1772935 – gold segfaults when linking innoextract

Bug 1772935 - gold segfaults when linking innoextract

Summary: gold segfaults when linking innoextract

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	binutils
Sub Component:
Version:	30
Hardware:	ppc64le
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Nick Clifton
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	PPCTracker
TreeView+	depends on / blocked

Reported:	2019-11-15 16:21 UTC by Dan Horák
Modified:	2020-05-26 17:53 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-05-26 17:53:43 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Fedora Pagure	fedora-infrastructure issue 8338	0	None	None	None	2019-11-15 16:22:39 UTC
Red Hat Bugzilla	1752252	0	unspecified	CLOSED	innoextract-1.8 is available	2021-02-22 00:41:40 UTC

Internal Links: 1752252

Description Dan Horák 2019-11-15 16:21:02 UTC

Description of problem:
when building the innoextract package with the gold linker (enabled by default), then it fails because gold segfaults.

[dan@talos ~]$ coredumpctl gdb 30060
           PID: 30060 (ld.gold)
           UID: 1000 (dan)
           GID: 1000 (dan)
        Signal: 11 (SEGV)
     Timestamp: Fri 2019-11-15 17:12:14 CET (2min 52s ago)
  Command Line: /usr/bin/ld.gold -plugin /usr/libexec/gcc/ppc64le-redhat-linux/9/liblto_plugin.so -plugin-opt=/usr/libexec/gcc/ppc64le-redhat-linux/9/lto-wrapper -plugin-opt=-fresolution=/tmp/ccFClnW6.res -plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lc -plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lgcc --build-id --no-add-needed --eh-frame-hdr --hash-style=gnu -m elf64lppc -dynamic-linker /lib64/ld64.so.2 -pie -o innoextract /usr/lib/gcc/ppc64le-redhat-linux/9/../../../../lib64/Scrt1.o /usr/lib/gcc/ppc64le-redhat-linux/9/../../../../lib64/crti.o /usr/lib/gcc/ppc64le-redhat-linux/9/crtbeginS.o -L/usr/lib/gcc/ppc64le-redhat-linux/9 -L/usr/lib/gcc/ppc64le-redhat-linux/9/../../../../lib64 -L/lib/../lib64 -L/usr/lib/../lib64 -L/usr/lib/gcc/ppc64le-redhat-linux/9/../../.. -z relro --as-needed -z now --gc-sections --icf=all --no-undefined --as-needed CMakeFiles/innoextract.dir/src/cli/extract.cpp.o CMakeFiles/innoextract.dir/src/cli/gog.cpp.o CMakeFiles/innoextract.dir/src/cli/goggalaxy.cpp.o CMakeFiles/innoextract.dir/src/cli/main.cpp.o CMakeFiles/innoextract.dir/src/crypto/adler32.cpp.o CMakeFiles/innoextract.dir/src/crypto/arc4.cpp.o CMakeFiles/innoextract.dir/src/crypto/checksum.cpp.o CMakeFiles/innoextract.dir/src/crypto/crc32.cpp.o CMakeFiles/innoextract.dir/src/crypto/hasher.cpp.o CMakeFiles/innoextract.dir/src/crypto/md5.cpp.o CMakeFiles/innoextract.dir/src/crypto/sha1.cpp.o CMakeFiles/innoextract.dir/src/loader/exereader.cpp.o CMakeFiles/innoextract.dir/src/loader/offsets.cpp.o CMakeFiles/innoextract.dir/src/setup/component.cpp.o CMakeFiles/innoextract.dir/src/setup/data.cpp.o CMakeFiles/innoextract.dir/src/setup/delete.cpp.o CMakeFiles/innoextract.dir/src/setup/directory.cpp.o CMakeFiles/innoextract.dir/src/setup/expression.cpp.o CMakeFiles/innoextract.dir/src/setup/file.cpp.o CMakeFiles/innoextract.dir/src/setup/filename.cpp.o CMakeFiles/innoextract.dir/src/setup/header.cpp.o CMakeFiles/innoextract.dir/src/setup/icon.cpp.o CMakeFiles/innoextract.dir/src/setup/info.cpp.o CMakeFiles/innoextract.dir/src/setup/ini.cpp.o CMakeFiles/innoextract.dir/src/setup/item.cpp.o CMakeFiles/innoextract.dir/src/setup/language.cpp.o CMakeFiles/innoextract.dir/src/setup/message.cpp.o CMakeFiles/innoextract.dir/src/setup/permission.cpp.o CMakeFiles/innoextract.dir/src/setup/registry.cpp.o CMakeFiles/innoextract.dir/src/setup/run.cpp.o CMakeFiles/innoextract.dir/src/setup/task.cpp.o CMakeFiles/innoextract.dir/src/setup/type.cpp.o CMakeFiles/innoextract.dir/src/setup/version.cpp.o CMakeFiles/innoextract.dir/src/setup/windows.cpp.o CMakeFiles/innoextract.dir/src/stream/block.cpp.o CMakeFiles/innoextract.dir/src/stream/chunk.cpp.o CMakeFiles/innoextract.dir/src/stream/file.cpp.o CMakeFiles/innoextract.dir/src/stream/lzma.cpp.o CMakeFiles/innoextract.dir/src/stream/slice.cpp.o CMakeFiles/innoextract.dir/src/util/console.cpp.o CMakeFiles/innoextract.dir/src/util/encoding.cpp.o CMakeFiles/innoextract.dir/src/util/load.cpp.o CMakeFiles/innoextract.dir/src/util/log.cpp.o CMakeFiles/innoextract.dir/src/util/process.cpp.o CMakeFiles/innoextract.dir/src/util/time.cpp.o CMakeFiles/innoextract.dir/release.cpp.o /usr/lib64/liblzma.so /usr/lib64/libboost_iostreams.so /usr/lib64/libboost_filesystem.so /usr/lib64/libboost_date_time.so /usr/lib64/libboost_system.so /usr/lib64/libboost_program_options.so /usr/lib64/libboost_regex.so -lstdc++ -lm -lgcc_s -lgcc -lc -lgcc_s -lgcc /usr/lib/gcc/ppc64le-redhat-linux/9/crtendS.o /usr/lib/gcc/ppc64le-redhat-linux/9/../../../../lib64/crtn.o
    Executable: /usr/bin/ld.gold
 Control Group: /user.slice/user-1000.slice/session-3.scope
          Unit: session-3.scope
         Slice: user-1000.slice
       Session: 3
     Owner UID: 1000 (dan)
       Boot ID: 6279e7f018ea4502aa4bf65c369f1c7a
    Machine ID: d94ac98ea91043d3892dab218d99209d
      Hostname: talos.danny.cz
       Storage: /var/lib/systemd/coredump/core.ld\x2egold.1000.6279e7f018ea4502aa4bf65c369f1c7a.30060.1573834334000000.lz4
       Message: Process 30060 (ld.gold) of user 1000 dumped core.
                
