Debian Bug report logs - #1021109
bash: non existent locale crashes bash

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Kan-Ru Chen <koster@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libc6: nonexistent locale crashes programs (for example, bash, gdb, ...)

Date: Sat, 01 Oct 2022 21:01:52 +0900

Package: libc6
Version: 2.35-1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: koster@debian.org

Dear maintainer,

After upgrading to libc6 2.35-1 (or 2.36-1 in experimental), nonexistent locale setting
starts to crash the system.

This is dangerous because a remote system might not always have the same locale installed.
An auto update will soft-brick the system unless the sysadmin knows to set their LC_ALL=POSIX
before attempting to ssh.

Steps to reproduce:

From a clean installed Debian sid, upgrade to libc6 2.35-1.
Only install C locale and en_US.UTF-8.

$ LC_ALL=ja_JP.UTF-8 bash
bash: warning: setlocale: LC_ALL: cannot change locale (ja_JP.UTF-8)
Segmentation fault (core dumped)

$ LC_ALL=ja_JP.UTF-8 gdb bash

Fatal signal: Segmentation fault
----- Backtrace -----
0x55ed3e1e8dcf ???
0x55ed3e2df312 ???
0x55ed3e2df488 ???
0x7f0b4a39ba9f ???
0x7f0b4b412204 _rl_init_locale
0x7f0b4b4122f1 _rl_init_eightbit
0x7f0b4b3f10f2 rl_initialize
... snip ...

Downgrade to 2.34-8 seems also don't fix the issue, probably some locale
state was invalidated when upgrading.

Thanks,
Kan-Ru


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.19.0-2-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libc6 depends on:
ii  libgcc-s1  12.2.0-3

Versions of packages libc6 recommends:
ii  libidn2-0  2.3.3-1+b1

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]  1.5.79
pn  glibc-doc              <none>
ii  libc-l10n              2.35-1
pn  libnss-nis             <none>
pn  libnss-nisplus         <none>
ii  locales                2.35-1

-- debconf information:
  glibc/kernel-too-old:
  glibc/restart-failed:
  glibc/disable-screensaver:
  glibc/upgrade: true
* libraries/restart-without-asking: false
* glibc/restart-services: cron
  glibc/kernel-not-supported:

Message #10 received at 1021062@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>

To: Kan-Ru Chen <koster@debian.org>, 1021062@bugs.debian.org

Cc: bash@packages.debian.org

Subject: Re: Bug#1021062: libc6: nonexistent locale crashes programs (for example, bash, gdb, ...)

Date: Sat, 1 Oct 2022 18:56:15 +0200

control: reassign -1 bash
control: found -1 bash/5.2-1

Hi,

On 2022-10-01 21:01, Kan-Ru Chen wrote:
> Package: libc6
> Version: 2.35-1
> Severity: grave
> Justification: renders package unusable
> X-Debbugs-Cc: koster@debian.org
> 
> Dear maintainer,
> 
> After upgrading to libc6 2.35-1 (or 2.36-1 in experimental), nonexistent locale setting
> starts to crash the system.
> 
> This is dangerous because a remote system might not always have the same locale installed.
> An auto update will soft-brick the system unless the sysadmin knows to set their LC_ALL=POSIX
> before attempting to ssh.
> 
> Steps to reproduce:
> 
> >From a clean installed Debian sid, upgrade to libc6 2.35-1.
> Only install C locale and en_US.UTF-8.
> 
> $ LC_ALL=ja_JP.UTF-8 bash
> bash: warning: setlocale: LC_ALL: cannot change locale (ja_JP.UTF-8)
> Segmentation fault (core dumped)
> 
> $ LC_ALL=ja_JP.UTF-8 gdb bash
> 
> Fatal signal: Segmentation fault
> ----- Backtrace -----
> 0x55ed3e1e8dcf ???
> 0x55ed3e2df312 ???
> 0x55ed3e2df488 ???
> 0x7f0b4a39ba9f ???
> 0x7f0b4b412204 _rl_init_locale
> 0x7f0b4b4122f1 _rl_init_eightbit
> 0x7f0b4b3f10f2 rl_initialize
> ... snip ...

