Actions
Bug #14286
open
ldd(1) of certain mdb kmods crashes when -u, -U, -r, etc. flags are used.
Status:
New
Priority:
Normal
Assignee:
-
Category:
cmd - userland programs
Start date:
Due date:
% Done:
0%
Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
Description
core '15334.core' of 15334: /usr/lib/amd64/lddstub 00007fffa60846d0 elf_hash () 00007fffa609cbb1 elf_reloc (7fffae501118, 0, 0, 7fffbfffd918) + ff1 00007fffa607e7a3 relocate_so (7fffa60c9f20, 7fffae501118, 7fffbfffda3c, 0, 0) + 63 00007fffa607e88f _relocate_lmc (7fffa60c9f20, 20, 7fffaf510990, 7fffbfffda3c, 0) + 5f 00007fffa607ed97 relocate_lmc (7fffa60c9f20, 20, 7fffaf510990, 7fffaf510990, 0) + 2c7 00007fffa608ad31 setup (7fffbfffdf78, 7fffbfffe0e0, 0, 7fffbfffe7ec, 1000, 7fffa607753a, 7fffa6063000, 7fffa6063000, ...) + e11 00007fffa609d372 _setup (7fffbfffdee0, 190) + 272 00007fffa607de6e _rt_boot () + 6c 00007fffbfffe1f0 ???????? ()
A reliable way to reproduce this is /kernel/kmdb/amd64/mpt, since it's a closed bin and we know it won't change.
We're passing junk to elf_hash()
> <rdi=K
7ffff41d4b9b
> ::status
debugging core file of lddstub (64-bit) from bela
file: /usr/lib/amd64/lddstub
initial argv: /usr/lib/amd64/lddstub
threading model: native threads
status: process terminated by SIGSEGV (Segmentation Fault), addr=7ffff41d4b9b
Updated by Rich Lowe 8 months ago
This is because there are bad symbol references in relocations after the kernel module has been linked into a shared object internal to ld.so.1. If we do the link ourselves we can get the same result and see it happen.
; elfdump -r mpt.so >/dev/null mpt.so: bad symbol reference 32: from relocation entry: 29 mpt.so: bad symbol reference 32: from relocation entry: 30
Actions