Originally reported by aggi on #gentoo-dev-help: The symptom is SIGESGEV # ldconfig Segmentation fault (core dumped) The failure happens somewhere around tls setup: sf / # gdb --quiet /sbin/ldconfig Reading symbols from /sbin/ldconfig...(no debugging symbols found)...done. (gdb) run Starting program: /sbin/ldconfig Program received signal SIGSEGV, Segmentation fault. 0x0000000000409d30 in __libc_setup_tls () (gdb) bt #0 0x0000000000409d30 in __libc_setup_tls () #1 0x0000000000409787 in __uClibc_init () #2 0x000000000040993d in __uClibc_main () #3 0x0000000000401565 in _start () Switching binutils to 2.30 and rebuilding uclibc-ng is enough to fix it.
Portage 2.3.51 (python 3.6.5-final-0, default/linux/amd64/17.0/uclibc/hardened, gcc-7.3.0, uclibc-ng-1.0.31, 4.20.0-rc2-00133-g1ce80e0fe98e x86_64) ================================================================= System uname: Linux-4.20.0-rc2-00133-g1ce80e0fe98e-x86_64-Intel-R-_Core-TM-_i7-2700K_CPU_@_3.50GHz-with-gentoo-2.4.1 KiB Mem: 32770896 total, 2326360 free KiB Swap: 0 total, 0 free sh bash 4.4_p12 ld GNU ld (Gentoo 2.31.1 p3) 2.31.1 ccache version 3.5 [enabled] app-shells/bash: 4.4_p12::gentoo dev-lang/perl: 5.24.3-r1::gentoo dev-lang/python: 2.7.15::gentoo, 3.6.5::gentoo dev-util/ccache: 3.5-r1::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.4.1-r2::gentoo sys-apps/openrc: 0.38.3::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.69-r4::gentoo sys-devel/automake: 1.15.1-r2::gentoo sys-devel/binutils: 2.30-r4::gentoo, 2.31.1-r1::gentoo sys-devel/gcc: 7.3.0-r3::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r3::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers) sys-libs/uclibc-ng: 1.0.31::gentoo Repositories: gentoo location: /bound/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-max-age: 24 sync-rsync-extra-opts: sync-rsync-verify-metamanifest: yes sync-rsync-verify-jobs: 1 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-unknown-linux-uclibc" CFLAGS="-O2 -pipe -ggdb -fdiagnostics-show-option -frecord-gcc-switches" CHOST="x86_64-unknown-linux-uclibc" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -ggdb" DISTDIR="/bound/distfiles" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe -ggdb" FEATURES="assume-digests binpkg-logs ccache config-protect-if-modified distlocks ebuild-locks fail-clean fixlafiles merge-sync news nostrip parallel-fetch preserve-libs protect-owned sandbox sfperms strict stricter test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe -ggdb" GENTOO_MIRRORS="ftp://192.168.1.250" LANG="ru_RU.UTF-8" LC_ALL="" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu" MAKEOPTS="-j8 -l8" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/dev/shm" USE="acl amd64 bzip2 crypt cxx hardened iconv ipv6 libtirpc ncurses nptl openmp pcre pie readline seccomp ssl ssp test uclibc unicode xattr xtpax zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon plan sheets stage words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="uclibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-1" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" RUBY_TARGETS="ruby23 ruby24" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Minimal static binary also crashes: # cat a.c int main(){} # gcc a.c -o a -static # ./a Segmentation fault (core dumped)
Created attachment 556942 [details] a.good
Created attachment 556944 [details] a.bad
a.good is linked with binutils-2.30, a.bad is linked with binutils-2.31.
Note SIGSEGV happens on early access to ELF program headers (address 0x400040): # strace ./a.bad execve("./a.bad", ["./a.bad"], 0x7ffc928f7450 /* 33 vars */) = 0 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x400040} --- But problematic file loads at address 0x401000, not 0x400000: # readelf --program-headers a.bad Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000001000 0x0000000000401000 0x0000000000401000 0x000000000000a5d0 0x000000000000a5d0 R E 0x1000 ... While working file loads at expected 0x400000 address: # readelf --program-headers a.good Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000 0x000000000000dc38 0x000000000000dc38 R E 0x200000 I wonder if it's a binutils bug not to pull in ELF headers into program headers. uclibc-ng attempts to read headres at: https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libpthread/nptl/sysdeps/generic/libc-tls.c#n130 /* Look through the TLS segment if there is any. */ if (_dl_phdr != NULL) for (phdr = _dl_phdr; phdr < &_dl_phdr[_dl_phnum]; ++phdr) if (phdr->p_type == PT_TLS) { Here _dl_phdr is read and crash happens at 'phdr->p_type == PT_TLS'. _dl_phdr is initialised from auxval's AT_PHDR (argument of execve): https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libc/misc/elf/dl-support.c#n38 _dl_phdr = (ElfW(Phdr) *) av[AT_PHDR].a_un.a_val; I'm not sure if static binaries are supposed to get AT_PHDR value. It sounds like they should even if variables have _dl* names (imply dynamic loading).