FYI, this is the full backtrace with the debug packages installed:

#0  0x00007f8079d0ccc7 in __GI_kill () at ../sysdeps/unix/syscall-template.S:120
#1  0x0000559be26519c9 in termsig_handler (sig=11) at .././sig.c:625
#2  0x0000559be2651c21 in termsig_handler (sig=<optimized out>) at .././sig.c:492
#3  termsig_sighandler (sig=<optimized out>) at .././sig.c:547
#4  <signal handler called>
#5  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74
#6  0x0000559be26b8682 in _rl_init_locale () at ../../.././lib/readline/nls.c:150
#7  0x0000559be26b8772 in _rl_init_eightbit () at ../../.././lib/readline/nls.c:227
#8  0x0000559be269766e in readline_initialize_everything () at ../../.././lib/readline/readline.c:1292
#9  rl_initialize () at ../../.././lib/readline/readline.c:1183
#10 0x0000559be2662b05 in initialize_readline () at .././bashline.c:522
#11 0x0000559be26040a5 in yy_readline_get () at /usr/local/src/chet/src/bash/src/parse.y:1514
#12 0x0000559be2606aa1 in yy_getc () at /usr/local/src/chet/src/bash/src/parse.y:1462
#13 shell_getc (remove_quoted_newline=remove_quoted_newline@entry=1) at /usr/local/src/chet/src/bash/src/parse.y:2393
#14 0x0000559be2608eeb in read_token (command=0) at /usr/local/src/chet/src/bash/src/parse.y:3400
#15 0x0000559be260d05b in yylex () at /usr/local/src/chet/src/bash/src/parse.y:2890
#16 yyparse () at ./build-bash/y.tab.c:1854
#17 0x0000559be2603586 in parse_command () at .././eval.c:348
#18 0x0000559be2603714 in read_command () at .././eval.c:392
#19 0x0000559be26038c6 in reader_loop () at .././eval.c:139
#20 0x0000559be26023b5 in main (argc=1, argv=0x7ffe3da22078, env=0x7ffe3da22088) at .././shell.c:833

So the problem is that _rl_init_locale (from bash) calls strlen(NULL).

> Downgrade to 2.34-8 seems also don't fix the issue, probably some locale
> state was invalidated when upgrading.

This is because you upgraded other packages than glibc (here bash), and the bug
is not in glibc. Downgrading bash fixes the issue. Reassigning the bug.

Regards
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

Message #23 received at 1021062@bugs.debian.org (full text, mbox, reply):

From: "Kan-Ru Chen" <koster@debian.org>

To: control@bugs.debian.org

Cc: "Aurelien Jarno" <aurelien@aurel32.net>, 1021062@bugs.debian.org

Subject: Re: Bug#1021062: libc6: nonexistent locale crashes programs (for example, bash, gdb, ...)

Date: Sun, 02 Oct 2022 07:27:38 +0900

reassign 1021062 libreadline8
found 1021062 libreadline8/8.2-1
thanks

On Sun, Oct 2, 2022, at 1:56 AM, Aurelien Jarno wrote:
> control: reassign -1 bash
> control: found -1 bash/5.2-1
>
> Hi,
>
> On 2022-10-01 21:01, Kan-Ru Chen wrote:
>> Package: libc6
>> Version: 2.35-1
>> Severity: grave
>> Justification: renders package unusable
>> X-Debbugs-Cc: koster@debian.org
>> 
>> Dear maintainer,
>> 
>> After upgrading to libc6 2.35-1 (or 2.36-1 in experimental), nonexistent locale setting
>> starts to crash the system.
>> 
>> This is dangerous because a remote system might not always have the same locale installed.
>> An auto update will soft-brick the system unless the sysadmin knows to set their LC_ALL=POSIX
>> before attempting to ssh.
>> 
>> Steps to reproduce:
>> 
>> >From a clean installed Debian sid, upgrade to libc6 2.35-1.
>> Only install C locale and en_US.UTF-8.
>> 
>> $ LC_ALL=ja_JP.UTF-8 bash
>> bash: warning: setlocale: LC_ALL: cannot change locale (ja_JP.UTF-8)
>> Segmentation fault (core dumped)
>> 
>> $ LC_ALL=ja_JP.UTF-8 gdb bash
>> 
>> Fatal signal: Segmentation fault
>> ----- Backtrace -----
>> 0x55ed3e1e8dcf ???
>> 0x55ed3e2df312 ???
>> 0x55ed3e2df488 ???
>> 0x7f0b4a39ba9f ???
>> 0x7f0b4b412204 _rl_init_locale
>> 0x7f0b4b4122f1 _rl_init_eightbit
>> 0x7f0b4b3f10f2 rl_initialize
>> ... snip ...
>
> FYI, this is the full backtrace with the debug packages installed:
>
> #0  0x00007f8079d0ccc7 in __GI_kill () at 
> ../sysdeps/unix/syscall-template.S:120
> #1  0x0000559be26519c9 in termsig_handler (sig=11) at .././sig.c:625
> #2  0x0000559be2651c21 in termsig_handler (sig=<optimized out>) at 
> .././sig.c:492
> #3  termsig_sighandler (sig=<optimized out>) at .././sig.c:547
> #4  <signal handler called>
> #5  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74
> #6  0x0000559be26b8682 in _rl_init_locale () at 
> ../../.././lib/readline/nls.c:150
> #7  0x0000559be26b8772 in _rl_init_eightbit () at 
> ../../.././lib/readline/nls.c:227
> #8  0x0000559be269766e in readline_initialize_everything () at 
> ../../.././lib/readline/readline.c:1292
> #9  rl_initialize () at ../../.././lib/readline/readline.c:1183
> #10 0x0000559be2662b05 in initialize_readline () at .././bashline.c:522
> #11 0x0000559be26040a5 in yy_readline_get () at 
> /usr/local/src/chet/src/bash/src/parse.y:1514
> #12 0x0000559be2606aa1 in yy_getc () at 
> /usr/local/src/chet/src/bash/src/parse.y:1462
> #13 shell_getc (remove_quoted_newline=remove_quoted_newline@entry=1) at 
> /usr/local/src/chet/src/bash/src/parse.y:2393
> #14 0x0000559be2608eeb in read_token (command=0) at 
> /usr/local/src/chet/src/bash/src/parse.y:3400
> #15 0x0000559be260d05b in yylex () at 
> /usr/local/src/chet/src/bash/src/parse.y:2890
> #16 yyparse () at ./build-bash/y.tab.c:1854
> #17 0x0000559be2603586 in parse_command () at .././eval.c:348
> #18 0x0000559be2603714 in read_command () at .././eval.c:392
> #19 0x0000559be26038c6 in reader_loop () at .././eval.c:139
> #20 0x0000559be26023b5 in main (argc=1, argv=0x7ffe3da22078, 
> env=0x7ffe3da22088) at .././shell.c:833
>
> So the problem is that _rl_init_locale (from bash) calls strlen(NULL).
>
>> Downgrade to 2.34-8 seems also don't fix the issue, probably some locale
>> state was invalidated when upgrading.
>
> This is because you upgraded other packages than glibc (here bash), and the bug
> is not in glibc. Downgrading bash fixes the issue. Reassigning the bug.

