2372409 – scanelf crash with version pax-utils-1.3.8-2.el9 on RHEL 9.6

Bug 2372409 - scanelf crash with version pax-utils-1.3.8-2.el9 on RHEL 9.6

Summary: scanelf crash with version pax-utils-1.3.8-2.el9 on RHEL 9.6

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	pax-utils
Sub Component:
Version:	epel9
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Dominik 'Rathann' Mierzejewski
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-12 08:28 UTC by Christophe Piault
Modified:	2025-12-05 02:41 UTC (History)
CC List:	1 user (show)
Fixed In Version:	pax-utils-1.3.10-1.fc44 pax-utils-1.3.10-1.fc43 pax-utils-1.3.10-1.el10_2 pax-utils-1.3.10-1.el9 pax-utils-1.3.10-1.fc42
Clone Of:
Environment:
Last Closed:	2025-11-26 11:40:15 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
Archive containing library causing scanelf crash (14.68 MB, application/gzip) 2025-06-12 08:28 UTC, Christophe Piault	no flags	Details
Output for successful run of the scenario with pax-utils-1.3.3-1.el8 (516.45 KB, text/plain) 2025-06-12 08:30 UTC, Christophe Piault	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Gentoo	957985	0	None	None	None	2025-06-12 22:19:54 UTC

Description Christophe Piault 2025-06-12 08:28:55 UTC

Created attachment 2093741 [details]
Archive containing library causing scanelf crash

Description of problem:
We are facing a scanelf crash on RHEL 9.6 when processing library libECMAScriptKernel.so.

Version-Release number of selected component (if applicable):
pax-utils-1.3.8-2.el9 from https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-cc54cfc32f

How reproducible:
Every time it process file libECMAScriptKernel.so

Steps to Reproduce:
1. Install pax-utils-1.3.8-2.el9 produced by https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-cc54cfc32f on RHEL 9.6
2. Download attached archive libECMAScriptKernel.tgz
3. Untar + Unzip libECMAScriptKernel.tgz
4. run /bin/scanelf -B -E ET_DYN -M 64 -s %ogd% libECMAScriptKernel.so

Actual results:
Reading symbols from /usr/bin/scanelf...
Reading symbols from /usr/lib/debug/usr/bin/scanelf-1.3.8-2.el9.x86_64.debug...
[New LWP 693932]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/bin/scanelf -B -E ET_DYN -M 64 -s %ogd% libECMAScriptKernel.so'.
Program terminated with signal SIGSYS, Bad system call.
#0  0x00007fd22ef0f57e in mremap () at ../sysdeps/unix/syscall-template.S:117
117	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS,
(gdb) bt
#0  0x00007fd22ef0f57e in mremap () at ../sysdeps/unix/syscall-template.S:117
#1  0x00007fd22ee9a656 in mremap_chunk (new_size=237568, p=0x7fd22f13c000) at malloc.c:2962
#2  __GI___libc_realloc (oldmem=oldmem@entry=0x7fd22f13c010, bytes=237094) at malloc.c:3320
#3  0x00005639a8d6dc65 in xstrncat (dst=dst@entry=0x7ffedb380e00, 
    src=src@entry=0x7fd22c23b1b0 "_ZZN2v88internal29StaticCallInterfaceDescriptorINS0_26TestTurbofanTypeDescriptorEE10InitializeEPNS0_27CallInterfaceDescriptorDataEE16return_registers", curr_len=curr_len@entry=0x7ffedb380e18, n=0)
    at ../xfuncs.c:46
#4  0x00005639a8d6df6d in scanelf_match_symname (elf=elf@entry=0x5639a9bd6370, 
    found_sym=found_sym@entry=0x7ffedb380df7 "\001", ret=ret@entry=0x7ffedb380e00, 
    ret_len=ret_len@entry=0x7ffedb380e18, 
    symname=symname@entry=0x7fd22c23b1b0 "_ZZN2v88internal29StaticCallInterfaceDescriptorINS0_26TestTurbofanTypeDescriptorEE10InitializeEPNS0_27CallInterfaceDescriptorDataEE16return_registers", stt=1, stb=10, stv=0, shn=13, size=3)
    at ../scanelf.c:1292
#5  0x00005639a8d6fc4e in scanelf_file_sym (found_sym=0x7ffedb380df7 "\001", elf=0x5639a9bd6370)
    at ../scanelf.c:1346
#6  scanelf_elfobj (elf=elf@entry=0x5639a9bd6370) at ../scanelf.c:1533
#7  0x00005639a8d71754 in scanelf_elf (len=<optimized out>, fd=3, filename=0x7ffedb38389c "libECMAScriptKernel.so")
    at ../scanelf.c:1598
#8  scanelf_fileat (dir_fd=dir_fd@entry=-100, filename=filename@entry=0x7ffedb38389c "libECMAScriptKernel.so", 
    st_cache=st_cache@entry=0x7ffedb381150) at ../scanelf.c:1665
#9  0x00005639a8d72065 in scanelf_dirat (dir_fd=-100, path=0x7ffedb38389c "libECMAScriptKernel.so")
    at ../scanelf.c:1699
#10 0x00005639a8d735be in scanelf_dir (path=<optimized out>) at ../paxinc.c:245
#11 parseargs (argc=argc@entry=9, argv=argv@entry=0x7ffedb382528) at ../scanelf.c:2231
#12 0x00005639a8d689a9 in main (argc=9, argv=0x7ffedb382528) at ../scanelf.c:2319


