Bug 1467526

Summary: gcc: Invalid IFUNC resolver in libgcc calls getauxval, leading to ppc64le relocation crash
Product: [Fedora] Fedora Reporter: Florian Weimer <fweimer>
Component: gccAssignee: Jakub Jelinek <jakub>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: urgent    
Version: 27CC: abokovoy, arjun, codonell, davejohansen, dj, extras-qa, fweimer, jakub, jwakely, law, mfabian, mpolacek, pfrankli, siddhesh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: gcc-7.3.1-2.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1467518
: 1470115 (view as bug list) Environment:
Last Closed: 2018-02-06 10:51:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1467518, 1470115    

Description Florian Weimer 2017-07-04 06:50:37 UTC 
The invalid IFUNC resolver is in libgcc, and probably needs to be fixed there.  Peter Bergner already suggested a patch:

https://sourceware.org/ml/libc-alpha/2017-06/msg01383.html

Afterwards, we need to rebuild glibc with the fixed gcc package.

+++ This bug was initially created as a clone of Bug #1467518 +++

Upstream glibc master started linking in have_ieee_hw_p from libgcc on ppc64le.  This leads to a crash on the last line because getauxval uses data which has not been initialized yet at this point.  The crash is at the last line of the disassembly.

00000000001c3380 <have_ieee_hw_p>:
  1c3380:       08 00 4c 3c     addis   r2,r12,8
  1c3384:       80 3d 42 38     addi    r2,r2,15744
  1c3388:       f8 ff e1 fb     std     r31,-8(r1)
  1c338c:       a0 8c e2 eb     ld      r31,-29536(r2)
  1c3390:       d1 ff 21 f8     stdu    r1,-48(r1)
  1c3394:       02 00 3f e9     lwa     r9,0(r31)
  1c3398:       00 00 89 2f     cmpwi   cr7,r9,0
  1c339c:       14 00 9c 41     blt     cr7,1c33b0 <have_ieee_hw_p+0x30>
  1c33a0:       30 00 21 38     addi    r1,r1,48
  1c33a4:       78 4b 23 7d     mr      r3,r9
  1c33a8:       f8 ff e1 eb     ld      r31,-8(r1)
  1c33ac:       20 00 80 4e     blr
  1c33b0:       a6 02 08 7c     mflr    r0
  1c33b4:       0f 00 60 38     li      r3,15
  1c33b8:       40 00 01 f8     std     r0,64(r1)
  1c33bc:       15 fc e5 4b     bl      22fd0 <00000036.plt_call.__getauxval>
  1c33c0:       18 00 41 e8     ld      r2,24(r1)

So far, this happens only with --enable-bind-now builds.  I'll disable that on ppc64le as an immediate workaround, but we'll need an upstream fix for this (in glibc or GCC).
Comment 1 Florian Weimer 2017-07-07 10:13:10 UTC 
Upstream patch submission:

https://gcc.gnu.org/ml/gcc-patches/2017-07/msg00348.html
Comment 2 Carlos O'Donell 2017-07-07 20:26:09 UTC 
I've reached out to Jakub/Marek to see what we can do between gcc/glibc to fix this quickly because it looks like the s390x import and the Go 1.9 dependent rebuilds need the mass rebuild so we have to get this fixed.
Comment 3 Alexander Bokovoy 2017-07-10 14:27:43 UTC 
This blocks building FreeIPA in rawhide because java crashes when run as part of freeipa build process on ppc64le. I reproduced this in a mock chroot on  ppc64le-test.fedorainfracloud.org  when investigating ppc64le build failure for https://koji.fedoraproject.org/koji/taskinfo?taskID=20438824

(gdb) set args -Xss512k -classpath /usr/share/java/js.jar org.mozilla.javascript.tools.shell.Main /builddir/build/BUILD/freeipa-4.5.2/install/ui/util/build/build.js baseUrl=/builddir/build/BUILD/freeipa-4.5.2/install/ui/util/build load=build profile=/builddir/build/BUILD/freeipa-4.5.2/install/ui/util/../src/webui.profile.js
(gdb) run
Starting program: /usr/bin/java -Xss512k -classpath /usr/share/java/js.jar org.mozilla.javascript.tools.shell.Main /builddir/build/BUILD/freeipa-4.5.2/install/ui/util/build/build.js baseUrl=/builddir/build/BUILD/freeipa-4.5.2/install/ui/util/build load=build profile=/builddir/build/BUILD/freeipa-4.5.2/install/ui/util/../src/webui.profile.js
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
Missing separate debuginfos, use: dnf debuginfo-install zlib-1.2.11-2.fc26.ppc64le
(gdb) bt full
#0  0x0000000000000000 in ?? ()
No symbol table info available.
#1  0x00003fffb6cb2380 in ?? ()
No symbol table info available.
#2  0x00003fffb6cb2838 in ?? ()
No symbol table info available.
#3  0x00003fffb7fba73c in resolve_ifunc (sym_map=<optimized out>, map=<optimized out>, value=70367515977760) at ../sysdeps/powerpc/powerpc64/dl-machine.h:674
No locals.
#4  elf_machine_rela (skip_ifunc=<optimized out>, reloc_addr_arg=0x3fffb6d40098, version=<optimized out>, sym=<optimized out>, reloc=0x3fffb6bf8c48, map=0x20030c10)
    at ../sysdeps/powerpc/powerpc64/dl-machine.h:729
        refsym = 0x3fffb6bf1d00
        value = 70367515977760
        reloc_addr = 0x3fffb6d40098
        r_type = 248
        sym_map = <optimized out>
#5  elf_dynamic_do_Rela (skip_ifunc=<optimized out>, lazy=<optimized out>, nrelative=<optimized out>, relsize=<optimized out>, reladdr=<optimized out>, map=<optimized out>) at do-rel.h:137
        ndx = <optimized out>
        version = 0x3fffb6bf6d2a
        symtab = 0x3fffb6bf1d00
        relative = <optimized out>
        r = 0x3fffb6bf8c48
#6  _dl_relocate_object (scope=0x20030f88, reloc_mode=<optimized out>, consider_profiling=<optimized out>) at dl-reloc.c:259
        ranges = {{start = 7022344884575826688, size = 4044295413358932590, nrelative = 2321676217711866176, lazy = 959594552}, {start = 279172874248, size = 8097881642258923523, 
            nrelative = 162659009062003, lazy = 0}}
        textrels = <optimized out>
        errstring = 0x0
        lazy = <optimized out>
        skip_ifunc = <optimized out>
#7  0x0000003c00000008 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x3140382039403810
(gdb)
Comment 4 Jan Kurik 2017-08-15 07:15:39 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle.
Changing version to '27'.
Comment 5 Fedora Update System 2018-01-31 07:56:25 UTC 
gcc-7.3.1-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa879be08e
Comment 6 Fedora Update System 2018-01-31 18:43:35 UTC 
gcc-7.3.1-2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa879be08e
Comment 7 Fedora Update System 2018-02-06 10:51:10 UTC 
gcc-7.3.1-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.