lib/57792: SIGSEGV in ld.elf_so / _rtld_call_ifunc

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/57792: SIGSEGV in ld.elf_so / _rtld_call_ifunc
From: prlw1%cam.ac.uk@localhost
Date: Sat, 23 Dec 2023 16:40:00 +0000 (UTC)
>Number:         57792
>Category:       lib
>Synopsis:       SIGSEGV in ld.elf_so / _rtld_call_ifunc
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Dec 23 16:40:00 +0000 2023
>Originator:     Patrick Welche
>Release:        NetBSD-10.99.10/amd64 / pkgsrc-current 2023-12-23
>Organization:
>Environment:
>Description:
Starting program: /tmp/pkgsrc/x11/gtk4/work.x86_64/gtk-4.12.4/output/tmp-introspect31yl1w3c/Gdk-4.0 

Program received signal SIGSEGV, Segmentation fault.
_rtld_call_ifunc (obj=0x7f7ff7ee7400, mask=mask@entry=0x7f7fffffe4f0, 
    cur_objgen=cur_objgen@entry=1) at /usr/src/libexec/ld.elf_so/reloc.c:311
311                             *where = target;
(gdb) bt
#0  _rtld_call_ifunc (obj=0x7f7ff7ee7400, mask=mask@entry=0x7f7fffffe4f0, 
    cur_objgen=cur_objgen@entry=1) at /usr/src/libexec/ld.elf_so/reloc.c:311
#1  0x00007f7ff7ef3284 in _rtld_call_ifunc_functions (cur_objgen=1, 
    obj=<optimized out>, mask=0x7f7fffffe4f0)
    at /usr/src/libexec/ld.elf_so/rtld.c:280
#2  _rtld_call_init_functions (mask=mask@entry=0x7f7fffffe4f0)
    at /usr/src/libexec/ld.elf_so/rtld.c:304
#3  0x00007f7ff7ef3de5 in _rtld (sp=<optimized out>, relocbase=<optimized out>)
    at /usr/src/libexec/ld.elf_so/rtld.c:795
#4  0x00007f7ff7eed033 in rtld_start () from /usr/libexec/ld.elf_so
#5  0x0000000000000000 in ?? ()
(gdb) list
306                     _rtld_exclusive_enter(mask);
307     #ifdef __sparc__
308                     sparc_write_branch(where2 + 1, (void *)target);
309     #else
310                     if (*where != target)
311                             *where = target;
312     #endif
313             }
314
315             while (obj->ifunc_remaining_nonplt > 0 && _rtld_objgen == cur_objgen) {
(gdb) print target
$1 = 140187593839377 = 0x7F7FF7BB9311
(gdb) print where
$2 = (Elf64_Addr *) 0x7f7ff7ed64c8 <*ABS*@got.plt>
(gdb) print *where
$3 = 140187589897974 = 0x7F7FF77F6EF6
(gdb) x 0x7F7FF7BB9311
0x7f7ff7bb9311 <float_to_half_f16c>:    0x8e0fd285
(gdb) x 0x7f7ff7ed64c8
0x7f7ff7ed64c8 <*ABS*@got.plt>: 0xf77f6ef6
(gdb) x 0x7F7FF77F6EF6
0x7f7ff77f6ef6 <*ABS*+0x46f2a0@plt+6>:  0x00088268
(gdb) frame 2
#2  _rtld_call_init_functions (mask=mask@entry=0x7f7fffffe4f0) at /usr/src/libexec/ld.elf_so/rtld.c:304
304                     if (_rtld_call_ifunc_functions(mask, elm->obj, cur_objgen)) {
(gdb) list
299             SIMPLEQ_INIT(&initlist);
300             _rtld_initlist_tsort(&initlist, 0);
301
302             /* First pass: objects with IRELATIVE relocations. */
303             SIMPLEQ_FOREACH(elm, &initlist, link) {
304                     if (_rtld_call_ifunc_functions(mask, elm->obj, cur_objgen)) {
305                             dbg(("restarting init iteration"));
306                             _rtld_objlist_clear(&initlist);
307                             goto restart;
308                     }
(gdb) print *elm->obj
$11 = {next = 0x7f7ff7ee7800, 
  path = 0x7f7ff7ee8080 "/tmp/pkgsrc/x11/gtk4/work.x86_64/gtk-4.12.4/output/gtk/libgtk-4.so.1", refcount = 1, 
  dl_refcount = 0, mapbase = 0x7f7ff774a000 "\177ELF\002\001\001\003", mapsize = 7966720, textsize = 675840, 
  vaddrbase = 0, relocbase = 0x7f7ff774a000 "\177ELF\002\001\001\003", dynamic = 0x7f7ff7ed2168, entry = 0x0, 
  phdr = 0x7f7ff774a040, phsize = 504, pltgot = 0x7f7ff7ed2548, rel = 0x0, rellim = 0x0, rela = 0x7f7ff77b4b38, 
  relalim = 0x7f7ff77e1ec8, pltrel = 0x0, pltrellim = 0x0, pltrela = 0x7f7ff77e1ec8, pltrelalim = 0x7f7ff77eeb40, 
  symtab = 0x7f7ff7755568, strtab = 0x7f7ff77807f8 "", strsize = 198980, buckets = 0x7f7ff774a240, unused1 = 0, 
  chains = 0x7f7ff774e24c, nchains = 7366, rpaths = 0x7f7ff7ee59c0, needed = 0x7f7ff7ee55c0, 
  init = 0x7f7ff77ef000 <_init>, fini = 0x7f7ff7bba460 <_fini>, mainprog = 0, rtld = 0, textrel = 0, 
  symbolic = 1, printed = 0, isdynamic = 1, mainref = 1, globalref = 0, init_done = 1, init_called = 0, 
  fini_called = 0, z_now = 1, z_nodelete = 0, z_initfirst = 0, z_noopen = 0, phdr_loaded = 1, tls_static = 1, 
  tls_dynamic = 0, ref_nodel = 0, sysv_hash = 1, gnu_hash = 0, linkmap = {
    l_addr = 0x7f7ff774a000 "\177ELF\002\001\001\003", 
    l_name = 0x7f7ff7ee8080 "/tmp/pkgsrc/x11/gtk4/work.x86_64/gtk-4.12.4/output/gtk/libgtk-4.so.1", 
    l_ld = 0x7f7ff7ed2168, l_next = 0x7f7ff7ee7908, l_prev = 0x7f7ff7ee7108}, interp = 0x0, dldags = {
    sqh_first = 0x0, sqh_last = 0x7f7ff7ee7538}, dagmembers = {sqh_first = 0x0, sqh_last = 0x7f7ff7ee7548}, 
  dev = 43778, ino = 82350959332080029, ehdr = 0x7f7ff7ee3000, nbuckets = 4099, nbuckets_m = 4288680445, 
  nbuckets_s1 = 1 '\001', nbuckets_s2 = 12 '\f', buckets_gnu = 0x0, nbuckets_gnu = 0, nbuckets_m_gnu = 0, 
  nbuckets_s1_gnu = 0 '\000', nbuckets_s2_gnu = 0 '\000', chains_gnu = 0x0, bloom_gnu = 0x0, symndx_gnu = 0, 
  mask_bm_gnu = 0, shift2_gnu = 0, pathlen = 68, names = {sqh_first = 0x7f7ff7ee6040, sqh_last = 0x7f7ff7ee6040}, 
  tlsindex = 0, tlsinit = 0x0, tlsinitsize = 0, tlssize = 0, tlsoffset = 0, tlsalign = 0, 
  relro_page = 0x7f7ff7eb8840, relro_size = 124864, verneed = 0x7f7ff77b4ac8, verneednum = 3, verdef = 0x0, 
  verdefnum = 0, versyms = 0x7f7ff77b113c, vertab = 0x7f7ff63f3000, vertabnum = 6, init_array = 0x7f7ff7eb8840, 
  init_arraysz = 3, fini_array = 0x0, fini_arraysz = 0, ifunc_remaining = 2, ifunc_remaining_nonplt = 0, 
  cxa_refcount = 0}

