[Bug libc/30037] New: glibc 2.34 and newer segfault if CPUID leaf 0x2 reports zero

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "decui at microsoft dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/30037] New: glibc 2.34 and newer segfault if CPUID leaf 0x2 reports zero
Date: Tue, 24 Jan 2023 03:48:00 +0000	[thread overview]
Message-ID: <bug-30037-131@http.sourceware.org/bugzilla/> (raw)

https://sourceware.org/bugzilla/show_bug.cgi?id=30037

            Bug ID: 30037
           Summary: glibc 2.34 and newer segfault if CPUID leaf 0x2
                    reports zero
           Product: glibc
           Version: 2.36
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: decui at microsoft dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

When I start an Intel TDX Ubuntu 22.04/22.10/23.04 (or RHEL 9.0) guest on
Hyper-V and on KVM, the guest always hits segfaults and can’t boot up:

[ 21.081453] Run /inits init process
[ 21.086896] with arguments:
[ 21.095790] /init
[ 21.100982] with environment:
[ 21.106611] HOME=/
[ 21.112463] TERM=linux
[ 21.119850] BOOT_IMAGE=/boot/vmlinuz-6.1.0-rc7-decui+
Loading, please wait...
Starting version 249.11-0ubuntu3.6
[ 21.253908] udevadm[144]: segfault at 56538d61e0c0 ip 00007f8f5899efeb sp
00007ffd08fb7648 error 6 in libc.so.6[7f8f58820000+195000] likely on CPU 0
(core 0, socket 0)
[ 21.316549] Code: 07 62 e1 7d 48 e7 4f 01 62 e1 7d 48 e7 67 40 62 e1 7d 48 e7
6f 41 62 61 7d 48 e7 87 00 20 00 00 62 61 7d 48 e7 8f 40 20 00 00 <62> 61 7d 48
e7 a7 00 30 00 00 62 61 7d 48 e7 af 40 30 00 00 48 83
Segmentation fault
[ 22.499317] setfont[153]: segfault at 55ef3b91b000 ip 00007f5899899fa4 sp
00007ffc8008f628 error 4 in libc.so.6[7f589971b000+195000] likely on CPU 0
(core 0, socket 0)
[ 22.602677] Code: 06 62 e1 fe 48 6f 4e 01 62 e1 fe 48 6f 66 40 62 e1 fe 48 6f
6e 41 62 61 fe 48 6f 86 00 20 00 00 62 61 fe 48 6f 8e 40 20 00 00 <62> 61 fe 48
6f a6 00 30 00 00 62 61 fe 48 6f ae 40 30 00 00 48 83
[ 22.732413] loadkeys[156]: segfault at 563ffe292000 ip 00007fbff957afa4 sp
00007ffe31453808 error 4 in libc.so.6[7fbff93fc000+195000] likely on CPU 0
(core 0, socket 0)
[ 22.833061] Code: 06 62 e1 fe 48 6f 4e 01 62 e1 fe 48 6f 66 40 62 e1 fe 48 6f
6e 41 62 61 fe 48 6f 86 00 20 00 00 62 61 fe 48 6f 8e 40 20 00 00 <62> 61 fe 48
6f a6 00 30 00 00 62 61 fe 48 6f ae 40 30 00 00 48 83

The segfault only happens to recent glibc versions (e.g. v2.35 in Ubuntu 22.04,
and v2.34 in RHEL 9.0). It doesn’t happens to v2.31 in Ubuntu 20.04, or v2.32
in Ubuntu 20.10.

At first I thought this is Bug 28784 - x86: crash in 32bit memset-sse2.s when
the cache size can not be determined
(https://sourceware.org/bugzilla/show_bug.cgi?id=28784), but it turns out the
fix for Bug 28784 (i.e. commit a51b76b71e8190a50b0e0c0b32f313888b930108 "x86:
use default cache size if it cannot be determined [BZ #28784]") is alredy
included into the Ubuntu distros. 

The fix for Bug 28784 is in the upstream glibc 2.35, so glibc 2.36 doesn't
suffer from Bug 28784, but I'm seeting the same segfault with 
the Ubuntu 23.04 dev build
(https://cloud-images.ubuntu.com/lunar/20230120/lunar-server-cloudimg-amd64-azure.vhd.tar.gz)
where glibc 2.36-0ubuntu4 is used (BTW, this file can confirm the fix for Bug
28784 is indeed in the glibc 2.36 code in Ubuntu 23.04:
https://git.launchpad.net/ubuntu/+source/glibc/tree/sysdeps/x86/cacheinfo.h?h=import/2.36-4#n64)


I suspect the segfault also exists in the upstream glibc 2.36 and probably
newer, but I can't confirm it because I don't know how to upgrade the glibc in
a distro (is this even possible?) so I'm opening this bug and I hope someone
can shed some light. Thanks!

-- 
You are receiving this mail because:
You are on the CC list for the bug.

next             reply	other threads:[~2023-01-24  3:48 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-24  3:48 decui at microsoft dot com [this message]
2023-01-24  4:03 ` [Bug libc/30037] " decui at microsoft dot com
2023-01-24  4:18 ` decui at microsoft dot com
2023-01-25 20:35 ` goldstein.w.n at gmail dot com
2023-01-27 18:13 ` hjl.tools at gmail dot com
2023-02-24 16:27 ` ayi at janestreet dot com
2023-02-24 16:29 ` ayi at janestreet dot com
2023-03-13 12:16 ` ioanna.alifieraki at gmail dot com
2023-03-13 17:59 ` fweimer at redhat dot com
2023-07-17  7:29 ` fweimer at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-30037-131@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=glibc-bugs@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).