Expected results:
pax-utils-1.3.3-1.el8 find 4 310 symbols without crashing on RHEL 9.6. See attached output.

Additional info:

Comment 1 Christophe Piault 2025-06-12 08:30:04 UTC

Created attachment 2093742 [details]
Output for successful run of the scenario with pax-utils-1.3.3-1.el8

Comment 2 Dominik 'Rathann' Mierzejewski 2025-06-12 21:48:32 UTC

Thanks for the report. This is reproducible on F42, too.

Comment 3 Dominik 'Rathann' Mierzejewski 2025-06-12 22:19:54 UTC

Reported upstream.

Comment 4 Dominik 'Rathann' Mierzejewski 2025-11-19 07:52:38 UTC

Still reproducible with 1.3.9, pinged upstream.

Comment 5 Fedora Update System 2025-11-26 10:48:58 UTC

FEDORA-2025-75de0b6a91 (pax-utils-1.3.10-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-75de0b6a91

Comment 6 Fedora Update System 2025-11-26 11:13:40 UTC

FEDORA-2025-ff37e06c9d (pax-utils-1.3.10-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-ff37e06c9d

Comment 7 Fedora Update System 2025-11-26 11:13:41 UTC

FEDORA-EPEL-2025-0829be991f (pax-utils-1.3.10-1.el10_2) has been submitted as an update to Fedora EPEL 10.2.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0829be991f

Comment 8 Fedora Update System 2025-11-26 11:13:41 UTC

FEDORA-EPEL-2025-596c32e9f0 (pax-utils-1.3.10-1.el9) has been submitted as an update to Fedora EPEL 9.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-596c32e9f0

Comment 9 Fedora Update System 2025-11-26 11:40:15 UTC

FEDORA-2025-75de0b6a91 (pax-utils-1.3.10-1.fc44) has been pushed to the Fedora 44 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Fedora Update System 2025-11-27 01:31:43 UTC

FEDORA-EPEL-2025-596c32e9f0 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-596c32e9f0

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 11 Fedora Update System 2025-11-27 01:37:03 UTC

FEDORA-2025-ff37e06c9d has been pushed to the Fedora 43 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-ff37e06c9d`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-ff37e06c9d

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 12 Fedora Update System 2025-11-27 01:40:34 UTC

FEDORA-EPEL-2025-0829be991f has been pushed to the Fedora EPEL 10.2 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0829be991f

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 13 Fedora Update System 2025-11-27 01:59:17 UTC

FEDORA-2025-d81cacd5c8 has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-d81cacd5c8`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-d81cacd5c8

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 14 Fedora Update System 2025-12-05 02:09:28 UTC

FEDORA-2025-ff37e06c9d (pax-utils-1.3.10-1.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 15 Fedora Update System 2025-12-05 02:32:53 UTC

FEDORA-EPEL-2025-0829be991f (pax-utils-1.3.10-1.el10_2) has been pushed to the Fedora EPEL 10.2 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 16 Fedora Update System 2025-12-05 02:34:20 UTC

FEDORA-EPEL-2025-596c32e9f0 (pax-utils-1.3.10-1.el9) has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 17 Fedora Update System 2025-12-05 02:41:11 UTC

FEDORA-2025-d81cacd5c8 (pax-utils-1.3.10-1.fc42) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.