>How-To-Repeat:
On NetBSD-current/amd64, HAVE_GCC=12 (probably not necessary), with pkgsrc-current, set 'export GI_SCANNER_DEBUG="save-temps"' and try to build x11/gtk4. The environment variable will stop unlinking the evidence.

It will fail with
Command '['/tmp/pkgsrc/x11/gtk4/work.x86_64/gtk-4.12.4/output/tmp-introspect31yl1w3c/Gdk-4.0', '--introspect-dump=/tmp/pkgsrc/
x11/gtk4/work.x86_64/gtk-4.12.4/output/tmp-introspect31yl1w3c/functions.txt,/tmp/pkgsrc/x11/gtk4/work.x86_64/gtk-4.12.4/output
/tmp-introspect31yl1w3c/dump.xml']' died with <Signals.SIGSEGV: 11>.

# file Gdk-4.0
Gdk-4.0: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /usr/libexec/ld.elf_so, for
NetBSD 10.99.10, with debug_info, not stripped
# file ../gtk/libgtk-4.so.1.1200.4
libgtk-4.so.1.1200.4: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for NetBSD 10.99.10, with debug_info, not stripped

# env LD_LIBRARY_PATH=/tmp/pkgsrc/x11/gtk4/work.x86_64/gtk-4.12.4/output/gtk ./Gdk-4.0
[1]   Segmentation fault (core dumped) env LD_LIBRARY_PATH=/tmp/pkgsrc/x11/gtk4/work.x86_64/gtk-4.12.4/output/gtk ./Gdk-4.0

Gdk-4.0 is built by the gnome module of mesonbuild. Apparently simply running kills ld.so_elf as it tries to load the freshly built libgtk?!
>Fix:
Prev by Date: Re: kern/57790: Kernel panic on install
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: Re: install/57780 (opensslcertsrehash limited to DEST_DIR=/)
Next by Thread: Re: lib/57792: SIGSEGV in ld.elf_so / _rtld_call_ifunc
Indexes:
Home | Main Index | Thread Index | Old Index