Bug 13967 - Segmentation fault in elf_dynamic_do_Rela at do-rel.h:144
Summary: Segmentation fault in elf_dynamic_do_Rela at do-rel.h:144
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: dynamic-link (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: David S. Miller
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-10 12:13 UTC by Octoploid
Modified: 2014-06-25 11:19 UTC (History)
4 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Octoploid 2012-04-10 12:13:41 UTC
During Firefox startup on x86_64-pc-linux-gnu I get:

Program received signal SIGSEGV, Segmentation fault.
elf_dynamic_do_Rela (skip_ifunc=<optimized out>, lazy=<optimized out>, nrelative=<optimized out>, relsize=<optimized out>, reladdr=<optimized out>, 
        map=0x7ffff6f0c000) at do-rel.h:144
144                   ElfW(Half) ndx = version[ELFW(R_SYM) (r->r_info)] & 0x7fff;
(gdb) bt
#0  elf_dynamic_do_Rela (skip_ifunc=<optimized out>, lazy=<optimized out>, nrelative=<optimized out>, relsize=<optimized out>, 
        reladdr=<optimized out>, map=0x7ffff6f0c000) at do-rel.h:144
#1  _dl_relocate_object (scope=0x7ffff6f0c358, reloc_mode=reloc_mode@entry=1, consider_profiling=consider_profiling@entry=0) at dl-reloc.c:264
#2  0x00007ffff7def7c3 in dl_open_worker (a=a@entry=0x7fffffffa270) at dl-open.c:406
#3  0x00007ffff7deb346 in _dl_catch_error (objname=objname@entry=0x7fffffffa260, errstring=errstring@entry=0x7fffffffa268, 
        mallocedp=mallocedp@entry=0x7fffffffa25f, operate=operate@entry=0x7ffff7def3e0 <dl_open_worker>, args=args@entry=0x7fffffffa270)
    at dl-error.c:177
#4  0x00007ffff7deef7c in _dl_open (file=0x7fffffffd560 "/usr/lib/firefox/libmozsqlite3.so", mode=-2147483391, caller_dlopen=<optimized out>, 
        nsid=-2, argc=1, argv=0x7fffffffe678, env=0x7fffffffe688) at dl-open.c:638
#5  0x00007ffff77b6036 in dlopen_doit (a=a@entry=0x7fffffffa480) at dlopen.c:66
#6  0x00007ffff7deb346 in _dl_catch_error (objname=0x7ffff6f0a050, errstring=0x7ffff6f0a058, mallocedp=0x7ffff6f0a048, 
        operate=0x7ffff77b5fd0 <dlopen_doit>, args=0x7fffffffa480) at dl-error.c:177
#7  0x00007ffff77b660c in _dlerror_run (operate=operate@entry=0x7ffff77b5fd0 <dlopen_doit>, args=args@entry=0x7fffffffa480) at dlerror.c:163
#8  0x00007ffff77b60d1 in __dlopen (file=<optimized out>, mode=<optimized out>) at dlopen.c:87
#9  0x00000000004024ab in ?? ()
#10 0x00007ffff71ec675 in __libc_start_main (main=0x402280, argc=1, ubp_av=0x7fffffffe678, init=<optimized out>, fini=<optimized out>, 
        rtld_fini=<optimized out>, stack_end=0x7fffffffe668) at libc-start.c:225
#11 0x0000000000401b89 in _start ()

This is caused by Davids' commit 993eb0541cd32ce72.
Comment 1 David S. Miller 2012-04-10 13:46:38 UTC
Please provide the output of "readelf -d X" for the firefox binary and all of the shared libraries it loads.