                Stack trace of thread 30060:
                #0  0x0000000137b23888 n/a (ld.gold)
                #1  0x0000000137d4c9a8 n/a (ld.gold)
                #2  0x0000000137d62908 n/a (ld.gold)
                #3  0x0000000137d68c58 n/a (ld.gold)
                #4  0x0000000137baf000 n/a (ld.gold)
                #5  0x0000000137cf9dec n/a (ld.gold)
                #6  0x0000000137d6d330 n/a (ld.gold)
                #7  0x0000000137d6d5ec n/a (ld.gold)
                #8  0x0000000137ae24f4 n/a (ld.gold)
                #9  0x00007fff7e634d28 generic_start_main.isra.0 (libc.so.6)
                #10 0x00007fff7e634f24 __libc_start_main (libc.so.6)

GNU gdb (GDB) Fedora 8.3-6.fc30
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "ppc64le-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/ld.gold...
Reading symbols from /usr/lib/debug/usr/bin/ld-2.31.1-29.fc30.ppc64le.debug...
[New LWP 30060]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/bin/ld.gold -plugin /usr/libexec/gcc/ppc64le-redhat-linux/9/liblto_plugin.'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000137b23888 in (anonymous namespace)::Powerpc_relobj<64, false>::get_opd_ent (value=0x0, r_off=0, this=<optimized out>) at /usr/include/c++/9/bits/stl_vector.h:1058

warning: Source file is more recent than executable.
1058	      operator[](size_type __n) const _GLIBCXX_NOEXCEPT
Missing separate debuginfos, use: dnf debuginfo-install gcc-9.2.1-1.fc30.ppc64le libgcc-9.2.1-1.fc30.ppc64le libstdc++-9.2.1-1.fc30.ppc64le
(gdb) where
#0  0x0000000137b23888 in (anonymous namespace)::Powerpc_relobj<64, false>::get_opd_ent (value=0x0, r_off=0, this=<optimized out>) at /usr/include/c++/9/bits/stl_vector.h:1058
#1  (anonymous namespace)::Target_powerpc<64, false>::do_gc_mark_symbol (this=<optimized out>, symtab=0x7fffe9fb1fc8, sym=<optimized out>) at powerpc.cc:8102
#2  0x0000000137d4c9a8 in gold::Target::gc_mark_symbol (sym=0x161946010, symtab=0x7fffe9fb1fc8, this=<optimized out>) at /usr/include/c++/9/new:174
#3  gold::Symbol_table::gc_mark_symbol (this=this@entry=0x7fffe9fb1fc8, sym=sym@entry=0x161946010) at symtab.cc:663
#4  0x0000000137d62908 in gold::Symbol_table::gc_mark_dyn_syms (sym=0x161946010, this=0x7fffe9fb1fc8) at symtab.cc:673
#5  gold::Symbol_table::gc_mark_dyn_syms (sym=0x161946010, this=0x7fffe9fb1fc8) at symtab.cc:669
#6  gold::Symbol_table::add_from_object<64, false> (this=0x7fffe9fb1fc8, object=0x161b16710, name=<optimized out>, name_key=<optimized out>, version=0x0, version_key=0, 
    is_default_version=<optimized out>, sym=..., st_shndx=18, is_ordinary=true, orig_st_shndx=18) at symtab.cc:1008
#7  0x0000000137d68c58 in gold::Symbol_table::add_from_dynobj<64, false> (this=0x7fffe9fb1fc8, dynobj=0x161b16710, syms=<optimized out>, count=358, sym_names=<optimized out>, 
    sym_name_size=<optimized out>, versym=<optimized out>, versym_size=<optimized out>, version_map=<optimized out>, sympointers=<optimized out>, defined=<optimized out>) at object.h:577
#8  0x0000000137baf000 in gold::Sized_dynobj<64, false>::do_add_symbols (this=0x161b16710, symtab=0x7fffe9fb1fc8, sd=0x161aea240) at fileread.h:461
#9  0x0000000137cf9dec in gold::Object::add_symbols (layout=0x7fffe9fb2280, sd=0x161aea240, symtab=0x7fffe9fb1fc8, this=<optimized out>) at object.h:658
#10 gold::Add_symbols::run (this=0x161acf780) at readsyms.cc:635
#11 gold::Add_symbols::run (this=0x161acf780) at readsyms.cc:594
#12 0x0000000137d6d330 in gold::Workqueue::find_and_run_task (this=this@entry=0x7fffe9fb1d08, thread_number=thread_number@entry=0) at token.h:290
#13 0x0000000137d6d5ec in gold::Workqueue::process (this=0x7fffe9fb1d08, thread_number=<optimized out>) at workqueue.cc:495
#14 0x0000000137ae24f4 in main (argc=<optimized out>, argv=<optimized out>) at main.cc:252



