Bug 140526
| Summary: | bash in /chroot/mldonkey from atrpms seg fault after upgrade from fc2 to fc3 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Wesley Tanaka <wtanaka> | ||||||
| Component: | bash | Assignee: | Tim Waugh <twaugh> | ||||||
| Status: | CLOSED NOTABUG | QA Contact: | |||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 3 | ||||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | i686 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2004-11-29 13:34:30 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Wesley Tanaka
2004-11-23 13:40:23 UTC
This command also crashes, which leads me to believe that the crash might be /bin/bash crashing ~ % sudo /usr/bin/compartment --chroot /chroot/mldonkey --verbose /bin/sh Password: I am in verbose mode now Chrooted sucessfully to /chroot/mldonkey FD_CLOEXEC successfully set on all filedescriptors > 2 core size limit successfully set to 0 bytes zsh: segmentation fault sudo /usr/bin/compartment --chroot /chroot/mldonkey --verbose /bin/sh What about if you boot with 'vdso=0' on the kernel command line? Created attachment 107296 [details]
/etc/rc.d/init.d/mldonkey script which creates chroot environment
The chroot environment is created by the attached startup script
I copied /sbin/sash into /chroot/mldonkey/bin, and
"sudo chroot /chroot/mldonkey /bin/sash"
works
% sudo chroot /chroot/mldonkey /bin/sash
Stand-alone shell (version 3.7)
>
bash version is bash-3.0-17 in case this is a bash crash
Computer is in a bar and we're open right now, so I can't reboot to
try vdso=0 right now.
I strongly suspect that this is another instance of bug #121351. Let me know what happens when you get a chance to reboot. Thanks. Rebooted with vsdo=0
grub.conf contains:
title Fedora Core (2.6.9-1.667)
root (hd0,0)
kernel /boot/vmlinuz-2.6.9-1.667 vdso=0 ro root=LABEL=/ rhgb
initrd /boot/initrd-2.6.9-1.667.img
crash still occurs
And /proc/cmdline has vdso=0 in it? Okay, let's try tracing the syscalls: strace chroot /chroot/mldonkey/ If we get as far as the execve call and that works, it's a problem with the atrpms package. /proc/cmdline indeed has vdso=0 in it: ~ % cat /proc/cmdline vdso=0 ro root=LABEL=/ rhgb Created attachment 107373 [details]
sudo strace chroot /chroot/mldonkey /bin/bash |& tee /tmp/log.txt
Looks like the exec happens and bash crashes shortly after trying to open
/dev/tty
/dev % rpm -q bash; md5sum /bin/bash; sudo md5sum /chroot/mldonkey/bin/bash bash-3.0-17 ba7735421280d1a05eb3118d8c100db5 /bin/bash ba7735421280d1a05eb3118d8c100db5 /chroot/mldonkey/bin/bash (Now you need to report the bug to the atrpms people: we don't ship those binaries.) Shouldn't bash produce some sort of useful error message instead of crashing? Well, it shouldn't crash of course. But:
> trying to chroot into a
> /chroot/mldonkey directory as created by the
> mldonkey-backend-2.5.28-41.rhfc3.at rpm from atrpms
So you're running a bash binary that *we* haven't shipped -- so who
knows what's in it? It might have bad patches in or all sorts. I
don't even know what *version* it is -- so you need to talk to the
atrpms folk who compiled it, and sort them problem out with them.
This forum is for bugs in code contained in Red Hat repositories, not
third parties.
The bash in question verifies with rpm --verify bash and is the same binary as the one in /chroot/mldonkey/bin via comparing md5sum (see comment #10) It's the one that was on my system after the upgrade from fc2 to fc3, and is shipped by redhat: $ rpm -qi bash | grep Vendor Version : 3.0 Vendor: Red Hat, Inc. Ah, okay, that wasn't clear. I can't reproduce this here. Try this: gdb --args /usr/sbin/chroot /chroot/mldonkey (gdb) run It would also be interesting to know what the last few lines of 'dmesg' output are after the segfault. % sudo gdb --args /usr/sbin/chroot /chroot/mldonkey /bin/bash Password: GNU gdb Red Hat Linux (6.1post-1.20040607.41rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols found)...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) run Starting program: /usr/sbin/chroot /chroot/mldonkey /bin/bash (no debugging symbols found)...(no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. 0x00000000 in ?? () (gdb) bt #0 0x00000000 in ?? () #1 0xf6fb25a8 in translit_to_tbl () from /lib/tls/libc.so.6 #2 0xf6fff1a0 in _rtld_local () from /lib/ld-linux.so.2 #3 0xf6fff360 in _rtld_local () from /lib/ld-linux.so.2 #4 0xf6ff4510 in _dl_map_object_deps () from /lib/ld-linux.so.2 #5 0xf6ff8711 in _dl_show_auxv () from /lib/ld-linux.so.2 #6 0xfefe563c in ?? () #7 0x00000006 in ?? () #8 0x00000000 in ?? () (gdb) quit The program is running. Exit anyway? (y or n) y I'm downloading glibc debuginfo packages, but it's going slow. share/mldonkey/incoming % sudo /usr/sbin/chroot /chroot/mldonkey /bin/bash; dmesg| grep -v INPUT-CHAIN zsh: segmentation fault sudo /usr/sbin/chroot /chroot/mldonkey /bin/bash ST=218.63.230.91 LEN=47 TOS=0x00 PREC=0x00 TTL=106 ID=4655 PROTO=UDP SPT=3360 DPT=10366 LEN=27 dmesg only lists firewall log messages Which debuginfo packages should I install (if any?) bash-debuginfo and glibc-debuginfo (get the i686 architecture), and also glibc-debuginfo-common please. Luckily, those are the three I downloaded in the background during the
day here.