Thanks.
Comment 2 Octoploid 2012-04-10 13:55:27 UTC
x4 firefox # readelf -d firefox

Dynamic section at offset 0xe000 contains 31 entries:
  Tag        Type                         Name/Value
 0x0000000000000003 (PLTGOT)             0x40e268
 0x0000000000000002 (PLTRELSZ)           1272 (bytes)
 0x0000000000000017 (JMPREL)             0x4012d8
 0x0000000000000014 (PLTREL)             RELA
 0x0000000000000007 (RELA)               0x4012a8
 0x0000000000000008 (RELASZ)             48 (bytes)
 0x0000000000000009 (RELAENT)            24 (bytes)
 0x0000000000000015 (DEBUG)              0x0
 0x0000000000000006 (SYMTAB)             0x400278
 0x000000000000000b (SYMENT)             24 (bytes)
 0x0000000000000005 (STRTAB)             0x400b30
 0x000000000000000a (STRSZ)              1250 (bytes)
 0x000000006ffffef5 (GNU_HASH)           0x401018
 0x0000000000000001 (NEEDED)             Shared library: [libpthread.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [librt.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libdl.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libstdc++.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libm.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libgcc_s.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [ld-linux-x86-64.so.2]
 0x000000000000000c (INIT)               0x4017d0
 0x000000000000000d (FINI)               0x40c24c
 0x000000000000001a (FINI_ARRAY)         0x40e4c0
 0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)
 0x0000000000000019 (INIT_ARRAY)         0x40e4c8
 0x000000000000001b (INIT_ARRAYSZ)       8 (bytes)
 0x000000006ffffff0 (VERSYM)             0x401118
 0x000000006ffffffe (VERNEED)            0x4011d4
 0x000000006fffffff (VERNEEDNUM)         5
 0x0000000000000000 (NULL)               0x0
x4 firefox # readelf -d *.so

File: libmozalloc.so

Dynamic section at offset 0x1720 contains 33 entries:
  Tag        Type                         Name/Value
 0x0000000000000003 (PLTGOT)             0x29b0
 0x0000000000000002 (PLTRELSZ)           480 (bytes)
 0x0000000000000017 (JMPREL)             0xbb0
 0x0000000000000014 (PLTREL)             RELA
 0x0000000000000007 (RELA)               0xad8
 0x0000000000000008 (RELASZ)             216 (bytes)
 0x0000000000000009 (RELAENT)            24 (bytes)
 0x000000006ffffff9 (RELACOUNT)          3
 0x0000000000000006 (SYMTAB)             0x190
 0x000000000000000b (SYMENT)             24 (bytes)
 0x0000000000000005 (STRTAB)             0x640
 0x000000000000000a (STRSZ)              747 (bytes)
 0x000000006ffffef5 (GNU_HASH)           0x930
 0x0000000000000001 (NEEDED)             Shared library: [libpthread.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [librt.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libdl.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libstdc++.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libm.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libgcc_s.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
 0x000000000000000e (SONAME)             Library soname: [libmozalloc.so]
 0x000000000000000c (INIT)               0xd90
 0x000000000000000d (FINI)               0x12e8
 0x000000000000001a (FINI_ARRAY)         0x2a78
 0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)
 0x0000000000000019 (INIT_ARRAY)         0x2a80
 0x000000000000001b (INIT_ARRAYSZ)       8 (bytes)
 0x000000006ffffff0 (VERSYM)             0xa14
 0x000000006ffffffc (VERDEF)             0xa78
 0x000000006ffffffd (VERDEFNUM)          1
 0x000000006ffffffe (VERNEED)            0xa94
 0x000000006fffffff (VERNEEDNUM)         2
 0x0000000000000000 (NULL)               0x0

