144489 – glibc-2.3.6-r4 - static executables dump core upon return from SIGCHLD handler

Bug 144489 - glibc-2.3.6-r4 - static executables dump core upon return from SIGCHLD handler

Summary: glibc-2.3.6-r4 - static executables dump core upon return from SIGCHLD handler

Status:	RESOLVED NEEDINFO

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Unspecified (show other bugs)
Hardware:	AMD64 Linux

Importance:	High normal (vote)
Assignee:	Gentoo Toolchain Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-08-19 23:17 UTC by Ron Kuris
Modified:	2006-09-24 03:01 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
jobs.c to reproduce problem (jobs.c,143 bytes, text/x-csrc) 2006-08-19 23:19 UTC, Ron Kuris	Details
jobs.c (jobs.c,220 bytes, text/plain) 2006-08-20 01:39 UTC, SpanKY	Details
emerge --info output (emerge.info.txt,2.04 KB, text/plain) 2006-08-20 17:44 UTC, Ron Kuris	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ron Kuris 2006-08-19 23:17:26 UTC

Using 2.6.16-hardened kernel and glibc-2.3.6-r4, programs compiled with "-static" core dump on return from signal handler.  See the attached small program.

This was originally a bug I discovered while compiling bash with CC="gcc -static".

These things don't fix it:
- Turning off ssp
- Turning off pie
- Setting selinux into permissive mode
- Running paxctl -pemrxs PROGRAM

To reproduce:
1 - Compile attached program with "gcc -m64 -static jobs.c -o jobs"
2 - Execute "jobs"; observe core

If you recompile without "-static", or with "-m32", works fine.

Stack (using paxctl -pemrxs):
#0  0x0000000000400316 in sigchld_handler (sig=0) at jobs.c:3
#1  0x000000000040057a in __libc_start_main ()
#2  0x000000000040022a in _start ()
x/i $pc
0x400316 <sigchld_handler+50>:  retq   
info registers
rax            0x9687b20031ce803e       -7599910132259061698
rbx            0x7fffffb982e0   140737483735776
rcx            0x4002e4 4195044
rdx            0x7fffffb97d70   140737483734384
rsi            0x7fffffb97ea0   140737483734688
rdi            0x11     17
rbp            0x7fffffb983b0   0x7fffffb983b0
rsp            0x7fffffb97d68   0x7fffffb97d68
r8             0x7fffffb981c0   140737483735488
r9             0x0      0
r10            0x8      8
r11            0x246    582
r12            0x7fffffb98260   140737483735648
r13            0x0      0
r14            0x400a50 4196944
r15            0x4009e0 4196832
rip            0x400316 0x400316 <sigchld_handler+50>
eflags         0x10246  66118
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x63     99
gs             0x0      0

Comment 1 Ron Kuris 2006-08-19 23:19:54 UTC

Created attachment 94663 [details]
jobs.c to reproduce problem

Comment 2 Ron Kuris 2006-08-19 23:35:56 UTC

In the success case, the code jumps to 0x00002b0f3e4e7b70 in killpg (), and that shows on the stack at the point of return from the function:
x/gx $rsp
0x00002b177e2b4b70
In the failure case, the return address on the stack is strange:
x/gx $rsp
0x7fffffea58c8: 0x0f0000000fc0c748

Comment 3 SpanKY gentoo-dev

2006-08-20 01:39:55 UTC

Created attachment 94668 [details]
jobs.c

test with this code instead, your previous one is simply wrong

Comment 4 Ron Kuris 2006-08-20 06:15:05 UTC

Same results with attachment (id=94668).  Sorry, I accidently left that killpg() in there as a test; it is not needed.

Comment 5 Ron Kuris 2006-08-20 06:22:12 UTC

Please ignore the second half of my last comment; there is no killpg() in the test program I submitted.

However, this bug does indeed still reproduce with your attachment (id=94668) (warning-free, I might add).

Comment 6 SpanKY gentoo-dev

2006-08-20 14:04:39 UTC

you neglected to post `emerge info` ... static test works fine on my systems

also, the reason you cannot compile bash statically is that it breaks sandbox ... so you will be unable to emerge any packages with sandbox support

Comment 7 Ron Kuris 2006-08-20 17:44:41 UTC

Created attachment 94735 [details]
emerge --info output

Comment 8 Ron Kuris 2006-08-20 17:46:30 UTC

I am aware about the static bash problem; I just need a static bash for booting purposes (I am building bash with [[ROOT=/static GCC="gcc -static" emerge bash]] so it does not conflict).

Comment 9 SpanKY gentoo-dev

2006-09-24 03:01:58 UTC

see if you can reproduce on a vanilla system