Summary: | gold crashes while linking armv7hl binaries built with clang 6.0 when using --icf=safe | ||
---|---|---|---|
Product: | binutils | Reporter: | Bernhard Rosenkränzer <bero> |
Component: | gold | Assignee: | Cary Coutant <ccoutant> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ian |
Priority: | P2 | ||
Version: | 2.30 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | 2018-04-14 00:00:00 | |
Attachments: |
Object file triggering the crash
Object file still triggering the problem |
Description
Bernhard Rosenkränzer
2018-04-11 12:35:49 UTC
Somewhat simplified (still from alsa-lib 1.1.6 sources): $ ld -m armelf_linux_eabi -shared -o .libs/libasound.so.2.0.0 .libs/shmarea.o Segmentation fault (core dumped) Created attachment 10939 [details]
Object file triggering the crash
Seems to be triggered by __attribute__((destructor)) on a function in shmarea.c Source is here: https://github.com/michaelwu/alsa-lib/blob/master/src/shmarea.c Dropping __attribute__((destructor)) from line 97 "fixes" the problem (but of course doesn't result in a library doing its job) I can't reproduce the problem with the object file and command line that you provided. Even though your command line doesn't use --gc-sections, the backtrace you showed suggested that it was in use, but adding that option still doesn't trigger a crash. Please provide more details if you're still seeing this problem with the latest version of gold. Forgot that I had a patch in there that enables some options by default... With all flags adjusted for, the command I'm running is armv7hl-openmandriva-linux-gnueabihf-ld -z relro -X --hash-style=gnu --build-id --enable-new-dtags --eh-frame-hdr -m armelf_linux_eabi --as-needed --icf=safe -O1 --warn-common --warn-execstack --warn-shared-textrel -shared -o test.so.0 shmarea.o And --icf=safe seems to be needed to trigger it. Thanks, I see the problem now. Fix on the way... Fixed on trunk. The master branch has been updated by Cary Coutant <ccoutant@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aae8280935aab812c3666d1c5c0ea099e96927cc commit aae8280935aab812c3666d1c5c0ea099e96927cc Author: Cary Coutant <ccoutant@gmail.com> Date: Sat Apr 14 15:58:07 2018 -0700 Fix bug where --icf=safe triggers segfault when linking ARM. When checking a R_ARM_TARGET[12] relocation, we need a valid target pointer, but the garbage collection code was passing a NULL instead. gold/ PR gold/23046 * gc.h (gc_process_relocs): Pass target to scan.global_reloc_may_be_function_pointer. After applying the patch on top of 2.30, I can still trigger this crash with --icf=safe with a different test case. Backtrace looks the same. Program received signal SIGSEGV, Segmentation fault. 0x000d4b58 in (anonymous namespace)::Target_arm<false>::gc_process_relocs(gold::Symbol_table*, gold::Layout*, gold::Sized_relobj_file<32, false>*, unsigned int, unsigned int, unsigned char const*, unsigned int, gold::Output_section*, bool, unsigned int, unsigned char const*) () (gdb) bt #0 0x000d4b58 in (anonymous namespace)::Target_arm<false>::gc_process_relocs(gold::Symbol_table*, gold::Layout*, gold::Sized_relobj_file<32, false>*, unsigned int, unsigned int, unsigned char const*, unsigned int, gold::Output_section*, bool, unsigned int, unsigned char const*) () #1 0x0030e638 in gold::Sized_relobj_file<32, false>::do_gc_process_relocs(gold::Symbol_table*, gold::Layout*, gold::Read_relocs_data*) () #2 0x000de4bc in (anonymous namespace)::Arm_relobj<false>::do_gc_process_relocs(gold::Symbol_table*, gold::Layout*, gold::Read_relocs_data*) () #3 0x0030c6dc in gold::Gc_process_relocs::run(gold::Workqueue*) () #4 0x00366b50 in gold::Workqueue::find_and_run_task(int) () #5 0x003673ac in gold::Workqueue::process(int) () #6 0x00015260 in main () Created attachment 10962 [details]
Object file still triggering the problem
The master branch has been updated by Cary Coutant <ccoutant@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d83d54033545c0e7b668950b127753c88a33f950 commit d83d54033545c0e7b668950b127753c88a33f950 Author: Cary Coutant <ccoutant@gmail.com> Date: Thu Apr 19 10:20:08 2018 -0700 Fix second bug where --icf=safe triggers segfault when linking ARM. When checking a R_ARM_TARGET[12] relocation, we need a valid target pointer, but the garbage collection code was passing a NULL instead. The previous fix for this bug fixed the call to scan.global_reloc_may_be_function_pointer, but missed the similar call to scan.local_reloc_may_be_function_pointer. gold/ PR gold/23046 * gc.h (gc_process_relocs): Pass target to scan.local_reloc_may_be_function_pointer. Sorry, missed the call to scan.local_reloc_may_be_function_pointer. Should be fixed now. |