Bug 1458923
Summary: | GCC crashes when compiling modified ceph | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Adam C. Emerson <aemerson> | ||||
Component: | gcc | Assignee: | Jakub Jelinek <jakub> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 25 | CC: | davejohansen, fweimer, jakub, jwakely, law, mpolacek | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-07-12 16:56:33 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Adam C. Emerson
2017-06-05 20:42:01 UTC
Can't reproduce with the preprocessed source you've provided, either with gcc-6.3.1-1.fc25 or current trunk. Hello! Here is a back trace, thank you: (gdb) run Starting program: /usr/libexec/gcc/x86_64-redhat-linux/6.3.1/cc1plus -quiet -I /home/aemerson/bar/build/src/include -I /home/aemerson/bar/src -I /home/aemerson/bar/src/xxHash -I /home/aemerson/bar/src/dmclock/src -I /home/aemerson/bar/src/dmclock/support/src -I /home/aemerson/bar/src/googletest/googletest/include -I /usr/include/nss3 -I /usr/include/nspr4 -I /usr/include -D_GNU_SOURCE -D CEPH_LIBDIR=\"/usr/local/lib64\" -D CEPH_PKGLIBDIR=\"/usr/local/lib64/ceph\" -D _FILE_OFFSET_BITS=64 -D _GNU_SOURCE -D __linux__ -U _FORTIFY_SOURCE -D _FORTIFY_SOURCE=2 -U _FORTIFY_SOURCE -D _FORTIFY_SOURCE=2 -D HAVE_CONFIG_H -D __CEPH__ -D _REENTRANT -D _THREAD_SAFE -D __STDC_FORMAT_MACROS -isystem /home/aemerson/bar/build/boost/include -isystem /home/aemerson/bar/build/include -isystem /home/aemerson/bar/src/rapidjson/include /home/aemerson/bar/src/client/Client.cc -quiet -dumpbase Client.cc -mtune=generic -march=x86-64 -auxbase-strip CMakeFiles/client.dir/Client.cc.o -g -O2 -Wall -Wtype-limits -Wignored-qualifiers -Winit-self -Wpointer-arith -Werror=format-security -Wno-unknown-pragmas -std=c++11 -fdiagnostics-color=auto -fno-strict-aliasing -fsigned-char -fstack-protector-strong -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-free -fPIC -o /tmp/ccHYBoIE.s Program received signal SIGSEGV, Segmentation fault. lookup_page_table_entry (p=0x725f73693a3a6474) at ../../gcc/ggc-page.c:634 634 while (table->high_bits != high_bits) (gdb) where #0 lookup_page_table_entry (p=0x725f73693a3a6474) at ../../gcc/ggc-page.c:634 #1 0x0000000000693f7b in ggc_set_mark (p=p@entry=0x725f73693a3a6474) at ../../gcc/ggc-page.c:1531 #2 0x0000000000e28290 in gt_ggc_mx_lang_tree_node(void*) () at ./gt-cp-tree.h:236 #3 0x00000000006332ef in gt_ggc_mx (x_r=...) at ./gt-cp-semantics.h:53 #4 0x0000000000631ace in gt_ggc_mx<deferred_access_check> (v=<optimized out>) at ../../gcc/vec.h:1076 #5 gt_ggc_mx_vec_deferred_access_check_va_gc_ (x_p=0x7fffb27b7b40) at ./gt-cp-semantics.h:45 #6 0x0000000000615d11 in gt_ggc_mx_tree_check (x_p=0x7fffb27b5678) at ./gt-cp-parser.h:151 #7 0x0000000000615cdd in gt_ggc_mx<cp_token> (v=<optimized out>) at ../../gcc/vec.h:1076 #8 gt_ggc_mx_vec_cp_token_va_gc_ (x_p=0x7fffe54cd000) at ./gt-cp-parser.h:123 #9 0x0000000000614688 in gt_ggc_mx_cp_lexer (x_p=<optimized out>) at ./gt-cp-parser.h:112 #10 0x0000000000614557 in gt_ggc_mx_cp_parser (x_p=0x7fffe514b360) at ./gt-cp-parser.h:45 #11 0x00000000013a8f79 in ggc_mark_root_tab (rt=0x1505ce0 <gt_ggc_r_gt_cp_parser_h>) at ../../gcc/ggc-common.c:77 #12 0x00000000013a8f35 in ggc_mark_roots() () at ../../gcc/ggc-common.c:94 #13 0x0000000000693559 in ggc_collect () at ../../gcc/ggc-page.c:2201 #14 0x0000000000eb55ff in cgraph_node::finalize_function(tree_node*, bool) () at ../../gcc/cgraphunit.c:456 #15 0x0000000000e19bd5 in expand_or_defer_fn(tree_node*) () at ../../gcc/cp/semantics.c:4237 #16 0x0000000000df1f93 in cp_parser_function_definition_after_declarator(cp_parser*, bool) () at ../../gcc/cp/parser.c:25441 #17 0x0000000000df73c0 in cp_parser_late_parsing_for_member(cp_parser*, tree_node*) () at ../../gcc/cp/parser.c:26313 #18 0x0000000000de6b10 in cp_parser_class_specifier_1(cp_parser*) () at ../../gcc/cp/parser.c:21588 #19 0x0000000000ddd031 in cp_parser_class_specifier (parser=0x7fffe514b360) at ../../gcc/cp/parser.c:21614 #20 cp_parser_type_specifier (is_cv_qualifier=<synthetic pointer>, declares_class_or_enum=<synthetic pointer>, is_declaration=true, decl_specs=<optimized out>, flags=1, parser=<optimized out>) at ../../gcc/cp/parser.c:15868 #21 cp_parser_decl_specifier_seq(cp_parser*, int, cp_decl_specifier_seq*, int*) () at ../../gcc/cp/parser.c:12788 #22 0x0000000000ddc544 in cp_parser_simple_declaration(cp_parser*, bool, tree_node**) () at ../../gcc/cp/parser.c:12322 #23 0x0000000000ddbde9 in cp_parser_block_declaration(cp_parser*, bool) () at ../../gcc/cp/parser.c:12269 #24 0x0000000000ddb9cd in cp_parser_declaration(cp_parser*) () at ../../gcc/cp/parser.c:12166 #25 0x0000000000ddb728 in cp_parser_declaration_seq_opt (parser=parser@entry=0x7fffe514b360) at ../../gcc/cp/parser.c:12045 #26 0x0000000001358a75 in cp_parser_translation_unit (parser=0x7fffe514b360) at ../../gcc/cp/parser.c:4323 #27 c_parse_file() () at ../../gcc/cp/parser.c:37541 #28 0x0000000001386903 in c_common_parse_file() () at ../../gcc/c-family/c-opts.c:1064 #29 0x00000000013d1218 in compile_file() () at ../../gcc/toplev.c:463 #30 0x0000000000d6c7ba in do_compile () at ../../gcc/toplev.c:1986 #31 toplev::m(gdb) run Starting program: /usr/libexec/gcc/x86_64-redhat-linux/6.3.1/cc1plus -quiet -I /home/aemerson/bar/build/src/include -I /home/aemerson/bar/src -I /home/aemerson/bar/src/xxHash -I /home/aemerson/bar/src/dmclock/src -I /home/aemerson/bar/src/dmclock/support/src -I /home/aemerson/bar/src/googletest/googletest/include -I /usr/include/nss3 -I /usr/include/nspr4 -I /usr/include -D_GNU_SOURCE -D CEPH_LIBDIR=\"/usr/local/lib64\" -D CEPH_PKGLIBDIR=\"/usr/local/lib64/ceph\" -D _FILE_OFFSET_BITS=64 -D _GNU_SOURCE -D __linux__ -U _FORTIFY_SOURCE -D _FORTIFY_SOURCE=2 -U _FORTIFY_SOURCE -D _FORTIFY_SOURCE=2 -D HAVE_CONFIG_H -D __CEPH__ -D _REENTRANT -D _THREAD_SAFE -D __STDC_FORMAT_MACROS -isystem /home/aemerson/bar/build/boost/include -isystem /home/aemerson/bar/build/include -isystem /home/aemerson/bar/src/rapidjson/include /home/aemerson/bar/src/client/Client.cc -quiet -dumpbase Client.cc -mtune=generic -march=x86-64 -auxbase-strip CMakeFiles/client.dir/Client.cc.o -g -O2 -Wall -Wtype-limits -Wignored-qualifiers -Winit-self -Wpointer-arith -Werror=format-security -Wno-unknown-pragmas -std=c++11 -fdiagnostics-color=auto -fno-strict-aliasing -fsigned-char -fstack-protector-strong -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-free -fPIC -o /tmp/ccHYBoIE.s Program received signal SIGSEGV, Segmentation fault. lookup_page_table_entry (p=0x725f73693a3a6474) at ../../gcc/ggc-page.c:634 634 while (table->high_bits != high_bits) (gdb) where #0 lookup_page_table_entry (p=0x725f73693a3a6474) at ../../gcc/ggc-page.c:634 #1 0x0000000000693f7b in ggc_set_mark (p=p@entry=0x725f73693a3a6474) at ../../gcc/ggc-page.c:1531 #2 0x0000000000e28290 in gt_ggc_mx_lang_tree_node(void*) () at ./gt-cp-tree.h:236 #3 0x00000000006332ef in gt_ggc_mx (x_r=...) at ./gt-cp-semantics.h:53 #4 0x0000000000631ace in gt_ggc_mx<deferred_access_check> (v=<optimized out>) at ../../gcc/vec.h:1076 #5 gt_ggc_mx_vec_deferred_access_check_va_gc_ (x_p=0x7fffb27b7b40) at ./gt-cp-semantics.h:45 #6 0x0000000000615d11 in gt_ggc_mx_tree_check (x_p=0x7fffb27b5678) at ./gt-cp-parser.h:151 #7 0x0000000000615cdd in gt_ggc_mx<cp_token> (v=<optimized out>) at ../../gcc/vec.h:1076 #8 gt_ggc_mx_vec_cp_token_va_gc_ (x_p=0x7fffe54cd000) at ./gt-cp-parser.h:123 #9 0x0000000000614688 in gt_ggc_mx_cp_lexer (x_p=<optimized out>) at ./gt-cp-parser.h:112 #10 0x0000000000614557 in gt_ggc_mx_cp_parser (x_p=0x7fffe514b360) at ./gt-cp-parser.h:45 #11 0x00000000013a8f79 in ggc_mark_root_tab (rt=0x1505ce0 <gt_ggc_r_gt_cp_parser_h>) at ../../gcc/ggc-common.c:77 #12 0x00000000013a8f35 in ggc_mark_roots() () at ../../gcc/ggc-common.c:94 #13 0x0000000000693559 in ggc_collect () at ../../gcc/ggc-page.c:2201 #14 0x0000000000eb55ff in cgraph_node::finalize_function(tree_node*, bool) () at ../../gcc/cgraphunit.c:456 #15 0x0000000000e19bd5 in expand_or_defer_fn(tree_node*) () at ../../gcc/cp/semantics.c:4237 #16 0x0000000000df1f93 in cp_parser_function_definition_after_declarator(cp_parser*, bool) () at ../../gcc/cp/parser.c:25441 #17 0x0000000000df73c0 in cp_parser_late_parsing_for_member(cp_parser*, tree_node*) () at ../../gcc/cp/parser.c:26313 #18 0x0000000000de6b10 in cp_parser_class_specifier_1(cp_parser*) () at ../../gcc/cp/parser.c:21588 #19 0x0000000000ddd031 in cp_parser_class_specifier (parser=0x7fffe514b360) at ../../gcc/cp/parser.c:21614 #20 cp_parser_type_specifier (is_cv_qualifier=<synthetic pointer>, declares_class_or_enum=<synthetic pointer>, is_declaration=true, decl_specs=<optimized out>, flags=1, parser=<optimized out>) at ../../gcc/cp/parser.c:15868 #21 cp_parser_decl_specifier_seq(cp_parser*, int, cp_decl_specifier_seq*, int*) () at ../../gcc/cp/parser.c:12788 #22 0x0000000000ddc544 in