Re: Segfault in rtld - dlopen RTLD_LAZY (was: Re: CFT: vlc 2.0.3 - want to know where it works and where only partly)

From: Juergen Lock <nox_at_jelal.kn-bremen.de>
Date: Mon, 13 Aug 2012 18:59:51 +0200
On Mon, Aug 13, 2012 at 01:30:47PM +0300, Konstantin Belousov wrote:
> On Mon, Aug 13, 2012 at 01:13:35AM +0200, Juergen Lock wrote:
> > On Sun, Aug 05, 2012 at 07:38:11PM +0200, Juergen Lock wrote:
> > > On Sun, Aug 05, 2012 at 07:13:53PM +0300, Konstantin Belousov wrote:
> > > > On Sun, Aug 05, 2012 at 05:31:19PM +0200, Juergen Lock wrote:
> > > > > Hi kib, -current, seems we have a segfault in rtld when updating
> > > > > the multimedia/vlc port from the version currently in ports to the
> > > > > 2.0.3 CFT version from here:
> > > > > 
> > > > > 	http://people.freebsd.org/~nox/tmp/vlc-2.0.3-006.patch
> > > > > 
> > > > > (If you test the LIVEMEDIA knob you also need this update:
> > > > > 
> > > > > 	http://people.freebsd.org/~nox/tmp/livemedia-20120404-001.patch
> > > > > 
> > > > > )
> > > > Please do two things.
> > > > 
> > > > 1. Provide me the output of readelf -a for the module that was loaded.
> > > > 
> > > > 2. Recompile rtld with debug symbols and redo the build to get the useful
> > > > backtrace from core:
> > > > 	cd /usr/src/libexec/rtld-elf
> > > > 	make clean
> > > > 	make all install DEBUG_FLAGS=-g
> > > > 
> > > Ok, someone who got the crash will have to do this as I couln't
> > > reproduce it here (sorry forgot to say...)
> > > 
> > I just learned that the missing piece in reproducing this is the
> > pulseaudio knob, now I finally have a bt:
> > 
> > [...]
> > Loaded symbols for /libexec/ld-elf.so.1
> > #0  symlook_obj (req=0x7fffffffbf40, obj=0x800640400) at /d3t/d3t/home/nox/src10b/src/libexec/rtld-elf/rtld.c:3847
> > 3847            for (symnum = obj->buckets[req->hash % obj->nbuckets];
> > [New Thread 802406400 (LWP 100159/vlc-cache-gen)]
> > (gdb) bt
> > #0  symlook_obj (req=0x7fffffffbf40, obj=0x800640400) at /d3t/d3t/home/nox/src10b/src/libexec/rtld-elf/rtld.c:3847
> > #1  0x0000000800608ae7 in symlook_list (req=0x7fffffffc120, objlist=Variable "objlist" is not available.
> > ) at /d3t/d3t/home/nox/src10b/src/libexec/rtld-elf/rtld.c:3611
> > #2  0x000000080060911b in symlook_default (req=0x7fffffffc1c0, refobj=Variable "refobj" is not available.
> > ) at /d3t/d3t/home/nox/src10b/src/libexec/rtld-elf/rtld.c:3569
> > #3  0x000000080060939d in find_symdef (symnum=15, refobj=0x8006fd000, defobj_out=0x7fffffffc260, flags=0, cache=0x80061d000, lockstate=0x7fffffffc300)
> >     at /d3t/d3t/home/nox/src10b/src/libexec/rtld-elf/rtld.c:1541
> > #4  0x0000000800603690 in reloc_non_plt (obj=0x8006fd000, obj_rtld=Variable "obj_rtld" is not available.
> > ) at /d3t/d3t/home/nox/src10b/src/libexec/rtld-elf/amd64/reloc.c:204
> > #5  0x0000000800606ae8 in relocate_object (obj=0x8006fd000, bind_now=0 '\0', rtldobj=0x800819d00, flags=0, lockstate=0x7fffffffc300)
> >     at /d3t/d3t/home/nox/src10b/src/libexec/rtld-elf/rtld.c:2433
> > #6  0x00000008006084a8 in dlopen_object (name=0x80243ec80 "../modules/access/.libs/libpulsesrc_plugin.so", fd=Variable "fd" is not available.
> > )
> >     at /d3t/d3t/home/nox/src10b/src/libexec/rtld-elf/rtld.c:2392
> > #7  0x0000000800608f67 in rtld_dlopen (name=0x80243ec80 "../modules/access/.libs/libpulsesrc_plugin.so", fd=-1, mode=1)
> >     at /d3t/d3t/home/nox/src10b/src/libexec/rtld-elf/rtld.c:2761
> > #8  0x0000000800ad377d in vlc_timer_create () from /usr/ports/multimedia/vlc-203a/work/vlc-2.0.3/src/.libs/libvlccore.so.6
> > #9  0x0000000800ab9998 in module_gettext () from /usr/ports/multimedia/vlc-203a/work/vlc-2.0.3/src/.libs/libvlccore.so.6
> > #10 0x0000000800aba0aa in module_list_get () from /usr/ports/multimedia/vlc-203a/work/vlc-2.0.3/src/.libs/libvlccore.so.6
> > #11 0x0000000800ab9db1 in module_list_get () from /usr/ports/multimedia/vlc-203a/work/vlc-2.0.3/src/.libs/libvlccore.so.6
> > #12 0x0000000800ab9db1 in module_list_get () from /usr/ports/multimedia/vlc-203a/work/vlc-2.0.3/src/.libs/libvlccore.so.6
> > #13 0x0000000800aba17d in module_list_get () from /usr/ports/multimedia/vlc-203a/work/vlc-2.0.3/src/.libs/libvlccore.so.6
> > #14 0x0000000800aba631 in module_list_get () from /usr/ports/multimedia/vlc-203a/work/vlc-2.0.3/src/.libs/libvlccore.so.6
> > #15 0x0000000800a52573 in libvlc_InternalInit () from /usr/ports/multimedia/vlc-203a/work/vlc-2.0.3/src/.libs/libvlccore.so.6
> > #16 0x00000008008227a7 in libvlc_new () from /usr/ports/multimedia/vlc-203a/work/vlc-2.0.3/lib/.libs/libvlc.so.8
> > #17 0x0000000000400cd4 in main ()
> > (gdb) p obj->buckets
> > $1 = (const Elf_Hashelt *) 0x804de0160
> > (gdb) p req->hash % obj->nbuckets
> > $2 = 399
> > (gdb) p obj->buckets[req->hash % obj->nbuckets] 
> > Cannot access memory at address 0x804de079c
> > (gdb) p obj->nbuckets
> > $3 = 521
> Can you show the output of "p *obj" there ?