File: libmozsqlite3.so

Dynamic section at offset 0x98000 contains 30 entries:
  Tag        Type                         Name/Value
 0x0000000000000003 (PLTGOT)             0x9b280
 0x0000000000000002 (PLTRELSZ)           5640 (bytes)
 0x0000000000000017 (JMPREL)             0x4f60
 0x0000000000000014 (PLTREL)             RELA
 0x0000000000000007 (RELA)               0x3638
 0x0000000000000008 (RELASZ)             4656 (bytes)
 0x0000000000000009 (RELAENT)            24 (bytes)
 0x000000006ffffff9 (RELACOUNT)          0
 0x0000000000000006 (SYMTAB)             0x1c8
 0x000000000000000b (SYMENT)             24 (bytes)
 0x0000000000000005 (STRTAB)             0x19c8
 0x000000000000000a (STRSZ)              4765 (bytes)
 0x000000006ffffef5 (GNU_HASH)           0x2c68
 0x0000000000000001 (NEEDED)             Shared library: [libpthread.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [librt.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libdl.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
 0x000000000000000e (SONAME)             Library soname: [libmozsqlite3.so]
 0x000000000000000c (INIT)               0x4880
 0x000000000000000d (FINI)               0x7fc50
 0x000000000000001a (FINI_ARRAY)         0x9d450
 0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)
 0x0000000000000019 (INIT_ARRAY)         0x9d458
 0x000000000000001b (INIT_ARRAYSZ)       8 (bytes)
 0x000000006ffffff0 (VERSYM)             0x33ac
 0x000000006ffffffc (VERDEF)             0x35ac
 0x000000006ffffffd (VERDEFNUM)          1
 0x000000006ffffffe (VERNEED)            0x35c8
 0x000000006fffffff (VERNEEDNUM)         3
 0x0000000000000000 (NULL)               0x0

File: libxpcom.so

Dynamic section at offset 0x33c0 contains 39 entries:
  Tag        Type                         Name/Value
 0x0000000000000003 (PLTGOT)             0x46a8
 0x0000000000000002 (PLTRELSZ)           1392 (bytes)
 0x0000000000000017 (JMPREL)             0x1fb8
 0x0000000000000014 (PLTREL)             RELA
 0x0000000000000007 (RELA)               0x19d0
 0x0000000000000008 (RELASZ)             1512 (bytes)
 0x0000000000000009 (RELAENT)            24 (bytes)
 0x000000006ffffff9 (RELACOUNT)          3
 0x0000000000000006 (SYMTAB)             0x190
 0x000000000000000b (SYMENT)             24 (bytes)
 0x0000000000000005 (STRTAB)             0xce8
 0x000000000000000a (STRSZ)              2507 (bytes)
 0x000000006ffffef5 (GNU_HASH)           0x16b8
 0x0000000000000001 (NEEDED)             Shared library: [libpthread.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [librt.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libxul.so]
 0x0000000000000001 (NEEDED)             Shared library: [libplds4.so]
 0x0000000000000001 (NEEDED)             Shared library: [libplc4.so]
 0x0000000000000001 (NEEDED)             Shared library: [libnspr4.so]
 0x0000000000000001 (NEEDED)             Shared library: [libdl.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libmozalloc.so]
 0x0000000000000001 (NEEDED)             Shared library: [libstdc++.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libm.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libgcc_s.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
 0x000000000000000e (SONAME)             Library soname: [libxpcom.so]
 0x000000000000000c (INIT)               0x2528
 0x000000000000000d (FINI)               0x2c40
 0x000000000000001a (FINI_ARRAY)         0x48a0
 0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)
 0x0000000000000019 (INIT_ARRAY)         0x48a8
 0x000000000000001b (INIT_ARRAYSZ)       8 (bytes)
 0x000000000000000f (RPATH)              Library rpath: [/usr/lib64]
 0x000000006ffffff0 (VERSYM)             0x1890
 0x000000006ffffffc (VERDEF)             0x1984
 0x000000006ffffffd (VERDEFNUM)          1
 0x000000006ffffffe (VERNEED)            0x19a0
 0x000000006fffffff (VERNEEDNUM)         1
 0x0000000000000000 (NULL)               0x0

