[Bug lto/53312] New: crash in materialize_cgraph (invalid free)

Thu, 10 May 2012 14:15:15 -0700 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53312

             Bug #: 53312
           Summary: crash in materialize_cgraph (invalid free)
    Classification: Unclassified
           Product: gcc
           Version: 4.7.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: lto
        AssignedTo: unassig...@gcc.gnu.org
        ReportedBy: philippe.waroqui...@skynet.be


Crash encountered when compiling the last svn version of
Valgrind with LTO.
I tried to isolate the problem, but failed.

   philippe@gcc20:~/valgrind/valgrind_lto/memcheck$ which gcc
   /home/philippe/gcc/gcc-4.7.0-inst/bin/gcc
   philippe@gcc20:~/valgrind/valgrind_lto/memcheck$ gcc -v
   Using built-in specs.
   COLLECT_GCC=gcc
  
COLLECT_LTO_WRAPPER=/home/philippe/gcc/gcc-4.7.0-inst/libexec/gcc/x86_64-unknown-linux-gnu/4.7.0/lto-wrapper
   Target: x86_64-unknown-linux-gnu
   Configured with: ../gcc-4.7.0/configure --disable-nls --enable-__cxa_atexit
--enable-threads=posix --enable-languages=c,c++
--prefix=/home/philippe/gcc/gcc-4.7.0-inst --with-plugin-ld=/usr/bin/gold
   Thread model: posix
   gcc version 4.7.0 (GCC) 

Here are the details about how to reproduce, and details
about the crash.

How to reproduce:
-------------------
svn co svn://svn.valgrind.org/valgrind/trunk valgrind_lto
cd valgrind_lto
export LD=/usr/bin/gold
export PATH=/home/philippe/gcc/gcc-4.7.0-inst/bin:$PATH
./autogen.sh 
export CFLAGS="-flto -fuse-linker-plugin"
CFLAGS="-flto -fuse-linker-plugin" ./configure --prefix=`pwd`/install
nice make -j20 2>&1 | tee m.out


=> crash of lto1.
The symptoms can vary : either a segmentation fault,
or a fatal error message from the glibc malloc library (so this 
looks like a heap corruption or dangling pointer) :

   ../coregrind/link_tool_exe_linux 0x38000000 gcc  -Wno-long-long -flto
-fuse-linker-plugin -Wno-pointer-sign -fno-stack-protector   -o
memcheck-amd64-linux -m64 -fomit-frame-pointer -O2 -g -Wall
-Wmissing-prototypes -Wshadow -Wpointer-arith -Wstrict-prototypes
-Wmissing-declarations -Wno-format-zero-length -fno-strict-aliasing
-fno-builtin -O2 -static -nodefaultlibs -nostartfiles -u _start
-Wl,--build-id=none -m64 memcheck_amd64_linux-mc_leakcheck.o
memcheck_amd64_linux-mc_malloc_wrappers.o memcheck_amd64_linux-mc_main.o
memcheck_amd64_linux-mc_translate.o memcheck_amd64_linux-mc_machine.o
memcheck_amd64_linux-mc_errors.o ../coregrind/libcoregrind-amd64-linux.a
../VEX/libvex-amd64-linux.a -lgcc 
   *** glibc detected ***
/home/philippe/gcc/gcc-4.7.0-inst/libexec/gcc/x86_64-unknown-linux-gnu/4.7.0/lto1:
munmap_chunk(): invalid pointer: 0x00002aaaabdb55e4 ***
   ======= Backtrace: =========
   /lib/libc.so.6(+0x71bd6)[0x2aaaab88bbd6]
  
/home/philippe/gcc/gcc-4.7.0-inst/libexec/gcc/x86_64-unknown-linux-gnu/4.7.0/lto1[0x4cf6de]
  
/home/philippe/gcc/gcc-4.7.0-inst/libexec/gcc/x86_64-unknown-linux-gnu/4.7.0/lto1(_Z8lto_mainv+0x6e0)[0x4d1160]
  
/home/philippe/gcc/gcc-4.7.0-inst/libexec/gcc/x86_64-unknown-linux-gnu/4.7.0/lto1(_Z11toplev_mainiPPc+0xa50)[0x72f3c0]
   /lib/libc.so.6(__libc_start_main+0xfd)[0x2aaaab838c8d]
  
/home/philippe/gcc/gcc-4.7.0-inst/libexec/gcc/x86_64-unknown-linux-gnu/4.7.0/lto1[0x4b3ff1]
   ======= Memory map: ========
   ...


To re-run the link command under Valgrind, I am doing the following:
-------------------------------------------------------------------
cd memcheck
~philippe/valgrind/trunk_untouched/install/bin/valgrind --trace-children=yes \
../coregrind/link_tool_exe_linux 0x38000000 gcc  -Wno-long-long -flto
-fuse-linker-plugin -Wno-pointer-sign -fno-stack-protector   -o
memcheck-amd64-linux -m64 -fomit-frame-pointer -O2 -g -Wall
-Wmissing-prototypes -Wshadow -Wpointer-arith -Wstrict-prototypes
-Wmissing-declarations -Wno-format-zero-length -fno-strict-aliasing
-fno-builtin -O2 -static -nodefaultlibs -nostartfiles -u _start
-Wl,--build-id=none -m64 memcheck_amd64_linux-mc_leakcheck.o
memcheck_amd64_linux-mc_malloc_wrappers.o memcheck_amd64_linux-mc_main.o
memcheck_amd64_linux-mc_translate.o memcheck_amd64_linux-mc_machine.o
memcheck_amd64_linux-mc_errors.o ../coregrind/libcoregrind-amd64-linux.a
../VEX/libvex-amd64-linux.a -lgcc 

... after quite some time (several processes have to run under Valgrind):
   ==7640== Command:
/home/philippe/gcc/gcc-4.7.0-inst/libexec/gcc/x86_64-unknown-linux-gnu/4.7.0/lto1
-quiet -dumpdir ./ -dumpbase memcheck-amd64-linux.ltrans11 -mtune=generic
-march=x86-64 -m64 -mtune=generic -march=x86-64 -auxbase-strip
/tmp/ccb7Bhpg.ltrans11.ltrans.o -g -O2 -O2 -Wshadow -fuse-linker-plugin
-fno-stack-protector -fomit-frame-pointer -fno-strict-aliasing -fltrans
@/tmp/cc3ZsEPX -o /tmp/ccmdOT7S.s
   ==7640== 
   ==7640== Invalid free() / delete / delete[] / realloc()
   ==7640==    at 0x4C2475F: free (vg_replace_malloc.c:427)
   ==7640==    by 0x4CF6DD: materialize_cgraph() (lto.c:248)
   ==7640==    by 0x4D115F: lto_main() (lto.c:2936)
   ==7640==    by 0x72F3BF: toplev_main(int, char**) (toplev.c:557)
   ==7640==    by 0x5996C8C: (below main) (libc-start.c:228)
   ==7640==  Address 0x406c880 is not stack'd, malloc'd or (recently) free'd
   ==7640== 
   In function 'check_auxmap_L1_L2_sanity':
   lto1: internal compiler error: compressed stream: data error
   Please submit a full bug report,
   with preprocessed source if appropriate.
   See <http://gcc.gnu.org/bugs.html> for instructions.
   ==7640== 


Note that to debug the process at the moment of the crash, you might
give option --vgdb-error=1  to Valgrind.
You can then use gdb to connect to the embedded Valgrind gdbserver at the
moment
of the invalid free error.


I tried to isolate the problem to have a smaller reproducer, but 
the problem quickly disappears when trying that.
Is the above information enough to look at the problem ?
Otherwise, is there some tools or hints helping to isolate such errors ?

Thanks

Philippe

Reply via email to