Bug 2002756

Summary: glibc: ldd segfaults when inspecting vdso/vdso64.so
Product: [Fedora] Fedora Reporter: Milos Malik <mmalik>
Component: glibcAssignee: Siddhesh Poyarekar <sipoyare>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 35CC: aoliva, arjun.is, codonell, dj, fweimer, law, mcermak, mfabian, pfrankli, rth, sipoyare
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: glibc-2.34-8.fc35 glibc-2.34.9000-15.fc36 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2007412 2007417 (view as bug list) Environment:
Last Closed: 2021-11-06 01:26:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2007412, 2007417    

Description Milos Malik 2021-09-09 16:01:00 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
glibc-common-2.34-2.fc35.x86_64
glibc-gconv-extra-2.34-2.fc35.x86_64
glibc-langpack-en-2.34-2.fc35.x86_64
glibc-2.34-2.fc35.x86_64

How reproducible:
 * always

Steps to Reproduce:
# dmesg -c >& /dev/null
# find /usr -name vdso64.so
/usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so
/usr/lib/modules/5.14.1-300.fc35.x86_64/vdso/vdso64.so
# ldd `find /usr -name vdso64.so`
/usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so:
ldd: exited with unknown exit code (139)
# dmesg
[11352.346104] ld-linux-x86-64[171717]: segfault at 7f4dd1526408 ip 00007f4dd152fef5 sp 00007fff6c8ad360 error 7 in ld-linux-x86-64.so.2[7f4dd1528000+25000]
[11352.348033] Code: 06 00 00 4c 89 e6 48 29 c6 48 83 fe 0a 77 9b be 41 ff ff 6f 48 29 c6 48 89 f0 eb 8a 48 85 ff 74 71 49 8b 47 60 48 85 c0 74 04 <48> 01 78 08 49 8b 47 58 48 85 c0 74 04 48 01 78 08 49 8b 47 68 48
#

Actual results:
 * segfault

Expected results:
 * no segfault
Comment 2 Milos Malik 2021-09-09 16:04:15 UTC 
# coredumpctl info -1
           PID: 171717 (ld-linux-x86-64)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 11 (SEGV)
     Timestamp: Thu 2021-09-09 17:59:21 CEST (4min 16s ago)
  Command Line: /lib64/ld-linux-x86-64.so.2 --verify /usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so
    Executable: /usr/lib64/ld-linux-x86-64.so.2
 Control Group: /user.slice/user-0.slice/session-7.scope
          Unit: session-7.scope
         Slice: user-0.slice
       Session: 7
     Owner UID: 0 (root)
       Boot ID: 3bd370f0e89d40b8b86c900230c3df64
    Machine ID: 55145aeb0fda4773a99e8005c8c401ad
      Hostname: fedora
       Storage: /var/lib/systemd/coredump/core.ld-linux-x86-64.0.3bd370f0e89d40b8b86c900230c3df64.171717.1631203161000000.zst (present)
     Disk Size: 8.2K
       Message: Process 171717 (ld-linux-x86-64) of user 0 dumped core.
                
                Found module /usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so with build-id: 3ae4236b7c6b56d451d140d6e46cd907482b3222
                Found module /usr/lib64/ld-linux-x86-64.so.2 with build-id: 1c18121cc82ea66475d16f60c87e7642b99a64e4
                Found module linux-vdso.so.1 with build-id: ed20e76e7305a015b02ca28805e804deda0c04d0
                Stack trace of thread 171717:
                #0  0x00007f4dd152fef5 elf_get_dynamic_info (/usr/lib64/ld-linux-x86-64.so.2 + 0x8ef5)
                #1  0x00007f4dd1530d38 _dl_map_object (/usr/lib64/ld-linux-x86-64.so.2 + 0x9d38)
                #2  0x00007f4dd15282a9 map_doit (/usr/lib64/ld-linux-x86-64.so.2 + 0x12a9)
                #3  0x00007f4dd154545e _dl_catch_exception (/usr/lib64/ld-linux-x86-64.so.2 + 0x1e45e)
                #4  0x00007f4dd1545503 _dl_catch_error (/usr/lib64/ld-linux-x86-64.so.2 + 0x1e503)
                #5  0x00007f4dd152d01f dl_main (/usr/lib64/ld-linux-x86-64.so.2 + 0x601f)
                #6  0x00007f4dd1544407 _dl_sysdep_start (/usr/lib64/ld-linux-x86-64.so.2 + 0x1d407)
                #7  0x00007f4dd152909f _dl_start_final (/usr/lib64/ld-linux-x86-64.so.2 + 0x209f)
                #8  0x00007f4dd1528098 _start (/usr/lib64/ld-linux-x86-64.so.2 + 0x1098)
#
Comment 3 Milos Malik 2021-09-10 17:24:18 UTC 
The issue is reproducible on s390x and x86_64:
 * https://beaker.engineering.redhat.com/jobs/5792572

Even though SELinux denials appear, the beaker job intentionally switches SELinux to permissive.
Comment 4 Siddhesh Poyarekar 2021-09-14 14:39:50 UTC 
It looks like the vdso doesn't expect to be relocated because of which all of its segments are read-only, causing this crash when ld.so tries to adjust info in .dynamic.  ld.so --verify should bail out if it finds that the dynamic section is read-only, perhaps with a "not relocatable" message or something similar.
Comment 5 Florian Weimer 2021-09-23 19:24:20 UTC 
Note that the upstream patch is broken: https://sourceware.org/pipermail/libc-alpha/2021-September/131287.html

I had to back it out in rawhide.
Comment 6 Fedora Update System 2021-11-03 12:03:23 UTC 
FEDORA-2021-2890ebe259 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-2890ebe259
Comment 7 Fedora Update System 2021-11-04 14:08:29 UTC 
FEDORA-2021-2890ebe259 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-2890ebe259`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2890ebe259

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Fedora Update System 2021-11-06 01:26:49 UTC 
FEDORA-2021-2890ebe259 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.