[Bug 919202] Re: [2.15~pre6] regression: crashes in dlopen()

Mon, 23 Jan 2012 11:50:53 -0800 

The crash stack trace is:

(gdb) bt
#0  0x0000000000005446 in ?? ()
#1  0x00007ffff5137fc5 in floor () at 
../sysdeps/x86_64/fpu/multiarch/s_floor.S:26
#2  0x00007ffff7de6a2b in elf_machine_rela (sym=0x7ffff511ec88, skip_ifunc=0, 
reloc_addr_arg=0x7ffff41c5060, version=<optimized out>, map=0x60b090, 
reloc=<optimized out>)
    at ../sysdeps/x86_64/dl-machine.h:302
#3  elf_dynamic_do_Rela (skip_ifunc=0, lazy=<optimized out>, 
nrelative=<optimized out>, relsize=<optimized out>, reladdr=<optimized out>, 
map=0x60b090) at do-rel.h:146
#4  _dl_relocate_object (scope=0x60b3e8, reloc_mode=<optimized out>, 
consider_profiling=0) at dl-reloc.c:265
#5  0x00007ffff7ded936 in dl_open_worker (a=0x7fffffffd690) at dl-open.c:338
#6  0x00007ffff7de9126 in _dl_catch_error (objname=0x7fffffffd6d8, 
errstring=0x7fffffffd6e0, mallocedp=0x7fffffffd6ef, operate=0x7ffff7ded6b0 
<dl_open_worker>, args=0x7fffffffd690)
    at dl-error.c:178
#7  0x00007ffff7ded2ca in _dl_open (file=0x605000 
"/usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so",
 mode=-2147483390, caller_dlopen=0x7ffff7bd76fc, nsid=-2, 
    argc=2, argv=<optimized out>, env=0x7fffffffdb30) at dl-open.c:575
#8  0x00007ffff7107f26 in dlopen_doit (a=0x7fffffffd8b0) at dlopen.c:67
#9  0x00007ffff7de9126 in _dl_catch_error (objname=0x6047e0, 
errstring=0x6047e8, mallocedp=0x6047d8, operate=0x7ffff7107ec0 <dlopen_doit>, 
args=0x7fffffffd8b0) at dl-error.c:178
#10 0x00007ffff710852f in _dlerror_run (operate=0x7ffff7107ec0 <dlopen_doit>, 
args=0x7fffffffd8b0) at dlerror.c:164
#11 0x00007ffff7107fc1 in __dlopen (file=<optimized out>, mode=<optimized out>) 
at dlopen.c:88
#12 0x00007ffff7bd76fc in _g_module_open (bind_local=<optimized out>, 
bind_lazy=<optimized out>, 
    file_name=0x605000 
"/usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so")
 at /build/buildd/glib2.0-2.31.10/./gmodule/gmodule-dl.c:99
#13 g_module_open (file_name=0x604630 
"/usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so",
 flags=<optimized out>)
    at /build/buildd/glib2.0-2.31.10/./gmodule/gmodule.c:584
#14 0x00000000004010a0 in ?? ()
#15 0x0000000000400d94 in ?? ()
#16 0x00007ffff732c76d in __libc_start_main (main=0x400cf0, argc=2, 
ubp_av=0x7fffffffdb18, init=<optimized out>, fini=<optimized out>, 
rtld_fini=<optimized out>, stack_end=0x7fffffffdb08)
    at libc-start.c:226

The crash is happening while relocating 
/usr/lib/x86_64-linux-gnu/libpixman-1.so.0,
while processing this symbol (refsym):
    17: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND floor@GLIBC_2.2.5 (4)

The symbol that we are trying to bind this to (sym) is an IFUNC in 
/lib/x86_64-linux-gnu/libm.so.6:

    60: 000000000001afc0    32 IFUNC   WEAK   DEFAULT   13
floor@@GLIBC_2.2.5

The problem is that we CALL from __floor to *unrelocated* address (0x5446)
of __get_cpu_features (that is, libm.so.6 hasn't been relocated yet.

I have not been able to create a simple reproducer ;-(

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/919202

Title:
  [2.15~pre6] regression: crashes in dlopen()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/919202/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to