Bug 857694 - [abrt] glibc-2.14.90-24.fc16.9: strcmp: Process /lib/ld-2.14.90.so was killed by signal 11 (SIGSEGV)
Summary: [abrt] glibc-2.14.90-24.fc16.9: strcmp: Process /lib/ld-2.14.90.so was killed...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 16
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jeff Law
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:ac1dc50097d9937029dd6d8ff17...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-09-16 10:23 UTC by ian.cullen2308
Modified: 2016-11-24 15:42 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-24 18:34:16 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: coredump (168.00 KB, text/plain)
2012-09-16 10:23 UTC, ian.cullen2308
no flags Details
The executable (ffsc) causing the issue (71.18 KB, application/octet-stream)
2012-09-23 08:06 UTC, ian.cullen2308
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Sourceware 14612 0 None None None Never

Description ian.cullen2308 2012-09-16 10:23:10 UTC
libreport version: 2.0.10
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        /lib/ld-linux.so.2 --verify ./ffsc
crash_function: strcmp
dso_list:       /lib/ld-2.14.90.so glibc-2.14.90-24.fc16.9.i686 (Fedora Project) 1346183956
executable:     /lib/ld-2.14.90.so
kernel:         3.4.9-2.fc16.i686
pid:            4218
pwd:            /home/php1ic/FFS/tmp/ffs1/client
time:           Sun 16 Sep 2012 11:11:59 AM BST
uid:            1000
username:       php1ic

backtrace:
:warning: core file may not match specified executable file.
:[New LWP 4218]
:Core was generated by `/lib/ld-linux.so.2 --verify ./ffsc'.
:Program terminated with signal 11, Segmentation fault.
:#0  strcmp () at ../sysdeps/i386/i686/strcmp.S:39
:39	../sysdeps/i386/i686/strcmp.S: No such file or directory.
:	in ../sysdeps/i386/i686/strcmp.S
:
:Thread 1 (LWP 4218):
:#0  strcmp () at ../sysdeps/i386/i686/strcmp.S:39
:No locals.
:#1  0x4b7058fa in dl_main (phdr=0x8050034, phnum=6, user_entry=0xbfc0a37c, auxv=0xbfc0a500) at rtld.c:1283
:        ph = <optimized out>
:        mode = verify
:        main_map = 0x4b725900
:        file_size = <optimized out>
:        file = <optimized out>
:        has_interp = <optimized out>
:        i = <optimized out>
:        prelinked = false
:        rtld_is_main = true
:        start = <optimized out>
:        stop = <optimized out>
:        diff = <optimized out>
:        tcbp = 0x0
:        __PRETTY_FUNCTION__ = "dl_main"
:        first_preload = <optimized out>
:        r = <optimized out>
:        rtld_ehdr = <optimized out>
:        rtld_phdr = <optimized out>
:        cnt = <optimized out>
:        preloads = <optimized out>
:        npreloads = <optimized out>
:        preload_file = "/etc/ld.so.preload"
:        rtld_multiple_ref = <optimized out>
:        was_tls_init_tp_called = <optimized out>
:#2  0x4b718d67 in _dl_sysdep_start (start_argptr=0xbfc0a410, dl_main=0x4b705420 <dl_main>) at ../elf/dl-sysdep.c:244
:        phdr = <optimized out>
:        phnum = <optimized out>
:        user_entry = 134557904
:        av = <optimized out>
:        new_sysinfo = <optimized out>
:#3  0x4b7088ba in _dl_start_final (arg=0xbfc0a410) at rtld.c:335
:        start_addr = <optimized out>
:        rtld_total_time = <optimized out>
:#4  _dl_start (arg=0xbfc0a410) at rtld.c:561
:        entry = 55
:        __PRETTY_FUNCTION__ = "_dl_start"
:#5  0x4b7042b7 in _start ()
:No symbol table info available.
:No shared libraries loaded at this time.
:No symbol "__abort_msg" in current context.
:No symbol "__glib_assert_msg" in current context.
:eax            0x0	0
:ecx            0x0	0
:edx            0x4b7035f6	1265645046
:ebx            0x4b724fc4	1265782724
:esp            0xbfc0a1cc	0xbfc0a1cc
:ebp            0xbfc0a318	0xbfc0a318
:esi            0x4b7035f6	1265645046
:edi            0x4b72583c	1265784892
:eip            0x4b71c558	0x4b71c558 <strcmp+8>
:eflags         0x210216	[ PF AF IF RF ID ]
:cs             0x73	115
:ss             0x7b	123
:ds             0x7b	123
:es             0x7b	123
:fs             0x0	0
:gs             0x0	0
:Dump of assembler code for function strcmp:
:   0x4b71c550 <+0>:	mov    0x4(%esp),%ecx
:   0x4b71c554 <+4>:	mov    0x8(%esp),%edx
:=> 0x4b71c558 <+8>:	mov    (%ecx),%al
:   0x4b71c55a <+10>:	cmp    (%edx),%al
:   0x4b71c55c <+12>:	jne    0x4b71c567 <strcmp+23>
:   0x4b71c55e <+14>:	inc    %ecx
:   0x4b71c55f <+15>:	inc    %edx
:   0x4b71c560 <+16>:	test   %al,%al
:   0x4b71c562 <+18>:	jne    0x4b71c558 <strcmp+8>
:   0x4b71c564 <+20>:	xor    %eax,%eax
:   0x4b71c566 <+22>:	ret    
:   0x4b71c567 <+23>:	mov    $0x1,%eax
:   0x4b71c56c <+28>:	mov    $0xffffffff,%ecx
:   0x4b71c571 <+33>:	cmovb  %ecx,%eax
:   0x4b71c574 <+36>:	ret    
:End of assembler dump.

