public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/13580] New: crash in glibc with dlopen and math functions
@ 2012-01-10 9:49 aj at suse dot de
2012-01-10 10:39 ` [Bug libc/13580] " allan at archlinux dot org
` (11 more replies)
0 siblings, 12 replies; 13+ messages in thread
From: aj at suse dot de @ 2012-01-10 9:49 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13580
Bug #: 13580
Summary: crash in glibc with dlopen and math functions
Product: glibc
Version: 2.15
Status: NEW
Severity: critical
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: aj@suse.de
Classification: Unclassified
Both Arch Linux and openSUSE have received bug reports where a program (apache,
subversion or gdk-pixbuf-query-loaders) crashes in glibc after dlopening a
shared library that needs libm.
https://bugs.archlinux.org/task/27736
https://bugzilla.novell.com/show_bug.cgi?id=740109
backtrace is:
#0 0x0000000000005446 in ?? ()
#1 0x00007ffff513b095 in floor () from /lib64/libm.so.6
#2 0x00007ffff7de7f7c in _dl_relocate_object ()
from /lib64/ld-linux-x86-64.so.2
#3 0x00007ffff7dee3e6 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
#4 0x00007ffff7dea146 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#5 0x00007ffff7dedd2a in _dl_open () from /lib64/ld-linux-x86-64.so.2
#6 0x00007ffff711cf26 in dlopen_doit () from /lib64/libdl.so.2
#7 0x00007ffff7dea146 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#8 0x00007ffff711d4cf in _dlerror_run () from /lib64/libdl.so.2
#9 0x00007ffff711cfc1 in dlopen@@GLIBC_2.2.5 () from /lib64/libdl.so.2
Disabling the floor multiarch ifuncs for x86-64 fixes this. This is
reproduceable for some users but I could not reproduce it yet on my own system.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
@ 2012-01-10 10:39 ` allan at archlinux dot org
2012-01-10 10:55 ` aj at suse dot de
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: allan at archlinux dot org @ 2012-01-10 10:39 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13580
Allan McRae <allan at archlinux dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |allan at archlinux dot org
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
2012-01-10 10:39 ` [Bug libc/13580] " allan at archlinux dot org
@ 2012-01-10 10:55 ` aj at suse dot de
2012-01-10 12:18 ` aj at suse dot de
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: aj at suse dot de @ 2012-01-10 10:55 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13580
--- Comment #1 from Andreas Jaeger <aj at suse dot de> 2012-01-10 10:54:16 UTC ---
LD_DEBUG=symbols shows:
19500: symbol=floor; lookup in file=/usr/lib64/libgmodule-2.0.so.0
[0]
19500: symbol=floor; lookup in file=/usr/lib64/libglib-2.0.so.0 [0]
19500: symbol=floor; lookup in file=/lib64/libpthread.so.0 [0]
19500: symbol=floor; lookup in file=/lib64/libc.so.6 [0]
19500: symbol=floor; lookup in file=/lib64/libdl.so.2 [0]
19500: symbol=floor; lookup in file=/lib64/libpcre.so.0 [0]
19500: symbol=floor; lookup in file=/lib64/librt.so.1 [0]
19500: symbol=floor; lookup in file=/lib64/ld-linux-x86-64.so.2 [0]
19500: symbol=floor; lookup in
file=/usr/lib64/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so [0]
19500: symbol=floor; lookup in file=/usr/lib64/librsvg-2.so.2 [0]
19500: symbol=floor; lookup in file=/usr/lib64/libgdk_pixbuf-2.0.so.0
[0]
19500: symbol=floor; lookup in file=/usr/lib64/libgobject-2.0.so.0
[0]
19500: symbol=floor; lookup in file=/usr/lib64/libglib-2.0.so.0 [0]
19500: symbol=floor; lookup in file=/lib64/libpthread.so.0 [0]
19500: symbol=floor; lookup in file=/lib64/libc.so.6 [0]
19500: symbol=floor; lookup in file=/usr/lib64/libgio-2.0.so.0 [0]
19500: symbol=floor; lookup in file=/usr/lib64/libpangocairo-1.0.so.0
[0]
19500: symbol=floor; lookup in file=/usr/lib64/libpango-1.0.so.0 [0]
19500: symbol=floor; lookup in file=/usr/lib64/libcairo.so.2 [0]
19500: symbol=floor; lookup in file=/usr/lib64/libcroco-0.6.so.3 [0]
19500: symbol=floor; lookup in file=/usr/lib64/libxml2.so.2 [0]
19500: symbol=floor; lookup in file=/lib64/libm.so.6 [0]
Segmentation fault
It seems that PLT is not setup yet and this call fails:
call __get_cpu_features@plt
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
2012-01-10 10:39 ` [Bug libc/13580] " allan at archlinux dot org
2012-01-10 10:55 ` aj at suse dot de
@ 2012-01-10 12:18 ` aj at suse dot de
2012-01-10 13:30 ` idoenmez at suse dot de
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: aj at suse dot de @ 2012-01-10 12:18 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13580
--- Comment #2 from Andreas Jaeger <aj at suse dot de> 2012-01-10 12:18:10 UTC ---
Program received signal SIGSEGV, Segmentation fault.
