Hello, I have a following setup: 1. a "payload" executable built with "-fPIC -pie" (or "-fPIE -pie") which uses threads and thread-local storage; 2. a "loader" executable, which dlopen()s the payload binary and calls its main(). Starting the loader results in a segfault at thread creation time. Building payload with "-fPIC -shared" results in normally working loader, but I need to be able to launch payload both directly and via the loader. Is this a bug or I'm doing something wrong? Attached files: - source code of a minimal reproducer, along with makefiles - gdb log with glibc's debugging info [Please Cc: me on replies as I'm not subscribed to the list.] -- Ivan Shapovalov / intelfx /
Attachment:
pie-tls.tar.gz
Description: application/compressed-tar
$ gdb ./loader GNU gdb (GDB) 7.11 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./loader...done. (gdb) r Starting program: /home/intelfx/devel/__mainline/parallels-criu/pie-tls/loader [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/libthread_db.so.1". handle 0x601030, pointer 0x7ffff7633a26, calling [New Thread 0x7ffff7415700 (LWP 9441)] Thread 2 "loader" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff7415700 (LWP 9441)] __rpc_thread_svc_cleanup () at svc.c:587 587 while ((svcp = svc_head) != NULL) => 0x00007ffff794780d <__rpc_thread_svc_cleanup+29>: 48 8b 83 e8 00 00 00 mov rax,QWORD PTR [rbx+0xe8] 0x00007ffff7947814 <__rpc_thread_svc_cleanup+36>: 48 85 c0 test rax,rax 0x00007ffff7947817 <__rpc_thread_svc_cleanup+39>: 75 e7 jne 0x7ffff7947800 <__rpc_thread_svc_cleanup+16> (gdb) bt #0 __rpc_thread_svc_cleanup () at svc.c:587 #1 0x00007ffff7980a50 in __rpc_thread_destroy () at rpc_thread.c:25 #2 0x00007ffff79809d2 in __libc_thread_freeres () at thread-freeres.c:29 #3 0x00007ffff741d449 in start_thread (arg=0x7ffff7415700) at pthread_create.c:349 #4 0x00007ffff791bcbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 (gdb)
Attachment:
signature.asc
Description: This is a digitally signed message part