gdb's view of program headers: (gdb) print (void*)_dl_phdr $1 = (void *) 0x400040 Actual memory mapped by kernel and loader: # sudo cat /proc/17385/maps 00401000-00415000 r-xp 00001000 00:11 15781328 /gentoo/chroots/amd64-uclibc-hardened-unstable/ldconfig.bad 00415000-00417000 rwxp 00014000 00:11 15781328 /gentoo/chroots/amd64-uclibc-hardened-unstable/ldconfig.bad 00417000-0041a000 rwxp 00000000 00:00 0 [heap] 7ffff7ffb000-7ffff7ffe000 r--p 00000000 00:00 0 [vvar] 7ffff7ffe000-7ffff7fff000 r-xp 00000000 00:00 0 [vdso] 7ffffffde000-7ffffffff000 rwxp 00000000 00:00 0 [stack]
Self-contained example for binutils: https://dev.gentoo.org/~slyfox/bugs/672398-uclibc-crash/bug-672398.tar.gz $ ./bug.bash run 2.31.1 (should SEGV) ./bug.bash: line 30: 30094 Segmentation fault (core dumped) ./a-2.31 run 2.30 (should finish) Here 2.30 works, 2.31 fails. Bisecting binutils.
(In reply to Sergei Trofimovich from comment #8) > Self-contained example for binutils: > https://dev.gentoo.org/~slyfox/bugs/672398-uclibc-crash/bug-672398.tar.gz > > $ ./bug.bash > run 2.31.1 (should SEGV) > ./bug.bash: line 30: 30094 Segmentation fault (core dumped) ./a-2.31 > run 2.30 (should finish) > > Here 2.30 works, 2.31 fails. Bisecting binutils. - vanilla binutils-master works (headers are loaded with PT_LOAD and big offset is present, upstream was likely already fixed) - vanilla binutils-2.31.1 SIGSEGVs Bisected a fix between binutils-2_31_1..master to: commit 241e64e3b42cd9eba514b8e0ad2ef39a337f10a5 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Jul 20 09:18:47 2018 -0700 x86: Add a GNU_PROPERTY_X86_ISA_1_USED note if needed When -z separate-code, which is enabled by default for Linux/x86, is used to create executable, ld won't place any data in the code-only PT_LOAD segment. If there are no data sections placed before the code-only PT_LOAD segment, the program headers won't be mapped into any PT_LOAD segment. When the executable tries to access it (based on the program header address passed in AT_PHDR), it will lead to segfault. This patch inserts a GNU_PROPERTY_X86_ISA_1_USED note if there may be no data sections before the text section so that the first PT_LOAD segment won't be code-only and will contain the program header. Looks like a fix exactly for us.
Should be backported in https://bugs.gentoo.org/672126
CCing uclibc-ng maintainers as an FYI.
(In reply to Sergei Trofimovich from comment #11) > CCing uclibc-ng maintainers as an FYI. I don't see this in PATCH_VER=3 of our patchset against binutils-2.31.1. Do you plan to add it?
(In reply to Anthony Basile from comment #12) > (In reply to Sergei Trofimovich from comment #11) > > CCing uclibc-ng maintainers as an FYI. > > I don't see this in PATCH_VER=3 of our patchset against binutils-2.31.1. Do > you plan to add it? It's already in the branch. Will be in the next tag, really soon.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0309767fb5b4f958d271526d3730a7da407b2a93 commit 0309767fb5b4f958d271526d3730a7da407b2a93 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2018-12-03 23:43:15 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2018-12-03 23:43:32 +0000 sys-devel/binutils: 2.31.1 revbump, pl 4 (no keywords, please test!) Bug: https://bugs.gentoo.org/672398 Bug: https://bugs.gentoo.org/672126 Bug: https://bugs.gentoo.org/623566 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> sys-devel/binutils/Manifest | 1 + sys-devel/binutils/binutils-2.31.1-r2.ebuild | 427 +++++++++++++++++++++++++++ 2 files changed, 428 insertions(+)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39bff4d8ecf2590b647d7aef196b7f22d57b85c6 commit 39bff4d8ecf2590b647d7aef196b7f22d57b85c6 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2018-12-08 17:54:03 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2018-12-08 18:03:10 +0000 sys-devel/binutils: rekeyword Closes: https://bugs.gentoo.org/672398 Bug: https://bugs.gentoo.org/623566 Closes: https://bugs.gentoo.org/672126 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> sys-devel/binutils/binutils-2.31.1-r2.ebuild | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)