0x0000000000005446 in ?? ()
(gdb) info registers
rax 0x7ffff5122c88 140737304997000
rbx 0x612ff0 6369264
rcx 0xa 10
rdx 0x610400 6358016
rsi 0x7ffff513b090 140737305096336
rdi 0x0 0
rbp 0x7fffffffd950 0x7fffffffd950
rsp 0x7fffffffd840 0x7fffffffd840
r8 0x1 1
r9 0x0 0
r10 0x7fffffffd680 140737488344704
r11 0x7fffffffd800 140737488345088
r12 0x7ffff3f58cf8 140737286343928
r13 0x7ffff3f60b68 140737286376296
r14 0x7 7
r15 0x7ffff41df200 140737288991232
rip 0x5446 0x5446
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) up
#1 0x00007ffff513b095 in floor () from /lib64/libm.so.6
(gdb) disassemble
Dump of assembler code for function floor:
0x00007ffff513b090 <+0>: callq 0x7ffff5126440 <__get_cpu_features@plt>
=> 0x00007ffff513b095 <+5>: mov %rax,%rdx
0x00007ffff513b098 <+8>: lea 0x11(%rip),%rax # 0x7ffff513b0b0
<__floor_sse41>
0x00007ffff513b09f <+15>: testl $0x80000,0x10(%rdx)
0x00007ffff513b0a6 <+22>: jne 0x7ffff513b0af <floor+31>
0x00007ffff513b0a8 <+24>: lea 0x25f71(%rip),%rax #
0x7ffff5161020 <__floor_c>
0x00007ffff513b0af <+31>: retq
End of assembler dump.
(gdb) disassemble 0x7ffff5126440
Dump of assembler code for function __get_cpu_features@plt:
0x00007ffff5126440 <+0>: jmpq *0x2edbe2(%rip) # 0x7ffff5414028
0x00007ffff5126446 <+6>: pushq $0x5
0x00007ffff512644b <+11>: jmpq 0x7ffff51263e0
End of assembler dump.
(gdb) disassemble 0x7ffff5414028
No function contains specified address.
(gdb) show 0x7ffff5414028
Undefined show command: "0x7ffff5414028". Try "help show".
(gdb) list 0x7ffff5414028
Function "0x7ffff5414028" not defined.
(gdb) x 0x7ffff5414028
0x7ffff5414028: 0x00005446
And objdump on libm.so.6 show:
0000000000005440 <__get_cpu_features@plt>:
5440: ff 25 e2 db 2e 00 jmpq *0x2edbe2(%rip) # 2f3028
<_GLOBAL_OFFSET_TABLE_+0x40>
5446: 68 05 00 00 00 pushq $0x5
544b: e9 90 ff ff ff jmpq 53e0 <_init+0x18>
So, the plt is not processed yet.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
` (2 preceding siblings ...)
2012-01-10 12:18 ` aj at suse dot de
@ 2012-01-10 13:30 ` idoenmez at suse dot de
2012-01-11 21:50 ` arekm at maven dot pl
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: idoenmez at suse dot de @ 2012-01-10 13:30 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13580
idoenmez at suse dot de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |idoenmez at suse dot de
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
` (3 preceding siblings ...)
2012-01-10 13:30 ` idoenmez at suse dot de
@ 2012-01-11 21:50 ` arekm at maven dot pl
2012-01-11 21:53 ` pluto at agmk dot net
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: arekm at maven dot pl @ 2012-01-11 21:50 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13580
Arkadiusz Miskiewicz <arekm at maven dot pl> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |arekm at maven dot pl
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
` (4 preceding siblings ...)
