Bug 1963710

Summary: glibc: static compilation segfaults with getpwuid(500)
Product: [Fedora] Fedora Reporter: Andrew G. Morgan <morgan>
Component: glibcAssignee: Carlos O'Donell <codonell>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 34CC: aoliva, arjun.is, codonell, dj, fweimer, law, mcermak, mfabian, pfrankli, rth, sipoyare
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-01 13:42:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrew G. Morgan 2021-05-23 15:46:25 UTC 
Description of problem:

When compiled statically, getpwuid(unnamed_uid), causes a program to core dump.

Note: This bug is a re-filing of this one:

  https://bugzilla.redhat.com/show_bug.cgi?id=1842745

That other bug was closed as fixed in F33, but while it may have fixed something upstream, it hasn't actually fixed the reason the bug was filed. So I'm filing this one.

Version-Release number of selected component (if applicable):

$ rpm -q glibc
glibc-2.33-8.fc34.x86_64

How reproducible:

100%

Steps to Reproduce:

1. create this program:

/* === bug.c === */

#include <stdio.h>
#include <sys/types.h>
#include <pwd.h>

int main(int argc, char **argv) {
  printf("call for uid=1 returns: %p\n", getpwuid(1));
  printf("call for uid=500 returns: %p\n", getpwuid(500));
}

/* ============= */

2. Compile it as follows:

gcc --static bug.c -o bug

3. run it

Actual results:

$ ./bug 
call for uid=1 returns: 0x4bd200
Segmentation fault (core dumped)

Expected results:

$ ./bug 
call for uid=1 returns: 0x4bd200
call for uid=500 returns: (nil)

Additional info:

$ gcc -g --static bug.c -o bug
$ gdb ./bug
(gdb) run
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f0029b in getauxval () from /lib64/libc.so.6
(gdb)  bt
#0  0x00007ffff7f0029b in getauxval () from /lib64/libc.so.6
#1  0x00007ffff6fbe80c in parse_environ_flags.lto_priv ()
   from /lib64/libp11-kit.so.0
#2  0x00007ffff6f291ad in _p11_kit_init () from /lib64/libp11-kit.so.0
#3  0x00000000004879de in call_init ()
#4  0x0000000000487acc in _dl_init ()
#5  0x000000000044ea15 in _dl_catch_exception ()
#6  0x000000000047747a in dl_open_worker ()
#7  0x000000000044e9b8 in _dl_catch_exception ()
#8  0x0000000000476d49 in _dl_open ()
#9  0x000000000044d506 in do_dlopen ()
#10 0x000000000044e9b8 in _dl_catch_exception ()
#11 0x000000000044ea83 in _dl_catch_error ()
#12 0x000000000044d547 in dlerror_run ()
#13 0x000000000044d9fa in __libc_dlopen_mode ()
#14 0x0000000000448db0 in module_load ()
#15 0x00000000004491f5 in __nss_module_get_function ()
#16 0x0000000000448baf in __nss_next2 ()
#17 0x0000000000445a20 in getpwuid_r ()
#18 0x000000000044580b in getpwuid ()
#19 0x00000000004017ba in main (argc=1, argv=0x7fffffffddc8) at bug.c:7
Comment 1 Florian Weimer 2021-05-23 17:01:53 UTC 
Would you please check which NSS modules are listed for passwd in /etc/nsswitch.conf and report them here? Thanks.
Comment 2 Andrew G. Morgan 2021-05-24 01:45:05 UTC 
I believe I have whatever the default install provides:

$ grep -v '^#' /etc/nsswitch.conf

passwd:     sss files systemd
group:      sss files systemd
netgroup:   sss files
automount:  sss files
services:   sss files



shadow:     files sss
hosts:      files myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns

aliases:    files
ethers:     files
gshadow:    files
networks:   files dns
protocols:  files
publickey:  files
rpc:        files
$
Comment 3 Florian Weimer 2021-05-25 14:03:54 UTC 
I've got a fix for the crash in _p11_kit_init. However, there is anothe rcrash in nss_systemd in TLS access which will need a totally different fix.
Comment 4 Florian Weimer 2021-05-25 14:52:43 UTC 
I looked at the crash site and it's the __tls_get_addr issue.
Comment 5 Carlos O'Donell 2021-06-01 13:42:45 UTC 
We are going to be tracking this issue upstream here:
https://sourceware.org/bugzilla/show_bug.cgi?id=26729

I am marking this CLOSED/UPSTREAM. We can review this again when we fix it upstream.

We know that it affects the use case of a static binary needing to access identity data.

We will review the upstream issue and backport as required to enable the fix in Fedora.

We need this fixed upstream first before it can be fixed downstream.