Skip to content

2.58.2 introduces libgio segfaults

Greetings,

libgio programs such as gio, nautilus, and pcmanfm crash in a chroot and bind-mount environment popular with Bedrock Linux users.

I was able to find a minimal /proc/self/mountinfo that reproduces the issue:

52 23 8:1 /bedrock/strata/test / rw,relatime - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
53 52 8:1 /boot /boot rw,relatime shared:4 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
54 52 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:1 - proc proc rw

Running gio mount -l in a chroot with that mount table crashes:

$ cat /proc/self/mountinfo
52 23 8:1 /bedrock/strata/test / rw,relatime - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
53 52 8:1 /boot /boot rw,relatime shared:4 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
54 52 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:1 - proc proc rw
$ gio mount -l

(gio mount:3706): GLib-GIO-CRITICAL **: 16:36:50.671: g_unix_is_system_fs_type: assertion 'fs_type != NULL && *fs_type != '\0'' failed

(gio mount:3706): GLib-GIO-CRITICAL **: 16:36:50.671: g_unix_is_system_device_path: assertion 'device_path != NULL && *device_path != '\0'' failed
Segmentation fault

However, unmounting then re-mounting /boot to move it after /proc appears to fix things:

$ cat /proc/self/mountinfo
52 23 8:1 /bedrock/strata/test / rw,relatime - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
54 52 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:1 - proc proc rw
53 52 8:1 /boot /boot rw,relatime shared:4 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
$ gio mount -l
Volume(0): tmp
  Type: GUnixVolume

I can then unmount and re-mount /proc to rearrange the mount table and reproduce the issue again:

$ cat /proc/self/mountinfo
52 23 8:1 /bedrock/strata/test / rw,relatime - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
53 52 8:1 /boot /boot rw,relatime shared:4 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
54 52 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:1 - proc proc rw
$ gio mount -l

(gio mount:14468): GLib-GIO-CRITICAL **: 16:53:11.271: g_unix_is_system_fs_type: assertion 'fs_type != NULL && *fs_type != '\0'' failed

(gio mount:14468): GLib-GIO-CRITICAL **: 16:53:11.271: g_unix_is_system_device_path: assertion 'device_path != NULL && *device_path != '\0'' failed
Segmentation fault

I was able to reproduce the issue with:

  • gio 2.58.2 as provided by Arch Linux
  • gio 2.58.2 as provided by Void Linux writing)
  • gio 2.58.2 as provided by Debian Sid writing)
  • gio 2.58.2 as provided by Debian Testing

I was not able to reproduce the issue with:

  • gio 2.58.1 as provided by Ubuntu 18.10
  • gio 2.58.1 as provided by Arch (using old PKGBUILD)

Thus, it appears the problem was introduced between 2.58.1 and 2.58.2.

I bisected it down to this commit: ed88b23f

The relevant section of code iterates over /proc/self/mountinfo entries. With the example mount table above and the problematic commit the first pass works as expected. However, the second pass (which runs after the problematic commit's new mnt_table_uniq_fs() call) populates the relevant variables with NULL pointers rather than strings describing a mount point's properties. This trip on two asserts (the error messages printed in my example output above) before finally hitting code that does not NULL-check and segfaults.

Edited by Ghost User