This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/25396] New: [2.31 Regression] FAIL: nss/test-netdb
- From: "hjl.tools at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 15 Jan 2020 23:58:12 +0000
- Subject: [Bug dynamic-link/25396] New: [2.31 Regression] FAIL: nss/test-netdb
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=25396
Bug ID: 25396
Summary: [2.31 Regression] FAIL: nss/test-netdb
Product: glibc
Version: 2.31
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: hjl.tools at gmail dot com
Target Milestone: ---
On Fedora 31, most of shared libraries are CET enabled. But
/lib64/libnss_myhostname.so.2 isn't one of them. It depends on:
linux-vdso.so.1 (0x00007ffc29b44000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f6859f61000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f6859f3f000)
libc.so.6 => /lib64/libc.so.6 (0x00007f6859d76000)
/lib64/ld-linux-x86-64.so.2 (0x00007f6859fb9000)
On CET machine, when nss/test-netdb tries to dlopen
/lib64/libnss_myhostname.so.2, it sets GL(dl_initfirst) to
libpthread.so.0:
Old value = (struct link_map *) 0x0
New value = (struct link_map *) 0x40e8f0
0x00007ffff7fd940a in _dl_map_object_from_fd (
name=name@entry=0x7ffff75d7ad3 "libpthread.so.0",
origname=origname@entry=0x0, fd=-1, fbp=fbp@entry=0x7ffeffffbb20,
realname=<optimized out>, loader=loader@entry=0x40df00,
l_type=<optimized out>, mode=<optimized out>, stack_endp=<optimized out>,
nsid=<optimized out>) at dl-load.c:1354
1354 GL(dl_initfirst) = l;
(gdb)
When for some reason, dl_cet_check failed and called _dl_signal_error,
__GI__dl_catch_exception called _dl_close_worker which unloaded
libpthread.so.0:
_int_free (av=0x7ffff77c8b80 <main_arena>, p=0x40e8e0,
have_lock=<optimized out>) at malloc.c:4359
4359 if (!in_smallbin_range(size))
(gdb) bt
#0 _int_free (av=0x7ffff77c8b80 <main_arena>, p=0x40e8e0,
have_lock=<optimized out>) at malloc.c:4359
#1 0x00007ffff7fe74bb in _dl_close_worker (force=<optimized out>,
map=<optimized out>) at dl-close.c:759
#2 _dl_close_worker (map=<optimized out>, force=force@entry=true)
at dl-close.c:135
#3 0x00007ffff7fe5b08 in _dl_open (file=<optimized out>,
mode=<optimized out>, caller_dlopen=0x7ffff772a4a1 <nss_load_library+241>,
nsid=-2, argc=2, argv=<optimized out>, env=0x7ffeffffcde0) at dl-open.c:874
#4 0x00007ffff7740ef1 in do_dlopen (ptr=ptr@entry=0x7ffeffffc970)
at dl-libc.c:96
#5 0x00007ffff7741971 in __GI__dl_catch_exception (
exception=exception@entry=0x7ffeffffc8f0,
operate=operate@entry=0x7ffff7740eb0 <do_dlopen>,
args=args@entry=0x7ffeffffc970) at dl-error-skeleton.c:208
#6 0x00007ffff7741a23 in __GI__dl_catch_error (
objname=objname@entry=0x7ffeffffc950,
errstring=errstring@entry=0x7ffeffffc958,
mallocedp=mallocedp@entry=0x7ffeffffc94f,
operate=operate@entry=0x7ffff7740eb0 <do_dlopen>,
args=args@entry=0x7ffeffffc970) at dl-error-skeleton.c:227
#7 0x00007ffff7740fe7 in dlerror_run (
operate=operate@entry=0x7ffff7740eb0 <do_dlopen>,
Then I got
Program received signal SIGSEGV, Segmentation fault.
