We are getting a segmentation fault: Segmentation fault make[2]: Leaving directory '/home/glibc/nptl' FAIL: nptl/tst-pthread_kill-exited original exit status 139 Didn't expect signal from child: got `Segmentation fault' This issue is coming from the following commit: commit 3e1d8d1d1dca24ae90df2ea826a8916896fc7e77 (HEAD, refs/bisect/bad) Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Aug 13 21:08:49 2024 -0400 ungetc: Fix backup buffer leak on program exit [BZ #27821] Note: This error occurs in the 32-bit version. We do not see it on 64-bit PowerPC.
The issue occurs because it tries to free an invalid address: Breakpoint 4, __GI__IO_free_wbackup_area (fp=fp@entry=0xff00e58 <_IO_stderr_@GLIBC_2.0>) at wgenops.c:417 417 if (_IO_in_backup (fp)) (gdb) n 418 _IO_switch_to_main_wget_area (fp); /* Just in case. */ (gdb) 419 free (fp->_wide_data->_IO_save_base); (gdb) p fp $1 = (FILE *) 0xff00e58 <_IO_stderr_@GLIBC_2.0> (gdb) p fp->_wide_data $2 = (struct _IO_wide_data *) 0xff00eef <_IO_stdout_@GLIBC_2.0+71> (gdb) p fp->_wide_data->_IO_save_base $3 = 0x63000000 <error: Cannot access memory at address 0x63000000> (gdb) bt #0 __GI__IO_free_wbackup_area (fp=fp@entry=0xff00e58 <_IO_stderr_@GLIBC_2.0>) at wgenops.c:419 #1 0x0fd4f7c4 in _IO_unbuffer_all () at genops.c:823 #2 _IO_cleanup () at genops.c:885 #3 0x0fcff3a0 in __run_exit_handlers (status=0, listp=0xff00f34 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:139 #4 0x0fcff410 in __GI_exit (status=<optimized out>) at exit.c:148 #5 0x0fcdbef8 in __libc_start_call_main (main=main@entry=0x10000d00 <main>, argc=argc@entry=2, argv=argv@entry=0xfffef274, auxvec=auxvec@entry=0xfffef2f4) at ../sysdeps/nptl/libc_start_call_main.h:74 #6 0x0fcdc130 in generic_start_main (init=0x0, fini=0x0, stack_end=<optimized out>, rtld_fini=<optimized out>, auxvec=0xfffef2f4, argv=0xfffef274, argc=<optimized out>, main=0x10000d00 <main>) at ../csu/libc-start.c:360 #7 __libc_start_main_impl (argc=<optimized out>, argv=0xfffef274, ev=<optimized out>, auxvec=0xfffef2f4, rtld_fini=<optimized out>, stinfo=<optimized out>, stack_on_entry=<optimized out>) at ../sysdeps/unix/sysv/linux/powerpc/libc-start.c:115 #8 0x00000000 in ?? ()
Which test is this backtrace from? It seems odd that _IO_save_base is invalid, maybe it's left uninitialized somewhere. Could you run this under valgrind? That should give more information.
I see a crash under valgrind on i386: # bash testrun.sh --tool=valgrind libio/tst-stderr-compat ==238413== Memcheck, a memory error detector ==238413== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. ==238413== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info ==238413== Command: /root/build/elf/ld-linux.so.2 --library-path /root/build:/root/build/math:/root/build/elf:/root/build/dlfcn:/root/build/nss:/root/build/nis:/root/build/rt:/root/build/resolv:/root/build/mathvec:/root/build/support:/root/build/nptl libio/tst-stderr-compat ==238413== ==238415== ==238415== HEAP SUMMARY: ==238415== in use at exit: 0 bytes in 0 blocks ==238415== total heap usage: 0 allocs, 0 frees, 0 bytes allocated ==238415== ==238415== All heap blocks were freed -- no leaks are possible ==238415== ==238415== For lists of detected and suppressed errors, rerun with: -s ==238415== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) ==238413== Invalid read of size 4 ==238413== at 0x489A573: _IO_unbuffer_all (genops.c:822) ==238413== by 0x489A573: _IO_cleanup (genops.c:885) ==238413== by 0x4857B95: __run_exit_handlers (exit.c:139) ==238413== by 0x4857C10: exit (exit.c:148) ==238413== by 0x4840934: (below main) (libc_start_call_main.h:74) ==238413== Address 0x24 is not stack'd, malloc'd or (recently) free'd ==238413== ==238413== ==238413== Process terminating with default action of signal 11 (SIGSEGV) ==238413== Access not within mapped region at address 0x24 ==238413== at 0x489A573: _IO_unbuffer_all (genops.c:822) ==238413== by 0x489A573: _IO_cleanup (genops.c:885) ==238413== by 0x4857B95: __run_exit_handlers (exit.c:139) ==238413== by 0x4857C10: exit (exit.c:148) ==238413== by 0x4840934: (below main) (libc_start_call_main.h:74) ==238413== If you believe this happened as a result of a stack ==238413== overflow in your program's main thread (unlikely but ==238413== possible), you can try to increase the size of the ==238413== main thread stack using the --main-stacksize= flag. ==238413== The main thread stack size used in this run was 8388608. ==238413== ==238413== HEAP SUMMARY: ==238413== in use at exit: 0 bytes in 0 blocks ==238413== total heap usage: 0 allocs, 0 frees, 0 bytes allocated ==238413== ==238413== All heap blocks were freed -- no leaks are possible ==238413== ==238413== For lists of detected and suppressed errors, rerun with: -s ==238413== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) Segmentation fault (core dumped) It's likely that the new code does not take into account that the _wide_data, _mode fields only exist in struct _IO_FILE_complete, not struct _IO_FILE, for targets that support the GLIBC_2.0 ABI. _IO_unbuffer_all already uses the legacy flag to indicate that it is working on such a stream, but the newly added code does not use it.
