Bug 1732645 - [abrt] reaver: floor_ifunc_selector(): wash killed by SIGSEGV
Summary: [abrt] reaver: floor_ifunc_selector(): wash killed by SIGSEGV
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: wireless-tools
Version: 30
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:d0eb2a1c5dd68ed2aa69a0eda99...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-24 01:08 UTC by Joao Marcos Floriano
Modified: 2020-03-11 22:45 UTC (History)
18 users (show)

Fixed In Version: wireless-tools-29-25.fc30 wireless-tools-29-25.fc31
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-09 20:54:35 UTC
Type: ---


Attachments (Terms of Use)
File: backtrace (13.99 KB, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: cgroup (341 bytes, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: core_backtrace (1.89 KB, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: cpuinfo (1.33 KB, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: dso_list (545 bytes, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: environ (4.63 KB, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: exploitable (82 bytes, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: limits (1.29 KB, text/plain)
2019-07-24 01:08 UTC, Joao Marcos Floriano
no flags Details
File: maps (3.21 KB, text/plain)
2019-07-24 01:09 UTC, Joao Marcos Floriano
no flags Details
File: mountinfo (3.99 KB, text/plain)
2019-07-24 01:09 UTC, Joao Marcos Floriano
no flags Details
File: open_fds (140 bytes, text/plain)
2019-07-24 01:09 UTC, Joao Marcos Floriano
no flags Details
File: proc_pid_status (1.29 KB, text/plain)
2019-07-24 01:09 UTC, Joao Marcos Floriano
no flags Details

Description Joao Marcos Floriano 2019-07-24 01:08:45 UTC
Version-Release number of selected component:
reaver-1.6.5-3.fc30

Additional info:
reporter:       libreport-2.10.1
backtrace_rating: 3
cmdline:        wash
crash_function: floor_ifunc_selector
executable:     /usr/bin/wash
journald_cursor: s=e8a73499ef2b4d96ae8428dce81a6925;i=3878;b=fecc408a9cb74e1cb240ca1a265d7623;m=114043b688;t=58c034bdac76a;x=798d5a7c0779fb1a
kernel:         5.1.11-300.fc30.x86_64
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            0

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 floor_ifunc_selector at ../sysdeps/x86_64/fpu/multiarch/ifunc-sse4_1.h:29
 #1 __floor_ifunc at ../sysdeps/x86_64/fpu/multiarch/s_floor.c:31
 #2 elf_machine_rela at ../sysdeps/x86_64/dl-machine.h:330
 #3 elf_dynamic_do_Rela at do-rel.h:137
 #4 _dl_relocate_object at dl-reloc.c:254
 #5 dl_main at rtld.c:2193
 #6 _dl_sysdep_start at ../elf/dl-sysdep.c:253
 #7 _dl_start_final at rtld.c:413
 #8 _dl_start at rtld.c:520
 #9 _start

Comment 1 Joao Marcos Floriano 2019-07-24 01:08:49 UTC
Created attachment 1593013 [details]
File: backtrace

Comment 2 Joao Marcos Floriano 2019-07-24 01:08:50 UTC
Created attachment 1593014 [details]
File: cgroup

Comment 3 Joao Marcos Floriano 2019-07-24 01:08:51 UTC
Created attachment 1593015 [details]
File: core_backtrace

Comment 4 Joao Marcos Floriano 2019-07-24 01:08:53 UTC
Created attachment 1593016 [details]
File: cpuinfo

Comment 5 Joao Marcos Floriano 2019-07-24 01:08:54 UTC
Created attachment 1593017 [details]
File: dso_list

Comment 6 Joao Marcos Floriano 2019-07-24 01:08:55 UTC
Created attachment 1593018 [details]
File: environ

Comment 7 Joao Marcos Floriano 2019-07-24 01:08:57 UTC
Created attachment 1593019 [details]
File: exploitable

Comment 8 Joao Marcos Floriano 2019-07-24 01:08:58 UTC
Created attachment 1593020 [details]
File: limits

