Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 541828 - <sys-devel/binutils-2.30 on IA64 w/--as-needed: ld: segmentation fault in _bfd_elf_dynamic_symbol_p (at elflink.c:2741)
Summary: <sys-devel/binutils-2.30 on IA64 w/--as-needed: ld: segmentation fault in _bf...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: IA64 Linux
: Normal normal
Assignee: Gentoo Toolchain Maintainers
URL: https://sourceware.org/bugzilla/show_...
Whiteboard:
Keywords:
: 539256 555166 (view as bug list)
Depends on: binutils-2.30-stable
Blocks: 536696
  Show dependency tree
 
Reported: 2015-03-01 17:32 UTC by Émeric Maschino
Modified: 2019-03-17 23:13 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
backtrace for libtool test 045 (bt.045,3.66 KB, text/plain)
2015-03-01 17:35 UTC, Émeric Maschino
Details
backtrace for libtool test 153 (bt.153,3.66 KB, text/plain)
2015-03-01 17:36 UTC, Émeric Maschino
Details
backtrace for libtool test 154 (bt.154,3.66 KB, text/plain)
2015-03-01 17:36 UTC, Émeric Maschino
Details
backtrace for libtool test 156 (bt.156,3.66 KB, text/plain)
2015-03-01 17:37 UTC, Émeric Maschino
Details
backtrace for libtool test 157 (bt.157,3.66 KB, text/plain)
2015-03-01 17:37 UTC, Émeric Maschino
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Émeric Maschino 2015-03-01 17:32:14 UTC
While trying to stabilize =sys-devel/libtool-2.4.4 on ia64 (bug #539256), several tests were failing with a crash in /usr/bin/ld. It turns out that the tests are all failing because of the same segmentation fault in _bfd_elf_dynamic_symbol_p at elflink.c, line 2741.

Please find attached the backtraces of the 5 failing tests and let me know if can help further.

Thanks,

     Émeric
Comment 1 Émeric Maschino 2015-03-01 17:32:51 UTC
emerge --info output:

Portage 2.2.14 (python 3.3.5-final-0, default/linux/ia64/13.0/desktop/gnome/systemd, gcc-4.7.3, glibc-2.19-r1, 3.19.0-gentoo ia64)
=================================================================
System uname: Linux-3.19.0-gentoo-ia64-Madison-with-gentoo-2.2
KiB Mem:    25052608 total,  17785472 free
KiB Swap:     524224 total,    524224 free
Timestamp of tree: Mon, 16 Feb 2015 22:00:01 +0000
ld GNU ld (Gentoo 2.24 p1.4) 2.24
app-shells/bash:          4.2_p53
dev-java/java-config:     2.1.12-r1
dev-lang/perl:            5.18.2-r2
dev-lang/python:          2.7.9-r1, 3.3.5-r1
dev-util/cmake:           2.8.12.2-r1
dev-util/pkgconfig:       0.28-r1
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.12.4
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6-r1, 1.13.4
sys-devel/binutils:       2.24-r3
sys-devel/gcc:            4.5.4, 4.6.4, 4.7.3-r1
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4.4
sys-devel/make:           4.0-r1
sys-kernel/linux-headers: 3.16 (virtual/os-headers)
sys-libs/glibc:           2.19-r1
Repositories: gentoo my_ebuilds
ACCEPT_KEYWORDS="ia64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="ia64-unknown-linux-gnu"
CFLAGS="-mtune=itanium2 -O2 -pipe"
CHOST="ia64-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-mtune=itanium2 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="ftp://mirrors.linuxant.fr/distfiles.gentoo.org/"
LANG="fr_FR.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/my_ebuilds"
USE="X a52 aac acl acpi alsa berkdb branding bzip2 cairo cdda cdr cli colord cracklib crypt cups cxx dbus dri dts dvdr eds encode evo exif fam firefox flac fortran gdbm gif glamor gnome gnome-keyring gnome-online-accounts gpm gstreamer gtk ia64 iconv introspection ipv6 jpeg lcms ldap libav libnotify libsecret mad mng modules mp3 mp4 mpeg nautilus ncurses nls nptl ogg opengl openmp pam pango pcre pdf png policykit ppds pulseaudio qt3support qt4 readline sdl session socialweb spell ssl startup-notification svg systemd tcpd tiff truetype udev udisks unicode upower usb vorbis wxwidgets xcb xml xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="fr" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="fbdev modesetting radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON
Comment 2 Émeric Maschino 2015-03-01 17:33:15 UTC
emerge -pqv output:

