This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 147655 - glibc-2.3.4-7 crashes system
glibc-2.3.4-7 crashes system
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
rawhide
All Linux
medium Severity high
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
:
: 147763 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-09 21:55 EST by Lars G
Modified: 2007-11-30 17:11 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-13 09:30:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Lars G 2005-02-09 21:55:42 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041228 Firefox/1.0 Fedora/1.0-8

Description of problem:
after updating to glibc-2.3.4-7 everything went smooth firtst, 
but after some time programs started to error and the whole system went boom.
on reboot there were a lot of ****glibc detected*** errors.
some of them where in xinetd and lm_sensors.
system was nearly unusable at this point.
gladly lynx and rpm worked ok, so i fetched the previous glibc version and all is back to normal.


Version-Release number of selected component (if applicable):
glibc-2.3.4-7

How reproducible:
Always

Steps to Reproduce:
1. update to glibc-2.3.4-7
2. reboot
3. system goes nuts


Additional info:
Comment 1 Sami Farin 2005-02-10 05:50:55 EST
I upgraded from glibc-2.3.4-3 to 2.3.4-7 i686 and after that attempting to
execute any shared binary
resulted into segfault (including glibc_post_upgrade).
Running static binaries was possible, so I was able to copy over the old
libc*.so etc to get system operating.

I have Linux 2.6.10-ac10 and exec-shield-nx-2.6.10-A3.

BTW. this was my first glibc upgrade failure since 1994.
If I was able to decide, I would remove 2.3.4-7 from fedora mirrors till this
issue is resolved.
I try to debug this thingie and provide more info...
Comment 2 Sami Farin 2005-02-10 06:11:35 EST
When I unpack glibc-2.3.4-7 with rpm2cpio to /tmp/glibc-2.3.4-7 and run chroot
/tmp/glibc-2.3.4-7 /bin/bash , it seems to work.
So how am I supposed to debug this now?

I also rebooted to 2.6.10-ac12 now...
Comment 3 Sami Farin 2005-02-10 10:35:48 EST
Now tried again without chrooting, and getting segfaults.
Why shouldn't it work?

when doing "run" from gdb:

[pid  8738] 17:17:25.967126 open("/tmp/glibc-2.3.4-7/lib/tls/libc.so.6",
O_RDONLY) = 6 <0.000260>
[pid  8738] 17:17:25.967633 read(6,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340N\1"..., 512) = 512 <0.000059>
[pid  8738] 17:17:25.979312 fstat64(6, {st_dev=makedev(22, 7), st_ino=613250,
st_mode=S_IFREG|0755, st_nlink=1, st_uid=500, st_gid=500, st_blksize=4096,
st_blocks=2952, st_size=1507604, st_atime=2005/02/09-02:59:01,
st_mtime=2005/02/09-02:59:01, st_ctime=2005/02/10-13:00:42}) = 0 <0.000065>
[pid  8738] 17:17:25.979938 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fff000 <0.000059>
[pid  8738] 17:17:25.980330 old_mmap(NULL, 1207452, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0x403000 <0.000119>
[pid  8738] 17:17:25.991006 old_mmap(0x524000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 6, 0x121000) = 0x524000 <0.000174>
[pid  8738] 17:17:25.991689 old_mmap(0x528000, 7324, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x528000 <0.000076>
[pid  8738] 17:17:25.992163 close(6)    = 0 <0.013876>
[pid  8738] 17:17:26.006459 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ffe000 <0.000055>
[pid  8738] 17:17:26.007756 mprotect(0x524000, 8192, PROT_READ) = 0 <0.000723>
[pid  8738] 17:17:26.009174 mprotect(0xb61000, 4096, PROT_READ) = 0 <0.000067>
[pid  8738] 17:17:26.009628 mprotect(0xa01000, 4096, PROT_READ) = 0 <0.000055>
[pid  8738] 17:17:26.009893 set_thread_area({entry_number:-1 -> 6,
base_addr:0xb7ffe6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0 <0.000173>
[pid  8738] 17:17:26.010491 --- SIGSEGV (Segmentation fault) @ 0 (0) ---

when doing /bin/ls from bash:

[pid  8777] 17:21:16.694185 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ffe000 <0.000058>
[pid  8777] 17:21:16.694850 mprotect(0xa60000, 4096, PROT_READ) = 0 <0.000064>
[pid  8777] 17:21:16.696167 mprotect(0x232000, 8192, PROT_READ) = 0 <0.000078>
[pid  8777] 17:21:16.696661 mprotect(0x852000, 4096, PROT_READ) = 0 <0.000094>
[pid  8777] 17:21:16.697085 mprotect(0xa01000, 4096, PROT_READ) = 0 <0.000058>
[pid  8777] 17:21:16.697318 set_thread_area({entry_number:-1 -> 6,
base_addr:0xb7ffeb00, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0 <0.018424>
[pid  8777] 17:21:16.716142 set_tid_address(0xb7ffeb48) = 8777 <0.009579>
[pid  8777] 17:21:16.726081 rt_sigaction(SIGRTMIN, {0xa56380, [],
SA_RESTORER|SA_SIGINFO, 0xa5d880}, NULL, 8) = 0 <0.033668>
[pid  8777] 17:21:16.760111 rt_sigaction(SIGRT_1, {0xa563f0, [],
SA_RESTORER|SA_RESTART|SA_SIGINFO, 0xa5d880}, NULL, 8) = 0 <0.009507>
[pid  8777] 17:21:16.769989 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) =
0 <0.016678>
[pid  8777] 17:21:16.787078 getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024,
rlim_max=RLIM_INFINITY}) = 0 <0.009618>
[pid  8777] 17:21:16.797133 --- SIGSEGV (Segmentation fault) @ 0 (0) ---

/proc/*/maps for bash:
003fc000-00405000 r-xp 00000000 16:07 25918532  
/var/temp/glibc-2.3.4-7/lib/libnss_files-2.3.4.so
00405000-00406000 r--p 00008000 16:07 25918532  
/var/temp/glibc-2.3.4-7/lib/libnss_files-2.3.4.so
00406000-00407000 rw-p 00009000 16:07 25918532  
/var/temp/glibc-2.3.4-7/lib/libnss_files-2.3.4.so
00426000-00428000 r-xp 00000000 16:07 25918512  
/var/temp/glibc-2.3.4-7/lib/libdl-2.3.4.so
00428000-00429000 r--p 00001000 16:07 25918512  
/var/temp/glibc-2.3.4-7/lib/libdl-2.3.4.so
00429000-0042a000 rw-p 00002000 16:07 25918512  
/var/temp/glibc-2.3.4-7/lib/libdl-2.3.4.so
00507000-00628000 r-xp 00000000 16:07 613250    
/var/temp/glibc-2.3.4-7/lib/tls/libc-2.3.4.so
00628000-0062a000 r--p 00121000 16:07 613250    
/var/temp/glibc-2.3.4-7/lib/tls/libc-2.3.4.so
0062a000-0062c000 rw-p 00123000 16:07 613250    
/var/temp/glibc-2.3.4-7/lib/tls/libc-2.3.4.so
0062c000-0062e000 rw-p 0062c000 00:00 0 
006e1000-006e4000 r-xp 00000000 16:07 25769767  
/var/temp/glibc-2.3.4-7/lib/libtermcap.so.2.0.8
006e4000-006e5000 rw-p 00002000 16:07 25769767  
/var/temp/glibc-2.3.4-7/lib/libtermcap.so.2.0.8
00b13000-00b2c000 r-xp 00000000 16:07 25918497  
/var/temp/glibc-2.3.4-7/lib/ld-2.3.4.so
00b2c000-00b2d000 r--p 00018000 16:07 25918497  
/var/temp/glibc-2.3.4-7/lib/ld-2.3.4.so
00b2d000-00b2e000 rw-p 00019000 16:07 25918497  
/var/temp/glibc-2.3.4-7/lib/ld-2.3.4.so
08047000-080f4000 r-xp 00000000 16:01 29819430   /bin/bash
080f4000-080fa000 rw-p 000ac000 16:01 29819430   /bin/bash
080fa000-080ff000 rw-p 080fa000 00:00 0 
098cc000-09919000 rw-p 098cc000 00:00 0 
b7df5000-b7df7000 rw-p b7df5000 00:00 0 
b7df7000-b7dfd000 r--s 00000000 16:08 100882490  /usr/lib/gconv/gconv-modules.cache
b7dfd000-b7dfe000 r--p 00855000 16:08 25906382   /usr/lib/locale/locale-archive
b7dfe000-b7ffe000 r--p 00000000 16:08 25906382   /usr/lib/locale/locale-archive
b7ffe000-b8000000 rw-p b7ffe000 00:00 0 
bfe7b000-c0000000 rw-p bfe7b000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]