The master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ae4d44b1d501421ad9a3af95279b8f4d1546f1ce commit ae4d44b1d501421ad9a3af95279b8f4d1546f1ce Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 3 14:58:33 2024 -0400 libio: Attempt wide backup free only for non-legacy code _wide_data and _mode are not available in legacy code, so do not attempt to free the wide backup buffer in legacy code. Resolves: BZ #32137 and BZ #27821 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Florian Weimer <fweimer@redhat.com>
@jeevitha, can you please confirm that this fixes the issues you're seeing? I was able to validate on i686 that it resolved what Florian was seeing under valgrind and ISTM it should fix these failing tests on powerpc32 as well.
@Siddhesh Poyarekar, Confirmed, the fix works for me on PowerPC32 as well. Thanks!
Thanks, fixed then.
The release/2.38/master branch has been updated by Florian Weimer <fw@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=370be858928c2c537c112859ccd54cd1b0d56715 commit 370be858928c2c537c112859ccd54cd1b0d56715 Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 3 14:58:33 2024 -0400 libio: Attempt wide backup free only for non-legacy code _wide_data and _mode are not available in legacy code, so do not attempt to free the wide backup buffer in legacy code. Resolves: BZ #32137 and BZ #27821 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit ae4d44b1d501421ad9a3af95279b8f4d1546f1ce)
The release/2.39/master branch has been updated by Florian Weimer <fw@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=84f6bfce2c37e32b9888321fc3131ffbbe6deeba commit 84f6bfce2c37e32b9888321fc3131ffbbe6deeba Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 3 14:58:33 2024 -0400 libio: Attempt wide backup free only for non-legacy code _wide_data and _mode are not available in legacy code, so do not attempt to free the wide backup buffer in legacy code. Resolves: BZ #32137 and BZ #27821 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit ae4d44b1d501421ad9a3af95279b8f4d1546f1ce)
The release/2.40/master branch has been updated by Florian Weimer <fw@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7073164add3b874cf0c19ca0fb84236f6bb0985d commit 7073164add3b874cf0c19ca0fb84236f6bb0985d Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 3 14:58:33 2024 -0400 libio: Attempt wide backup free only for non-legacy code _wide_data and _mode are not available in legacy code, so do not attempt to free the wide backup buffer in legacy code. Resolves: BZ #32137 and BZ #27821 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit ae4d44b1d501421ad9a3af95279b8f4d1546f1ce)
The release/2.37/master branch has been updated by Florian Weimer <fw@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0141e7c794afc0404d3bf6fd0771a324ccb8a81c commit 0141e7c794afc0404d3bf6fd0771a324ccb8a81c Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 3 14:58:33 2024 -0400 libio: Attempt wide backup free only for non-legacy code _wide_data and _mode are not available in legacy code, so do not attempt to free the wide backup buffer in legacy code. Resolves: BZ #32137 and BZ #27821 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit ae4d44b1d501421ad9a3af95279b8f4d1546f1ce)
The release/2.36/master branch has been updated by Florian Weimer <fw@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=485b2a773d19fe551a9e692c804d0a13b1355396 commit 485b2a773d19fe551a9e692c804d0a13b1355396 Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 3 14:58:33 2024 -0400 libio: Attempt wide backup free only for non-legacy code _wide_data and _mode are not available in legacy code, so do not attempt to free the wide backup buffer in legacy code. Resolves: BZ #32137 and BZ #27821 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit ae4d44b1d501421ad9a3af95279b8f4d1546f1ce)
The release/2.34/master branch has been updated by Florian Weimer <fw@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ea5a709924503bc55767accf13102807faa19da0 commit ea5a709924503bc55767accf13102807faa19da0 Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 3 14:58:33 2024 -0400 libio: Attempt wide backup free only for non-legacy code _wide_data and _mode are not available in legacy code, so do not attempt to free the wide backup buffer in legacy code. Resolves: BZ #32137 and BZ #27821 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit ae4d44b1d501421ad9a3af95279b8f4d1546f1ce)
The release/2.35/master branch has been updated by Florian Weimer <fw@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=37214df5f103f4075cf0a79a227e70f3e064701c commit 37214df5f103f4075cf0a79a227e70f3e064701c Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 3 14:58:33 2024 -0400 libio: Attempt wide backup free only for non-legacy code _wide_data and _mode are not available in legacy code, so do not attempt to free the wide backup buffer in legacy code. Resolves: BZ #32137 and BZ #27821 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit ae4d44b1d501421ad9a3af95279b8f4d1546f1ce)