Here it comes...

#0  symlook_obj (req=0x7fffffffbf40, obj=0x800640400)
    at /d3t/d3t/home/nox/src10b/src/libexec/rtld-elf/rtld.c:3847
3847		for (symnum = obj->buckets[req->hash % obj->nbuckets];
[New Thread 802406400 (LWP 100159/vlc-cache-gen)]
(gdb) p *obj
$1 = {magic = 3578837114, version = 1, next = 0x80063f800, 
  path = 0x8006434c0 "/usr/local/lib/libgconf-2.so.4", origin_path = 0x0, 
  refcount = 1, dl_refcount = 0, 
  mapbase = 0x804de0000 <Address 0x804de0000 out of bounds>, 
  mapsize = 2342912, textsize = 229376, vaddrbase = 0, 
  relocbase = 0x804de0000 <Address 0x804de0000 out of bounds>, 
  dynamic = 0x805018620, 
  entry = 0x804df14b0 <Address 0x804df14b0 out of bounds>, phdr = 0x804de0040, 
  phsize = 280, interp = 0x0, stack_flags = 6, tlsindex = 0, tlsinit = 0x0, 
  tlsinitsize = 0, tlssize = 0, tlsoffset = 0, tlsalign = 0, 
  relro_page = 0x804de0000 <Address 0x804de0000 out of bounds>, 
  relro_size = 0, pltgot = 0x805018ad8, rel = 0x0, relsize = 0, 
  rela = 0x804de9040, relasize = 17256, pltrel = 0x0, pltrelsize = 0, 
  pltrela = 0x804ded3a8, pltrelasize = 9960, symtab = 0x804de13d0,
  strtab = 0x804de5180 <Address 0x804de5180 out of bounds>, strsize = 14680, 
  verneed = 0x804de9000, verneednum = 2, verdef = 0x0, verdefnum = 0, 
  versyms = 0x804de8ad8, buckets = 0x804de0160, nbuckets = 521, 
  chains = 0x804de0984, nchains = 658, nbuckets_gnu = 0, symndx_gnu = 0, 
  maskwords_bm_gnu = 0, shift2_gnu = 0, dynsymcount = 658, bloom_gnu = 0x0, 
  buckets_gnu = 0x0, chain_zero_gnu = 0x0, 
  rpath = 0x804de8ac0 <Address 0x804de8ac0 out of bounds>, runpath = 0x0, 
  needed = 0x0, needed_filtees = 0x0, needed_aux_filtees = 0x0, names = {
    stqh_first = 0x0, stqh_last = 0x8006405c0}, vertab = 0x80061e480,
  vernum = 4, init = 34441460368, fini = 34441575208, preinit_array = 0, 
  init_array = 0, fini_array = 0, preinit_array_num = 0, init_array_num = 0, 
  fini_array_num = 0, osrel = 0, mainprog = 0 '\0', rtld = 0 '\0', 
  relocated = 1 '\001', ver_checked = 1 '\001', textrel = 0 '\0', 
  symbolic = 0 '\0', bind_now = 0 '\0', traced = 0 '\0', 
  jmpslots_done = 0 '\0', init_done = 1 '\001', tls_done = 0 '\0', 
  phdr_alloc = 0 '\0', z_origin = 0 '\0', z_nodelete = 0 '\0', 
  z_noopen = 0 '\0', z_loadfltr = 0 '\0', z_nodeflib = 0 '\0', 
  ref_nodel = 0 '\0', init_scanned = 0 '\0', on_fini_list = 1 '\001', 
  dag_inited = 0 '\0', filtees_loaded = 0 '\0', irelative = 0 '\0', 
  gnu_ifunc = 0 '\0', crt_no_init = 0 '\0', valid_hash_sysv = 1 '\001', 
  valid_hash_gnu = 0 '\0', linkmap = {
    l_addr = 0x804de0000 <Address 0x804de0000 out of bounds>, 
    l_name = 0x8006434c0 "/usr/local/lib/libgconf-2.so.4", l_ld = 0x805018620, 
    l_next = 0x80063fa20, l_prev = 0x800645620}, dldags = {
    stqh_first = 0x800701c80, stqh_last = 0x800701c80}, dagmembers = {
    stqh_first = 0x0, stqh_last = 0x800640658}, dev = 160, ino = 2042032, 
  priv = 0x0}
(gdb) 

 Thanx! :)
	Juergen
Received on Mon Aug 13 2012 - 15:47:20 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:29 UTC