I can confirm that your example reproduced this bug. What is even more
disturbing that not just on 11.0_BETA but also on 10.1_RELEASE - so it
was introduced some time ago (I don't know yet exactly).
I'm willing to fill PR, but I have a bit troubles to select right
Category (bin, lib, misc or toolchain?).
If you are curious why glxinfo/mesa does not crash in 10.1: it is
because atexit(3) call was added to recent Mesa only (that is included
in 11.0_BETA but not 10.1 - exactly on xsrc/external/mit/MesaLib/dist/
src/mesa/main/context.c r1.9).
Below is gdb session that shows mappings at 2 points:
1. right before calling dlclose(3) - libfoo.so is properly mapped
including address 0x00007830a940051c
2. at the time of SIGSEGV - libfoo.so is no longer mapped - exactly as
you predicted
$ gdb dl-atexit
Reading symbols from ./dl-atexit...
+break main
Breakpoint 1 at 0x400b5e
+run
Starting program: /home/ansible/bugs/glxinfo/dl-atexit
Breakpoint 1, 0x0000000000400b5e in main ()
+break dlclose
Breakpoint 2 at 0x7830a9e78da3: dlclose. (2 locations)
+c
Continuing.
Breakpoint 2, dlclose (handle=0x7830aa4c4800) at /usr/src/libexec/
ld.elf_so/rtld.c:997
997 {
+info proc mappings
process 1578
Mapped address spaces:
Start Addr End Addr Size Offset Flags File
0x400000 0x401000 0x1000 0x0 r-x C-
PD /home/ansible/bugs/glxinfo/dl-atexit
0x601000 0x602000 0x1000 0x0 rw- C-PD
0x7830a9400000 0x7830a9401000 0x1000 0x0 r-x
CNPD /home/ansible/bugs/glxinfo/libfoo.so
0x7830a9401000 0x7830a9600000 0x1ff000 0x1000 ---
CNPD /home/ansible/bugs/glxinfo/libfoo.so
0x7830a9600000 0x7830a9601000 0x1000 0x0 rw- C-
PD /home/ansible/bugs/glxinfo/libfoo.so
0x7830a9800000 0x7830a9810000 0x10000 0x0 rw- C-PD
0x7830a9810000 0x7830a9950000 0x140000 0x0 rw- CNPD
0x7830a9950000 0x7830a9960000 0x10000 0x0 rw- C-PD
0x7830a9960000 0x7830a9c00000 0x2a0000 0x0 rw- CNPD
0x7830a9c00000 0x7830a9c10000 0x10000 0x0 rw- C-PD
0x7830a9c10000 0x7830a9e00000 0x1f0000 0x0 rw- CNPD
0x7830a9e00000 0x7830a9e6e000 0x6e000 0x0 r-x
CNPD /lib/libc.so.12.220.1
0x7830a9e6e000 0x7830a9e6f000 0x1000 0x6e000 r-x C-
PD /lib/libc.so.12.220.1
0x7830a9e6f000 0x7830a9e78000 0x9000 0x6f000 r-x
CNPD /lib/libc.so.12.220.1
0x7830a9e78000 0x7830a9e79000 0x1000 0x78000 r-x C-
PD /lib/libc.so.12.220.1
0x7830a9e79000 0x7830a9fc1000 0x148000 0x79000 r-x
CNPD /lib/libc.so.12.220.1
0x7830a9fc1000 0x7830aa1c1000 0x200000 0x1c1000 ---
CNPD /lib/libc.so.12.220.1
0x7830aa1c1000 0x7830aa1cc000 0xb000 0x1c1000 r-- C-
PD /lib/libc.so.12.220.1
0x7830aa1cc000 0x7830aa1d3000 0x7000 0x1cc000 rw- C-
PD /lib/libc.so.12.220.1
0x7830aa1d3000 0x7830aa1f0000 0x1d000 0x0 rw- C-PD
0x7830aa1f0000 0x7830aa2d0000 0xe0000 0x0 rw- CNPD
0x7830aa2d0000 0x7830aa2e0000 0x10000 0x0 rw- C-PD
0x7830aa2e0000 0x7830aa3e0000 0x100000 0x0 rw- CNPD
0x7830aa3e0000 0x7830aa3f5000 0x15000 0x0 rw- C-PD
0x7830aa4af000 0x7830aa4c2000 0x13000 0x0 rw- C-PD
0x7830aa4c2000 0x7830aa4c3000 0x1000 0x0 rw- C-PD
0x7830aa4c3000 0x7830aa4c4000 0x1000 0x0 rw- C-PD
0x7830aa4c4000 0x7830aa4c5000 0x1000 0x0 rw- C-PD
0x7830aa4c5000 0x7830aa4c6000 0x1000 0x0 rw- C-PD
0x7830aa4c6000 0x7830aa4ca000 0x4000 0x0 rw- C-PD
0x7f7f8b200000 0x7f7f8b204000 0x4000 0x0 r-x
CNPD /libexec/ld.elf_so
0x7f7f8b204000 0x7f7f8b205000 0x1000 0x4000 r-x C-
PD /libexec/ld.elf_so
0x7f7f8b205000 0x7f7f8b207000 0x2000 0x5000 r-x
