Bug 1732645 - [abrt] reaver: floor_ifunc_selector(): wash killed by SIGSEGV
Summary: [abrt] reaver: floor_ifunc_selector(): wash killed by SIGSEGV
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: wireless-tools
Version: 30
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:d0eb2a1c5dd68ed2aa69a0eda99...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-24 01:08 UTC by Joao Marcos Floriano
Modified: 2019-09-14 01:59 UTC (History)
18 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)
File: backtrace (13.99 KB, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: cgroup (341 bytes, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: core_backtrace (1.89 KB, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: cpuinfo (1.33 KB, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: dso_list (545 bytes, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: environ (4.63 KB, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: exploitable (82 bytes, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: limits (1.29 KB, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: maps (3.21 KB, text/plain)
2019-07-24 01:09 UTC, Joao Marcos Floriano
no flags Details
File: mountinfo (3.99 KB, text/plain)
2019-07-24 01:09 UTC, Joao Marcos Floriano
no flags Details
File: open_fds (140 bytes, text/plain)
2019-07-24 01:09 UTC, Joao Marcos Floriano
no flags Details
File: proc_pid_status (1.29 KB, text/plain)
2019-07-24 01:09 UTC, Joao Marcos Floriano
no flags Details

Description Joao Marcos Floriano 2019-07-24 01:08:45 UTC
Version-Release number of selected component:
reaver-1.6.5-3.fc30

Additional info:
reporter:       libreport-2.10.1
backtrace_rating: 3
cmdline:        wash
crash_function: floor_ifunc_selector
executable:     /usr/bin/wash
journald_cursor: s=e8a73499ef2b4d96ae8428dce81a6925;i=3878;b=fecc408a9cb74e1cb240ca1a265d7623;m=114043b688;t=58c034bdac76a;x=798d5a7c0779fb1a
kernel:         5.1.11-300.fc30.x86_64
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            0

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 floor_ifunc_selector at ../sysdeps/x86_64/fpu/multiarch/ifunc-sse4_1.h:29
 #1 __floor_ifunc at ../sysdeps/x86_64/fpu/multiarch/s_floor.c:31
 #2 elf_machine_rela at ../sysdeps/x86_64/dl-machine.h:330
 #3 elf_dynamic_do_Rela at do-rel.h:137
 #4 _dl_relocate_object at dl-reloc.c:254
 #5 dl_main at rtld.c:2193
 #6 _dl_sysdep_start at ../elf/dl-sysdep.c:253
 #7 _dl_start_final at rtld.c:413
 #8 _dl_start at rtld.c:520
 #9 _start

Comment 1 Joao Marcos Floriano 2019-07-24 01:08:49 UTC
Created attachment 1593013 [details]
File: backtrace

Comment 2 Joao Marcos Floriano 2019-07-24 01:08:50 UTC
Created attachment 1593014 [details]
File: cgroup

Comment 3 Joao Marcos Floriano 2019-07-24 01:08:51 UTC
Created attachment 1593015 [details]
File: core_backtrace

Comment 4 Joao Marcos Floriano 2019-07-24 01:08:53 UTC
Created attachment 1593016 [details]
File: cpuinfo

Comment 5 Joao Marcos Floriano 2019-07-24 01:08:54 UTC
Created attachment 1593017 [details]
File: dso_list

Comment 6 Joao Marcos Floriano 2019-07-24 01:08:55 UTC
Created attachment 1593018 [details]
File: environ

Comment 7 Joao Marcos Floriano 2019-07-24 01:08:57 UTC
Created attachment 1593019 [details]
File: exploitable

Comment 8 Joao Marcos Floriano 2019-07-24 01:08:58 UTC
Created attachment 1593020 [details]
File: limits

Comment 9 Joao Marcos Floriano 2019-07-24 01:09:00 UTC
Created attachment 1593021 [details]
File: maps

Comment 10 Joao Marcos Floriano 2019-07-24 01:09:01 UTC
Created attachment 1593022 [details]
File: mountinfo

Comment 11 Joao Marcos Floriano 2019-07-24 01:09:02 UTC
Created attachment 1593023 [details]
File: open_fds

Comment 12 Joao Marcos Floriano 2019-07-24 01:09:05 UTC
Created attachment 1593024 [details]
File: proc_pid_status

Comment 13 Jaroslav Škarvada 2019-09-13 21:03:20 UTC
This is either glibc or gcc, reassigning to glibc for the start, because there were similar IFUNC errors. The problem is following:

$ valgrind reaver
reaver: Relink `/lib64/libiw.so.29' with `/lib64/libm.so.6' for IFUNC symbol `floor'
Neoprávněný přístup do paměti (SIGSEGV) (core dumped [obraz paměti uložen])
...
=20037== Invalid read of size 1
==20037==    at 0x48CFEB2: floor (in /usr/lib64/libm-2.29.so)
==20037==    by 0x400CD59: _dl_relocate_object (in /usr/lib64/ld-2.29.so)
==20037==    by 0x40046A1: dl_main (in /usr/lib64/ld-2.29.so)
==20037==    by 0x4019E2A: _dl_sysdep_start (in /usr/lib64/ld-2.29.so)
==20037==    by 0x40021AB: _dl_start (in /usr/lib64/ld-2.29.so)
==20037==    by 0x4001117: ??? (in /usr/lib64/ld-2.29.so)
==20037==  Address 0x72 is not stack'd, malloc'd or (recently) free'd

$ ldd /lib64/libiw.so.29
	linux-vdso.so.1 (0x00007ffdbd15f000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f1f4b211000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f1f4b43d000)

But libiw is already linked with the -lm, from the build log of wireless-tools:
...
gcc -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -shared -o libiw.so.29 -Wl,-soname,libiw.so.29  -lm -lc iwlib.so
...

If I remove '-Wl,--as-needed' it works as expected without segfault, but it was added there by the distribution LDFLAGS:
$ rpm --eval %__global_ldflags
-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld

So something is broken here.

Comment 14 Florian Weimer 2019-09-14 01:59:01 UTC
“eu-readelf -s /lib64/libiw.so.29” shows:

…
   29: 0000000000000000      0 NOTYPE  GLOBAL DEFAULT    UNDEF pow
…
   29: 0000000000000000      0 NOTYPE  GLOBAL DEFAULT    UNDEF pow
…
   38: 0000000000000000      0 NOTYPE  GLOBAL DEFAULT    UNDEF floor

The link order in wireless-tools is this:

gcc -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -shared -o libiw.so.29 -Wl,-soname,libiw.so.29  -lm -lc iwlib.so

--as-needed is specified in such a way that the -lm and first -lc do not result in run-time dependencies (but not the implicit -lc). The toolchain behaves in a documented way here. (Despite the name, iwlib.so is a relocatable object here.)

I think this is just one of the things that break with -as-needed and needs to be fixed in wireless-tools, by moving -lm after the objects that need it.  Basically, change “-lm -lc iwlib.so” into “iwlib.so -lm”.


Note You need to log in before you can comment on or make changes to this bug.