Thanks!

That explains why not all programs crash like this. The common library they used is
libreadline and I confirmed downgrade libreadline8 to 8.2~rc2-2 fixed the issue.
Reassigning to libreadline8.

-- 
Kan-Ru Chen
Debian Developer

Message #34 received at 1021062@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurel32@debian.org>

To: Kan-Ru Chen <koster@debian.org>

Cc: 1021062@bugs.debian.org

Subject: Re: Bug#1021062: libc6: nonexistent locale crashes programs (for example, bash, gdb, ...)

Date: Sun, 2 Oct 2022 10:49:32 +0200

control: clone 1021062 -1
control: reassign -1 bash
control: found -1 bash/5.2-1

Hi,

On 2022-10-02 07:27, Kan-Ru Chen wrote:
> reassign 1021062 libreadline8
> found 1021062 libreadline8/8.2-1
> thanks
> 
> On Sun, Oct 2, 2022, at 1:56 AM, Aurelien Jarno wrote:
> > control: reassign -1 bash
> > control: found -1 bash/5.2-1
> >
> > Hi,
> >
> > On 2022-10-01 21:01, Kan-Ru Chen wrote:
> >> Package: libc6
> >> Version: 2.35-1
> >> Severity: grave
> >> Justification: renders package unusable
> >> X-Debbugs-Cc: koster@debian.org
> >> 
> >> Dear maintainer,
> >> 
> >> After upgrading to libc6 2.35-1 (or 2.36-1 in experimental), nonexistent locale setting
> >> starts to crash the system.
> >> 
> >> This is dangerous because a remote system might not always have the same locale installed.
> >> An auto update will soft-brick the system unless the sysadmin knows to set their LC_ALL=POSIX
> >> before attempting to ssh.
> >> 
> >> Steps to reproduce:
> >> 
> >> >From a clean installed Debian sid, upgrade to libc6 2.35-1.
> >> Only install C locale and en_US.UTF-8.
> >> 
> >> $ LC_ALL=ja_JP.UTF-8 bash
> >> bash: warning: setlocale: LC_ALL: cannot change locale (ja_JP.UTF-8)
> >> Segmentation fault (core dumped)
> >> 
> >> $ LC_ALL=ja_JP.UTF-8 gdb bash
> >> 
> >> Fatal signal: Segmentation fault
> >> ----- Backtrace -----
> >> 0x55ed3e1e8dcf ???
> >> 0x55ed3e2df312 ???
> >> 0x55ed3e2df488 ???
> >> 0x7f0b4a39ba9f ???
> >> 0x7f0b4b412204 _rl_init_locale
> >> 0x7f0b4b4122f1 _rl_init_eightbit
> >> 0x7f0b4b3f10f2 rl_initialize
> >> ... snip ...
> >
> > FYI, this is the full backtrace with the debug packages installed:
> >
> > #0  0x00007f8079d0ccc7 in __GI_kill () at 
> > ../sysdeps/unix/syscall-template.S:120
> > #1  0x0000559be26519c9 in termsig_handler (sig=11) at .././sig.c:625
> > #2  0x0000559be2651c21 in termsig_handler (sig=<optimized out>) at 
> > .././sig.c:492
> > #3  termsig_sighandler (sig=<optimized out>) at .././sig.c:547
> > #4  <signal handler called>
> > #5  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74
> > #6  0x0000559be26b8682 in _rl_init_locale () at 
> > ../../.././lib/readline/nls.c:150
> > #7  0x0000559be26b8772 in _rl_init_eightbit () at 
> > ../../.././lib/readline/nls.c:227
> > #8  0x0000559be269766e in readline_initialize_everything () at 
> > ../../.././lib/readline/readline.c:1292
> > #9  rl_initialize () at ../../.././lib/readline/readline.c:1183
