Segfault in ucert (docker, debian, signing)

Hey maybe someone has a idea, i'm getting this segfault if i try to enable package signing with the snapshot sdk, while 18.06.1/2 works with the same settings. This is inside a docker container using latest debian stable or ubuntu 18.04 as base.

Reading symbols from /workdir/sdk-snapshots-mvebu-cortexa9/staging_dir/host/bin/ucert...done.
(gdb) r
Starting program: /workdir/sdk-snapshots-mvebu-cortexa9/staging_dir/host/bin/ucert -I -c /workdir/sdk-snapshots-mvebu-cortexa9/key-build.ucert -p /workdir/sdk-snapshots-mvebu-cortexa9/ -s /workdir/sdk-snapshots-mvebu-cortexa9/key-build

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7435bdf in __libc_start_main () from /workdir/sdk-snapshots-mvebu-cortexa9/staging_dir/host/lib/
(gdb) bt
#0  0x00007ffff7435bdf in __libc_start_main () from /workdir/sdk-snapshots-mvebu-cortexa9/staging_dir/host/lib/
#1  0x00005555555557ca in _start ()

It seems ucert is new in snapshots, so i tried to debug this one, but i can't figure out whats wrong.
It can be reproduced on Windows and Linux using my package builder . I want to figure out if this is a openwrt/docker problem or just my specific docker base image or my builder scripts.

My builder config is this to reproduce the segfault via ./ build config.txt




I can't reproduce any problem like that on recent snapshot SDK/IB running on my system. Due to docker's rather extreme bandwidth and disk-space needs I will only be able to test that at some point in the next day...

PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION="9 (stretch)"
user@debian:/tmp/openwrt-sdk-oxnas-ox820_gcc-7.4.0_musl_eabi.Linux-x86_64$ staging_dir/host/bin/ucert 
Usage: staging_dir/host/bin/ucert <command> <options>
  -A:			append signature (needs -c and -x)
  -D:			dump (needs -c)
  -I:			issue cert and revoker (needs -c and -p and -s)
  -R:			process revoker certificate (needs -c and -P)
  -V:			verify (needs -c and -p|-P, may have -m)
  -c <file>:		certificate file
  -m <file>:		message file (verify only)
  -p <file>:		public key file
  -P <path>:		public key directory (verify only)
  -q:			quiet (do not print verification result, use return code only)
  -s <file>:		secret key file (issue only)
  -x <file>:		signature file (append only)

Any luck reproducing this, still happens to me for snapshots.