/usr/bin/qemu-system-x86_64 -help crashes on ppc64 gdb ./qemu-system-x86_64 GNU gdb (GDB) Fedora 7.11-58.fc24 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "ppc64-redhat-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./qemu-system-x86_64...done. (gdb) r -help Starting program: /home/than/rpmbuild/BUILD/qemu-2.5.0/x86_64-softmmu/qemu-system-x86_64 -help Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () (gdb) bt #0 0x0000000000000000 in ?? () #1 0x00003fffb0c70298 in ?? () #2 0x00003fffb0c72d84 in ?? () #3 0x00003fffb7fb8c38 in resolve_ifunc (sym_map=0x3fffb11b3088, map=0x3fffb11b3088, value=0) at ../sysdeps/powerpc/powerpc64/dl-machine.h:666 #4 elf_machine_rela (skip_ifunc=<optimized out>, reloc_addr_arg=0x3fffb0ccd218, version=<optimized out>, sym=<optimized out>, reloc=0x3fffb0c688c0, map=0x3fffb11b3088) at ../sysdeps/powerpc/powerpc64/dl-machine.h:708 #5 elf_dynamic_do_Rela (skip_ifunc=<optimized out>, lazy=<optimized out>, nrelative=<optimized out>, relsize=<optimized out>, reladdr=<optimized out>, map=<optimized out>) at do-rel.h:137 #6 _dl_relocate_object (scope=0x3fffb11b3400, reloc_mode=<optimized out>, consider_profiling=<optimized out>) at dl-reloc.c:258 #7 0x00003fffb7fa6f04 in dl_main (phdr=<optimized out>, phnum=<optimized out>, user_entry=<optimized out>, auxv=<optimized out>) at rtld.c:2066 #8 0x00003fffb7fcb3bc in _dl_sysdep_start (start_argptr=<optimized out>, dl_main=@0x3fffb7ff0110: 0x3fffb7fa4800 <dl_main>) at ../elf/dl-sysdep.c:249 #9 0x00003fffb7fa4018 in _dl_start_final (arg=arg@entry=0x3ffffffff320, info=info@entry=0x3fffffffed70) at rtld.c:305 #10 0x00003fffb7fa84f0 in _dl_start (arg=0x3ffffffff320) at rtld.c:413 #11 0x00003fffb7fa37b0 in ._start () from /lib64/ld64.so.1 --- qemu-2.5.0-4.fc24.ppc64
Same issue as bug 1312462. The tcmalloc ifunc needs to be rewritten or removed. I'm investigating this right now to provide some guidance to gperftools on the issue.
See: https://bugzilla.redhat.com/show_bug.cgi?id=1312462#c27 Moving to gperftools.
I think we should disable usage of tcmalloc in qemu for ppc64/ppc64le (same as it is disabled for s390(x)) until gperftools are fixed and updated. Or even keep tcmalloc enabled only for x86/x86_64. Will cycle the component to get the qemu people into CC.
While the bug only affects ppc64, ppc64le and armv7, gperftools is using an undefined feature and so this could affect any architecture in future. There are two possible workarounds: (1) Disable C++ dynamic sized delete support in gperftools. See: https://bugzilla.redhat.com/show_bug.cgi?id=1312462#c7 (2) Disabling `-z now', which I did already: http://pkgs.fedoraproject.org/cgit/rpms/gperftools.git/commit/?id=c1b9c95df2ccff32d30da7e5a3a02da4eff713b2 does appear to work around the problem on armv7. Does it fix it on ppc64/ppc64le?
i'm trying the workarounds and will post the feedbacks today
i can confirm that the workaround (2) does fix the crash on ppc64
i also disabled hardened in gperftools, built in f24/rawhide. http://koji.fedoraproject.org/koji/buildinfo?buildID=741708
(In reply to Ngo Than from comment #7) > i also disabled hardened in gperftools, built in f24/rawhide. > http://koji.fedoraproject.org/koji/buildinfo?buildID=741708 I recommend against disabling hardening. Of all things qemu and its dependent libraries like tcmalloc should absolutely be hardened. We should be moving forward with more secure virtualized systems not less secure.
I agree with Carlos here. It was fine when we didn't understand the problem and that was the only available workaround, but I think a better workaround (assuming we don't get a proper fix from upstream) is to disable the C++ dynamic sized delete feature.
(In reply to Richard W.M. Jones from comment #9) > I agree with Carlos here. It was fine when we didn't understand > the problem and that was the only available workaround, but I > think a better workaround (assuming we don't get a proper fix > from upstream) is to disable the C++ dynamic sized delete feature. Alternatively, don't use IFUNC, and use a pointer dispatch at runtime, taking the extra cost while keeping the feature.
I also think packaging guidelines apply here, we want hardening enabled for gperftools, particularly if qemu is going to continue to use tcmalloc: https://fedoraproject.org/wiki/Packaging:Guidelines#PIE
I'm going to mark this as a duplicate of the original issue. *** This bug has been marked as a duplicate of bug 1312462 ***