Description of problem: Version-Release number of selected component (if applicable): glibc-common-2.34-2.fc35.x86_64 glibc-gconv-extra-2.34-2.fc35.x86_64 glibc-langpack-en-2.34-2.fc35.x86_64 glibc-2.34-2.fc35.x86_64 How reproducible: * always Steps to Reproduce: # dmesg -c >& /dev/null # find /usr -name vdso64.so /usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so /usr/lib/modules/5.14.1-300.fc35.x86_64/vdso/vdso64.so # ldd `find /usr -name vdso64.so` /usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so: ldd: exited with unknown exit code (139) # dmesg [11352.346104] ld-linux-x86-64[171717]: segfault at 7f4dd1526408 ip 00007f4dd152fef5 sp 00007fff6c8ad360 error 7 in ld-linux-x86-64.so.2[7f4dd1528000+25000] [11352.348033] Code: 06 00 00 4c 89 e6 48 29 c6 48 83 fe 0a 77 9b be 41 ff ff 6f 48 29 c6 48 89 f0 eb 8a 48 85 ff 74 71 49 8b 47 60 48 85 c0 74 04 <48> 01 78 08 49 8b 47 58 48 85 c0 74 04 48 01 78 08 49 8b 47 68 48 # Actual results: * segfault Expected results: * no segfault
# coredumpctl info -1 PID: 171717 (ld-linux-x86-64) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Thu 2021-09-09 17:59:21 CEST (4min 16s ago) Command Line: /lib64/ld-linux-x86-64.so.2 --verify /usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so Executable: /usr/lib64/ld-linux-x86-64.so.2 Control Group: /user.slice/user-0.slice/session-7.scope Unit: session-7.scope Slice: user-0.slice Session: 7 Owner UID: 0 (root) Boot ID: 3bd370f0e89d40b8b86c900230c3df64 Machine ID: 55145aeb0fda4773a99e8005c8c401ad Hostname: fedora Storage: /var/lib/systemd/coredump/core.ld-linux-x86-64.0.3bd370f0e89d40b8b86c900230c3df64.171717.1631203161000000.zst (present) Disk Size: 8.2K Message: Process 171717 (ld-linux-x86-64) of user 0 dumped core. Found module /usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so with build-id: 3ae4236b7c6b56d451d140d6e46cd907482b3222 Found module /usr/lib64/ld-linux-x86-64.so.2 with build-id: 1c18121cc82ea66475d16f60c87e7642b99a64e4 Found module linux-vdso.so.1 with build-id: ed20e76e7305a015b02ca28805e804deda0c04d0 Stack trace of thread 171717: #0 0x00007f4dd152fef5 elf_get_dynamic_info (/usr/lib64/ld-linux-x86-64.so.2 + 0x8ef5) #1 0x00007f4dd1530d38 _dl_map_object (/usr/lib64/ld-linux-x86-64.so.2 + 0x9d38) #2 0x00007f4dd15282a9 map_doit (/usr/lib64/ld-linux-x86-64.so.2 + 0x12a9) #3 0x00007f4dd154545e _dl_catch_exception (/usr/lib64/ld-linux-x86-64.so.2 + 0x1e45e) #4 0x00007f4dd1545503 _dl_catch_error (/usr/lib64/ld-linux-x86-64.so.2 + 0x1e503) #5 0x00007f4dd152d01f dl_main (/usr/lib64/ld-linux-x86-64.so.2 + 0x601f) #6 0x00007f4dd1544407 _dl_sysdep_start (/usr/lib64/ld-linux-x86-64.so.2 + 0x1d407) #7 0x00007f4dd152909f _dl_start_final (/usr/lib64/ld-linux-x86-64.so.2 + 0x209f) #8 0x00007f4dd1528098 _start (/usr/lib64/ld-linux-x86-64.so.2 + 0x1098) #
The issue is reproducible on s390x and x86_64: * https://beaker.engineering.redhat.com/jobs/5792572 Even though SELinux denials appear, the beaker job intentionally switches SELinux to permissive.
It looks like the vdso doesn't expect to be relocated because of which all of its segments are read-only, causing this crash when ld.so tries to adjust info in .dynamic. ld.so --verify should bail out if it finds that the dynamic section is read-only, perhaps with a "not relocatable" message or something similar.
Note that the upstream patch is broken: https://sourceware.org/pipermail/libc-alpha/2021-September/131287.html I had to back it out in rawhide.
FEDORA-2021-2890ebe259 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-2890ebe259
FEDORA-2021-2890ebe259 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-2890ebe259` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2890ebe259 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-2890ebe259 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.