[ebuild   R   ] sys-devel/binutils-2.24-r3  USE="cxx nls zlib (-multislot) -multitarget -static-libs {-test} -vanilla"
Comment 3 Émeric Maschino 2015-03-01 17:35:47 UTC
Created attachment 397796 [details]
backtrace for libtool test 045
Comment 4 Émeric Maschino 2015-03-01 17:36:23 UTC
Created attachment 397798 [details]
backtrace for libtool test 153
Comment 5 Émeric Maschino 2015-03-01 17:36:56 UTC
Created attachment 397800 [details]
backtrace for libtool test 154
Comment 6 Émeric Maschino 2015-03-01 17:37:30 UTC
Created attachment 397802 [details]
backtrace for libtool test 156
Comment 7 Émeric Maschino 2015-03-01 17:37:56 UTC
Created attachment 397804 [details]
backtrace for libtool test 157
Comment 8 SpanKY gentoo-dev 2015-05-08 04:41:58 UTC
looks like it's been reported upstream.  only happens when using --as-needed.
Comment 9 SpanKY gentoo-dev 2015-05-08 04:42:50 UTC
*** Bug 539256 has been marked as a duplicate of this bug. ***
Comment 10 SpanKY gentoo-dev 2015-08-12 03:24:43 UTC
*** Bug 555166 has been marked as a duplicate of this bug. ***
Comment 11 SpanKY gentoo-dev 2016-03-21 05:53:45 UTC
i've disabled --as-needed by default in the ia64 linux profiles now:
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36715fd670f14ee3be2522b724f57682e49fafee
Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-11 11:49:59 UTC
To clarify these all are fortran tests, right? It's what fails for me on ~ia64:

 46: F77 convenience archives                        FAILED (convenience.at:152)

F77 language support.

154: shared library                                  FAILED (f77demo.at:320)
155: shared and static together                      FAILED (f77demo.at:335)

Fortran language support.

157: shared library                                  FAILED (fcdemo.at:334)
158: shared and static together                      FAILED (fcdemo.at:349)
Comment 13 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-11 18:11:10 UTC
Oh, that's fortran-agnostic reproducer (fails both on real machine and on a cross-compiler):

ia64-unknown-linux-gnu-ld -shared -o libbug.so /usr/lib/gcc/ia64-unknown-linux-gnu/6.3.0/crtbeginS.o --as-needed -lc
Comment 14 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-11 19:54:32 UTC
Looks like --as-needed does not cleanup symbol table good enough before constructing GOT.
The crash happens due to use-after-free.

CFLAGS="-fsanitize=address -ggdb3" LDFLAGS="-fsanitize=address -ldl"
reports the location as (./configure option as taken as-is from gentoo cross-ebuild):

~/dev/git/binutils-gdb $ ./configure --enable-gold --enable-plugins --without-included-gettext --with-system-zlib --build=x86_64-pc-linux-gnu --with-sysroot=/usr/ia64-unknown-linux-gnu --enable-poison-system-directories --enable-secureplt --enable-secureplt --prefix=/usr --host=x86_64-pc-linux-gnu --target=ia64-unknown-linux-gnu --datadir=/usr/share/binutils-data/ia64-unknown-linux-gnu/2.28 --infodir=/usr/share/binutils-data/ia64-unknown-linux-gnu/2.28/info --mandir=/usr/share/binutils-data/ia64-unknown-linux-gnu/2.28/man --bindir=/usr/x86_64-pc-linux-gnu/ia64-unknown-linux-gnu/binutils-bin/2.28 --libdir=/usr/lib64/binutils/ia64-unknown-linux-gnu/2.28 --libexecdir=/usr/lib64/binutils/ia64-unknown-linux-gnu/2.28 --includedir=/usr/lib64/binutils/ia64-unknown-linux-gnu/2.28/include --enable-obsolete --enable-shared --enable-threads --enable-relro --enable-install-libiberty --disable-werror --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion=Gentoo 2.28 p1.2 --disable-static --disable-gdb --disable-libdecnumber --disable-readline --disable-sim --without-stage1-ldflags CFLAGS="-fsanitize=address -ggdb3" LDFLAGS="-fsanitize=address -ldl"

$ ld/ld-new -shared -o libbug.so /usr/lib/gcc/ia64-unknown-linux-gnu/6.3.0/crtbeginS.o --as-needed -L /usr/ia64-unknown-linux-gnu/usr/lib/ -lc -v

