(unknown charset) Re: problem with ld-elf.so.1 install

From: (unknown charset) Kenneth D. Merry <ken_at_freebsd.org>
Date: Thu, 19 Feb 2004 22:56:36 -0700
On Wed, Feb 18, 2004 at 23:52:11 -0700, Kenneth D. Merry wrote:
> On Sun, Feb 15, 2004 at 18:48:50 -0700, Kenneth D. Merry wrote:
> > 
> > I just upgraded from -current as of January 31st to -current as of February
> > 13th.
> > 
> > I'm getting core dumps in random binaries.  It's not consistent, but does
> > happen occasionally.  e.g.:
> > 
> > GNU gdb 5.2.1 (FreeBSD)
> > Copyright 2002 Free Software Foundation, Inc.
> > GDB is free software, covered by the GNU General Public License, and you are
> > welcome to change it and/or distribute copies of it under certain conditions.
> > Type "show copying" to see the conditions.
> > There is absolutely no warranty for GDB.  Type "show warranty" for details.
> > This GDB was configured as "i386-undermydesk-freebsd"...
> > (no debugging symbols found)...
> > Core was generated by `sh'.
> > Program terminated with signal 11, Segmentation fault.
> > Reading symbols from /lib/libedit.so.4...(no debugging symbols found)...done.
> > Loaded symbols for /lib/libedit.so.4
> > Reading symbols from /lib/libncurses.so.5...(no debugging symbols found)...
> > done.
> > Loaded symbols for /lib/libncurses.so.5
> > Reading symbols from /lib/libc.so.5...(no debugging symbols found)...done.
> > Loaded symbols for /lib/libc.so.5
> > Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...
> > done.
> > Loaded symbols for /libexec/ld-elf.so.1
> > #0  0x28068cb7 in reloc_non_plt () from /libexec/ld-elf.so.1
> > (gdb) where
> > #0  0x28068cb7 in reloc_non_plt () from /libexec/ld-elf.so.1
> > #1  0x28065c86 in find_symdef () from /libexec/ld-elf.so.1
> > #2  0x28064810 in _rtld () from /libexec/ld-elf.so.1
> > 
> > Since it blew up in ld-elf.so.1, I figured I'd look there...
> > 
> > When I did the installworld, though, ld-elf.so.1 didn't seem to get
> > upgraded.  (See the January 31st date below.)  But when I tried to install
> > it manually, the install didn't fail, but didn't work either:
> > 
> > [ looks like we have an old binary, for some reason ]
> > =======================================
> > # pwd
> > /usr/c/ken/perforce/FreeBSD-ken/src/libexec/rtld-elf
> > # ls -lao /libexec/
> > total 130
> > drwxr-xr-x   2 root  wheel  -       512 Feb 15 18:36 ./
> > drwxr-xr-x  27 root  wheel  -      1536 Feb 15 17:30 ../
> > -r-xr-xr-x   1 root  wheel  schg 128992 Jan 31 16:45 ld-elf.so.1*
> > =======================================
> > 
> > [ try doing the install manually ]
> > =======================================
> > # make install
> > chflags noschg /usr/libexec/ld-elf.so.1
> > install -s -o root -g wheel -m 555  -fschg -C -b ld-elf.so.1 /libexec
> > install -o root -g wheel -m 444 rtld.1.gz  /usr/share/man/man1
> > /usr/share/man/man1/ld-elf.so.1.1.gz -> /usr/share/man/man1/rtld.1.gz
> > /usr/share/man/man1/ld.so.1.gz -> /usr/share/man/man1/rtld.1.gz
> > /usr/libexec/ld-elf.so.1 -> /libexec/ld-elf.so.1
> > =======================================
> > 
> > [ let's see if it worked ]
> > =======================================
> > # ls -lao /libexec/
> > total 130
> > drwxr-xr-x   2 root  wheel  -       512 Feb 15 18:36 ./
> > drwxr-xr-x  27 root  wheel  -      1536 Feb 15 17:30 ../
> > -r-xr-xr-x   1 root  wheel  schg 128992 Jan 31 16:45 ld-elf.so.1*
