[Bug 1302605] Re: Calls to /libx32/ld-linux-x32.so.2 hang

Fri May 23 12:16:56 UTC 2014

When you get the necessary behavior for this to hang, it hangs at the
brk call.  You can see this by running strace -f ldd /bin/busybox (as an
example):

[pid  4738] execve("/libx32/ld-linux-x32.so.2", ["/libx32/ld-linux-x32.so.2"], [/* 20 vars */]) = 0
[ Process PID=4738 runs in x32 mode. ]
[pid  4738] brk(0

I'm also attaching the disassembled code and the function that breaks.
The specific line is:

0xffffffff810fcdd0 <+144>:   mov    0x30(%rbx,%r15,4),%eax

Values of the mentioned registers:

RBX: ffff8800dd446600
R15: 0000000002000000
Value of the faulty result: ffff8800e5446630

Result = RBX + 4*R15 + 0x30

And this corresponds to this memory access in audit_filter_syscall

    if ((e->rule.mask[word] & bit) == bit &&

After much staring at the code and the registers, we believe that the
problem is that word is R15 and it's too large. It comes from:

  int word = AUDIT_WORD(ctx->major);

And it's supposed to be the syscall number that is being executed.  The
assembly code that adds the auditing does not seem to take into account
the 32bit nature of this value.

** Attachment added: "Disassembled kernel code when it fails"
   https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1302605/+attachment/4118293/+files/disassembled-faulty-code.txt

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1302605

Title:
  Calls to /libx32/ld-linux-x32.so.2 hang

Status in “eglibc” package in Ubuntu:
  Confirmed

Bug description:
  I'm running trusty on a bunch of machines, doing frequent dist-
  upgrades.  My hosts have gcc-multilib installed.

  Yesterday, I noticed that initramfs generation was hanging.  Today I
  investigated further and found out that what was hanging were the
  calls to /libx32/ld-linux-x32.so.2.

  This is triggered in initramfs generation because there are at some
  hooks that incorrectly use copy_exec to copy shell scripts into the
  initramfs image.  In a working machine, when ldd encounters a shell
  script, it will first call the 64bit linker and since it fails, it
  will then call the 32bit linker which will also fail.

  However, in a machine affected by this bug, the second call will hang
  forever, preventing new image generation, and package updates in
  general, when this happens as a trigger for update-initramfs.

  Originally I thought this was related to the kernel version, since I
  was unable to reproduce in a freshly installed machine running -22 and
  was reproducing it in a machine running -20, but now I'm also
  reproducing it in a machine running -22, so it must be something else.

  I'm sorry I can't provide the exact cause right now, but I think it's
  worth noting that in some situation there might be a problem, and try
  to find out which those situations are.

  I now have one host running 3.13.0-22-generic, with
  libc6-x32=2.19-0ubuntu3, where doing ldd /usr/bin/ldd hangs, and
  another host, with the exact same kernel and libc6-x32 version where
  doing ldd /usr/bin/ldd produces the expected error message (not a
  dynamic executable).  The main difference is that the first one was
  installed yesterday and the second one was installed today.  Both are
  dist-upgraded to the latest version of everything.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1302605/+subscriptions