Pkg xen devel - Jan 2022 - Bug#1004269: Linker segfault while building src:xen

Package: src:binutils
Version: 2.37.50.20220106-2
X-Debbugs-CC: pkg-xen-devel at lists.alioth.debian.org

Hi,

With the last binutils version src:xen starts to FTBFS.

---- >8 ---- Xen 4.16 for experimental ---- >8 ----

* Last passed build, using binutils 2.37-10.
Job overview:
  https://salsa.debian.org/xen-team/debian-xen/-/pipelines/329021
Full log:
  https://salsa.debian.org/xen-team/debian-xen/-/jobs/2290845/raw

* First failed build, using the same source code, and using binutils 
2.37.50.20220106-2:
Job overview:
  https://salsa.debian.org/xen-team/debian-xen/-/pipelines/338409
Full log:
  https://salsa.debian.org/xen-team/debian-xen/-/jobs/2375744/raw

At the end of the full log, the failure can be observed:

     x86_64-linux-gnu-ld -mi386pep --subsystem=10 
--image-base=0xffff82d040000000 --stack=0,0 --heap=0,0 
--section-alignment=0x200000 --file-alignment=0x20 
--major-image-version=4 --minor-image-version=16 --major-os-version=2 
--minor-os-version=0 --major-subsystem-version=2 
--minor-subsystem-version=0 --no-insert-timestamp --build-id=sha1 -T 
efi.lds -N prelink.o 
/builds/xen-team/debian-xen/debian/output/source_dir/xen/common/symbols-dummy.o 
-b pe-x86-64 efi/buildid.o -o 
/builds/xen-team/debian-xen/debian/output/source_dir/xen/.xen.efi.0xffff82d040000000.0
&& :
Segmentation fault (core dumped)

The above logs are for src:xen 4.16.0-1~exp1 which we were about to 
upload to experimental.

---- >8 ---- Xen 4.14 currently in unstable ---- >8 ----

I also triggered a CI run again for the current src:xen 
4.14.3+32-g9de3671772-1. The same segfault happens there, and both for 
the amd64 and i386 build test (i386 is no longer included for Xen 4.16).

Job overview:
  https://salsa.debian.org/xen-team/debian-xen/-/pipelines/340556
Full logs:
  https://salsa.debian.org/xen-team/debian-xen/-/jobs/2394079/raw
  https://salsa.debian.org/xen-team/debian-xen/-/jobs/2394080/raw

---- >8 ----

So, this is what we observe. In the Debian Xen team, there's not a great 
amount of knowledge about the exact internals of what happens here.

* At least, we can let you know there's a regression.
* Currently progress on our Xen 4.16 upload is blocked, and we also 
can't do updates of the current Xen 4.14 packages (e.g. because of 
security fixes).
* We're available to help debugging this issue if needed. We'll need 
guidance, so it will mean that we'll work based on your instructions.
* After sending this report and getting the confirmation from the BTS, 
I'll send a reply with the upstream Xen development mailing list in Cc.

Thanks in advance,
Hans van Kranenburg

Control: found -1 2.37.90.20220123-2
Control: affects -1 src:xen

Hi,

this bug is still present in my sbuild chroot (updated about an hour ago) when 
compiling xen 4.14.3+32-g9de3671772-1 from unstable. I managed to run 
x86_64-linux-gnu-ld inside gdb to catch the segmentation fault. Please see the 
output below. I hope this is helpful to somebody tracking down the problem.