cp_parser_simple_declaration(cp_parser*, bool, tree_node**) () at ../../gcc/cp/parser.c:12322 #23 0x0000000000ddbde9 in cp_parser_block_declaration(cp_parser*, bool) () at ../../gcc/cp/parser.c:12269 #24 0x0000000000ddb9cd in cp_parser_declaration(cp_parser*) () at ../../gcc/cp/parser.c:12166 #25 0x0000000000ddb728 in cp_parser_declaration_seq_opt (parser=parser@entry=0x7fffe514b360) at ../../gcc/cp/parser.c:12045 #26 0x0000000001358a75 in cp_parser_translation_unit (parser=0x7fffe514b360) at ../../gcc/cp/parser.c:4323 #27 c_parse_file() () at ../../gcc/cp/parser.c:37541 #28 0x0000000001386903 in c_common_parse_file() () at ../../gcc/c-family/c-opts.c:1064 #29 0x00000000013d1218 in compile_file() () at ../../gcc/toplev.c:463 #30 0x0000000000d6c7ba in do_compile () at ../../gcc/toplev.c:1986 #31 toplev::main(int, char**) () at ../../gcc/toplev.c:2094 #32 0x0000000000d6dfb7 in main () at ../../gcc/main.c:39 #33 0x00007ffff6c00401 in __libc_start_main (main=0xd6df80 <main>, argc=84, argv=0x7fffffffd488, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd478) at ../csu/libc-start.c:289 #34 0x000000000134c97a in _start () (gdb) list 629 #if HOST_BITS_PER_PTR <= 32 630 base = &G.lookup[0]; 631 #else 632 page_table table = G.lookup; 633 uintptr_t high_bits = (uintptr_t) p & ~ (uintptr_t) 0xffffffff; 634 while (table->high_bits != high_bits) 635 table = table->next; 636 base = &table->table[0]; 637 #endif 638 (gdb) print table $1 = (page_table) 0x0 (gdb) ain(int, char**) () at ../../gcc/toplev.c:2094 #32 0x0000000000d6dfb7 in main () at ../../gcc/main.c:39 #33 0x00007ffff6c00401 in __libc_start_main (main=0xd6df80 <main>, argc=84, argv=0x7fffffffd488, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd478) at ../csu/libc-start.c:289 #34 0x000000000134c97a in _start () (gdb) list 629 #if HOST_BITS_PER_PTR <= 32 630 base = &G.lookup[0]; 631 #else 632 page_table table = G.lookup; 633 uintptr_t high_bits = (uintptr_t) p & ~ (uintptr_t) 0xffffffff; 634 while (table->high_bits != high_bits) 635 table = table->next; 636 base = &table->table[0]; 637 #endif 638 (gdb) print table $1 = (page_table) 0x0 (gdb) Haven't managed to reproduce it even with additional --param ggc-min-heapsize=0 --param ggc-min-expand=0 (which triggers the GC at all ggc_collect spots). So it is hard to debug. Solely from the above backtrace, it seems 0x725f73693a3a6474 which is being dereferenced as a pointer is actually a portion of a string: "td::is_r" The above suggests that this is because some cp_token has tree_check_value pointing to a vector where one of the elements has checks a vector where one of the elements has binfo field which is the above invalid pointer or one of its TREE_CHAIN is. But it is impossible to find out why that happened without reproduction. So, if you can reproduce somewhere and can give me access to that box, I can debug further, otherwise there is nothing that can be done here. This is fixed in the new version of GCC in Fedora 26. |