> > # diff /libexec/ld-elf.so.1 /usr/obj/usr/c/ken/perforce/FreeBSD-ken/src/libex >
> > Binary files /libexec/ld-elf.so.1 and /usr/obj/usr/c/ken/perforce/FreeBSD-ken/src/libexec/rtld-elf/ld-elf.so.1 differ
> > =======================================
> > 
> > [ it didn't work, try doing a chflags on the binary first ]
> > =======================================
> > # chflags noschg /libexec/ld-elf.so.1 
> > # make install
> > chflags noschg /usr/libexec/ld-elf.so.1
> > install -s -o root -g wheel -m 555  -fschg -C -b ld-elf.so.1 /libexec
> > install -o root -g wheel -m 444 rtld.1.gz  /usr/share/man/man1
> > /usr/share/man/man1/ld-elf.so.1.1.gz -> /usr/share/man/man1/rtld.1.gz
> > /usr/share/man/man1/ld.so.1.gz -> /usr/share/man/man1/rtld.1.gz
> > /usr/libexec/ld-elf.so.1 -> /libexec/ld-elf.so.1
> > =======================================
> > 
> > [ see if it worked this time ]
> > =======================================
> > # ls -lao /libexec/
> > total 130
> > drwxr-xr-x   2 root  wheel  -       512 Feb 15 18:44 ./
> > drwxr-xr-x  27 root  wheel  -      1536 Feb 15 17:30 ../
> > -r-xr-xr-x   1 root  wheel  schg 128992 Jan 31 16:45 ld-elf.so.1*
> > # diff /libexec/ld-elf.so.1 /usr/obj/usr/c/ken/perforce/FreeBSD-ken/src/libex >
> > Binary files /libexec/ld-elf.so.1 and /usr/obj/usr/c/ken/perforce/FreeBSD-ken/src/libexec/rtld-elf/ld-elf.so.1 differ
> > =======================================
> > [ didn't work ]
> > 
> > Anyone have any ideas on what I'm doing wrong here?
> 
> I managed to fix the problem with the old ld-elf.so.1, but I'm still
> getting crashes from random binaries.  It varies depending on the boot.
> One time it was sysctl:
> 
> 
> # gdb /usr/obj/usr/c/ken/perforce/FreeBSD-ken/src/sbin/sysctl/sysctl sysctl.c >
> GNU gdb 5.2.1 (FreeBSD)
> Copyright 2002 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-undermydesk-freebsd"...
> (no debugging symbols found)...
> Core was generated by `sysctl'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /lib/libc.so.5...(no debugging symbols found)...done.
> Loaded symbols for /lib/libc.so.5
> Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...
> done.
> Loaded symbols for /libexec/ld-elf.so.1
> #0  0x28053cb7 in reloc_non_plt () from /libexec/ld-elf.so.1
> (gdb) where
> #0  0x28053cb7 in reloc_non_plt () from /libexec/ld-elf.so.1
> #1  0x28050c86 in relocate_objects () from /libexec/ld-elf.so.1
> #2  0x2804f810 in _rtld () from /libexec/ld-elf.so.1
> 
> The next time it was ipfw:
> 
> # gdb /usr/obj/usr/c/ken/perforce/FreeBSD-ken/src/sbin/ipfw/ipfw ipfw.core 
> GNU gdb 5.2.1 (FreeBSD)
> Copyright 2002 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-undermydesk-freebsd"...
> (no debugging symbols found)...
> Core was generated by `ipfw'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /lib/libc.so.5...(no debugging symbols found)...done.
> Loaded symbols for /lib/libc.so.5
> Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...
> done.
> Loaded symbols for /libexec/ld-elf.so.1
> #0  0x2805bcb7 in reloc_non_plt () from /libexec/ld-elf.so.1
> (gdb) where
> #0  0x2805bcb7 in reloc_non_plt () from /libexec/ld-elf.so.1
> #1  0x28058c86 in relocate_objects () from /libexec/ld-elf.so.1
> #2  0x28057810 in _rtld () from /libexec/ld-elf.so.1
> 
> Does anyone have any ideas?  This didn't happen with a -current from
> January 31st.  This is with -current from February 13th.

