MIPS binary has a PT_DYNAMIC segment with RWE perms in the same page as PT_NOTE with R only; rtld cannot actually accommodate this. volta% readelf -l sh Elf file type is EXEC (Executable file) Entry point 0x4037e0 There are 8 program headers, starting at offset 52 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000034 0x00400034 0x00400034 0x00100 0x00100 R E 0x4 INTERP 0x000134 0x00400134 0x00400134 0x00015 0x00015 R 0x1 [Requesting program interpreter: /libexec/ld-elf.so.1] LOPROC+0 0x00017c 0x0040017c 0x0040017c 0x00018 0x00018 R 0x4 LOAD 0x000000 0x00400000 0x00400000 0x2b42c 0x2b42c R E 0x10000 LOAD 0x02b42c 0x0043b42c 0x0043b42c 0x00b68 0x01bb8 RW 0x10000 DYNAMIC 0x000194 0x00400194 0x00400194 0x000f8 0x000f8 RWE 0x4 NOTE 0x00014c 0x0040014c 0x0040014c 0x00030 0x00030 R 0x4 NULL 0x000000 0x00000000 0x00000000 0x00000 0x00000 0x4 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .reginfo 03 .interp .note.tag .reginfo .dynamic .hash .dynsym .dynstr .gnu.version .gnu.version_r .init .text .MIPS.stubs .fini .rodata .eh_frame 04 .ctors .dtors .jcr .data.rel.ro .data .rld_map .got .sdata .bss 05 .dynamic 06 .note.tag 07
A commit references this bug: Author: emaste Date: Fri Jan 8 00:56:42 UTC 2016 New revision: 293403 URL: https://svnweb.freebsd.org/changeset/base/293403 Log: Revert r293201, r293202 (rtld: populate DT_DEBUG iff DYNAMIC segment is writable) It turns out MIPS binaries may have other oddities that can trigger a fault at startup. PR: 206017 Reported by: ray Changes: head/libexec/rtld-elf/rtld.c head/libexec/rtld-elf/rtld.h
It seems like fixing this wouldn't be too hard so long as we track the extent and permissions of the last mapping (I believe everyone relies on segments being sorted). I'd argue that this is a linker/linker-script bug as well.