[Bug 1821677] [NEW] dl_open segment fault in ubuntu18.10 glibc2.28

hongtao.liu 1821677 at bugs.launchpad.net
Tue Mar 26 05:13:35 UTC 2019 

Public bug reported:

With following testcase:

~/work/glibc$ cat foo.c

#include <dlfcn.h>
#include <stdio.h>
 
int main(int argc, char **argv) {
  if (argc < 1) return 1;
  printf("Trying to open %s\n", argv[1]);
  void *liball = dlopen(argv[1], RTLD_NOW);
  if(liball == NULL) {
    printf("\nERROR: %s", dlerror());
    return -1;
  }
  if(dlclose(liball)==0) {printf("\n all ok\n");}
  return 0;
}

compile with 
~/work/glibc$ gcc -O0 -g foo.c -ldl

then get segment fault:

~/work/glibc$ ./a.out intel64_lin/libsvml.so 
Trying to open intel64_lin/libsvml.so
Segmentation fault (core dumped)

coredump as:

(gdb) bt
#0  __GI___libc_free (mem=0x7ffff7d49010) at malloc.c:3085
#1  0x00007ffff7fdb6b6 in open_verify (
    name=0x555555559670 "/home/lilicui/intel64_lin/libsvml.so", 
    fbp=fbp at entry=0x7fffffffd530, loader=<optimized out>, 
    mode=mode at entry=-1879048190, 
    found_other_class=found_other_class at entry=0x7fffffffd51f, free_name=true, 
    whatcode=0, fd=3) at dl-load.c:1977
#2  0x00007ffff7fdc926 in _dl_map_object (loader=loader at entry=0x7ffff7ffe190, 
    name=name at entry=0x7fffffffe1b7 "/home/lilicui/intel64_lin/libsvml.so", 
    type=type at entry=2, trace_mode=trace_mode at entry=0, 
    mode=mode at entry=-1879048190, nsid=<optimized out>) at dl-load.c:2401
#3  0x00007ffff7fe79c4 in dl_open_worker (a=a at entry=0x7fffffffdaa0)
    at dl-open.c:228
#4  0x00007ffff7f1b48f in __GI__dl_catch_exception (exception=<optimized out>, 
    operate=<optimized out>, args=<optimized out>) at dl-error-skeleton.c:196
#5  0x00007ffff7fe72c6 in _dl_open (
    file=0x7fffffffe1b7 "/home/lilicui/intel64_lin/libsvml.so", 
    mode=-2147483646, caller_dlopen=0x5555555551cb <main+86>, 
    nsid=<optimized out>, argc=2, argv=0x7fffffffde08, env=0x7fffffffde20)
    at dl-open.c:599
#6  0x00007ffff7faa256 in dlopen_doit (a=a at entry=0x7fffffffdcc0) at dlopen.c:66
#7  0x00007ffff7f1b48f in __GI__dl_catch_exception (
    exception=exception at entry=0x7fffffffdc60, operate=<optimized out>, 
--Type <RET> for more, q to quit, c to continue without paging--
    args=<optimized out>) at dl-error-skeleton.c:196
#8  0x00007ffff7f1b51f in __GI__dl_catch_error (
    objname=0x7ffff7fae0f0 <last_result+16>, 
    errstring=0x7ffff7fae0f8 <last_result+24>, 
    mallocedp=0x7ffff7fae0e8 <last_result+8>, operate=<optimized out>, 
    args=<optimized out>) at dl-error-skeleton.c:215
#9  0x00007ffff7faaa25 in _dlerror_run (
    operate=operate at entry=0x7ffff7faa200 <dlopen_doit>, 
    args=args at entry=0x7fffffffdcc0) at dlerror.c:163
#10 0x00007ffff7faa2e6 in __dlopen (file=<optimized out>, mode=<optimized out>)
    at dlopen.c:87
#11 0x00005555555551cb in main (argc=2, argv=0x7fffffffde08) at foo.c:7


intel64_lin/libsvml.so is icc19.0(aleady released) runtime library, refer to attachment.

Ubuntu version:

~/work/glibc$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.10
Release:	18.10
Codename:	cosmic

Glibc version:

~/work/glibc$ ldd --version
ldd (Ubuntu GLIBC 2.28-0ubuntu1) 2.28
Copyright (C) 2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

It works fine with Glibc_2.28 upstream, and Glibc_2.28 on Fedora 29, but
failed with Glibc 2.28 in Ubuntu 18.10

I found ubuntu18.10 was backporting its own patches, would that affect
such testcase?

