lib/59800: crash in dlclose_thread test case

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/59800: crash in dlclose_thread test case
From: martin%NetBSD.org@localhost
Date: Fri, 28 Nov 2025 10:30:01 +0000 (UTC)

>Number:         59800
>Category:       lib
>Synopsis:       crash in dlclose_thread test case
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Nov 28 10:30:01 +0000 2025
>Originator:     Martin Husemann
>Release:        NetBSD 11.99.4
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD gethsemane.aprisoft.de 11.99.4 NetBSD 11.99.4 (GETHSEMANE) #431: Wed Nov 26 10:21:43 CET 2025 martin%seven-days-to-the-wolves.aprisoft.de@localhost:/work/src/sys/arch/macppc/compile/GETHSEMANE macppc
Architecture: powerpc
Machine: macppc

NOTE: this is a HAVE_GCC=14 build, with gcc 14.3 (clean build).

>Description:

Running the /usr/tests/libexec/ld.elf_so/t_dlclose_thread test results in 
reproducable (but varying) failures. The first test run saw it
call weak symbol __deregist_frame_info (but that symbol is
properly overwritte by libgcc_s.so which is NEEDED by the binary)

gdb ./t_dlclose_thread 
Reading symbols from ./t_dlclose_thread...
Reading symbols from /usr/libdata/debug/usr/tests/libexec/ld.elf_so/t_dlclose_thread.debug...
(gdb) run dlclose_thread 
Starting program: /usr/tests/libexec/ld.elf_so/t_dlclose_thread dlclose_thread
[..]
expected_signal: PR lib/59751: dlclose is not MT-safe depending on the libraries unloaded
[LWP 2918 of process 3161 exited]
[LWP 3011 of process 3161 exited]
[LWP 1826 of process 3161 exited]
[LWP 2995 of process 3161 exited]
in ctor: global_dtor

