[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#1003201: libc6: Upgrading to libc 2.33-1 causes lots of strange crashes

Hi Aurelien,
It's a VM running in qemu on an amd64 Debian bullseye system, no KVM acceleration to be found here.

dmesg doesn't have any backtraces - the two messages that show up are py3compile segfaulting with all the addresses printed as xxxxxxxx instead, and a couple of programs (like mandb) reporting getting a pointer of 0xfffffffffffffff1 or similar and dying in a fire.

The first ones after the upgrade:
Jan  6 01:30:39 encrepro kernel: [ 6715.078626] mandb[1903]: User access of kernel address (ffffffffffff8408) - exploit attempt? (uid: 6)
Jan  6 01:30:39 encrepro kernel: [ 6715.093977] mandb[1903]: segfault (11) at ffffffffffff8408 nip 7fffb37f5f28 lr 7fffb37f5f08 code 1 in libseccomp.so.2.5.3[7fffb37f0000+30000]
Jan  6 01:30:39 encrepro kernel: [ 6715.100149] mandb[1903]: code: fbe10078 38800000 7c7f1b78 4bffddfd e8410028 2c030000 41800030 ebe10078
Jan  6 01:30:39 encrepro kernel: [ 6715.100308] mandb[1903]: code: 38600000 38210080 60000000 e8010010 <906283f8> 7c6307b4 7c0803a6 4e800020
Jan  6 01:31:31 encrepro kernel: [ 6767.287646] reportbug[1982]: segfault (11) at 34c8 nip 34c8 lr 34c8 code 1 in python3.9[10000000+5d0000]
Jan  6 01:31:31 encrepro kernel: [ 6767.293334] reportbug[1982]: code: XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
Jan  6 01:31:31 encrepro kernel: [ 6767.293545] reportbug[1982]: code: XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX

And later:

Jan  6 01:35:30 encrepro systemd[2290]: free(): invalid pointer

and

Jan  6 01:42:53 encrepro systemd[1]: Created slice User Slice of UID 1000.
Jan  6 01:42:53 encrepro systemd[1]: Starting User Runtime Directory /run/user/1000...
Jan  6 01:42:53 encrepro systemd[1]: Finished User Runtime Directory /run/user/1000.
Jan  6 01:42:53 encrepro systemd[1]: Starting User Manager for UID 1000...
Jan  6 01:42:53 encrepro systemd[2370]: free(): invalid pointer
Jan  6 01:42:54 encrepro systemd[1]: user@1000.service: Main process exited, code=killed, status=6/ABRT
Jan  6 01:42:54 encrepro systemd[1]: user@1000.service: Failed with result 'signal'.
Jan  6 01:42:54 encrepro systemd[1]: Failed to start User Manager for UID 1000.

I've got a core dump from mandb:
https://www.dropbox.com/s/4z6bfbuluwub29r/ppc64_libc?dl=0

I don't have a stacktrace from it, though, since I didn't already have gdb on the VM, and it wants to upgrade libc to install. (I know I could go find an appropriately old section of snapshots.debian.org, but haven't done that yet...)

- Rich

On Thu, Jan 6, 2022 at 3:13 AM Aurelien Jarno <aurelien@aurel32.net> wrote:
control: tag -1 + help
control: user debian-powerpc@lists.debian.org
control: usertag -1 ppc64

On 2022-01-06 01:45, Rich Ercolani wrote:
> Package: libc6
> Version: 2.33-1
> Severity: important
> X-Debbugs-Cc: rincebrain@gmail.com
>
> Dear Maintainer,
>
> (I marked this as serious because it's "just" ppc64, but the system is permaneantly unusable if this upgrade is installed.)

I have added the powerpc list in Cc: as the ppc64 porters are the people
who can help you there.

> I booted my ppc64 VM in qemu 6.1, apt update, apt upgrade, and 20-30 packages in, it died horribly
> with Python3 packages erroring out with "Cannot get content of [whatever package]".

Is it a VM running with KVM or is it using QEMU emulation?

> Trying to log into a shell over ssh or at a tty after this happens dies with an error that flashes fast, but
> but seems to be "free(): invalid pointer"
>
> Random applications will now just crash out, in addition to the obvious. (I'm writing this from a session
> spawned before the upgrade, which can still spawn children successfully until I log out.)
>
> If I reboot after upgrading, all services fail to start on boot, and it never spawns a login prompt or rescue
> prompt, it just sits forever on a list of failed service starts.
>
> Anything that would be helpful to debug this? I have a snapshot of the VM before this began, so I can
> just roll it back and repeat the exercise.

Ideally a backtrace would help, dmesg outputs can also be useful,
however given the state of you system, they might be difficult to get.

Regards,
Aurelien

--
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net
Reply to: