27859 – ld.gold crashes in chromium builds

Bug 27859 - ld.gold crashes in chromium builds

Summary: ld.gold crashes in chromium builds

Status:	NEW

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	Cauldron
Hardware:	x86_64 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Base system maintainers
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2020-12-17 22:44 CET by Christiaan Welvaart
Modified:	2020-12-18 20:20 CET (History)
CC List:	0 users

See Also:
Source RPM:	binutils-2.35.1-5.mga8.src.rpm
CVE:
Status comment:

Attachments
input files to reproduce the crash (594.34 KB, application/x-xz) 2020-12-17 22:49 CET, Christiaan Welvaart	Details
sources for binary input files (701.55 KB, application/x-xz) 2020-12-17 22:50 CET, Christiaan Welvaart	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Christiaan Welvaart 2020-12-17 22:44:32 CET

Description of problem:
When building chromium-browser-stable using gold, ld.gold crashes unreliably with a segmentation fault or abort():

Thread 1 "ld.gold" received signal SIGSEGV, Segmentation fault.
0x00007ffff7c59c6c in free () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff7c59c6c in free () from /lib64/libc.so.6
#1  0x0000000000458562 in __gnu_cxx::new_allocator<char>::deallocate (__t=<optimized out>, __p=<optimized out>, this=0x7ffff00c3390) at /usr/include/c++/10/ext/new_allocator.h:133
#2  std::allocator_traits<std::allocator<char> >::deallocate (__n=<optimized out>, __p=<optimized out>, __a=...) at /usr/include/c++/10/bits/alloc_traits.h:492
#3  std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_destroy (__size=<optimized out>, this=0x7ffff00c3390) at /usr/include/c++/10/bits/basic_string.h:237
#4  std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_dispose (this=0x7ffff00c3390) at /usr/include/c++/10/bits/basic_string.h:232
#5  std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string (this=0x7ffff00c3390, __in_chrg=<optimized out>) at /usr/include/c++/10/bits/basic_string.h:658
#6  std::_Destroy<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > (__pointer=0x7ffff00c3390) at /usr/include/c++/10/bits/stl_construct.h:140
#7  std::_Destroy_aux<false>::__destroy<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*> (__last=<optimized out>, __first=0x7ffff00c3390) at /usr/include/c++/10/bits/stl_construct.h:152
#8  std::_Destroy<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*> (__last=<optimized out>, __first=<optimized out>) at /usr/include/c++/10/bits/stl_construct.h:185
#9  std::_Destroy<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > (__last=0x7ffff00c35b0, __first=<optimized out>) at /usr/include/c++/10/bits/alloc_traits.h:738
#10 std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::~vector (this=0x6048a0 <gold::File_read::files_read[abi:cxx11]>, __in_chrg=<optimized out>)
    at /usr/include/c++/10/bits/stl_vector.h:680
#11 0x00007ffff7c10967 in __run_exit_handlers () from /lib64/libc.so.6
#12 0x00007ffff7c10b0a in exit () from /lib64/libc.so.6
#13 0x000000000045ce8f in gold::gold_exit (status=gold::GOLD_OK) at ../../gold/gold.cc:71
#14 0x000000000040aee3 in main (argc=<optimized out>, argv=<optimized out>) at ../../gold/main.cc:328


Version-Release number of selected component (if applicable):
binutils-2.35.1-5.mga8

How reproducible:
Build the package chromium-browser-stable in cauldron with use_gold defined to 1 in the spec file.

Steps to Reproduce:
1.unpack attached flatc_build.tar.xz
2.cd flatc_build
3./usr/bin/ld.gold -plugin /usr/lib/gcc/x86_64-mageia-linux-gnu/10/liblto_plugin.so -plugin-opt=/usr/lib/gcc/x86_64-mageia-linux-gnu/10/lto-wrapper -plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lc -plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lgcc --build-id --eh-frame-hdr --hash-style=gnu -m elf_x86_64 -export-dynamic -dynamic-linker /lib64/ld-linux-x86-64.so.2 -pie -o ./flatc /usr/lib/gcc/x86_64-mageia-linux-gnu/10/../../../../lib64/Scrt1.o /usr/lib/gcc/x86_64-mageia-linux-gnu/10/../../../../lib64/crti.o /usr/lib/gcc/x86_64-mageia-linux-gnu/10/crtbeginS.o -L/usr/lib/gcc/x86_64-mageia-linux-gnu/10 -L/usr/lib/gcc/x86_64-mageia-linux-gnu/10/../../../../lib64 -L/lib/../lib64 -L/usr/lib/../lib64 -L/usr/lib/gcc/x86_64-mageia-linux-gnu/10/../../.. --build-id -z noexecstack -z relro -z now -z defs --as-needed --threads --thread-count=4 --disable-new-dtags --as-needed --no-undefined -z relro -O1 --build-id --enable-new-dtags --start-group *.o --end-group -latomic -ldl -lpthread -lrt -lstdc++ -lm -lgcc_s -lgcc -lc -lgcc_s -lgcc /usr/lib/gcc/x86_64-mageia-linux-gnu/10/crtendS.o /usr/lib/gcc/x86_64-mageia-linux-gnu/10/../../../../lib64/crtn.o

repeat until it crashes, which happens about once in 20 times...

Comment 1 Christiaan Welvaart 2020-12-17 22:49:41 CET

Created attachment 12097 [details]
input files to reproduce the crash

Comment 2 Christiaan Welvaart 2020-12-17 22:50:27 CET

Created attachment 12098 [details]
sources for binary input files

Comment 3 Lewis Smith 2020-12-18 20:20:01 CET

Thank you for the report Christiaan.
I think best to assign it as a Basesystem bug.

Assignee: bugsquad => basesystem

Note You need to log in before you can comment on or make changes to this bug.