Thread 4 "" received signal SIGSEGV, Segmentation fault.
[Switching to LWP 2735 of process 3161]
0xf6d273b4 in strlen () from /usr/lib/libc.so.12
(gdb) bt
#0  0xf6d273b4 in strlen () from /usr/lib/libc.so.12
#1  0xf680b87c in get_cie_encoding () from /usr/lib/libgcc_s.so.1
#2  0xf680c704 in classify_object_over_fdes () from /usr/lib/libgcc_s.so.1
#3  0xf680d670 in __deregister_frame_info_bases () from /usr/lib/libgcc_s.so.1
#4  0xf680d710 in __deregister_frame_info () from /usr/lib/libgcc_s.so.1
#5  0xf5a1e134 in __do_global_dtors_aux ()
    at /work/src/lib/csu/common/crtbegin.c:132
#6  0xf5af20f0 in _fini () from /usr/lib/libstdc++.so.9
#7  0xfbb28644 in _rtld_call_initfini_function (func=0xf5af20e0 <_fini>, 
    mask=0xf63eff80) at /work/src/libexec/ld.elf_so/rtld.c:152
#8  _rtld_call_fini_function (obj=0xf68d4800, mask=0xf63eff80, cur_objgen=12)
    at /work/src/libexec/ld.elf_so/rtld.c:167
#9  0xfbb28b08 in _rtld_call_fini_functions (mask=<optimized out>, 
    force=<optimized out>) at /work/src/libexec/ld.elf_so/rtld.c:213
#10 _rtld_unload_object (mask=mask@entry=0xf63eff80, root=0xf68d4400, 
    do_fini_funcs=do_fini_funcs@entry=true)
    at /work/src/libexec/ld.elf_so/rtld.c:950
#11 0xfbb296e4 in _rtld_unload_object (mask=0xf63eff80, root=<optimized out>, 
    do_fini_funcs=true) at /work/src/libexec/ld.elf_so/rtld.c:1046
#12 dlclose (handle=<optimized out>) at /work/src/libexec/ld.elf_so/rtld.c:1044
#13 0x0b5912b4 in dlclose_thread (cookie=<optimized out>)
    at /work/src/tests/libexec/ld.elf_so/t_dlclose_thread.c:64
#14 0xf6e2e46c in pthread__create_tramp (cookie=0xf6af1c00)
    at /work/src/lib/libpthread/pthread.c:607
(gdb) x/16i strlen
   0xf6d27390 <strlen>: lis     r10,32639
   0xf6d27394 <strlen+4>:       lis     r9,-258
   0xf6d27398 <strlen+8>:       ori     r10,r10,32639
   0xf6d2739c <strlen+12>:      ori     r9,r9,65279
   0xf6d273a0 <strlen+16>:      rlwinm. r8,r3,3,27,28
   0xf6d273a4 <strlen+20>:      clrrwi  r5,r3,2
   0xf6d273a8 <strlen+24>:      li      r0,-1
   0xf6d273ac <strlen+28>:      beq     0xf6d273c4 <strlen+52>
   0xf6d273b0 <strlen+32>:      srw     r0,r0,r8
=> 0xf6d273b4 <strlen+36>:      lwz     r7,0(r5)
   0xf6d273b8 <strlen+40>:      not     r0,r0
   0xf6d273bc <strlen+44>:      or      r7,r7,r0
   0xf6d273c0 <strlen+48>:      b       0xf6d273cc <strlen+60>
   0xf6d273c4 <strlen+52>:      addi    r5,r5,-4
   0xf6d273c8 <strlen+56>:      lwzu    r7,4(r5)
   0xf6d273cc <strlen+60>:      nor     r0,r7,r10
(gdb) info reg r5
r5             0xf5b42690          4122224272
(gdb) x/x 0xf5b42690
0xf5b42690:     Cannot access memory at address 0xf5b42690
(gdb) up
(gdb) x/16i get_cie_encoding 
   0xf680b844 <get_cie_encoding>:       stwu    r1,-48(r1)
   0xf680b848 <get_cie_encoding+4>:     mflr    r0
   0xf680b84c <get_cie_encoding+8>:     
    bcl     20,4*cr7+so,0xf680b850 <get_cie_encoding+12>
   0xf680b850 <get_cie_encoding+12>:    stw     r30,40(r1)
   0xf680b854 <get_cie_encoding+16>:    mflr    r30
   0xf680b858 <get_cie_encoding+20>:    stw     r31,44(r1)
   0xf680b85c <get_cie_encoding+24>:    addis   r30,r30,2
   0xf680b860 <get_cie_encoding+28>:    addi    r31,r3,9
   0xf680b864 <get_cie_encoding+32>:    stw     r29,36(r1)
   0xf680b868 <get_cie_encoding+36>:    addi    r30,r30,-7712
   0xf680b86c <get_cie_encoding+40>:    mr      r29,r3
   0xf680b870 <get_cie_encoding+44>:    mr      r3,r31
   0xf680b874 <get_cie_encoding+48>:    stw     r0,52(r1)
   0xf680b878 <get_cie_encoding+52>:    
    bl      0xf680eb60 <00008000.got2.plt_pic32.strlen>
=> 0xf680b87c <get_cie_encoding+56>:    lbz     r8,8(r29)
   0xf680b880 <get_cie_encoding+60>:    addi    r3,r3,1


>How-To-Repeat:
s/a
>Fix:
n/a

Prev by Date: Re: misc/59799: NetBSD-10 build fails on Linux host
Next by Date: Re: kern/59774 (bearssl 32-bit AES is too slow, want 64-bit optimized version in kernel)
Previous by Thread: misc/59799: NetBSD-10 build fails on Linux host
Next by Thread: Re: kern/59774 (bearssl 32-bit AES is too slow, want 64-bit optimized version in kernel)
Indexes:

Home | Main Index | Thread Index | Old Index