CNPD /libexec/ld.elf_so
0x7f7f8b207000 0x7f7f8b208000 0x1000 0x7000 r-x C-
PD /libexec/ld.elf_so
0x7f7f8b208000 0x7f7f8b210000 0x8000 0x8000 r-x
CNPD /libexec/ld.elf_so
0x7f7f8b210000 0x7f7f8b410000 0x200000 0x0 --- CNPD
0x7f7f8b410000 0x7f7f8b411000 0x1000 0x10000 rw- C-
PD /libexec/ld.elf_so
0x7f7f8b411000 0x7f7f8b412000 0x1000 0x0 rw- C-PD
0x7f7ff7eff000 0x7f7fff7ca000 0x78cb000 0x0 --- CNPD
0x7f7fff7ca000 0x7f7fffbc0000 0x3f6000 0x0 rw- CNPD
0x7f7fffbc0000 0x7f7fffbc8000 0x8000 0x0 rw- C-PD
0x7f7fffbc8000 0x7f7fffbc9000 0x1000 0x0 rw- C-PD
0x7f7fffbc9000 0x7f7fffbca000 0x1000 0x0 rw- C-PD
+c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x00007830a940051c in ?? ()
+info proc mappings
process 1578
Mapped address spaces:
Start Addr End Addr Size Offset Flags File
0x400000 0x401000 0x1000 0x0 r-x C-
PD /home/ansible/bugs/glxinfo/dl-atexit
0x601000 0x602000 0x1000 0x0 rw- C-PD
0x7830a9800000 0x7830a9810000 0x10000 0x0 rw- C-PD
0x7830a9810000 0x7830a9950000 0x140000 0x0 rw- CNPD
0x7830a9950000 0x7830a9960000 0x10000 0x0 rw- C-PD
0x7830a9960000 0x7830a9c00000 0x2a0000 0x0 rw- CNPD
0x7830a9c00000 0x7830a9c10000 0x10000 0x0 rw- C-PD
0x7830a9c10000 0x7830a9e00000 0x1f0000 0x0 rw- CNPD
0x7830a9e00000 0x7830a9e6e000 0x6e000 0x0 r-x
CNPD /lib/libc.so.12.220.1
0x7830a9e6e000 0x7830a9e6f000 0x1000 0x6e000 r-x C-
PD /lib/libc.so.12.220.1
0x7830a9e6f000 0x7830a9e78000 0x9000 0x6f000 r-x
CNPD /lib/libc.so.12.220.1
0x7830a9e78000 0x7830a9e79000 0x1000 0x78000 r-x C-
PD /lib/libc.so.12.220.1
0x7830a9e79000 0x7830a9fc1000 0x148000 0x79000 r-x
CNPD /lib/libc.so.12.220.1
0x7830a9fc1000 0x7830aa1c1000 0x200000 0x1c1000 ---
CNPD /lib/libc.so.12.220.1
0x7830aa1c1000 0x7830aa1cc000 0xb000 0x1c1000 r-- C-
PD /lib/libc.so.12.220.1
0x7830aa1cc000 0x7830aa1d3000 0x7000 0x1cc000 rw- C-
PD /lib/libc.so.12.220.1
0x7830aa1d3000 0x7830aa1f0000 0x1d000 0x0 rw- C-PD
0x7830aa1f0000 0x7830aa2d0000 0xe0000 0x0 rw- CNPD
0x7830aa2d0000 0x7830aa2e0000 0x10000 0x0 rw- C-PD
0x7830aa2e0000 0x7830aa3e0000 0x100000 0x0 rw- CNPD
0x7830aa3e0000 0x7830aa3f5000 0x15000 0x0 rw- C-PD
0x7830aa4af000 0x7830aa4c2000 0x13000 0x0 rw- C-PD
0x7830aa4c2000 0x7830aa4c3000 0x1000 0x0 rw- C-PD
0x7830aa4c3000 0x7830aa4c4000 0x1000 0x0 rw- C-PD
0x7830aa4c4000 0x7830aa4c5000 0x1000 0x0 rw- C-PD
0x7830aa4c5000 0x7830aa4c6000 0x1000 0x0 rw- C-PD
0x7830aa4c6000 0x7830aa4ca000 0x4000 0x0 rw- C-PD
0x7f7f8b200000 0x7f7f8b204000 0x4000 0x0 r-x
CNPD /libexec/ld.elf_so
0x7f7f8b204000 0x7f7f8b205000 0x1000 0x4000 r-x C-
PD /libexec/ld.elf_so
0x7f7f8b205000 0x7f7f8b207000 0x2000 0x5000 r-x
CNPD /libexec/ld.elf_so
0x7f7f8b207000 0x7f7f8b208000 0x1000 0x7000 r-x C-
PD /libexec/ld.elf_so
0x7f7f8b208000 0x7f7f8b210000 0x8000 0x8000 r-x
CNPD /libexec/ld.elf_so
0x7f7f8b210000 0x7f7f8b410000 0x200000 0x0 --- CNPD
0x7f7f8b410000 0x7f7f8b411000 0x1000 0x10000 rw- C-
PD /libexec/ld.elf_so
0x7f7f8b411000 0x7f7f8b412000 0x1000 0x0 rw- C-PD
0x7f7ff7eff000 0x7f7fff7ca000 0x78cb000 0x0 --- CNPD
0x7f7fff7ca000 0x7f7fffbc0000 0x3f6000 0x0 rw- CNPD
0x7f7fffbc0000 0x7f7fffbc8000 0x8000 0x0 rw- C-PD
0x7f7fffbc8000 0x7f7fffbc9000 0x1000 0x0 rw- C-PD
0x7f7fffbc9000 0x7f7fffbca000 0x1000 0x0 rw- C-PD
+bt
#0 0x00007830a940051c in ?? ()
#1 0x00007830a9f5a6c9 in __cxa_finalize (dso=dso@entry=0x0) at /usr/