GNU ld (Gentoo) 2.28.51.20170611
=================================================================
==16202==ERROR: AddressSanitizer: heap-use-after-free on address 0x621000175130 at pc 0x7f0fafbb7a03 bp 0x7ffef6dc2070 sp 0x7ffef6dc2060
READ of size 2 at 0x621000175130 thread T0
    #0 0x7f0fafbb7a02 in _bfd_elf_dynamic_symbol_p /home/slyfox/dev/git/binutils-gdb/bfd/elflink.c:3019
    #1 0x7f0fafb3db66 in elf64_ia64_dynamic_symbol_p /home/slyfox/dev/git/binutils-gdb/bfd/elf64-ia64.c:1234
    #2 0x7f0fafb43873 in allocate_global_fptr_got /home/slyfox/dev/git/binutils-gdb/bfd/elf64-ia64.c:2658
    #3 0x7f0fafb3ed6c in elf64_ia64_global_dyn_sym_thunk /home/slyfox/dev/git/binutils-gdb/bfd/elf64-ia64.c:1494
    #4 0x7f0fafafed4d in bfd_link_hash_traverse /home/slyfox/dev/git/binutils-gdb/bfd/linker.c:653
    #5 0x7f0fafb3efd7 in elf64_ia64_dyn_sym_traverse /home/slyfox/dev/git/binutils-gdb/bfd/elf64-ia64.c:1527
    #6 0x7f0fafb45b42 in elf64_ia64_size_dynamic_sections /home/slyfox/dev/git/binutils-gdb/bfd/elf64-ia64.c:3012
    #7 0x7f0fafbcdc79 in bfd_elf_size_dynamic_sections /home/slyfox/dev/git/binutils-gdb/bfd/elflink.c:6729
    #8 0x5650f8cc202f in gldelf64_ia64_before_allocation /home/slyfox/dev/git/binutils-gdb/ld/eelf64_ia64.c:1629
    #9 0x5650f8cbb482 in need_relax_elf64_ia64_before_allocation /home/slyfox/dev/git/binutils-gdb/ld/eelf64_ia64.c:124
    #10 0x5650f8caa682 in ldemul_before_allocation /home/slyfox/dev/git/binutils-gdb/ld/ldemul.c:76
    #11 0x5650f8c918f1 in lang_process /home/slyfox/dev/git/binutils-gdb/ld/ldlang.c:7095
    #12 0x5650f8c9b839 in main ldmain.c:437
    #13 0x7f0faf2bf389 in __libc_start_main (/lib64/libc.so.6+0x3c98020389)
    #14 0x5650f8c53859 in _start (/home/slyfox/dev/git/binutils-gdb/ld/.libs/ld-new+0x2a859)

0x621000175130 is located 2096 bytes inside of 4064-byte region [0x621000174900,0x6210001758e0)
freed by thread T0 here:
    #0 0x7f0fb0097918 in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-gnu/7.1.0/libasan.so.4+0xde918)
    #1 0x7f0fafce3e6d in objalloc_free_block objalloc.c:248
    #2 0x7f0fafbc3ef1 in elf_link_add_object_symbols /home/slyfox/dev/git/binutils-gdb/bfd/elflink.c:4993
    #3 0x7f0fafbc6604 in bfd_elf_link_add_symbols /home/slyfox/dev/git/binutils-gdb/bfd/elflink.c:5510
    #4 0x5650f8c7caff in load_symbols /home/slyfox/dev/git/binutils-gdb/ld/ldlang.c:2909
    #5 0x5650f8c7f1ff in open_input_bfds /home/slyfox/dev/git/binutils-gdb/ld/ldlang.c:3358
    #6 0x5650f8c7ecf4 in open_input_bfds /home/slyfox/dev/git/binutils-gdb/ld/ldlang.c:3313
    #7 0x5650f8c91190 in lang_process /home/slyfox/dev/git/binutils-gdb/ld/ldlang.c:6935
    #8 0x5650f8c9b839 in main ldmain.c:437
    #9 0x7f0faf2bf389 in __libc_start_main (/lib64/libc.so.6+0x3c98020389)

