2.26-4 and 2.26-5.

My initial guess was that this was BZ#22715 due to the link with
AVX-512. But backporting the fix (which is already in
release/2.24/master but not in the stretch package) did not solve the
issue.

However, backporting the fix for BZ#22636 fixed the issue (specifically
I backported
771c846a71d9ee14aa3b91fd184026482da585d9..abf2e34ee6a9cf1b7e5afddd13971754e5c5fa82
, from the release/2.25/master branch).


Could you please backport this fix to the stretch package?

Thanks!

Lucas




-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/64 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libc6 depends on:
ii  libgcc1  1:6.3.0-18+deb9u1

libc6 recommends no packages.

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]  1.5.61
pn  glibc-doc              <none>
ii  libc-l10n              2.24-11+deb9u3
ii  locales                2.24-11+deb9u3

-- debconf information:
  glibc/disable-screensaver:
  glibc/upgrade: true
  glibc/restart-failed:
  glibc/restart-services:
  glibc/kernel-not-supported:
  glibc/kernel-too-old:
  libraries/restart-without-asking: false

Reply to:

Prev by Date: Processed: Re: Bug#903389: glibc/2.27-4 appears to break unrar-free/1:0.0.1+cvs20140707-4 autopktest: different Valgrind status codes
Next by Date: Bug#903710: libc6-amd64: libc6-amd64 and libc6-x32 packages bloated to more than 1 GB (!) in recent versions
Previous by thread: [Git][glibc-team/tzdata][sid] Update French debconf translation, by Baptiste Jammet. Closes: #903425.
Next by thread: Bug#903710: libc6-amd64: libc6-amd64 and libc6-x32 packages bloated to more than 1 GB (!) in recent versions
Index(es):
- Date
- Thread