Bug 1467526 - gcc: Invalid IFUNC resolver in libgcc calls getauxval, leading to ppc64le relocation crash
gcc: Invalid IFUNC resolver in libgcc calls getauxval, leading to ppc64le rel...
Status: NEW
Product: Fedora
Classification: Fedora
Component: gcc (Show other bugs)
27
Unspecified Unspecified
urgent Severity high
: ---
: ---
Assigned To: Jakub Jelinek
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 1470115 1467518
  Show dependency treegraph
 
Reported: 2017-07-04 02:50 EDT by Florian Weimer
Modified: 2017-08-15 03:15 EDT (History)
14 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1467518
: 1470115 (view as bug list)
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Sourceware 21707 None None None 2017-07-04 02:50 EDT

  None (edit)
Description Florian Weimer 2017-07-04 02:50:37 EDT
The invalid IFUNC resolver is in libgcc, and probably needs to be fixed there.  Peter Bergner already suggested a patch:

https://sourceware.org/ml/libc-alpha/2017-06/msg01383.html

Afterwards, we need to rebuild glibc with the fixed gcc package.

+++ This bug was initially created as a clone of Bug #1467518 +++

Upstream glibc master started linking in have_ieee_hw_p from libgcc on ppc64le.  This leads to a crash on the last line because getauxval uses data which has not been initialized yet at this point.  The crash is at the last line of the disassembly.

00000000001c3380 <have_ieee_hw_p>:
  1c3380:       08 00 4c 3c     addis   r2,r12,8
  1c3384:       80 3d 42 38     addi    r2,r2,15744
  1c3388:       f8 ff e1 fb     std     r31,-8(r1)
  1c338c:       a0 8c e2 eb     ld      r31,-29536(r2)
  1c3390:       d1 ff 21 f8     stdu    r1,-48(r1)
  1c3394:       02 00 3f e9     lwa     r9,0(r31)
  1c3398:       00 00 89 2f     cmpwi   cr7,r9,0
  1c339c:       14 00 9c 41     blt     cr7,1c33b0 <have_ieee_hw_p+0x30>
  1c33a0:       30 00 21 38     addi    r1,r1,48
  1c33a4:       78 4b 23 7d     mr      r3,r9
  1c33a8:       f8 ff e1 eb     ld      r31,-8(r1)
  1c33ac:       20 00 80 4e     blr
  1c33b0:       a6 02 08 7c     mflr    r0
  1c33b4:       0f 00 60 38     li      r3,15
  1c33b8:       40 00 01 f8     std     r0,64(r1)
  1c33bc:       15 fc e5 4b     bl      22fd0 <00000036.plt_call.__getauxval>
  1c33c0:       18 00 41 e8     ld      r2,24(r1)

So far, this happens only with --enable-bind-now builds.  I'll disable that on ppc64le as an immediate workaround, but we'll need an upstream fix for this (in glibc or GCC).
Comment 1 Florian Weimer 2017-07-07 06:13:10 EDT
Upstream patch submission:

https://gcc.gnu.org/ml/gcc-patches/2017-07/msg00348.html
Comment 2 Carlos O'Donell 2017-07-07 16:26:09 EDT
I've reached out to Jakub/Marek to see what we can do between gcc/glibc to fix this quickly because it looks like the s390x import and the Go 1.9 dependent rebuilds need the mass rebuild so we have to get this fixed.
Comment 3 Alexander Bokovoy 2017-07-10 10:27:43 EDT
This blocks building FreeIPA in rawhide because java crashes when run as part of freeipa build process on ppc64le. I reproduced this in a mock chroot on  ppc64le-test.fedorainfracloud.org  when investigating ppc64le build failure for https://koji.fedoraproject.org/koji/taskinfo?taskID=20438824

(gdb) set args -Xss512k -classpath /usr/share/java/js.jar org.mozilla.javascript.tools.shell.Main /builddir/build/BUILD/freeipa-4.5.2/install/ui/util/build/build.js baseUrl=/builddir/build/BUILD/freeipa-4.5.2/install/ui/util/build load=build profile=/builddir/build/BUILD/freeipa-4.5.2/install/ui/util/../src/webui.profile.js
(gdb) run
Starting program: /usr/bin/java -Xss512k -classpath /usr/share/java/js.jar org.mozilla.javascript.tools.shell.Main /builddir/build/BUILD/freeipa-4.5.2/install/ui/util/build/build.js baseUrl=/builddir/build/BUILD/freeipa-4.5.2/install/ui/util/build load=build profile=/builddir/build/BUILD/freeipa-4.5.2/install/ui/util/../src/webui.profile.js
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
Missing separate debuginfos, use: dnf debuginfo-install zlib-1.2.11-2.fc26.ppc64le
(gdb) bt full
#0  0x0000000000000000 in ?? ()
No symbol table info available.
#1  0x00003fffb6cb2380 in ?? ()
No symbol table info available.
#2  0x00003fffb6cb2838 in ?? ()
No symbol table info available.
#3  0x00003fffb7fba73c in resolve_ifunc (sym_map=<optimized out>, map=<optimized out>, value=70367515977760) at ../sysdeps/powerpc/powerpc64/dl-machine.h:674
No locals.
#4  elf_machine_rela (skip_ifunc=<optimized out>, reloc_addr_arg=0x3fffb6d40098, version=<optimized out>, sym=<optimized out>, reloc=0x3fffb6bf8c48, map=0x20030c10)
    at ../sysdeps/powerpc/powerpc64/dl-machine.h:729
        refsym = 0x3fffb6bf1d00
        value = 70367515977760
        reloc_addr = 0x3fffb6d40098
        r_type = 248
        sym_map = <optimized out>
#5  elf_dynamic_do_Rela (skip_ifunc=<optimized out>, lazy=<optimized out>, nrelative=<optimized out>, relsize=<optimized out>, reladdr=<optimized out>, map=<optimized out>) at do-rel.h:137
        ndx = <optimized out>
        version = 0x3fffb6bf6d2a
        symtab = 0x3fffb6bf1d00
        relative = <optimized out>
        r = 0x3fffb6bf8c48
#6  _dl_relocate_object (scope=0x20030f88, reloc_mode=<optimized out>, consider_profiling=<optimized out>) at dl-reloc.c:259
        ranges = {{start = 7022344884575826688, size = 4044295413358932590, nrelative = 2321676217711866176, lazy = 959594552}, {start = 279172874248, size = 8097881642258923523, 
            nrelative = 162659009062003, lazy = 0}}
        textrels = <optimized out>
        errstring = 0x0
        lazy = <optimized out>
        skip_ifunc = <optimized out>
#7  0x0000003c00000008 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x3140382039403810
(gdb)
Comment 4 Jan Kurik 2017-08-15 03:15:39 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle.
Changing version to '27'.

Note You need to log in before you can comment on or make changes to this bug.