/tmp % rpm -q bash-debuginfo glibc-debuginfo glibc-debuginfo-common
bash-debuginfo-3.0-17
glibc-debuginfo-2.3.3-74
glibc-debuginfo-common-2.3.3-74
glibc-debuginfo is the i686 version.
/tmp % sudo gdb --args /usr/sbin/chroot /chroot/mldonkey /bin/bash
GNU gdb Red Hat Linux (6.1post-1.20040607.41rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging
symbols found)...Using host libthread_db library
"/lib/tls/libthread_db.so.1".
(gdb) run
Starting program: /usr/sbin/chroot /chroot/mldonkey /bin/bash
Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) bt
#0 0x00000000 in ?? ()
#1 0xf6fb25a8 in ?? () from /lib/tls/libc.so.6
#2 0xf6fff1a0 in ?? () from /lib/ld-linux.so.2
#3 0xf6fff360 in ?? () from /lib/ld-linux.so.2
#4 0xf6ff4510 in _dl_map_object_deps (map=0xf6ff8711,
preloads=0xf6ff4510,
npreloads=4143969120, trace_mode=0, open_mode=1) at dl-deps.c:432
#5 0xf6f1bc7c in ____wcstod_l_internal (nptr=0x8, endptr=0xf6fdaff4,
group=-17559752, loc=0xf6f1b195) at strtod_l.c:485
#6 0xf6f1c263 in ____wcstod_l_internal (nptr=0x5, endptr=0xf6edd0a8,
group=-151146508, loc=0x0) at strtod_l.c:1058
#7 0xf6f1b195 in __wcstoll_l (nptr=0xf6f1bb40, endptr=0xf6f1bb40,
base=-151930048, loc=0xf6f1bb40) at strtol_l.c:555
#8 0xf6edd0a8 in str_to_mpn (str=0x8 <Address 0x8 out of bounds>,
digcnt=4,
n=0xfef6cd91, nsize=0x5, exponent=0x0, decimal=0x0,
decimal_len=4142697168, thousands=0xf6ec39b8 "") at gmp.h:466
#9 0xf6ed7965 in *__GI_____strtoll_l_internal (nptr=0xfef6cd8b
"en_US.UTF-8",
endptr=0xf6fc8534, base=5, group=0, loc=0xfef41214) at strtol_l.c:447
#10 0xf6ed6ae5 in *__GI___strtol_internal (
nptr=0xf6f1bb40 "U\211�\203�h\211]�\211u�� \021��\201ã�\v",
endptr=0xf6f1bb40, base=-151930048, group=-151930048)
at ../sysdeps/generic/strtol.c:100
#11 0xf6ed6513 in nrand48 (xsubi=0xf6f1bb40) at nrand48.c:26
#12 0x08090ceb in ?? ()
#13 0x00000006 in ?? ()
#14 0x080d5fa7 in ?? ()
#15 0xf6f6e47c in __tdelete (key=0x80e2200, vrootp=0x1, compar=0x6461)
at tsearch.c:544
#16 0x0805c0fb in ?? ()
#17 0x080e2200 in ?? ()
#18 0x00000001 in ?? ()
---Type <return> to continue, or q <return> to quit---
#19 0x00006461 in ?? ()
#20 0x00000000 in ?? ()
(gdb) The program is running. Exit anyway? (y or n) y
Try this: env - /usr/sbin/chroot /chroot/mldonkey /bin/bash Also crashes: Program received signal SIGSEGV, Segmentation fault. 0x00000000 in ?? () (gdb) bt #0 0x00000000 in ?? () #1 0xf6fb25a8 in ?? () from /lib/tls/libc.so.6 #2 0xf6fff1a0 in ?? () from /lib/ld-linux.so.2 #3 0xf6fe35a0 in ?? () #4 0x00000001 in ?? () #5 0x00000000 in ?? () Hmm. Well I can't get it to happen here. Could you tar up the chroot environment and attach it here? # chroot /chroot/bug140526/ /bin/bash Segmentation fault # tar cf - /chroot/bug140526/ | gzip -9 -c > bug140526.tar.gz tar: Removing leading `/' from member names tar: /chroot/bug140526/dev/log: socket ignored # ls -l /chroot/bug140526/dev/log srw-rw-rw- 1 mldonkey mldonkey 0 Nov 26 09:31 /chroot/bug140526/dev/log The file was too big to attach, so I am putting it up at: http://ofb.net/~wtanaka/temp/bug140526.tar.gz Can you reproduce the bug with that tar file? Yes, but the ld-linux.so.2 does not correspond to the version we actually shipped (glibc-2.3.3-74). When I copy in the correct version it works fine. Whoops. That fixes everything here too. |