build_ids:
:-
:0fd49fec908fe0b3c35859466e5dd918e02616c2
:6f895b79f95b39ef92d24ff50a16ff774b34b527

environ:
:XDG_VTNR=1
:MANPATH=/home/php1ic/TeXLive2011/texmf/doc/man:/home/php1ic/TeXLive2011/texmf/doc/man:
:XDG_SESSION_ID=2
:SSH_AGENT_PID=1491
:HOSTNAME=cullen
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GLADE_PIXMAP_PATH=:
:GPG_AGENT_INFO=/home/php1ic/.gnupg/S.gpg-agent:1513:1
:XDG_MENU_PREFIX=xfce-
:SHELL=/bin/bash
:TERM=xterm
:XDG_SESSION_COOKIE=486cb7456a1f5f5ce5bf1f9000000010-1347778508.278308-1589936698
:HISTSIZE=1000
:WINDOWID=48239902
:GNOME_KEYRING_CONTROL=/tmp/keyring-5ujKrn
:IMSETTINGS_MODULE=none
:USER=php1ic
:LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:*.pdf=00;33:*.ps=00;33:*.ps.gz=00;33:*.txt=00;33:*.patch=00;33:*.diff=00;33:*.log=00;33:*.tex=00;33:*.xls=00;33:*.xlsx=00;33:*.ppt=00;33:*.pptx=00;33:*.rtf=00;33:*.doc=00;33:*.docx=00;33:*.odt=00;33:*.ods=00;33:*.odp=00;33:*.xml=00;33:*.epub=00;33:*.abw=00;33:*.html=00;33:*.wpd=00;33:
:GLADE_MODULE_PATH=:
:SSH_AUTH_SOCK=/tmp/ssh-wQjVATGd1359/agent.1359
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1522,unix/unix:/tmp/.ICE-unix/1522
:USERNAME=php1ic
:XDG_CONFIG_DIRS=/etc/xdg
:DESKTOP_SESSION=xfce
:MAIL=/var/spool/mail/php1ic
:PATH=/home/php1ic/TeXLive2011/bin/i386-linux:/home/php1ic/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
:QT_IM_MODULE=xim
:PWD=/home/php1ic/FFS/tmp/ffs1/client
:XMODIFIERS=@im=none
:KDE_IS_PRELINKED=1
:LANG=en_US.UTF-8
:GNOME_KEYRING_PID=1355
:KDEDIRS=/usr
:GDMSESSION=xfce
:HISTIGNORE=&:ls:[bf]g:exit
:HISTCONTROL=ignoredups
:SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
:HOME=/home/php1ic
:SHLVL=4
:XDG_SEAT=seat0
:GNUTERM=x11
:LOGNAME=php1ic
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-SyMFpGiDHs,guid=3179005add4dbcf10b6b719f0000003a
:XDG_DATA_DIRS=/usr/local/share:/usr/share
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:INFOPATH=/home/php1ic/TeXLive2011/texmf/doc/info:/home/php1ic/TeXLive2011/texmf/doc/info:
:DISPLAY=:0.0
:XDG_RUNTIME_DIR=/run/user/php1ic
:GLADE_CATALOG_PATH=:
:LIBGLADE_MODULE_PATH=:
:XAUTHORITY=/var/run/gdm/auth-for-php1ic-6zj80y/database
:COLORTERM=Terminal
:_=/lib/ld-linux.so.2