Please note for the xen case:
in
https://sources.debian.org/src/xen/4.14.3+32-g9de3671772-1/xen/arch/x86/Makefile/?hl=185#L185
the linker is checked for PE support. If it segfaults during this check the 
build system will disable building some parts below in this Makefile. So in 
this case it might never try to call the command from my gdb output below.
In my sbuild this check command randomly completes with return code 0 or with 
a segmentation fault using the following command:
$ x86_64-linux-gnu-ld -mi386pep --subsystem=10 --image-base=0x100000000
--stack=0,0 --heap=0,0 --strip-debug --section-alignment=0x200000
--file-alignment=0x20 --major-image-version=4 --minor-image-version=14
--major-os-version=2 --minor-os-version=0 --major-subsystem-version=2
--minor-subsystem-version=0 -o efi/check.efi efi/check.o


$ gdb -batch -n -ex 'set pagination off' -ex 'run -mi386pep
--subsystem=10 --image-base=0xffff82d040000000 --stack=0,0 --heap=0,0
--strip-debug --section-alignment=0x200000 --file-alignment=0x20
--major-image-version=4 --minor-image-version=14 --major-os-version=2
--minor-os-version=0 --major-subsystem-version=2 --minor-subsystem-version=0
--no-insert-timestamp   --build-id=sha1 -T efi.lds -N prelink-efi.o
efi/relocs-dummy.o
/build/xen-Hf5EN0/xen-4.14.3+32-g9de3671772/xen/common/symbols-dummy.o -b
pe-x86-64 efi/buildid.o -o
/build/xen-Hf5EN0/xen-4.14.3+32-g9de3671772/xen/.xen.efi.0xffff82d040000000.0
&&  x86_64-linux-gnu-ld -mi386pep --subsystem=10
--image-base=0xffff82d080000000 --stack=0,0 --heap=0,0 --strip-debug
--section-alignment=0x200000 --file-alignment=0x20 --major-image-version=4
--minor-image-version=14 --major-os-version=2 --minor-os-version=0
--major-subsystem-version=2 --minor-subsystem-version=0 --no-insert-timestamp  
--build-id=sha1 -T efi.lds -N prelink-efi.o efi/relocs-dummy.o
/build/xen-Hf5EN0/xen-4.14.3+32-g9de3671772/xen/common/symbols-dummy.o -b
pe-x86-64 efi/buildid.o -o
/build/xen-Hf5EN0/xen-4.14.3+32-g9de3671772/xen/.xen.efi.0xffff82d080000000.0'
-ex bt -ex 'bt full' --args x86_64-linux-gnu-ld

Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
120     ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.
#0  __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1  0x00007ffff7f6bbac in coff_write_auxent_fname.isra.0 (str=0x23527e
<error: Cannot access memory at address 0x23527e>, auxent=auxent at
entry=0x7fffffffe208, string_size_p=string_size_p at entry=0x7fffffffe2d8,
abfd=<optimized out>, abfd=<optimized out>) at
../../bfd/coffgen.c:856
#2  0x00007ffff7f3806d in coff_write_symbol (abfd=0x555555701b20,
symbol=0x7ffff7973780, native=native at entry=0x7fffffffe1c0,
written=0x7fffffffe2d0, string_size_p=0x7fffffffe2d8,
debug_string_section_p=debug_string_section_p at entry=0x0,
debug_string_size_p=0x0) at ../../bfd/coffgen.c:1043
#3  0x00007ffff7f3834e in coff_write_alien_symbol (abfd=<optimized out>,
symbol=<optimized out>, isym=0x7fffffffe310, iaux=0x7fffffffe2e0,
written=<optimized out>, string_size_p=<optimized out>,
debug_string_section_p=0x0, debug_string_size_p=0x0) at ../../bfd/coffgen.c:1154
#4  0x00007ffff7f2e74a in _bfd_coff_final_link (abfd=<optimized out>,
info=0x5555556fa3c0 <link_info>) at ../../bfd/cofflink.c:928
#5  0x000055555559b53f in ldwrite () at ../../ld/ldwrite.c:545
#6  main (argc=<optimized out>, argv=<optimized out>) at
../../ld/ldmain.c:513
#0  __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
No locals.
#1  0x00007ffff7f6bbac in coff_write_auxent_fname.isra.0 (str=0x23527e
<error: Cannot access memory at address 0x23527e>, auxent=auxent at
entry=0x7fffffffe208, string_size_p=string_size_p at entry=0x7fffffffe2d8,
abfd=<optimized out>, abfd=<optimized out>) at
../../bfd/coffgen.c:856
        str_length = <optimized out>
        filnmlen = <optimized out>
#2  0x00007ffff7f3806d in coff_write_symbol (abfd=0x555555701b20,
symbol=0x7ffff7973780, native=native at entry=0x7fffffffe1c0,
written=0x7fffffffe2d0, string_size_p=0x7fffffffe2d8,
debug_string_section_p=debug_string_section_p at entry=0x0,
debug_string_size_p=0x0) at ../../bfd/coffgen.c:1043
        auxesz = 18
        j = <optimized out>
        numaux = 1
        type = <optimized out>
        n_sclass = <optimized out>
        output_section = <optimized out>
        buf = 0x5555558abf00
        symesz = <optimized out>
#3  0x00007ffff7f3834e in coff_write_alien_symbol (abfd=<optimized out>,
symbol=<optimized out>, isym=0x7fffffffe310, iaux=0x7fffffffe2e0,
written=<optimized out>, string_size_p=<optimized out>,
debug_string_section_p=0x0, debug_string_size_p=0x0) at ../../bfd/coffgen.c:1154
        native = 0x7fffffffe1c0
        dummy = {{offset = 1, fix_value = 0, fix_tag = 0, fix_end = 0,
fix_scnlen = 0, fix_line = 0, u = {auxent = {x_sym = {x_tagndx = {l =
435610543662, p = 0x656c69662e}, x_misc = {x_lnsz = {x_lnno = 46240, x_size =
63456}, x_fsize = 140737352086688}, x_fcnary = {x_fcn = {x_lnnoptr =
140737350733261, x_endndx = {l = 4294967294, p = 0xfffffffe}}, x_ary = {x_dimen
= {3533, 63436, 32767, 0}}}, x_tvndx = 359}, x_file = {x_n = {x_fname =
".file\000\000\000\240\264\340\367\377\177\000\000\315\r\314",
<incomplete sequence \367>, x_n = {x_zeroes = 435610543662, x_offset =
140737352086688}}, x_ftype = 254 '\376'}, x_scn = {x_scnlen =
435610543662, x_nreloc = 46240, x_nlinno = 63456, x_checksum = 140737350733261,
x_associated = 65534, x_comdat = 255 '\377'}, x_tv = {x_tvfill =