File: libxul.so

Dynamic section at offset 0x15284e0 contains 70 entries:
  Tag        Type                         Name/Value
 0x0000000000000003 (PLTGOT)             0x19f5ed8
 0x0000000000000002 (PLTRELSZ)           73320 (bytes)
 0x0000000000000017 (JMPREL)             0x6b658
 0x0000000000000014 (PLTREL)             RELA
 0x0000000000000007 (RELA)               0x2ea48
 0x0000000000000008 (RELASZ)             51864 (bytes)
 0x0000000000000009 (RELAENT)            24 (bytes)
 0x000000006ffffff9 (RELACOUNT)          0
 0x0000000000000006 (SYMTAB)             0x200
 0x000000000000000b (SYMENT)             24 (bytes)
 0x0000000000000005 (STRTAB)             0x14e70
 0x000000000000000a (STRSZ)              86320 (bytes)
 0x000000006ffffef5 (GNU_HASH)           0x29fa0
 0x0000000000000001 (NEEDED)             Shared library: [libpthread.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [librt.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libjpeg.so.8]
 0x0000000000000001 (NEEDED)             Shared library: [libssl3.so]
 0x0000000000000001 (NEEDED)             Shared library: [libsmime3.so]
 0x0000000000000001 (NEEDED)             Shared library: [libnss3.so]
 0x0000000000000001 (NEEDED)             Shared library: [libnssutil3.so]
 0x0000000000000001 (NEEDED)             Shared library: [libXrender.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libfreetype.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libfontconfig.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libmozsqlite3.so]
 0x0000000000000001 (NEEDED)             Shared library: [libz.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libevent-2.0.so.5]
 0x0000000000000001 (NEEDED)             Shared library: [libasound.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libplds4.so]
 0x0000000000000001 (NEEDED)             Shared library: [libplc4.so]
 0x0000000000000001 (NEEDED)             Shared library: [libnspr4.so]
 0x0000000000000001 (NEEDED)             Shared library: [libdl.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libmozalloc.so]
 0x0000000000000001 (NEEDED)             Shared library: [libdbus-glib-1.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libdbus-1.so.3]
 0x0000000000000001 (NEEDED)             Shared library: [libgobject-2.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libgthread-2.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libglib-2.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libX11.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libXext.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libpangoft2-1.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libpangocairo-1.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libpango-1.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libcairo.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libgmodule-2.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libgtk-x11-2.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libatk-1.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libgio-2.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libgdk-x11-2.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libgdk_pixbuf-2.0.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libXt.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libstartup-notification-1.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libstdc++.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libm.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [libgcc_s.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
 0x0000000000000001 (NEEDED)             Shared library: [ld-linux-x86-64.so.2]
 0x000000000000000e (SONAME)             Library soname: [libxul.so]
 0x000000000000000c (INIT)               0x3b4e0
 0x000000000000000d (FINI)               0x1416b14
 0x000000000000001a (FINI_ARRAY)         0x1a54a98
 0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)
 0x0000000000000019 (INIT_ARRAY)         0x1a54aa0
 0x000000000000001b (INIT_ARRAYSZ)       16 (bytes)
 0x000000000000000f (RPATH)              Library rpath: [/usr/lib64]
 0x000000006ffffff0 (VERSYM)             0x2ca48
 0x000000006ffffffc (VERDEF)             0x2e5fc
 0x000000006ffffffd (VERDEFNUM)          1
 0x000000006ffffffe (VERNEED)            0x2e618
 0x000000006fffffff (VERNEEDNUM)         14
 0x0000000000000000 (NULL)               0x0
Comment 3 David S. Miller 2012-04-10 14:13:09 UTC
Thanks, it seems that for libmozsqlite3.so there is a GAP between
REL(A) and PLTREL.  They must have used a strange linker script
to create that situation.
Comment 4 Octoploid 2012-04-10 14:17:01 UTC
It's probably https://wiki.mozilla.org/Elfhack that's responsible for this.
Comment 5 David S. Miller 2012-04-10 14:22:20 UTC
It's a shame they need to do stuff like that instead of extended the tools to do what they want.  I can't see how there would be a huge pushback to a well designed compressed relocation section implementation in binutils.
Comment 6 Rich Felker 2012-04-10 20:39:35 UTC
What's a shame is that this whole issue (and firefox's whole startup slowness) arises from the fact that they refuse to link their program correctly. They have some 10-20 .so files which are (1) always loaded, and (2) only used by a single program, so the obvious solution is to do away with the .so files and link everything into the firefox binary...
Comment 7 David S. Miller 2012-04-10 21:06:40 UTC
You are beating on a dead horse, it's been discussed to death why they continue to use shared libraries and also why they disable prelinking.
Comment 8 Andreas Jaeger 2012-04-11 07:26:54 UTC
This has been fixed in git now with commit d7dd44133f53e8bcc81e18c11694bee985cd86d0

Thanks for the report.