2012-01-11 21:50 ` arekm at maven dot pl
@ 2012-01-11 21:53 ` pluto at agmk dot net
2012-01-14 23:06 ` vapier at gentoo dot org
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: pluto at agmk dot net @ 2012-01-11 21:53 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13580
Pawel Sikora <pluto at agmk dot net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pluto at agmk dot net
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
` (5 preceding siblings ...)
2012-01-11 21:53 ` pluto at agmk dot net
@ 2012-01-14 23:06 ` vapier at gentoo dot org
2012-01-24 12:19 ` aj at suse dot de
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: vapier at gentoo dot org @ 2012-01-14 23:06 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13580
Mike Frysinger <vapier at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |toolchain at gentoo dot org
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
` (6 preceding siblings ...)
2012-01-14 23:06 ` vapier at gentoo dot org
@ 2012-01-24 12:19 ` aj at suse dot de
2014-02-16 18:27 ` jackie.rosen at hushmail dot com
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: aj at suse dot de @ 2012-01-24 12:19 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13580
Andreas Jaeger <aj at suse dot de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |DUPLICATE
--- Comment #3 from Andreas Jaeger <aj at suse dot de> 2012-01-24 12:18:44 UTC ---
Report 13618 is the same report - but with a test case attached.
*** This bug has been marked as a duplicate of bug 13618 ***
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
` (7 preceding siblings ...)
2012-01-24 12:19 ` aj at suse dot de
@ 2014-02-16 18:27 ` jackie.rosen at hushmail dot com
2014-02-16 18:28 ` ismail at donmez dot ws
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: jackie.rosen at hushmail dot com @ 2014-02-16 18:27 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=13580
Jackie Rosen <jackie.rosen at hushmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jackie.rosen at hushmail dot com
--- Comment #4 from Jackie Rosen <jackie.rosen at hushmail dot com> ---
*** Bug 260998 has been marked as a duplicate of this bug. ***
Seen from the domain http://volichat.com
Page where seen: http://volichat.com/adult-chat-rooms
Marked for reference. Resolved as fixed @bugzilla.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
` (8 preceding siblings ...)
2014-02-16 18:27 ` jackie.rosen at hushmail dot com
@ 2014-02-16 18:28 ` ismail at donmez dot ws
2014-05-28 19:45 ` schwab at sourceware dot org
2014-06-13 14:10 ` fweimer at redhat dot com
11 siblings, 0 replies; 13+ messages in thread
From: ismail at donmez dot ws @ 2014-02-16 18:28 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=13580
ismail at donmez dot ws changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|ismail at donmez dot ws |
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
` (9 preceding siblings ...)
2014-02-16 18:28 ` ismail at donmez dot ws
@ 2014-05-28 19:45 ` schwab at sourceware dot org
2014-06-13 14:10 ` fweimer at redhat dot com
11 siblings, 0 replies; 13+ messages in thread
From: schwab at sourceware dot org @ 2014-05-28 19:45 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=13580
Andreas Schwab <schwab at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|jackie.rosen at hushmail dot com |
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug libc/13580] crash in glibc with dlopen and math functions
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
` (10 preceding siblings ...)
2014-05-28 19:45 ` schwab at sourceware dot org
@ 2014-06-13 14:10 ` fweimer at redhat dot com
11 siblings, 0 replies; 13+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 14:10 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=13580
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2014-06-13 14:10 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-01-10 9:49 [Bug libc/13580] New: crash in glibc with dlopen and math functions aj at suse dot de
2012-01-10 10:39 ` [Bug libc/13580] " allan at archlinux dot org
2012-01-10 10:55 ` aj at suse dot de
2012-01-10 12:18 ` aj at suse dot de
2012-01-10 13:30 ` idoenmez at suse dot de
2012-01-11 21:50 ` arekm at maven dot pl
2012-01-11 21:53 ` pluto at agmk dot net
2012-01-14 23:06 ` vapier at gentoo dot org
2012-01-24 12:19 ` aj at suse dot de
2014-02-16 18:27 ` jackie.rosen at hushmail dot com
2014-02-16 18:28 ` ismail at donmez dot ws
2014-05-28 19:45 ` schwab at sourceware dot org
2014-06-13 14:10 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).