Comment 9 Joao Marcos Floriano 2019-07-24 01:09:00 UTC
Created attachment 1593021 [details]
File: maps

Comment 10 Joao Marcos Floriano 2019-07-24 01:09:01 UTC
Created attachment 1593022 [details]
File: mountinfo

Comment 11 Joao Marcos Floriano 2019-07-24 01:09:02 UTC
Created attachment 1593023 [details]
File: open_fds

Comment 12 Joao Marcos Floriano 2019-07-24 01:09:05 UTC
Created attachment 1593024 [details]
File: proc_pid_status

Comment 13 Jaroslav Škarvada 2019-09-13 21:03:20 UTC
This is either glibc or gcc, reassigning to glibc for the start, because there were similar IFUNC errors. The problem is following:

$ valgrind reaver
reaver: Relink `/lib64/libiw.so.29' with `/lib64/libm.so.6' for IFUNC symbol `floor'
Neoprávněný přístup do paměti (SIGSEGV) (core dumped [obraz paměti uložen])
...
=20037== Invalid read of size 1
==20037==    at 0x48CFEB2: floor (in /usr/lib64/libm-2.29.so)
==20037==    by 0x400CD59: _dl_relocate_object (in /usr/lib64/ld-2.29.so)
==20037==    by 0x40046A1: dl_main (in /usr/lib64/ld-2.29.so)
==20037==    by 0x4019E2A: _dl_sysdep_start (in /usr/lib64/ld-2.29.so)
==20037==    by 0x40021AB: _dl_start (in /usr/lib64/ld-2.29.so)
==20037==    by 0x4001117: ??? (in /usr/lib64/ld-2.29.so)
==20037==  Address 0x72 is not stack'd, malloc'd or (recently) free'd

$ ldd /lib64/libiw.so.29
	linux-vdso.so.1 (0x00007ffdbd15f000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f1f4b211000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f1f4b43d000)

But libiw is already linked with the -lm, from the build log of wireless-tools:
...
gcc -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -shared -o libiw.so.29 -Wl,-soname,libiw.so.29  -lm -lc iwlib.so
...

If I remove '-Wl,--as-needed' it works as expected without segfault, but it was added there by the distribution LDFLAGS:
$ rpm --eval %__global_ldflags
-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld

So something is broken here.

Comment 14 Florian Weimer 2019-09-14 01:59:01 UTC
“eu-readelf -s /lib64/libiw.so.29” shows:

…
   29: 0000000000000000      0 NOTYPE  GLOBAL DEFAULT    UNDEF pow
…
   29: 0000000000000000      0 NOTYPE  GLOBAL DEFAULT    UNDEF pow
…
   38: 0000000000000000      0 NOTYPE  GLOBAL DEFAULT    UNDEF floor

The link order in wireless-tools is this:

gcc -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -shared -o libiw.so.29 -Wl,-soname,libiw.so.29  -lm -lc iwlib.so

--as-needed is specified in such a way that the -lm and first -lc do not result in run-time dependencies (but not the implicit -lc). The toolchain behaves in a documented way here. (Despite the name, iwlib.so is a relocatable object here.)

I think this is just one of the things that break with -as-needed and needs to be fixed in wireless-tools, by moving -lm after the objects that need it.  Basically, change “-lm -lc iwlib.so” into “iwlib.so -lm”.

Comment 15 Jens Petersen 2020-02-23 12:06:57 UTC
I am applying Florian suggestion to wireless-tools-29-25.
Thanks for this - it was preventing xmobar from building too for some time.

Comment 16 Fedora Update System 2020-02-23 12:13:16 UTC
FEDORA-2020-a334dc624d has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-a334dc624d

Comment 17 Fedora Update System 2020-02-24 02:07:38 UTC
wireless-tools-29-25.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-5d27f4c3f9

Comment 18 Fedora Update System 2020-02-24 02:08:39 UTC
wireless-tools-29-25.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-a334dc624d

Comment 19 Fedora Update System 2020-03-09 20:54:35 UTC
wireless-tools-29-25.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2020-03-11 22:45:43 UTC
wireless-tools-29-25.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.