** Affects: glibc (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1821677

Title:
  dl_open segment fault in ubuntu18.10 glibc2.28

Status in glibc package in Ubuntu:
  New

Bug description:
  With following testcase:

  ~/work/glibc$ cat foo.c

  #include <dlfcn.h>
  #include <stdio.h>
   
  int main(int argc, char **argv) {
    if (argc < 1) return 1;
    printf("Trying to open %s\n", argv[1]);
    void *liball = dlopen(argv[1], RTLD_NOW);
    if(liball == NULL) {
      printf("\nERROR: %s", dlerror());
      return -1;
    }
    if(dlclose(liball)==0) {printf("\n all ok\n");}
    return 0;
  }

  compile with 
  ~/work/glibc$ gcc -O0 -g foo.c -ldl

  then get segment fault:

  ~/work/glibc$ ./a.out intel64_lin/libsvml.so 
  Trying to open intel64_lin/libsvml.so
  Segmentation fault (core dumped)

  coredump as:

  (gdb) bt
  #0  __GI___libc_free (mem=0x7ffff7d49010) at malloc.c:3085
  #1  0x00007ffff7fdb6b6 in open_verify (
      name=0x555555559670 "/home/lilicui/intel64_lin/libsvml.so", 
      fbp=fbp at entry=0x7fffffffd530, loader=<optimized out>, 
      mode=mode at entry=-1879048190, 
      found_other_class=found_other_class at entry=0x7fffffffd51f, free_name=true, 
      whatcode=0, fd=3) at dl-load.c:1977
  #2  0x00007ffff7fdc926 in _dl_map_object (loader=loader at entry=0x7ffff7ffe190, 
      name=name at entry=0x7fffffffe1b7 "/home/lilicui/intel64_lin/libsvml.so", 
      type=type at entry=2, trace_mode=trace_mode at entry=0, 
      mode=mode at entry=-1879048190, nsid=<optimized out>) at dl-load.c:2401
  #3  0x00007ffff7fe79c4 in dl_open_worker (a=a at entry=0x7fffffffdaa0)
      at dl-open.c:228
  #4  0x00007ffff7f1b48f in __GI__dl_catch_exception (exception=<optimized out>, 
      operate=<optimized out>, args=<optimized out>) at dl-error-skeleton.c:196
  #5  0x00007ffff7fe72c6 in _dl_open (
      file=0x7fffffffe1b7 "/home/lilicui/intel64_lin/libsvml.so", 
      mode=-2147483646, caller_dlopen=0x5555555551cb <main+86>, 
      nsid=<optimized out>, argc=2, argv=0x7fffffffde08, env=0x7fffffffde20)
      at dl-open.c:599
  #6  0x00007ffff7faa256 in dlopen_doit (a=a at entry=0x7fffffffdcc0) at dlopen.c:66
  #7  0x00007ffff7f1b48f in __GI__dl_catch_exception (
      exception=exception at entry=0x7fffffffdc60, operate=<optimized out>, 
  --Type <RET> for more, q to quit, c to continue without paging--
      args=<optimized out>) at dl-error-skeleton.c:196
  #8  0x00007ffff7f1b51f in __GI__dl_catch_error (
      objname=0x7ffff7fae0f0 <last_result+16>, 
      errstring=0x7ffff7fae0f8 <last_result+24>, 
      mallocedp=0x7ffff7fae0e8 <last_result+8>, operate=<optimized out>, 
      args=<optimized out>) at dl-error-skeleton.c:215
  #9  0x00007ffff7faaa25 in _dlerror_run (
      operate=operate at entry=0x7ffff7faa200 <dlopen_doit>, 
      args=args at entry=0x7fffffffdcc0) at dlerror.c:163
  #10 0x00007ffff7faa2e6 in __dlopen (file=<optimized out>, mode=<optimized out>)
      at dlopen.c:87
  #11 0x00005555555551cb in main (argc=2, argv=0x7fffffffde08) at foo.c:7

  
  intel64_lin/libsvml.so is icc19.0(aleady released) runtime library, refer to attachment.

  Ubuntu version:

  ~/work/glibc$ lsb_release -a
  No LSB modules are available.
  Distributor ID:	Ubuntu
  Description:	Ubuntu 18.10
  Release:	18.10
  Codename:	cosmic

  Glibc version:

  ~/work/glibc$ ldd --version
  ldd (Ubuntu GLIBC 2.28-0ubuntu1) 2.28
  Copyright (C) 2018 Free Software Foundation, Inc.
  This is free software; see the source for copying conditions.  There is NO
  warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  Written by Roland McGrath and Ulrich Drepper.

  It works fine with Glibc_2.28 upstream, and Glibc_2.28 on Fedora 29,
  but failed with Glibc 2.28 in Ubuntu 18.10

  I found ubuntu18.10 was backporting its own patches, would that affect
  such testcase?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1821677/+subscriptions

More information about the foundations-bugs mailing list