435610543662, x_tvlen = 46240, x_tvran = {63456, 32767}}, x_csect = {x_scnlen =
{l = 435610543662, p = 0x656c69662e}, x_parmhash = 140737352086688, x_snhash =
3533, x_smtyp = 204 '\314', x_smclas = 247 '\367', x_stab =
4294967294, x_snstab = 359}, x_sect = {x_scnlen = 435610543662, x_nreloc =
140737352086688}}, syment = {_n = {_n_name = ".file\000\000", _n_n =
{_n_zeroes = 435610543662, _n_offset = 140737352086688}, _n_nptr = {0x656c69662e
<error: Cannot access memory at address 0x656c69662e>, 0x7ffff7e0b4a0
<_IO_file_jumps> ""}}, n_value = 140737350733261, n_scnum = -2,
n_flags = 0, n_type = 0, n_sclass = 103 'g', n_numaux = 1
'\001'}}, is_sym = true, extrap = 0x0}, {offset = 1433813712, fix_value
= 1, fix_tag = 0, fix_end = 1, fix_scnlen = 0, fix_line = 1, u = {auxent =
{x_sym = {x_tagndx = {l = 7074994964478652259, p = 0x622f6e6f6d6d6f63}, x_misc =
{x_lnsz = {x_lnno = 29801, x_size = 24941}, x_fsize = 27917082900132969},
x_fcnary = {x_fcn = {x_lnnoptr = 140737352630272, x_endndx = {l =
140737353778592, p = 0x7ffff7fa85a0 <cache_iovec>}}, x_ary = {x_dimen =
{0, 63465, 32767, 0}}}, x_tvndx = 6944}, x_file = {x_n = {x_fname =
"common/bitmap.c\000\000\000\351", <incomplete sequence \367>,
x_n = {x_zeroes = 7074994964478652259, x_offset = 27917082900132969}}, x_ftype =
160 '\240'}, x_scn = {x_scnlen = 7074994964478652259, x_nreloc = 29801,
x_nlinno = 24941, x_checksum = 140737352630272, x_associated = 34208, x_comdat =
250 '\372'}, x_tv = {x_tvfill = 7074994964478652259, x_tvlen = 29801,
x_tvran = {24941, 11888}}, x_csect = {x_scnlen = {l = 7074994964478652259, p =
0x622f6e6f6d6d6f63}, x_parmhash = 27917082900132969, x_snhash = 0, x_smtyp = 233
'\351', x_smclas = 247 '\367', x_stab = 140737353778592,
x_snstab = 6944}, x_sect = {x_scnlen = 7074994964478652259, x_nreloc =
27917082900132969}}, syment = {_n = {_n_name = "common/b", _n_n =
{_n_zeroes = 7074994964478652259, _n_offset = 27917082900132969}, _n_nptr =
{0x622f6e6f6d6d6f63 <error: Cannot access memory at address
0x622f6e6f6d6d6f63>, 0x632e70616d7469 <error: Cannot access memory at
address 0x632e70616d7469>}}, n_value = 140737352630272, n_scnum = -134576736,
n_flags = 32767, n_type = 0, n_sclass = 32 ' ', n_numaux = 27
'\033'}}, is_sym = false, extrap = 0x23527e}}
        output_section = <optimized out>
        link_info = <optimized out>
        ret = <optimized out>
#4  0x00007ffff7f2e74a in _bfd_coff_final_link (abfd=<optimized out>,
info=0x5555556fa3c0 <link_info>) at ../../bfd/cofflink.c:928
        sym = 0x7ffff7973780
        isym = {_n = {_n_name = "\000\000\000\000\000\000\000", _n_n =
{_n_zeroes = 0, _n_offset = 926}, _n_nptr = {0x0, 0x39e <error: Cannot access
memory at address 0x39e>}}, n_value = 32768, n_scnum = 6, n_flags = 0, n_type
= 0, n_sclass = 3 '\003', n_numaux = 0 '\000'}
        string_size = 0
        written = 0
        hash = <optimized out>
        pos = 2314878
        iaux = {x_sym = {x_tagndx = {l = 122245043283304, p = 0x6f2e64616568},
x_misc = {x_lnsz = {x_lnno = 0, x_size = 0}, x_fsize = 0}, x_fcnary = {x_fcn =
{x_lnnoptr = 0, x_endndx = {l = 0, p = 0x0}}, x_ary = {x_dimen = {0, 0, 0, 0}}},
x_tvndx = 0}, x_file = {x_n = {x_fname = "head.o", '\000'
<repeats 13 times>, x_n = {x_zeroes = 122245043283304, x_offset = 0}},
x_ftype = 0 '\000'}, x_scn = {x_scnlen = 122245043283304, x_nreloc = 0,
x_nlinno = 0, x_checksum = 0, x_associated = 0, x_comdat = 0 '\000'},
