Bug 174813 - nss modules crash when run under ElectricFence
nss modules crash when run under ElectricFence
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: ElectricFence (Show other bugs)
4.0
ia64 Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
:
Depends On:
Blocks: 170416
  Show dependency treegraph
 
Reported: 2005-12-02 09:16 EST by Bastien Nocera
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-24 15:25:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bastien Nocera 2005-12-02 09:16:46 EST
glibc-2.3.4-2.13

# ulimit -c unlimited
# LD_PRELOAD=/usr/lib/libefence.so ls

  Electric Fence 2.2.0 Copyright (C) 1987-1999 Bruce Perens <bruce@perens.com>
ls(24891): unaligned access to 0x200000000362bfdc, ip=0x20000000001411c1
ls(24891): unaligned access to 0x200000000362bfec, ip=0x20000000001411e1
ls(24891): unaligned access to 0x200000000362bfd4, ip=0x2000000000141450
ls(24891): unaligned access to 0x20000000037c3fec, ip=0x20000000002bbd50
Segmentation fault (core dumped)
[root@rx4640 ichihi]# gdb /bin/ls core.24891
GNU gdb Red Hat Linux (6.3.0.0-1.63rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "ia64-redhat-linux-gnu"...Using host libthread_db
library "/lib/tls/libthread_db.so.1".

Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xa000000000000000
Core was generated by `ls --color=tty'.
Program terminated with signal 11, Segmentation fault.

warning: svr4_current_sos: Can't read pathname for load map: Input/output error

Reading symbols from /usr/lib/libefence.so...Reading symbols from
/usr/lib/debug/usr/lib/libefence.so.0.0.debug...done.
done.
Loaded symbols for /usr/lib/libefence.so
Reading symbols from /lib/tls/librt.so.1...Reading symbols from
/usr/lib/debug/lib/tls/librt-2.3.4.so.debug...done.
done.
Loaded symbols for /lib/tls/librt.so.1
Reading symbols from /lib/libacl.so.1...done.
Loaded symbols for /lib/libacl.so.1
Reading symbols from /lib/libselinux.so.1...done.
Loaded symbols for /lib/libselinux.so.1
Reading symbols from /lib/tls/libc.so.6.1...Reading symbols from
/usr/lib/debug/lib/tls/libc-2.3.4.so.debug...done.
done.
Loaded symbols for /lib/tls/libc.so.6.1
Reading symbols from /lib/tls/libpthread.so.0...Reading symbols from
/usr/lib/debug/lib/tls/libpthread-2.3.4.so.debug...done.
done.
Loaded symbols for /lib/tls/libpthread.so.0
Reading symbols from /lib/ld-linux-ia64.so.2...Reading symbols from
/usr/lib/debug/lib/ld-2.3.4.so.debug...done.
done.
Loaded symbols for /lib/ld-linux-ia64.so.2
Reading symbols from /lib/libattr.so.1...done.
Loaded symbols for /lib/libattr.so.1
Reading symbols from /lib/libnss_files.so.2...Reading symbols from
/usr/lib/debug/lib/libnss_files-2.3.4.so.debug...done.
done.
Loaded symbols for /lib/libnss_files.so.2
#0  _dl_make_fptr (map=Variable "map" is not available.
) at ../sysdeps/generic/dl-fptr.c:256
256                 f->ip = (ElfW(Addr)) l->free_list;
(gdb) bt
#0  _dl_make_fptr (map=Variable "map" is not available.
) at ../sysdeps/generic/dl-fptr.c:256
#1  0x2000000000016510 in _dl_relocate_object (l=Variable "l" is not available.
)
    at ../sysdeps/ia64/dl-machine.h:560
#2  0x2000000000309f30 in dl_open_worker (a=Variable "a" is not available.
) at dl-open.c:343
#3  0x2000000000019d10 in _dl_catch_error (objname=Cannot access memory at
address 0x9804c8a70033f
) at dl-error.c:161
#4  0x200000000030b840 in *__GI__dl_open (file=Variable "file" is not
available.) at dl-open.c:577
#5  0x200000000030e9c0 in do_dlopen (ptr=0x60000fffffffaad0) at dl-libc.c:80
#6  0x2000000000019d10 in _dl_catch_error (objname=Cannot access memory at
address 0x9804c8a70033f
) at dl-error.c:161
#7  0x200000000030eb60 in *__GI___libc_dlopen_mode (
    name=0x60000fffffffab00 "libnss_files.so.2", mode=-2147483647)
    at dl-libc.c:42
#8  0x20000000002bb5f0 in *__GI___nss_lookup_function (ni=Variable "ni" is not
available.
) at nsswitch.c:344
#9  0x20000000002bb980 in __nss_lookup (ni=0x60000fffffffab40,
    fct_name=0x200000000032b6b8 "getpwuid_r", fctp=0x60000fffffffab48)
    at nsswitch.c:150
#10 0x20000000002bf710 in __nss_passwd_lookup () at ../libio/bits/stdio.h:113
#11 0x2000000000218f50 in __getpwuid_r (uid=0, resbuf=0x2000000000362290,
    buffer=0x2000000003763c00 "", buflen=1024, result=0x60000fffffffab50)
    at ../nss/getXXbyYY_r.c:171
#12 0x2000000000217eb0 in getpwuid (uid=0) at ../nss/getXXbyYY.c:135
#13 0x4000000000018fb0 in getuser (uid=0) at idcache.c:74
#14 0x4000000000006900 in format_user_width (u=0) at ls.c:3141
#15 0x40000000000077d0 in gobble_file (name=0x2000000003750063 "README",
    type=normal, explicit_arg=0, dirname=0x2000000003747ffc ".") at ls.c:2609
#16 0x400000000000d2d0 in print_dir (name=0x2000000003747ffc ".", realname=0x0)
    at ls.c:2272
#17 0x4000000000010440 in main (argc=-18752, argv=0x60000fffffffb6c8)
    at ls.c:1230
#18 0x20000000001253f0 in __libc_start_main (main=Cannot access memory at
address 0x1
)
    at ../sysdeps/generic/libc-start.c:209
#19 0x4000000000003240 in _start ()
(gdb)
Comment 1 Jakub Jelinek 2005-12-06 11:18:29 EST
That is not a glibc bug, but an ElectricFence feature, see man efence.
glibc relies on malloc etc. results being sufficiently aligned to satisfy
alignment requirement of any standard C object (see e.g.
http://www.opengroup.org/onlinepubs/009695399/functions/malloc.html
).  On IA-64 that's long double with __alignof (long double) == 16.
glibc malloc internally guarantees alignment of MALLOC_ALIGNMENT, which is
2 * sizeof (size_t).  In dlopen code actually even 8 byte alignment is enough.
But, as ElectricFence documents, it by default only returns sizeof (int)
aligned memory to catch more beyond end of object accesses and if some app
needs bigger alignment, users must use EF_ALIGNMENT=XX in environment to override
it (make the checking more forgiving and at the same time satisfying program's
alignment requirements).  So, if you use
EF_ALIGNMENT=8 LD_PRELOAD=libefence.so.0 /bin/ls -l
on IA-64, it will work just fine.

Note You need to log in before you can comment on or make changes to this bug.