Both Arch Linux and openSUSE have received bug reports where a program (apache, subversion or gdk-pixbuf-query-loaders) crashes in glibc after dlopening a shared library that needs libm. https://bugs.archlinux.org/task/27736 https://bugzilla.novell.com/show_bug.cgi?id=740109 backtrace is: #0 0x0000000000005446 in ?? () #1 0x00007ffff513b095 in floor () from /lib64/libm.so.6 #2 0x00007ffff7de7f7c in _dl_relocate_object () from /lib64/ld-linux-x86-64.so.2 #3 0x00007ffff7dee3e6 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2 #4 0x00007ffff7dea146 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #5 0x00007ffff7dedd2a in _dl_open () from /lib64/ld-linux-x86-64.so.2 #6 0x00007ffff711cf26 in dlopen_doit () from /lib64/libdl.so.2 #7 0x00007ffff7dea146 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #8 0x00007ffff711d4cf in _dlerror_run () from /lib64/libdl.so.2 #9 0x00007ffff711cfc1 in dlopen@@GLIBC_2.2.5 () from /lib64/libdl.so.2 Disabling the floor multiarch ifuncs for x86-64 fixes this. This is reproduceable for some users but I could not reproduce it yet on my own system.
LD_DEBUG=symbols shows: 19500: symbol=floor; lookup in file=/usr/lib64/libgmodule-2.0.so.0 [0] 19500: symbol=floor; lookup in file=/usr/lib64/libglib-2.0.so.0 [0] 19500: symbol=floor; lookup in file=/lib64/libpthread.so.0 [0] 19500: symbol=floor; lookup in file=/lib64/libc.so.6 [0] 19500: symbol=floor; lookup in file=/lib64/libdl.so.2 [0] 19500: symbol=floor; lookup in file=/lib64/libpcre.so.0 [0] 19500: symbol=floor; lookup in file=/lib64/librt.so.1 [0] 19500: symbol=floor; lookup in file=/lib64/ld-linux-x86-64.so.2 [0] 19500: symbol=floor; lookup in file=/usr/lib64/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so [0] 19500: symbol=floor; lookup in file=/usr/lib64/librsvg-2.so.2 [0] 19500: symbol=floor; lookup in file=/usr/lib64/libgdk_pixbuf-2.0.so.0 [0] 19500: symbol=floor; lookup in file=/usr/lib64/libgobject-2.0.so.0 [0] 19500: symbol=floor; lookup in file=/usr/lib64/libglib-2.0.so.0 [0] 19500: symbol=floor; lookup in file=/lib64/libpthread.so.0 [0] 19500: symbol=floor; lookup in file=/lib64/libc.so.6 [0] 19500: symbol=floor; lookup in file=/usr/lib64/libgio-2.0.so.0 [0] 19500: symbol=floor; lookup in file=/usr/lib64/libpangocairo-1.0.so.0 [0] 19500: symbol=floor; lookup in file=/usr/lib64/libpango-1.0.so.0 [0] 19500: symbol=floor; lookup in file=/usr/lib64/libcairo.so.2 [0] 19500: symbol=floor; lookup in file=/usr/lib64/libcroco-0.6.so.3 [0] 19500: symbol=floor; lookup in file=/usr/lib64/libxml2.so.2 [0] 19500: symbol=floor; lookup in file=/lib64/libm.so.6 [0] Segmentation fault It seems that PLT is not setup yet and this call fails: call __get_cpu_features@plt
Program received signal SIGSEGV, Segmentation fault. 0x0000000000005446 in ?? () (gdb) info registers rax 0x7ffff5122c88 140737304997000 rbx 0x612ff0 6369264 rcx 0xa 10 rdx 0x610400 6358016 rsi 0x7ffff513b090 140737305096336 rdi 0x0 0 rbp 0x7fffffffd950 0x7fffffffd950 rsp 0x7fffffffd840 0x7fffffffd840 r8 0x1 1 r9 0x0 0 r10 0x7fffffffd680 140737488344704 r11 0x7fffffffd800 140737488345088 r12 0x7ffff3f58cf8 140737286343928 r13 0x7ffff3f60b68 140737286376296 r14 0x7 7 r15 0x7ffff41df200 140737288991232 rip 0x5446 0x5446 eflags 0x10246 [ PF ZF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 (gdb) up #1 0x00007ffff513b095 in floor () from /lib64/libm.so.6 (gdb) disassemble Dump of assembler code for function floor: 0x00007ffff513b090 <+0>: callq 0x7ffff5126440 <__get_cpu_features@plt> => 0x00007ffff513b095 <+5>: mov %rax,%rdx 0x00007ffff513b098 <+8>: lea 0x11(%rip),%rax # 0x7ffff513b0b0 <__floor_sse41> 0x00007ffff513b09f <+15>: testl $0x80000,0x10(%rdx) 0x00007ffff513b0a6 <+22>: jne 0x7ffff513b0af <floor+31> 0x00007ffff513b0a8 <+24>: lea 0x25f71(%rip),%rax # 0x7ffff5161020 <__floor_c> 0x00007ffff513b0af <+31>: retq End of assembler dump. (gdb) disassemble 0x7ffff5126440 Dump of assembler code for function __get_cpu_features@plt: 0x00007ffff5126440 <+0>: jmpq *0x2edbe2(%rip) # 0x7ffff5414028 0x00007ffff5126446 <+6>: pushq $0x5 0x00007ffff512644b <+11>: jmpq 0x7ffff51263e0 End of assembler dump. (gdb) disassemble 0x7ffff5414028 No function contains specified address. (gdb) show 0x7ffff5414028 Undefined show command: "0x7ffff5414028". Try "help show". (gdb) list 0x7ffff5414028 Function "0x7ffff5414028" not defined. (gdb) x 0x7ffff5414028 0x7ffff5414028: 0x00005446 And objdump on libm.so.6 show: 0000000000005440 <__get_cpu_features@plt>: 5440: ff 25 e2 db 2e 00 jmpq *0x2edbe2(%rip) # 2f3028 <_GLOBAL_OFFSET_TABLE_+0x40> 5446: 68 05 00 00 00 pushq $0x5 544b: e9 90 ff ff ff jmpq 53e0 <_init+0x18> So, the plt is not processed yet.
Report 13618 is the same report - but with a test case attached. *** This bug has been marked as a duplicate of bug 13618 ***
*** Bug 260998 has been marked as a duplicate of this bug. *** Seen from the domain http://volichat.com Page where seen: http://volichat.com/adult-chat-rooms Marked for reference. Resolved as fixed @bugzilla.