Ubuntu
ncurses package

clear crashed with SIGSEGV in __libc_start_main()

Bug #1822218 reported by bkindle
18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd
Confirmed
Undecided
Unassigned
ncurses (Ubuntu)
New
Undecided
Unassigned
snapd (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

I got this error after installing Anaconda 3.7 from their repo.

ProblemType: Crash
DistroRelease: Ubuntu 19.04
Package: ncurses-bin 6.1+20181013-2ubuntu2
ProcVersionSignature: Ubuntu 5.0.0-7.8-generic 5.0.0
Uname: Linux 5.0.0-7-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.10-0ubuntu23
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Thu Mar 28 20:59:47 2019
ExecutablePath: /usr/bin/clear
InstallationDate: Installed on 2019-03-28 (0 days ago)
InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Alpha amd64 (20190325)
LocalLibraries: /snap/core/6673/lib/x86_64-linux-gnu/libc-2.23.so
ProcCmdline: clear
SegvAnalysis:
 Segfault happened at: 0x7f30b32e98df <__libc_start_main+415>: mov 0x18(%r13),%rax
 PC (0x7f30b32e98df) ok
 source "0x18(%r13)" (0x00000018) not located in a known VMA region (needed readable region)!
 destination "%rax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: ncurses
Stacktrace:
 #0 0x00007f30b32e98df in __libc_start_main () from /snap/core/current/lib/x86_64-linux-gnu/libc.so.6
 No symbol table info available.
 #1 0x0000560c895582aa in ?? ()
 No symbol table info available.
StacktraceTop:
 __libc_start_main () from /snap/core/current/lib/x86_64-linux-gnu/libc.so.6
 ?? ()
Title: clear crashed with SIGSEGV in __libc_start_main()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
separator:

Revision history for this message
bkindle (bkindle) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 ?? ()
 ?? ()
 ?? ()
 ?? ()
 ?? ()

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
tags: added: apport-failed-retrace
tags: removed: need-amd64-retrace
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Zygmunt, I'm surprised a snap package would have this kind of trouble executing /usr/bin/clear off the host. This is probably not a security issue and probably doesn't need to be private except there's a coredump still attached to this bug. (I'm not surprised the retracers weren't useful.)

Please let me know if we should delete the coredump and make this bug public, or share the coredump with someone specific to inspect.

Thanks

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

Hello.

I'm trying to understand the problem better.

I will try to reproduce it but it would help to understand what was happening at the time it occurred. Did the reporter run the clear executable from the 19.04 system using the libc from the core snap? Was this inside a snap execution environment (inside a snap app) or was it done on the regular/classic host? In other words: how to reproduce the problem.

Changed in snapd (Ubuntu):
assignee: nobody → Zygmunt Krynicki (zyga)
status: New → In Progress
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

I can reproduce a crash in __lib_start_main on 19.04 in the following way:

/snap/core/current/lib/ld-linux.so.2 /usr/bin/clear

That is, the core snap's dynamic linker from Ubuntu 16.04 cannot invoke the clear binary from Ubuntu 19.04.

One way in which this can happen when a classically confined snap is crafted to unconditionally set LD_LIBRARY_PATH to prefer the core snap and then invokes a binary on the host. I have no proof of that but looking at the attached ProcEnviron.txt file seems to suggest this is what is happening. In that file we can see that LD_LIBRARY_PATH was set at the time of the crash.

Revision history for this message
bkindle (bkindle) wrote : Re: [Bug 1822218] Re: clear crashed with SIGSEGV in __libc_start_main()

It was with trying to install the snap via bash.

On Fri, Mar 29, 2019 at 3:25 PM Zygmunt Krynicki <
<email address hidden>> wrote:

> Hello.
>
> I'm trying to understand the problem better.
>
> I will try to reproduce it but it would help to understand what was
> happening at the time it occurred. Did the reporter run the clear
> executable from the 19.04 system using the libc from the core snap? Was
> this inside a snap execution environment (inside a snap app) or was it
> done on the regular/classic host? In other words: how to reproduce the
> problem.
>
> ** Changed in: snapd (Ubuntu)
> Assignee: (unassigned) => Zygmunt Krynicki (zyga)
>
> ** Changed in: snapd (Ubuntu)
> Status: New => In Progress
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1822218
>
> Title:
> clear crashed with SIGSEGV in __libc_start_main()
>
> Status in ncurses package in Ubuntu:
> New
> Status in snapd package in Ubuntu:
> In Progress
>
> Bug description:
> I got this error after installing Anaconda 3.7 from their repo.
>
> ProblemType: Crash
> DistroRelease: Ubuntu 19.04
> Package: ncurses-bin 6.1+20181013-2ubuntu2
> ProcVersionSignature: Ubuntu 5.0.0-7.8-generic 5.0.0
> Uname: Linux 5.0.0-7-generic x86_64
> NonfreeKernelModules: wl
> ApportVersion: 2.20.10-0ubuntu23
> Architecture: amd64
> CurrentDesktop: ubuntu:GNOME
> Date: Thu Mar 28 20:59:47 2019
> ExecutablePath: /usr/bin/clear
> InstallationDate: Installed on 2019-03-28 (0 days ago)
> InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Alpha amd64 (20190325)
> LocalLibraries: /snap/core/6673/lib/x86_64-linux-gnu/libc-2.23.so
> ProcCmdline: clear
> SegvAnalysis:
> Segfault happened at: 0x7f30b32e98df <__libc_start_main+415>:
> mov 0x18(%r13),%rax
> PC (0x7f30b32e98df) ok
> source "0x18(%r13)" (0x00000018) not located in a known VMA region
> (needed readable region)!
> destination "%rax" ok
> SegvReason: reading NULL VMA
> Signal: 11
> SourcePackage: ncurses
> Stacktrace:
> #0 0x00007f30b32e98df in __libc_start_main () from
> /snap/core/current/lib/x86_64-linux-gnu/libc.so.6
> No symbol table info available.
> #1 0x0000560c895582aa in ?? ()
> No symbol table info available.
> StacktraceTop:
> __libc_start_main () from
> /snap/core/current/lib/x86_64-linux-gnu/libc.so.6
> ?? ()
> Title: clear crashed with SIGSEGV in __libc_start_main()
> UpgradeStatus: No upgrade log present (probably fresh install)
> UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
> separator:
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/ncurses/+bug/1822218/+subscriptions
>
--
Bill Kindle

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

The process memory map shows that while one _can_ crash in the way I mentioned earlier this is likely not what has happened. In reality the 19.04 linker linked the 16.04 libc to a binary linked against 19.04 libc (without detecting any incompatibility).

/usr/bin/clear
/snap/core/6673/lib/x86_64-linux-gnu/libc-2.23.so
/usr/lib/x86_64-linux-gnu/libtinfo.so.6.1
/usr/lib/x86_64-linux-gnu/ld-2.29.so

It would suggest that the true incompatibility is in the libc, not in the dynamic linker.

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

Dear reporter: which snap were you trying to install?

Revision history for this message
bkindle (bkindle) wrote :

I think it was Fish (Shell).

On Fri, Mar 29, 2019 at 3:45 PM Zygmunt Krynicki <
<email address hidden>> wrote:

> Dear reporter: which snap were you trying to install?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1822218
>
> Title:
> clear crashed with SIGSEGV in __libc_start_main()
>
> Status in ncurses package in Ubuntu:
> New
> Status in snapd package in Ubuntu:
> In Progress
>
> Bug description:
> I got this error after installing Anaconda 3.7 from their repo.
>
> ProblemType: Crash
> DistroRelease: Ubuntu 19.04
> Package: ncurses-bin 6.1+20181013-2ubuntu2
> ProcVersionSignature: Ubuntu 5.0.0-7.8-generic 5.0.0
> Uname: Linux 5.0.0-7-generic x86_64
> NonfreeKernelModules: wl
> ApportVersion: 2.20.10-0ubuntu23
> Architecture: amd64
> CurrentDesktop: ubuntu:GNOME
> Date: Thu Mar 28 20:59:47 2019
> ExecutablePath: /usr/bin/clear
> InstallationDate: Installed on 2019-03-28 (0 days ago)
> InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Alpha amd64 (20190325)
> LocalLibraries: /snap/core/6673/lib/x86_64-linux-gnu/libc-2.23.so
> ProcCmdline: clear
> SegvAnalysis:
> Segfault happened at: 0x7f30b32e98df <__libc_start_main+415>:
> mov 0x18(%r13),%rax
> PC (0x7f30b32e98df) ok
> source "0x18(%r13)" (0x00000018) not located in a known VMA region
> (needed readable region)!
> destination "%rax" ok
> SegvReason: reading NULL VMA
> Signal: 11
> SourcePackage: ncurses
> Stacktrace:
> #0 0x00007f30b32e98df in __libc_start_main () from
> /snap/core/current/lib/x86_64-linux-gnu/libc.so.6
> No symbol table info available.
> #1 0x0000560c895582aa in ?? ()
> No symbol table info available.
> StacktraceTop:
> __libc_start_main () from
> /snap/core/current/lib/x86_64-linux-gnu/libc.so.6
> ?? ()
> Title: clear crashed with SIGSEGV in __libc_start_main()
> UpgradeStatus: No upgrade log present (probably fresh install)
> UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
> separator:
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/ncurses/+bug/1822218/+subscriptions
>
--
Bill Kindle

Marc Deslauriers (mdeslaur)
information type: Private Security → Public
Zygmunt Krynicki (zyga)
Changed in snapd (Ubuntu):
assignee: Zygmunt Krynicki (zyga) → nobody
status: In Progress → Confirmed
Changed in snapd:
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.