Bug 2002756 - glibc: ldd segfaults when inspecting vdso/vdso64.so
Summary: glibc: ldd segfaults when inspecting vdso/vdso64.so
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 35
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Siddhesh Poyarekar
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 2007412 2007417
TreeView+ depends on / blocked
 
Reported: 2021-09-09 16:01 UTC by Milos Malik
Modified: 2021-11-06 01:26 UTC (History)
11 users (show)

Fixed In Version: glibc-2.34-8.fc35 glibc-2.34.9000-15.fc36
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2007412 2007417 (view as bug list)
Environment:
Last Closed: 2021-11-06 01:26:49 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Sourceware 28340 0 P2 ASSIGNED ld.so crashes while loading a DSO with a read-only dynamic section 2021-09-14 17:47:31 UTC

Description Milos Malik 2021-09-09 16:01:00 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
glibc-common-2.34-2.fc35.x86_64
glibc-gconv-extra-2.34-2.fc35.x86_64
glibc-langpack-en-2.34-2.fc35.x86_64
glibc-2.34-2.fc35.x86_64

How reproducible:
 * always

Steps to Reproduce:
# dmesg -c >& /dev/null
# find /usr -name vdso64.so
/usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so
/usr/lib/modules/5.14.1-300.fc35.x86_64/vdso/vdso64.so
# ldd `find /usr -name vdso64.so`
/usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so:
ldd: exited with unknown exit code (139)
# dmesg
[11352.346104] ld-linux-x86-64[171717]: segfault at 7f4dd1526408 ip 00007f4dd152fef5 sp 00007fff6c8ad360 error 7 in ld-linux-x86-64.so.2[7f4dd1528000+25000]
[11352.348033] Code: 06 00 00 4c 89 e6 48 29 c6 48 83 fe 0a 77 9b be 41 ff ff 6f 48 29 c6 48 89 f0 eb 8a 48 85 ff 74 71 49 8b 47 60 48 85 c0 74 04 <48> 01 78 08 49 8b 47 58 48 85 c0 74 04 48 01 78 08 49 8b 47 68 48
#

Actual results:
 * segfault

Expected results:
 * no segfault
Comment 2 Milos Malik 2021-09-09 16:04:15 UTC 
# coredumpctl info -1
           PID: 171717 (ld-linux-x86-64)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 11 (SEGV)
     Timestamp: Thu 2021-09-09 17:59:21 CEST (4min 16s ago)
  Command Line: /lib64/ld-linux-x86-64.so.2 --verify /usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so
    Executable: /usr/lib64/ld-linux-x86-64.so.2
 Control Group: /user.slice/user-0.slice/session-7.scope
          Unit: session-7.scope
         Slice: user-0.slice
       Session: 7
     Owner UID: 0 (root)
       Boot ID: 3bd370f0e89d40b8b86c900230c3df64
    Machine ID: 55145aeb0fda4773a99e8005c8c401ad
      Hostname: fedora
       Storage: /var/lib/systemd/coredump/core.ld-linux-x86-64.0.3bd370f0e89d40b8b86c900230c3df64.171717.1631203161000000.zst (present)
     Disk Size: 8.2K
       Message: Process 171717 (ld-linux-x86-64) of user 0 dumped core.
                
                Found module /usr/lib/modules/5.14.0-60.fc35.x86_64/vdso/vdso64.so with build-id: 3ae4236b7c6b56d451d140d6e46cd907482b3222
                Found module /usr/lib64/ld-linux-x86-64.so.2 with build-id: 1c18121cc82ea66475d16f60c87e7642b99a64e4
                Found module linux-vdso.so.1 with build-id: ed20e76e7305a015b02ca28805e804deda0c04d0
                Stack trace of thread 171717:
                #0  0x00007f4dd152fef5 elf_get_dynamic_info (/usr/lib64/ld-linux-x86-64.so.2 + 0x8ef5)
                #1  0x00007f4dd1530d38 _dl_map_object (/usr/lib64/ld-linux-x86-64.so.2 + 0x9d38)
                #2  0x00007f4dd15282a9 map_doit (/usr/lib64/ld-linux-x86-64.so.2 + 0x12a9)
                #3  0x00007f4dd154545e _dl_catch_exception (/usr/lib64/ld-linux-x86-64.so.2 + 0x1e45e)
                #4  0x00007f4dd1545503 _dl_catch_error (/usr/lib64/ld-linux-x86-64.so.2 + 0x1e503)
                #5  0x00007f4dd152d01f dl_main (/usr/lib64/ld-linux-x86-64.so.2 + 0x601f)
                #6  0x00007f4dd1544407 _dl_sysdep_start (/usr/lib64/ld-linux-x86-64.so.2 + 0x1d407)
                #7  0x00007f4dd152909f _dl_start_final (/usr/lib64/ld-linux-x86-64.so.2 + 0x209f)
                #8  0x00007f4dd1528098 _start (/usr/lib64/ld-linux-x86-64.so.2 + 0x1098)
#
Comment 3 Milos Malik 2021-09-10 17:24:18 UTC 
The issue is reproducible on s390x and x86_64:
 * https://beaker.engineering.redhat.com/jobs/5792572

Even though SELinux denials appear, the beaker job intentionally switches SELinux to permissive.
Comment 4 Siddhesh Poyarekar 2021-09-14 14:39:50 UTC 
It looks like the vdso doesn't expect to be relocated because of which all of its segments are read-only, causing this crash when ld.so tries to adjust info in .dynamic.  ld.so --verify should bail out if it finds that the dynamic section is read-only, perhaps with a "not relocatable" message or something similar.
Comment 5 Florian Weimer 2021-09-23 19:24:20 UTC 
Note that the upstream patch is broken: https://sourceware.org/pipermail/libc-alpha/2021-September/131287.html

I had to back it out in rawhide.
Comment 6 Fedora Update System 2021-11-03 12:03:23 UTC 
FEDORA-2021-2890ebe259 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-2890ebe259
Comment 7 Fedora Update System 2021-11-04 14:08:29 UTC 
FEDORA-2021-2890ebe259 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-2890ebe259`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-2890ebe259

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Fedora Update System 2021-11-06 01:26:49 UTC 
FEDORA-2021-2890ebe259 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.