I recompiled ld-elf.so.1 with debugging symbols, and got a crash in sed.
Now I can get a little more details on what exactly is crashing in
ld-elf.so.1:

=======================================================================
# gdb /usr/bin/sed sed.core
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
(no debugging symbols found)...
Core was generated by `sed'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.5
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x28056d57 in reloc_non_plt (obj=0x28071100, obj_rtld=0x2806b820)
    at /usr/c/ken/perforce/FreeBSD-ken/src/libexec/rtld-elf/i386/reloc.c:197
197                         *where = (Elf_Addr) (defobj->relocbase + def->st_value);
(gdb) where
#0  0x28056d57 in reloc_non_plt (obj=0x28071100, obj_rtld=0x2806b820)
    at /usr/c/ken/perforce/FreeBSD-ken/src/libexec/rtld-elf/i386/reloc.c:197
#1  0x28053d26 in relocate_objects (first=0x28071000, bind_now=0 '\0', 
    rtldobj=0x2806b820)
    at /usr/c/ken/perforce/FreeBSD-ken/src/libexec/rtld-elf/rtld.c:1412
#2  0x280528b0 in _rtld (sp=0x200, exit_proc=0x0, objp=0x0)
    at /usr/c/ken/perforce/FreeBSD-ken/src/libexec/rtld-elf/rtld.c:369
(gdb) list
192                         def = find_symdef(ELF_R_SYM(rel->r_info), obj, &defobj,
193                           false, cache);
194                         if (def == NULL)
195                             goto done;
196
197                         *where = (Elf_Addr) (defobj->relocbase + def->st_value);
198                     }
199                     break;
200
201                 case R_386_RELATIVE:
(gdb) print defobj
$1 = (const Obj_Entry *) 0x0
(gdb) print def
$2 = (const Elf_Sym *) 0x200
(gdb) print rel
$3 = (const Elf_Rel *) 0x2808e71c
(gdb) print rel->r_info
$4 = 410374
(gdb) print obj
$5 = (Obj_Entry *) 0x28071100
(gdb) print *obj
$6 = {magic = 0, version = 0, next = 0x0, path = 0x28070040 "/lib/libc.so.5", 
  origin_path = 0x0, refcount = 1, dl_refcount = 0, 
  mapbase = 0x28077000 <Address 0x28077000 out of bounds>, mapsize = 827392, 
  textsize = 733184, vaddrbase = 0, 
  relocbase = 0x28077000 <Address 0x28077000 out of bounds>, 
  dynamic = 0x2812d0c8, entry = 0x28093f90 "U\211åS\203ì\004è", phdr = 0x0, 
  phsize = 0, interp = 0x0, pltgot = 0x2812d18c, rel = 0x2808c21c, 
  relsize = 10128, rela = 0x0, relasize = 0, pltrel = 0x2808e9ac, 
  pltrelsize = 7320, pltrela = 0x0, pltrelasize = 0, symtab = 0x2807badc, 
  strtab = 0x2808638c "", strsize = 24208, buckets = 0x2807709c, 
  nbuckets = 2053, chains = 0x280790b0, nchains = 2699, rpath = 0x0, 
  needed = 0x0, init = 671680068, fini = 672263124, mainprog = 0 '\0', 
  rtld = 0 '\0', textrel = 1 '\001', symbolic = 0 '\0', bind_now = 0 '\0', 
  traced = 0 '\0', jmpslots_done = 0 '\0', init_done = 0 '\0', linkmap = {
    l_addr = 0x28077000 <Address 0x28077000 out of bounds>, 
    l_name = 0x28070040 "/lib/libc.so.5", l_ld = 0x2812d0c8, 
    l_next = 0x2806b8bc, l_prev = 0x2807109c}, dldags = {stqh_first = 0x0, 
    stqh_last = 0x280711b0}, dagmembers = {stqh_first = 0x0, 
    stqh_last = 0x280711b8}, dev = 1038, ino = 43509, priv = 0x0}
(gdb) 
=======================================================================

So, it looks like find_symdef() is returning a bogus value for def, and
NULL for defobj, which causes a NULL pointer deference at line 197.

Does this look familiar to anyone?  Since I've got a core dump, I can look
at more things if anyone has anything they'd like to see.

Ken
-- 
Kenneth Merry
ken_at_FreeBSD.ORG
Received on Thu Feb 19 2004 - 20:56:39 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:44 UTC