call_init (l=0x40e8f0, argc=argc@entry=2, argv=argv@entry=0x7ffeffffcdc8,
env=env@entry=0x7ffeffffcde0) at dl-init.c:39
39 if (__builtin_expect (l->l_name[0], 'a') == '\0'
(gdb) p *l
$34 = {l_addr = 7738135660173684588,
l_name = 0x302e302e37323100 <error: Cannot access memory at address
0x302e302e37323100>, l_ld = 0xd5d5d5d50000302e, l_next = 0x0,
l_prev = 0xd5d5d5d5d5d5d5d5, l_real = 0xd5d5d5d5d5d5d5d5,
l_ns = -3038287259199220267, l_libname = 0xd5d5d5d5d5d5d5d5, l_info = {
0xd5d5d5d5d5d5d5d5 <repeats 77 times>}, l_phdr = 0xd5d5d5d5d5d5d5d5,
l_entry = 15408456814510331349, l_phnum = 54741, l_ldnum = 54741,
l_searchlist = {r_list = 0xd5d5d5d5d5d5d5d5, r_nlist = 3587560917},
l_symbolic_searchlist = {r_list = 0xd5d5d5d5d5d5d5d5, r_nlist = 3587560917},
l_loader = 0xd5d5d5d5d5d5d5d5, l_versions = 0xd5d5d5d5d5d5d5d5,
l_nversions = 3587560917, l_nbuckets = 3587560917,
l_gnu_bitmask_idxbits = 3587560917, l_gnu_shift = 3587560917,
l_gnu_bitmask = 0xd5d5d5d5d5d5d5d5, {l_gnu_buckets = 0xd5d5d5d5d5d5d5d5,
l_chain = 0xd5d5d5d5d5d5d5d5}, {l_gnu_chain_zero = 0xd5d5d5d5d5d5d5d5,
l_buckets = 0xd5d5d5d5d5d5d5d5}, l_direct_opencount = 3587560917,
l_type = lt_library, l_relocated = 1, l_init_called = 1, l_global = 1,
l_reserved = 2, l_phdr_allocated = 1, l_soname_added = 1, l_faked = 0,
l_need_tls_init = 1, l_auditing = 0, l_audit_any_plt = 1, l_removed = 0,
l_contiguous = 1, l_symbolic_in_local_scope = 1, l_free_initfini = 1,
l_nodelete_active = 213, l_nodelete_pending = 213, l_cet = 5,
l_rpath_dirs = {dirs = 0xd5d5d5d5d5d5d5d5, malloced = -707406379},
l_reloc_result = 0xd5d5d5d5d5d5d5d5, l_versyms = 0xd5d5d5d5d5d5d5d5,
l_origin = 0xd5d5d5d5d5d5d5d5 <error: Cannot access memory at address
0xd5d5d5d5d5d5d5d5>, l_map_start = 15408456814510331349,
l_map_end = 15408456814510331349, l_text_end = 15408456814510331349,
l_scope_mem = {0xd5d5d5d5d5d5d5d5, 0xd5d5d5d5d5d5d5d5, 0xd5d5d5d5d5d5d5d5,
0xd5d5d5d5d5d5d5d5}, l_scope_max = 15408456814510331349,
l_scope = 0xd5d5d5d5d5d5d5d5, l_local_scope = {0xd5d5d5d5d5d5d5d5,
0xd5d5d5d5d5d5d5d5}, l_file_id = {dev = 15408456814510331349,
ino = 15408456814510331349}, l_runpath_dirs = {dirs = 0xd5d5d5d5d5d5d5d5,
malloced = -707406379}, l_initfini = 0xd5d5d5d5d5d5d5d5,
l_reldeps = 0xd5d5d5d5d5d5d5d5, l_reldepsmax = 3587560917,
l_used = 3587560917, l_feature_1 = 3587560917, l_flags_1 = 3587560917,
l_flags = 3587560917, l_idx = -707406379, l_mach = {
plt = 15408456814510331349, gotplt = 15408456814510331349,
tlsdesc_table = 0x2a2a2a2a2a2a2a2a}, l_lookup_cache = {sym = 0x21,
type_class = 4255008, value = 0x40ed40, ret = 0x40ed80},
l_tls_initimage = 0x21, l_tls_initimage_size = 140737345313970,
--
You are receiving this mail because:
You are on the CC list for the bug.