for which this is produced:
Feb 10 17:22:36 safari kernel: ls/8778: potentially unexpected fatal signal 11.
Feb 10 17:22:36 safari kernel: code at 00000000: 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 
Feb 10 17:22:36 safari kernel: 
Feb 10 17:22:36 safari kernel: Pid: 8778, comm:                   ls
Feb 10 17:22:36 safari kernel: EIP: 0073:[<00000000>] CPU: 0
Feb 10 17:22:36 safari kernel: EIP is at 0x0
Feb 10 17:22:36 safari kernel:  ESP: 007b:bff3c644 EFLAGS: 00010286    Not
tainted  (2.6.10-ac12)
Feb 10 17:22:36 safari kernel: EAX: b7ffeafc EBX: 0059aff4 ECX: 00000020 EDX:
0095de30
Feb 10 17:22:36 safari kernel: ESI: b7ffeafc EDI: 00a02000 EBP: bff3c914 DS:
007b ES: 007b
Feb 10 17:22:36 safari kernel: CR0: 8005003b CR2: 0000000f CR3: 04f20000 CR4:
000002d0
Feb 10 17:22:36 safari kernel:  [<c0101284>] show_regs+0x144/0x170
Feb 10 17:22:36 safari kernel:  [<c01293ba>] get_signal_to_deliver+0x26a/0x310
Feb 10 17:22:36 safari kernel:  [<c0102f70>] do_signal+0x70/0x130
Feb 10 17:22:36 safari kernel:  [<c0103069>] do_notify_resume+0x39/0x3c
Feb 10 17:22:36 safari kernel:  [<c01031ae>] work_notifysig+0x13/0x15
Feb 10 17:22:36 safari kernel: ls/8778: potentially unexpected fatal signal 11.
Feb 10 17:22:36 safari kernel: code at 00000000: 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 
Feb 10 17:22:36 safari kernel: 
Feb 10 17:22:36 safari kernel: Pid: 8778, comm:                   ls
Feb 10 17:22:36 safari kernel: EIP: 0073:[<00000000>] CPU: 0
Feb 10 17:22:36 safari kernel: EIP is at 0x0
Feb 10 17:22:36 safari kernel:  ESP: 007b:bff3c644 EFLAGS: 00010286    Not
tainted  (2.6.10-ac12)
Feb 10 17:22:36 safari kernel: EAX: b7ffeafc EBX: 0059aff4 ECX: 00000020 EDX:
0095de30
Feb 10 17:22:36 safari kernel: ESI: b7ffeafc EDI: 00a02000 EBP: bff3c914 DS:
007b ES: 007b
Feb 10 17:22:36 safari kernel: CR0: 8005003b CR2: 0000000f CR3: 04f20000 CR4:
000002d0
Feb 10 17:22:36 safari kernel:  [<c0101284>] show_regs+0x144/0x170
Feb 10 17:22:36 safari kernel:  [<c01293cf>] get_signal_to_deliver+0x27f/0x310
Feb 10 17:22:36 safari kernel:  [<c0102f70>] do_signal+0x70/0x130
Feb 10 17:22:36 safari kernel:  [<c0103069>] do_notify_resume+0x39/0x3c
Feb 10 17:22:36 safari kernel:  [<c01031ae>] work_notifysig+0x13/0x15

I can execute statically linked binaries...