> > #10 0x0000559be2662b05 in initialize_readline () at .././bashline.c:522
> > #11 0x0000559be26040a5 in yy_readline_get () at 
> > /usr/local/src/chet/src/bash/src/parse.y:1514
> > #12 0x0000559be2606aa1 in yy_getc () at 
> > /usr/local/src/chet/src/bash/src/parse.y:1462
> > #13 shell_getc (remove_quoted_newline=remove_quoted_newline@entry=1) at 
> > /usr/local/src/chet/src/bash/src/parse.y:2393
> > #14 0x0000559be2608eeb in read_token (command=0) at 
> > /usr/local/src/chet/src/bash/src/parse.y:3400
> > #15 0x0000559be260d05b in yylex () at 
> > /usr/local/src/chet/src/bash/src/parse.y:2890
> > #16 yyparse () at ./build-bash/y.tab.c:1854
> > #17 0x0000559be2603586 in parse_command () at .././eval.c:348
> > #18 0x0000559be2603714 in read_command () at .././eval.c:392
> > #19 0x0000559be26038c6 in reader_loop () at .././eval.c:139
> > #20 0x0000559be26023b5 in main (argc=1, argv=0x7ffe3da22078, 
> > env=0x7ffe3da22088) at .././shell.c:833
> >
> > So the problem is that _rl_init_locale (from bash) calls strlen(NULL).
> >
> >> Downgrade to 2.34-8 seems also don't fix the issue, probably some locale
> >> state was invalidated when upgrading.
> >
> > This is because you upgraded other packages than glibc (here bash), and the bug
> > is not in glibc. Downgrading bash fixes the issue. Reassigning the bug.
> 
> Thanks!
> 
> That explains why not all programs crash like this. The common library they used is
> libreadline and I confirmed downgrade libreadline8 to 8.2~rc2-2 fixed the issue.
> Reassigning to libreadline8.

I did the test of downgrading bash yesterday (i.e. without downgrading
libreadline8), and it fixes the issue you reported with bash. It appears
that bash has an embedded copy of readline, hence the issue with both. I
am therefore cloning the bug to bash.

Regards
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

Message #49 received at 1021109@bugs.debian.org (full text, mbox, reply):

From: Adrian Bunk <bunk@debian.org>

To: 1021109@bugs.debian.org

Subject: bash: diff for NMU version 5.2-1.1

Date: Sat, 15 Oct 2022 14:45:40 +0300

[Message part 1 (text/plain, inline)]

Control: tags 1021109 + patch
Control: tags 1021109 + pending

Dear maintainer,

I've prepared an NMU for bash (versioned as 5.2-1.1) and uploaded
it to DELAYED/15. Please feel free to tell me if I should cancel it.

cu
Adrian

[bash-5.2-1.1-nmu.diff (text/x-diff, attachment)]

Message #58 received at 1021109-done@bugs.debian.org (full text, mbox, reply):

From: Adrian Bunk <bunk@debian.org>

To: 1021109-done@bugs.debian.org

Subject: Fixed in 5.2-2

Date: Sat, 29 Oct 2022 03:18:02 +0300

Version: 5.2-2

bash (5.2-2) unstable; urgency=medium

  * Apply upstream patches 001 - 002.
...
    - Starting bash with an invalid locale specification for
      LC_ALL/LANG/LC_CTYPE can cause the shell to crash. Closes: #1021062.

 -- Matthias Klose <doko@debian.org>  Mon, 24 Oct 2022 10:34:28 +0200

Send a report that this bug log contains spam.