public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/14680] New: Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close.
@ 2012-10-07 9:25 naohiro.ooiwa at miraclelinux dot com
2012-10-07 9:30 ` [Bug libc/14680] " naohiro.ooiwa at miraclelinux dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: naohiro.ooiwa at miraclelinux dot com @ 2012-10-07 9:25 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14680
Bug #: 14680
Summary: Crash by _libc_fatal. This is NOT glibc bug, the cause
had been double close.
Product: glibc
Version: 2.15
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: unassigned@sourceware.org
ReportedBy: naohiro.ooiwa@miraclelinux.com
CC: drepper.fsp@gmail.com
Classification: Unclassified
Created attachment 6669
--> http://sourceware.org/bugzilla/attachment.cgi?id=6669
glibc-2.16.90-add-msg-when-libc_dlopen.patch
I got a core dump on glibc. It was including a message from __libc_fatal().
It is "libgcc_s.so.1 must be installed for pthread_cancel to work\n".
But there was libgcc_s.so.1 on the environment.
Finally, this cause was double close a file descriptor by mistake from
an application when pthread_cancel handling. I created a reproduce program.
I hope you add another message, because we thought the glibc bug at first.
I tried to create a patch on git trunk.
Please consider the attached my patch.
This behavior also happened on Fedora 17.
The following is the result produced by attached program on Fedora 17.
=====================
$ rpm -qi glibc
Name : glibc
Version : 2.15
Release : 56.fc17
Architecture: x86_64
/* snip */
$ ls
auto.sh closetest.c
$ ./auto.sh
libgcc_s.so.1 must be installed for pthread_cancel to work
./auto.sh: line 12: 28731 Aborted (core dumped) ./closetest
core.28731
$ gdb closetest core.28731
GNU gdb (GDB) Fedora (7.4.50.20120120-49.fc17)
/* snip */
Reading symbols from /home/pthread_exit/close/closetest...done.
[New LWP 28731]
[New LWP 28732]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `./closetest'.
Program terminated with signal 6, Aborted.
#0 0x00007fd60c7b3925 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0 0x00007fd60c7b3925 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007fd60c7b50d8 in __GI_abort () at abort.c:91
#2 0x00007fd60c7f2e6b in __libc_message (do_abort=do_abort@entry=1,
fmt=fmt@entry=0x7fd60c8f5195 "%s") at
../sysdeps/unix/sysv/linux/libc_fatal.c:198
#3 0x00007fd60c7f2f4e in __GI___libc_fatal (
message=message@entry=0x7fd60cb45b28 "libgcc_s.so.1 must be installed for
pthread_cancel to
work\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:209
#4 0x00007fd60cb447fa in pthread_cancel_init () at
../nptl/sysdeps/pthread/unwind-forcedunwind.c:65
#5 0x00007fd60cb416f3 in pthread_cancel (th=140557300516608) at
pthread_cancel.c:40
#6 0x0000000000400767 in main (argc=1, argv=0x7fff0df7fbb8) at closetest.c:28
(gdb) bt full
#0 0x00007fd60c7b3925 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
resultvar = 0
pid = 28731
selftid = 28731
#1 0x00007fd60c7b50d8 in __GI_abort () at abort.c:91
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0},
sa_mask = {__val = {0, 0,
21, 1152921504606846978, 140557317251585, 14, 140557292101348, 0,
0, 140557317251584,
140557315052307, 11862608, 140733427743664, 832, 282584257676671,
0}},
sa_flags = 4063235, sa_restorer = 0x398e4029d0}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007fd60c7f2e6b in __libc_message (do_abort=do_abort@entry=1,
fmt=fmt@entry=0x7fd60c8f5195 "%s") at
../sysdeps/unix/sysv/linux/libc_fatal.c:198
ap = {{gp_offset = 24, fp_offset = 48, overflow_arg_area =
0x7fff0df7fa60,
reg_save_area = 0x7fff0df7f970}}
ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area =
0x7fff0df7fa60,
reg_save_area = 0x7fff0df7f970}}
fd = 3
on_2 = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
written = <optimized out>
#3 0x00007fd60c7f2f4e in __GI___libc_fatal (
message=message@entry=0x7fd60cb45b28 "libgcc_s.so.1 must be installed for
pthread_cancel to
work\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:209
No locals.
#4 0x00007fd60cb447fa in pthread_cancel_init () at
../nptl/sysdeps/pthread/unwind-forcedunwind.c:65
resume = <optimized out>
personality = <optimized out>
forcedunwind = <optimized out>
getcfa = <optimized out>
handle = 0x0
#5 0x00007fd60cb416f3 in pthread_cancel (th=140557300516608) at
pthread_cancel.c:40
pd = 0x7fd60bf7c700
result = <optimized out>
oldval = <optimized out>
newval = <optimized out>
#6 0x0000000000400767 in main (argc=1, argv=0x7fff0df7fbb8) at closetest.c:28
ptr = 0x0
id = 140557300516608
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/14680] Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close.
