https://sourceware.org/bugzilla/show_bug.cgi?id=32761
Bug ID: 32761
Summary: binary created by ld will segfault in
_dl_relocate_static_pie when static pie is enabled
Product: binutils
Version: 2.44
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: fourdim2001 at gmail dot com
Target Milestone: ---
This happens when compiling https://github.com/google/syzkaller's syz-executor.
The commit hash of syzkaller I was working on is
6a8fcbc4a6172c831c89c507007f59fba13408aa
The compile command is
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable
-Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds
-Wno-format-overflow -Wno-unused-but-set-variable
-Wno-unused-command-line-argument -static-pie -std=c++17 -I.
-Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1
-DGIT_REVISION=\"6a8fcbc4a6172c831c89c507007f59fba13408aa\"
When compile it with lld, mold, it runs without any issue.
When compile it with -static instead of -static-pie option, it runs without any
issue.
The stack trace is:
#0 0x00007ffff71cc090 in _dl_relocate_static_pie ()
#1 0x00007ffff7146cb6 in __libc_start_main_impl ()
#2 0x00007ffff7050885 in _start ()
Partial disassembly:
0x00007ffff71cc045 <+965>: mov 0x10(%r12),%rcx
0x00007ffff71cc04a <+970>: and $0x20,%edx
0x00007ffff71cc04d <+973>: movq %xmm0,%rax
0x00007ffff71cc052 <+978>: lea (%rcx,%rcx,2),%rcx
0x00007ffff71cc056 <+982>: movdqa %xmm0,%xmm1
0x00007ffff71cc05a <+986>: lea (%rax,%rcx,8),%rbx
0x00007ffff71cc05e <+990>: mov 0x70(%r9),%rcx
0x00007ffff71cc062 <+994>: psrldq $0x8,%xmm1
0x00007ffff71cc067 <+999>: paddq %xmm1,%xmm0
0x00007ffff71cc06b <+1003>: mov 0x8(%rcx),%r10
0x00007ffff71cc06f <+1007>: movq %xmm0,%r8
0x00007ffff71cc074 <+1012>: lea (%r10,%r13,1),%rcx
0x00007ffff71cc078 <+1016>: cmovne %rcx,%r10
0x00007ffff71cc07c <+1020>: cmp %rbx,%rax
0x00007ffff71cc07f <+1023>: jae 0x7ffff71cc0bc
<_dl_relocate_static_pie+1084>
0x00007ffff71cc081 <+1025>: data16 cs nopw 0x0(%rax,%rax,1)
0x00007ffff71cc08c <+1036>: nopl 0x0(%rax)
=> 0x00007ffff71cc090 <+1040>: mov (%rax),%rcx
0x00007ffff71cc093 <+1043>: mov 0x8(%rax),%edx
0x00007ffff71cc096 <+1046>: add %r13,%rcx
0x00007ffff71cc099 <+1049>: cmp $0x26,%rdx
0x00007ffff71cc09d <+1053>: je 0x7ffff71cc0a9
<_dl_relocate_static_pie+1065>
0x00007ffff71cc09f <+1055>: cmp $0x8,%rdx
0x00007ffff71cc0a3 <+1059>: jne 0x7ffff704e374
<_dl_relocate_static_pie.cold+62>
0x00007ffff71cc0a9 <+1065>: mov 0x10(%rax),%rdx
0x00007ffff71cc0ad <+1069>: add $0x18,%rax
0x00007ffff71cc0b1 <+1073>: add %r13,%rdx
0x00007ffff71cc0b4 <+1076>: mov %rdx,(%rcx)
0x00007ffff71cc0b7 <+1079>: cmp %rbx,%rax
0x00007ffff71cc0ba <+1082>: jb 0x7ffff71cc090
<_dl_relocate_static_pie+1040>
0x00007ffff71cc0bc <+1084>: mov 0x208(%r9),%rcx
0x00007ffff71cc0c3 <+1091>: test %rcx,%rcx
0x00007ffff71cc0c6 <+1094>: je 0x7ffff71cc5c0
<_dl_relocate_static_pie+2368>
0x00007ffff71cc0cc <+1100>: cmp %r8,%rbx
It looks like it has something to do with linker relocation, so I post it here.
The known good version of ld is ubuntu 22.04.4 LTS GNU ld (GNU Binutils for
Ubuntu) 2.38
The known bad version of ld is archlinux GNU ld (GNU Binutils) 2.44
--
You are receiving this mail because:
You are on the CC list for the bug.