however, when I chroot, it works.
here maps.
002fe000-00317000 r-xp 00000000 16:07 25918497   /lib/ld-2.3.4.so
00317000-00318000 r--p 00018000 16:07 25918497   /lib/ld-2.3.4.so
00318000-00319000 rw-p 00019000 16:07 25918497   /lib/ld-2.3.4.so
005c0000-005c2000 r-xp 00000000 16:07 25918512   /lib/libdl-2.3.4.so
005c2000-005c3000 r--p 00001000 16:07 25918512   /lib/libdl-2.3.4.so
005c3000-005c4000 rw-p 00002000 16:07 25918512   /lib/libdl-2.3.4.so
006e1000-006e4000 r-xp 00000000 16:07 25769767   /lib/libtermcap.so.2.0.8
006e4000-006e5000 rw-p 00002000 16:07 25769767   /lib/libtermcap.so.2.0.8
008ca000-008d3000 r-xp 00000000 16:07 25918532   /lib/libnss_files-2.3.4.so
008d3000-008d4000 r--p 00008000 16:07 25918532   /lib/libnss_files-2.3.4.so
008d4000-008d5000 rw-p 00009000 16:07 25918532   /lib/libnss_files-2.3.4.so
0097a000-00a9b000 r-xp 00000000 16:07 613250     /lib/tls/libc-2.3.4.so
00a9b000-00a9d000 r--p 00121000 16:07 613250     /lib/tls/libc-2.3.4.so
00a9d000-00a9f000 rw-p 00123000 16:07 613250     /lib/tls/libc-2.3.4.so
00a9f000-00aa1000 rw-p 00a9f000 00:00 0 
08047000-080f4000 r-xp 00000000 16:07 25769765   /bin/bash
080f4000-080fa000 rw-p 000ac000 16:07 25769765   /bin/bash
080fa000-080ff000 rw-p 080fa000 00:00 0 
08d10000-08d53000 rw-p 08d10000 00:00 0 
b7ffb000-b7ffe000 rw-p b7ffb000 00:00 0 
b7fff000-b8000000 r--p 00000000 16:07 29413863  
/usr/lib/locale/fi_FI.utf8/LC_IDENTIFICATION
bffe2000-c0000000 rw-p bffe2000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]


Comment 4 Michal Jaegermann 2005-02-11 00:37:56 EST
Indeed, interestingly enough forcing reinstallation of all
already present 2.3.4-7 packages seems to make things to work
again.  Not that I would expect that ....
Comment 5 Pekka Pietikäinen 2005-02-11 05:30:29 EST
It seems to be related to prelinking. I saw this too, first 
just groff (of the things I noticed) segfaulted, gdb showed
it to be doing totally random things, single stepping into
a function and the parameter it was given got corrupted.
reinstalling groff and it continued working -> suspicion turned 
to prelink. Reran prelink for the entire system -> logins no longer
worked. Single-user mode, disable prelink, reboot -> everything is fine.
Comment 6 Jakub Jelinek 2005-02-11 09:28:00 EST
I ran prelink testsuite against the new glibc and all tests failed, so it
looks like ld.so auditing changes broke prelinking.
With:
2005-02-11  Jakub Jelinek  <jakub@redhat.com>

        * elf/rtld.c (_dl_start): Set bootstrap_map.l_relocated even
        for already prelinked ld.so.

--- libc/elf/rtld.c.jj  2005-01-26 18:22:16.000000000 +0100
+++ libc/elf/rtld.c     2005-02-11 15:22:21.467797051 +0100
@@ -509,8 +509,8 @@ _dl_start (void *arg)
         data access using the global offset table.  */

       ELF_DYNAMIC_RELOCATE (&bootstrap_map, 0, 0);
-      bootstrap_map.l_relocated = 1;
     }
+  bootstrap_map.l_relocated = 1;

   /* Please note that we don't allow profiling of this object and
      therefore need not test whether we have to allocate the array

the whole prelink make check passed, so maybe this will cure the problems.
Will build new glibc and test.
Comment 7 Jakub Jelinek 2005-02-13 11:36:25 EST
*** Bug 147763 has been marked as a duplicate of this bug. ***
Comment 8 Sami Farin 2005-02-14 11:17:06 EST
2.3.4-10 is just as broken.
every non-static binary segfaults on startup.

and yes, I use prelinking.
Comment 9 Lars G 2005-02-14 23:24:52 EST
updated to new glibc, did a "prelink -a", rebooted, no errors for me.
Comment 10 David Woodhouse 2005-02-15 02:41:45 EST
Works for me too on PPC.

Note You need to log in before you can comment on or make changes to this bug.