2012-10-07 9:25 [Bug libc/14680] New: Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close naohiro.ooiwa at miraclelinux dot com
@ 2012-10-07 9:30 ` naohiro.ooiwa at miraclelinux dot com
2012-10-07 9:40 ` naohiro.ooiwa at miraclelinux dot com
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: naohiro.ooiwa at miraclelinux dot com @ 2012-10-07 9:30 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14680
--- Comment #1 from Naohiro Ooiwa <naohiro.ooiwa at miraclelinux dot com> 2012-10-07 09:30:04 UTC ---
Created attachment 6670
--> http://sourceware.org/bugzilla/attachment.cgi?id=6670
closetest.c
reproduce program
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/14680] Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close.
2012-10-07 9:25 [Bug libc/14680] New: Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close naohiro.ooiwa at miraclelinux dot com
2012-10-07 9:30 ` [Bug libc/14680] " naohiro.ooiwa at miraclelinux dot com
@ 2012-10-07 9:40 ` naohiro.ooiwa at miraclelinux dot com
2012-10-07 17:17 ` [Bug libc/14680] [PATCH] " naohiro.ooiwa at miraclelinux dot com
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: naohiro.ooiwa at miraclelinux dot com @ 2012-10-07 9:40 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14680
--- Comment #2 from Naohiro Ooiwa <naohiro.ooiwa at miraclelinux dot com> 2012-10-07 09:40:43 UTC ---
Created attachment 6671
--> http://sourceware.org/bugzilla/attachment.cgi?id=6671
auto.sh
The attached file is wrapper shell script to execute closetest.c.
It compiles closetest.c and run closetest.
The auto.sh will stop when core file is found.
It takes a few seconds in my environment.
$ ls
auto.sh closetest.c
$ ./auto.sh
libgcc_s.so.1 must be installed for pthread_cancel to work
./auto.sh: line 12: 28731 Aborted (core dumped) ./closetest
core.28731
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/14680] [PATCH] Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close.
2012-10-07 9:25 [Bug libc/14680] New: Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close naohiro.ooiwa at miraclelinux dot com
2012-10-07 9:30 ` [Bug libc/14680] " naohiro.ooiwa at miraclelinux dot com
2012-10-07 9:40 ` naohiro.ooiwa at miraclelinux dot com
@ 2012-10-07 17:17 ` naohiro.ooiwa at miraclelinux dot com
2012-10-07 23:12 ` ppluzhnikov at google dot com
2014-06-17 4:08 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: naohiro.ooiwa at miraclelinux dot com @ 2012-10-07 17:17 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14680
Naohiro Ooiwa <naohiro.ooiwa at miraclelinux dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Crash by _libc_fatal. This |[PATCH] Crash by
|is NOT glibc bug, the cause |_libc_fatal. This is NOT
|had been double close. |glibc bug, the cause had
| |been double close.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/14680] [PATCH] Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close.
2012-10-07 9:25 [Bug libc/14680] New: Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close naohiro.ooiwa at miraclelinux dot com
` (2 preceding siblings ...)
2012-10-07 17:17 ` [Bug libc/14680] [PATCH] " naohiro.ooiwa at miraclelinux dot com
@ 2012-10-07 23:12 ` ppluzhnikov at google dot com
2014-06-17 4:08 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: ppluzhnikov at google dot com @ 2012-10-07 23:12 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14680
Paul Pluzhnikov <ppluzhnikov at google dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |ppluzhnikov at google dot
| |com
Resolution| |INVALID
--- Comment #3 from Paul Pluzhnikov <ppluzhnikov at google dot com> 2012-10-07 23:12:28 UTC ---
Closing as invalid: there is a million ways for application program to corrupt
libc state, and you can't enumerate all of them.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/14680] [PATCH] Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close.
2012-10-07 9:25 [Bug libc/14680] New: Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close naohiro.ooiwa at miraclelinux dot com
` (3 preceding siblings ...)
2012-10-07 23:12 ` ppluzhnikov at google dot com
@ 2014-06-17 4:08 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-17 4:08 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14680
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-06-17 4:08 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-10-07 9:25 [Bug libc/14680] New: Crash by _libc_fatal. This is NOT glibc bug, the cause had been double close naohiro.ooiwa at miraclelinux dot com
2012-10-07 9:30 ` [Bug libc/14680] " naohiro.ooiwa at miraclelinux dot com
2012-10-07 9:40 ` naohiro.ooiwa at miraclelinux dot com
2012-10-07 17:17 ` [Bug libc/14680] [PATCH] " naohiro.ooiwa at miraclelinux dot com
2012-10-07 23:12 ` ppluzhnikov at google dot com
2014-06-17 4:08 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).