[Bug dynamic-link/31732] ld.so is trapped in __libc_csu_init function, no return or forward when load a normal ELF process

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "liaozhicai at cigtech dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug dynamic-link/31732] ld.so is trapped in __libc_csu_init function, no return or forward when load a normal ELF process
Date: Thu, 27 Jun 2024 02:05:48 +0000	[thread overview]
Message-ID: <bug-31732-131-mHycYQ6m3L@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-31732-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=31732

--- Comment #8 from Liao Zhicai <liaozhicai at cigtech dot com> ---
(In reply to Florian Weimer from comment #7)
> This could be stack corruption by an ELF constructor, overwriting the stored
> return address.

when exception occurred, the address stored in ra and the value stored in the
address is the same as normal.
the returned address is 0x773b65e4, and the value stored in 0x773b65e4 is
0x8fbc0010(lw gp,16(sp)), a normal mips32 instruction.

also, we printed what the function __libc_csu_init in memory was, and shows
that nothing wrong with it.

[13:12:220][   44.775721] do_ri:1219 send sigill(st:-1 -1 -1 -1 -1 -1) cpu(1 1
1 1)
[13:12:220][   44.782016] do_ri:1241 send sigill status:-1 cause:0x00000028
badvaddr:0x55664000 cp-st:0x00009c0c lo-0x04674ed1 hi-0x00000002
last-0x00000000
[13:12:220][   44.794849] 32Reg:00000000 00000001 00000000 00000000 55686084
00000000 7fd651dc ffffffff 7752ce50 7752ce50 00000000 00000000 7fd64f58
0000000b 00000000 77f2f000
[13:12:221][   44.794849] 55663f60 00000000 00000000 7f8b8b2c 555c4124 77f05000
77f73ac8 b17eee51 00000000 00000000 00000010 00000000 5568e080 7fd65020
555d6190 773b65e4
[13:12:235][   44.823122] do_ri:1252 send sigill epc:0x55664000
r31:0x773b65e4(0x8fbc0010 0x8f8294e8 0x8c5400c8 0x16800032)
[13:12:235]sno:4 Fault address:0 s-code:128 eno:0
[13:12:457]/lib/libc.so.6(+0x3179a160) [0x773b6160]
[13:12:458]linux-vdso.so.1(+0x920) [0x7ff67920]
[13:12:458]/usr/bin/MecMgr(__libc_csu_init+0xa2) [0x55664002]
[13:12:459]txt(0x55664002):0x08 00 e0 03 38 00 bd 27 0800e003 00000000
[13:12:460]00000000 3400bf8f 3000b58f 2c00b48f
[13:12:460]2800b38f 2400b28f 2000b18f 1c00b08f
[13:12:461]start address:0x55663f04
[13:12:462]00:03e00008 00a21023 0082102b 14400007
[13:12:462]01:8f838c14 00042602 24050008 00642021
[13:12:462]02:90820000 03e00008 00a21023 00042402
[13:12:463]03:24050010 00642021 90820000 03e00008
[13:12:463]04:00a21023 00042202 24050018 00642021
[13:12:464]05:90820000 03e00008 00a21023 3c1c0003
[13:12:464]06:279ca120 0399e021 27bdffc8 afbf0034
[13:12:465]07:afb50030 afb4002c afb30028 afb20024
[13:12:465]08:afb10020 afb0001c 00809825 8f998c1c
[13:12:466]09:00a0a025 afbc0010 0320f809 00c0a825
[13:12:466]10:8fbc0010 8f908c20 8f928c24 02509023
[13:12:467]11:00129083 1240000a 00008825 8e190000
[13:12:467]12:02a03025 02802825 26310001 02602025
[13:12:468]13:0320f809 26100004 1651fff8 00000000
[13:12:469]14:8fbf0034 8fb50030 8fb4002c 8fb30028
[13:12:469]15:8fb20024 8fb10020 8fb0001c 03e00008
[13:12:470]16:27bd0038 03e00008 00000000 8f998010
[13:12:470]17:03e07825 0320f809 241803dc 8f998010
[13:12:476]18:03e07825 0320f809 241803db 8f998010
[13:12:477]19:03e07825 0320f809 241803da 8f998010

-- 
You are receiving this mail because:
You are on the CC list for the bug.

next prev parent reply	other threads:[~2024-06-27  2:05 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-13  3:06 [Bug dynamic-link/31732] New: " liaozhicai at cigtech dot com
2024-05-14  9:58 ` [Bug dynamic-link/31732] " fweimer at redhat dot com
2024-05-16  3:12 ` liaozhicai at cigtech dot com
2024-05-16 11:47 ` fweimer at redhat dot com
2024-05-17  2:34 ` liaozhicai at cigtech dot com
2024-05-17  8:55 ` fweimer at redhat dot com
2024-06-26  8:09 ` liaozhicai at cigtech dot com
2024-06-26  8:12 ` fweimer at redhat dot com
2024-06-27  2:05 ` liaozhicai at cigtech dot com [this message]
2024-06-27  2:22 ` liaozhicai at cigtech dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-31732-131-mHycYQ6m3L@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=glibc-bugs@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).