x_tv = {x_tvfill = 122245043283304, x_tvlen = 0, x_tvran = {0, 0}}, x_csect =
{x_scnlen = {l = 122245043283304, p = 0x6f2e64616568}, x_parmhash = 0, x_snhash
= 0, x_smtyp = 0 '\000', x_smclas = 0 '\000', x_stab = 0,
x_snstab = 0}, x_sect = {x_scnlen = 122245043283304, x_nreloc = 0}}
        indx = <optimized out>
        rewrite = false
        i = 233
        symesz = <optimized out>
        flaginfo = {info = 0x5555556fa3c0 <link_info>, output_bfd =
0x555555701b20, failed = 32, global_to_static = false, strtab = 0x555555801490,
section_info = 0x0, last_file_index = 0, last_file = {_n = {_n_name =
".file\000\000", _n_n = {_n_zeroes = 435610543662, _n_offset = 0},
_n_nptr = {0x656c69662e <error: Cannot access memory at address
0x656c69662e>, 0x0}}, n_value = 0, n_scnum = -2, n_flags = 0, n_type = 0,
n_sclass = 103 'g', n_numaux = 1 '\001'}, last_bf_index = -1,
last_bf = {x_sym = {x_tagndx = {l = 93824992519136, p = 0x55555559a3e0
<build_link_order>}, x_misc = {x_lnsz = {x_lnno = 41135, x_size = 63466},
x_fsize = 140737352736943}, x_fcnary = {x_fcn = {x_lnnoptr = 93824993998944,
x_endndx = {l = 140737352736974, p = 0x7ffff7eaa0ce
<bfd_new_link_order+14>}}, x_ary = {x_dimen = {14432, 21872, 21845, 0}}},
x_tvndx = 33048}, x_file = {x_n = {x_fname =
"\340\243YUUU\000\000\257\240\352\367\377\177\000\000`8pU", x_n =
{x_zeroes = 93824992519136, x_offset = 140737352736943}}, x_ftype = 206
'\316'}, x_scn = {x_scnlen = 93824992519136, x_nreloc = 41135, x_nlinno
= 63466, x_checksum = 93824993998944, x_associated = 41166, x_comdat = 234
'\352'}, x_tv = {x_tvfill = 93824992519136, x_tvlen = 41135, x_tvran =
{63466, 32767}}, x_csect = {x_scnlen = {l = 93824992519136, p = 0x55555559a3e0
<build_link_order>}, x_parmhash = 140737352736943, x_snhash = 14432,
x_smtyp = 112 'p', x_smclas = 85 'U', x_stab = 140737352736974,
x_snstab = 33048}, x_sect = {x_scnlen = 93824992519136, x_nreloc =
140737352736943}}, debug_merge = {root = {table = 0x5555558bcae0, newfunc =
0x7ffff7f2cb00 <_bfd_coff_debug_merge_hash_newfunc>, memory =
0x5555557fe4e0, size = 4051, count = 0, entsize = 32, frozen = 0}},
internal_syms = 0x555555701a10, sec_ptrs = 0x5555557fe7e0, sym_indices =
0x555555801890, outsyms = 0x5555557642d0 "", linenos = 0x5555558ac640
"\020\237\340\367\377\177", contents = 0x7ffff7715010 "",
external_relocs = 0x5555558c5990 "p\223\022", internal_relocs =
0x7ffff7620010}
        debug_merge_allocated = true
        long_section_names = <optimized out>
        o = <optimized out>
        p = <optimized out>
        max_sym_count = <optimized out>
        max_lineno_count = <optimized out>
        max_reloc_count = <optimized out>
        max_output_reloc_count = <optimized out>
        max_contents_size = <optimized out>
        rel_filepos = <optimized out>
        relsz = <optimized out>
        line_filepos = <optimized out>
        linesz = <optimized out>
        sub = 0x555555703f30
        external_relocs = 0x0
        strbuf = "\000\000\000"
        amt = <optimized out>
        error_return = <optimized out>
#5  0x000055555559b53f in ldwrite () at ../../ld/ldwrite.c:545
No locals.
#6  main (argc=<optimized out>, argv=<optimized out>) at
../../ld/ldmain.c:513
        emulation = <optimized out>
        start_time = 1382


Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL:
<http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20220126/a9b6ba92/attachment.sig>