previously allocated by thread T0 here:
    #0 0x7f0fb0097cb0 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/7.1.0/libasan.so.4+0xdecb0)
    #1 0x7f0fafce3a05 in _objalloc_alloc objalloc.c:159
    #2 0x7f0fafafa8f3 in bfd_hash_allocate /home/slyfox/dev/git/binutils-gdb/bfd/hash.c:622
    #3 0x7f0fafb3db9c in elf64_ia64_new_elf_hash_entry /home/slyfox/dev/git/binutils-gdb/bfd/elf64-ia64.c:1248
    #4 0x7f0fafaf9b69 in bfd_hash_insert /home/slyfox/dev/git/binutils-gdb/bfd/hash.c:509
    #5 0x7f0fafaf9ac8 in bfd_hash_lookup /home/slyfox/dev/git/binutils-gdb/bfd/hash.c:496
    #6 0x7f0fafafe313 in bfd_link_hash_lookup /home/slyfox/dev/git/binutils-gdb/bfd/linker.c:498
    #7 0x7f0fafbace3a in _bfd_elf_merge_symbol /home/slyfox/dev/git/binutils-gdb/bfd/elflink.c:1043
    #8 0x7f0fafbb0b7d in _bfd_elf_add_default_symbol /home/slyfox/dev/git/binutils-gdb/bfd/elflink.c:1849
    #9 0x7f0fafbc1abc in elf_link_add_object_symbols /home/slyfox/dev/git/binutils-gdb/bfd/elflink.c:4674
    #10 0x7f0fafbc6604 in bfd_elf_link_add_symbols /home/slyfox/dev/git/binutils-gdb/bfd/elflink.c:5510
    #11 0x5650f8c7caff in load_symbols /home/slyfox/dev/git/binutils-gdb/ld/ldlang.c:2909
    #12 0x5650f8c7f1ff in open_input_bfds /home/slyfox/dev/git/binutils-gdb/ld/ldlang.c:3358
    #13 0x5650f8c7ecf4 in open_input_bfds /home/slyfox/dev/git/binutils-gdb/ld/ldlang.c:3313
    #14 0x5650f8c91190 in lang_process /home/slyfox/dev/git/binutils-gdb/ld/ldlang.c:6935
    #15 0x5650f8c9b839 in main ldmain.c:437
    #16 0x7f0faf2bf389 in __libc_start_main (/lib64/libc.so.6+0x3c98020389)

I've worked around SIGSEGV locally as:

--- a/bfd/elflink.c
+++ b/bfd/elflink.c
@@ -4983,22 +4983,24 @@ error_free_dyn:
              h->root.non_ir_ref_dynamic = non_ir_ref_dynamic;
            }
        }

       /* Make a special call to the linker "notice" function to
         tell it that symbols added for crefs may need to be removed.  */
       if (!(*bed->notice_as_needed) (abfd, info, notice_not_needed))
        goto error_free_vers;

       free (old_tab);
+      /*
       objalloc_free_block ((struct objalloc *) htab->root.table.memory,
                           alloc_mark);
+      */
       if (nondeflt_vers != NULL)
        free (nondeflt_vers);
       return TRUE;
     }

   if (old_tab != NULL)
     {
       if (!(*bed->notice_as_needed) (abfd, info, notice_needed))
        goto error_free_vers;
       free (old_tab);

Will try to look at the proper way of freeing up 'htab->root.table.memory' data structure.
Comment 15 Sergei Trofimovich (RETIRED) gentoo-dev 2018-02-16 22:09:49 UTC
Rumors (https://sourceware.org/bugzilla/show_bug.cgi?id=15891#c4) say it could actually be fixed in binutils-2.30! I didn't try yet.
Comment 16 Sergei Trofimovich (RETIRED) gentoo-dev 2018-02-21 23:17:49 UTC
(In reply to Sergei Trofimovich from comment #13)
> Oh, that's fortran-agnostic reproducer (fails both on real machine and on a
> cross-compiler):
> 
> ia64-unknown-linux-gnu-ld -shared -o libbug.so
> /usr/lib/gcc/ia64-unknown-linux-gnu/6.3.0/crtbeginS.o --as-needed -lc

The crash is gone on binutils-2.30 and libtool passes all tests.
Comment 17 Sergei Trofimovich (RETIRED) gentoo-dev 2018-10-27 21:39:31 UTC
binutils-2.30 is stable on ia64.
Comment 18 Larry the Git Cow gentoo-dev 2019-03-17 23:13:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e830783b4b45b99bb33d15ee1f680f24765a3bf2

commit e830783b4b45b99bb33d15ee1f680f24765a3bf2
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-03-17 23:11:53 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-03-17 23:11:53 +0000

    default/linux/ia64: re-enable -Wl,--as-needed bu default, bug #541828
    
    sys-devel/binutils:2.30 is stable for about 6 months. Let's enable
    it for everyone.
    
    Bug: https://bugs.gentoo.org/541828
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 profiles/default/linux/ia64/make.defaults | 6 ------
 1 file changed, 6 deletions(-)