maps:
:08050000-0805e000 r-xp 00000000 fd:01 1054564    /home/php1ic/FFS/tmp/ffs1/client/ffsc
:0806d000-0806f000 rwxp 0000d000 fd:01 1054564    /home/php1ic/FFS/tmp/ffs1/client/ffsc
:0806f000-08070000 rwxp 00000000 00:00 0 
:4b703000-4b724000 r-xp 00000000 fd:01 12492      /lib/ld-2.14.90.so
:4b724000-4b726000 rw-p 00020000 fd:01 12492      /lib/ld-2.14.90.so
:b770f000-b7710000 r-xp 00000000 00:00 0          [vdso]
:bfbec000-bfc0b000 rwxp 00000000 00:00 0          [stack]
:bfc0b000-bfc0d000 rw-p 00000000 00:00 0 

var_log_messages:
:Sep 16 11:11:59 cullen kernel: [11869.257228] ld-linux.so.2[4218]: segfault at 0 ip 4b71c558 sp bfc0a1cc error 4 in ld-2.14.90.so[4b703000+21000]
:Sep 16 11:11:59 cullen abrt[4219]: Saved core dump of pid 4218 (/lib/ld-2.14.90.so) to /var/spool/abrt/ccpp-2012-09-16-11:11:59-4218 (172032 bytes)

Comment 1 ian.cullen2308 2012-09-16 10:23:17 UTC
Created attachment 613389 [details]
File: coredump

Comment 2 Jeff Law 2012-09-21 18:32:49 UTC
Can you please attach the ffsc executable as well?  There's something about the contents of that executable that is causing the dynamic linker fits.

Thanks,
Jeff

Comment 3 ian.cullen2308 2012-09-23 08:06:16 UTC
Created attachment 615999 [details]
The executable (ffsc) causing the issue

Comment 4 ian.cullen2308 2012-09-23 08:13:15 UTC
FYI: This program was given to me by a friend/colleague, source and executable. I'm struggling to get it to build after a "make clean". I'll post back if he tells me something unusual is required.

Comment 5 Jeff Law 2012-09-24 17:52:06 UTC
The executable has a bogus INTERP program header as far as I can tell.  This leads to passing a NULL pointer to strcmp and the segfault.

[law@stumpy elf]$ readelf -l ~/Downloads/ffsc 

Elf file type is EXEC (Executable file)
Entry point 0x80530d0
There are 6 program headers, starting at offset 52

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  PHDR           0x000034 0x08050034 0x00000000 0x000c0 0x000c0 R E 0
  INTERP         0x0000f4 0x00000000 0x00000000 0x00011 0x00000 R   0
      [Requesting program interpreter: /usr/lib/ld.so.1]
  LOAD           0x000000 0x08050000 0x00000000 0x0d0b8 0x0d0b8 R E 0x10000
  LOAD           0x00d0b8 0x0806d0b8 0x00000000 0x01d97 0x0259c RWE 0x10000
  DYNAMIC        0x00d214 0x0806d214 0x00000000 0x000f8 0x00000 RWE 0
  NOTE           0x00ee4f 0x00000000 0x00000000 0x000c8 0x00000     0


Note the 0x0 value for the virtual address of the INTERP program header.  While obviously ld.so shouldn't segfault on the bogus header, fixing that header ought to fix your problem.

Comment 6 Jeff Law 2012-09-24 18:34:16 UTC
I've filed a suitable bug report with the upstream maintainers.  If/when they fix this problem we'll pick it up in Fedora/rawhide via our usual merging processes.


Note You need to log in before you can comment on or make changes to this bug.