Version-Release number of selected component (if applicable):
binutils-2.31.1-29.fc30.ppc64le

How reproducible:
100%

Steps to Reproduce:
1. fedpkg co innoextract
2. git reset --hard b50c0b6711 (to get back to the build using gold and with ppc64le enabled)
3. fedpkg local


Actual results:
segfault

Expected results:
binary linked

Additional info:
F-31 and F-32 binutils are also affected

Comment 1 Nick Clifton 2019-11-19 17:13:18 UTC

(In reply to Dan Horák from comment #0)
Hi Dan,

> when building the innoextract package with the gold linker (enabled by
> default), then it fails because gold segfaults.

I am unable to reproduce this bug, but I am testing on an x86_64 F30
installation.  Is there any chance that this bug might be ppc64le specific ?

Cheers
  Nick

Comment 2 Dan Horák 2019-11-19 17:21:42 UTC

Yes, this should be ppc64le (or ppc*) specific. Let me know if you need access.

Comment 3 Nick Clifton 2019-11-19 17:57:14 UTC

Hi Dan,

 I found a ppc64le machine and rebuilt innoextract-1.8-1.fc30.ppc64le (with that git reversion applied and definitely using gold as the linker) and it worked!  This was inside a mock F30 ppc64le environment running on ppc64le-test.fedorainfracloud.org.

  One thing that does occur to me.  According to the log in the description of this bug, the core was produced by the liblto_plugin.  This plugin is actually part of the gcc package, not the binutils package.  So maybe, just maybe, this is a gcc bug.  (FYI the version of gcc in the mock chroot I was using is: gcc-9.2.1-1.fc30.ppc64l).

  In the past though, problems with gold and this plugin have turned out to be problems with gold itself, and in particular its support (or lack thereof) for multi-threading.  So maybe gcc is blameless.

  I assume that you have switched back to ld.bfd as a workaround.  Is this proving to be problematic in any way ?  The reason for asking is that gold itself is not really being maintained upstream, and so I am hoping to deprecate it in Fedora at some point in the future.

Cheers
  Nick

Comment 4 Dan Horák 2019-11-20 15:38:23 UTC

I think we have a pattern for the crash, ld.gold segfaults on P9 systems (my own and tested on another), but runs well on P8 (ppc64le-test and another VM). Which makes the crash even more interesting :-)

But overall I think the workaround is simple (use ld.bfd) and given ld.gold isn't being actively developed any more, so it's a low priority issue.

Comment 5 Nick Clifton 2019-11-20 15:47:53 UTC

(In reply to Dan Horák from comment #4)
> I think we have a pattern for the crash, ld.gold segfaults on P9 systems (my
> own and tested on another), but runs well on P8 (ppc64le-test and another
> VM). Which makes the crash even more interesting :-)

This is strongly suggestive of a compiler bug.  As far as I am aware neither
gold nor the lto plugin uses any kind of hand written assembler, so the most
likely cause for an architecture specific problem like this is mis-compiled
code.

But as you say, this can be considered a low priority.

Comment 6 Ben Cotton 2020-04-30 20:42:16 UTC

This message is a reminder that Fedora 30 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 30 on 2020-05-26.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '30'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 30 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 7 Ben Cotton 2020-05-26 17:53:43 UTC

Fedora 30 changed to end-of-life (EOL) status on 2020-05-26. Fedora 30 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.