src/lib/libc/stdlib/atexit.c:222
#2 0x00007830a9f5a3ed in exit (status=0) at /usr/src/lib/libc/stdlib/
exit.c:60
#3 0x0000000000400a94 in ___start (cleanup=<optimized out>,
ps_strings=0x7f7fffbc9fe0) at /usr/src/lib/csu/common/crt0-common.c:350
#4 0x00007f7f8b20baf8 in ?? () from /usr/libexec/ld.elf_so
#5 0x0000000000000001 in ?? ()
#6 0x00007f7fffbc9070 in ?? ()
#7 0x0000000000000000 in ?? ()
+q
On 12/18/25 13:18, RVP wrote:
On Thu, 18 Dec 2025, Henryk Paluch wrote:
When I run just "glxinfo" on any machine (both virtual and bare
metal) on 11.0_BETA - it appears to work but crashes on exit with
Signal 11:
[...]
[1] Segmentation fault (core dumped) glxinfo
What is even more puzzling that I'm unable to get decent stack-trace
(have installed all sets including debug).
$ gdb glxinfo glxinfo.core
Reading symbols from glxinfo...
Reading symbols from /usr/libdata/debug//usr/X11R7/bin/glxinfo.debug...
[New process 1979]
Core was generated by `glxinfo'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007b60f1d01eb3 in ?? ()
+bt
#0 0x00007b60f1d01eb3 in ?? ()
#1 0x00007b60f6b1795f in __cxa_finalize (dso=dso@entry=0x0) at /usr/
src/lib/libc/stdlib/atexit.c:222
#2 0x00007b60f6b1753b in exit (status=0) at /usr/src/lib/libc/
stdlib/ exit.c:60
#3 0x0000000000b696d2 in ___start (cleanup=<optimized out>,
ps_strings=0x7f7fff6dcfe0) at /usr/src/lib/csu/common/crt0-common.c:375
#4 0x00007f7ff77f08a8 in ?? () from /usr/libexec/ld.elf_so
#5 0x0000000000000001 in ?? ()
#6 0x00007f7fff6dc120 in ?? ()
#7 0x0000000000000000 in ?? ()
+q
Frame 0 crashing and gdb(1) not being able to find the function name
for it
has the same cause: it's inside a .so file which's been unmapped by
dlclose().
dlclose(), on amd64, calls _fini() in the shared object; which calls
__do_global_dtors_aux(); which calls __cxa_finalize(); this calls the
handler
registered by the shared object using atexit(3). __cxa_finalize() will
then
NULL the handler so that main() doesn't call it again when _it_ does
the final
atexit(3) processing.
But, for some reason, __cxa_finalize() in the shared object never gets
called
(and the atexit handlers don't run, of course) and main() then run the
atexit
handlers in the _unmapped_ object.
Try the test code below. File a PR too!
Run the program in gdb(1), then when it crashes, compared the address
against:
(gdb) info proc mappings
-RVP
---START---
==> Makefile <==
dl-atexit: dl-atexit.c libfoo.so
cc -o dl-atexit dl-atexit.c -Wl,-rpath=$$(pwd)
libfoo.so: libfoo.c
cc -shared -fPIC -o libfoo.so libfoo.c
run: dl-atexit
./dl-atexit
clean:
rm -f dl-atexit *.so *.core
==> dl-atexit.c <==
#include <dlfcn.h>
#include <stdio.h>
int
main(void)
{
void *h = dlopen("libfoo.so", RTLD_LOCAL | RTLD_LAZY);
if (h == NULL) {
fprintf(stderr, "dlopen(): %s\n", dlerror());
return 1;
}
void (*foo)(void) = dlsym(h, "foo");
if (foo == NULL) {
fprintf(stderr, "dlsym(foo): %s\n", dlerror());
return 1;
}
printf("%s: calling foo()\n", __func__);
foo();
printf("%s: calling dlclose()\n", __func__);
dlclose(h);
printf("%s: exiting...\n", __func__);
return 0;
}
==> libfoo.c <==
#include <stdio.h>
#include <stdlib.h>
static void
die(void)
{
printf("%s: atexit handler\n", __func__);
}
void
foo(void)
{
atexit(die);
printf("%s: atexit handler die() @ %p\n", __func__, die);
}
---END---