public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug dynamic-link/27772] New: Inconsistency detected by ld.so: dl-fini.c: 88: _dl_fini: Assertion `ns != LM_ID_BASE || i == nloaded' failed!
@ 2021-04-23 20:38 bugzilla at scorecrow dot com
2021-04-26 6:25 ` [Bug dynamic-link/27772] " fweimer at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: bugzilla at scorecrow dot com @ 2021-04-23 20:38 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27772
Bug ID: 27772
Summary: Inconsistency detected by ld.so: dl-fini.c: 88:
_dl_fini: Assertion `ns != LM_ID_BASE || i == nloaded'
failed!
Product: glibc
Version: 2.3.3
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: bugzilla at scorecrow dot com
Target Milestone: ---
Created attachment 13397
--> https://sourceware.org/bugzilla/attachment.cgi?id=13397&action=edit
Zip with two files: sample code to reproduce and patch diff
Overview:
The dynamic linker's finalizer crashes if it's not (directly or indirectly) in
the library dependencies of the loaded application.
Steps to reproduce:
Compile and run a self-contained program calling the dynamic linker's finalizer
(received in %rdx on x86-64 according to the ABI docs) before exit, with link
options specifying that a dynamic linker shall be used, but without linking to
something that pulls in the dynamic linker itself (be careful: libc.so.6 does),
e.g. with these GCC options: -nostdlib
-Wl,-dynamic-linker=/lib64/ld-linux-x86-64.so.2
# filename: dl_fini_assert_nloaded_test.S
#include <asm/unistd_64.h>
.text
.globl _start
.type _start, @function
_start:
test %rdx, %rdx # this register is where the dynamic linker's finalizer
# address is passed, can be $0 if none exists
jz .no_dl_fini
call *%rdx
.no_dl_fini:
mov $0, %edi
mov __NR_exit, %eax
syscall
Actual Results:
Crash, with the assertion failure message listed above.
Expected Results:
Clean exit.
Build Date & Hardware:
2021-04-21 on Arch Linux
- glibc version: 2.33 (as tested; should affect every version since 2.2)
- kernel: Linux 5.11 (as tested; should not matter for the glibc code, but my
test case assumes Linux for the exit syscall and for the linker options)
- architecture: x86-64 (as tested; should not matter for the glibc code, but my
assembly test case clearly needs it)
- compiler and linker versions: GCC 10.2.0, ld 2.36.1 (as tested; shouldn't
matter for the glibc code, but my test case is written with GCC in mind)
Additional Information:
I tracked this issue down to where the rtld function dl_main temporarily adds
the rtld itself to the list of loaded libraries, then removes it later if it's
not in the dependencies of other libraries loaded in the meantime. libc.so.6
does have such a dependency, so this code path is rarely used, because almost
all software uses the shared version of the C standard library in some way or
is statically linked (in the latter case, the rtld generally isn't used to
launch the software in the first place). The bug is simply that during removal
the counter for loaded objects isn't decremented. This mismatch then gets
noticed when the rtld finalizer is called, triggering an assertion.
The bug exists since commit 1ebba33ece5a998d3d79fa14adca3ae7985cbff5 made way
back in August 2000, which introduced this counter. There are sporadic
occurrences of the crash message on the web, e.g. in the FreePascal bug
tracker, but apparently nobody went the extra mile to properly report or fix
it.
# filename: dl_fini_assert_nloaded_fix.diff
diff --git a/elf/rtld.c b/elf/rtld.c
index 94a00e2049..849a449e77 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2007,6 +2007,8 @@ dl_main (const ElfW(Phdr) *phdr,
GL(dl_rtld_map).l_next->l_prev = &GL(dl_rtld_map);
}
}
+ else
+ --GL(dl_ns)[LM_ID_BASE]._ns_nloaded;
/* Now let us see whether all libraries are available in the
versions we need. */
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug dynamic-link/27772] Inconsistency detected by ld.so: dl-fini.c: 88: _dl_fini: Assertion `ns != LM_ID_BASE || i == nloaded' failed!
2021-04-23 20:38 [Bug dynamic-link/27772] New: Inconsistency detected by ld.so: dl-fini.c: 88: _dl_fini: Assertion `ns != LM_ID_BASE || i == nloaded' failed! bugzilla at scorecrow dot com
@ 2021-04-26 6:25 ` fweimer at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: fweimer at redhat dot com @ 2021-04-26 6:25 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27772
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
See Also| |https://sourceware.org/bugz
| |illa/show_bug.cgi?id=25486,
| |https://sourceware.org/bugz
| |illa/show_bug.cgi?id=27744
--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
We should probably delete the code that removes ld.so link map if it is not
needed. The entire reordering should no longer be necessarily once bug 25486 is
fully fixed (which points to a different way of fixing bug 27744).
You really need to use the glibc-supplied startup files when linking, there is
no way around that.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-04-26 6:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-23 20:38 [Bug dynamic-link/27772] New: Inconsistency detected by ld.so: dl-fini.c: 88: _dl_fini: Assertion `ns != LM_ID_BASE || i == nloaded' failed! bugzilla at scorecrow dot com
2021-04-26 6:25 ` [Bug dynamic-link/27772] " fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).