48392 – ld64.lld.darwinnew crashes linking __DWARF,__debug_ranges section

LLVM Bugzilla is read-only and represents the historical archive of all LLVM issues filled before November 26, 2021. Use github to submit LLVM bugs

Bug 48392 - ld64.lld.darwinnew crashes linking __DWARF,__debug_ranges section

Summary: ld64.lld.darwinnew crashes linking __DWARF,__debug_ranges section

Status:	RESOLVED FIXED

Alias:	None

Product:	lld
Classification:	Unclassified
Component:	MachO (show other bugs)
Version:	unspecified
Hardware:	Macintosh MacOS X

Importance:	P enhancement
Assignee:	Jez Ng

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-12-04 11:50 PST by schuett
Modified:	2020-12-10 16:18 PST (History)
CC List:	4 users (show)

See Also:
Fixed By Commit(s):	rG863f7a745e6ba5b9aebca82eeba1a2fb1db53e20

Attachments
the crash dump (3.13 KB, text/plain) 2020-12-04 11:56 PST, schuett	Details
lldb stack trace (1.94 KB, text/plain) 2020-12-04 12:03 PST, schuett	Details
lldb2 (9.58 KB, text/plain) 2020-12-06 03:44 PST, schuett	Details
reproducer (780.66 KB, application/x-gzip) 2020-12-07 13:26 PST, schuett	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description schuett 2020-12-04 11:50:49 PST

PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace.
Stack dump:
0.	Program arguments: /Users/xxx/modules/clang/git/bin/ld64.lld.darwinnew -demangle -dynamic -arch x86_64 -platform_version macos 11.0.0 11.0 -syslibroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk -o btm -L/Users/xxx/modules/clang/git/lib -L/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/lib/ lib/Support/ErrorHandling.o lib/Support/MemAlloc.o lib/Support/SmallVector.o lib/Utilities/util.o lib/Checker/checker.o lib/Transactions/GlobalTransaction.o lib/main.o -lc++ -lSystem
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0  ld64.lld.darwinnew       0x00000001047b6977 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) + 39
1  ld64.lld.darwinnew       0x00000001047b576a llvm::sys::RunSignalHandlers() + 250
2  ld64.lld.darwinnew       0x00000001047b71d6 SignalHandler(int) + 262
3  libsystem_platform.dylib 0x00007fff20374d7d _sigtramp + 29
4  libsystem_platform.dylib 0x4a8aa596003452d8 _sigtramp + 5371146835525961080
5  ld64.lld.darwinnew       0x0000000104a96c44 unsigned int std::__1::__sort3<lld::macho::RebaseSection::finalizeContents()::$_0&, lld::macho::Location*>(lld::macho::Location*, lld::macho::Location*, lld::macho::Location*, lld::macho::RebaseSection::finalizeContents()::$_0&) + 52
6  ld64.lld.darwinnew       0x0000000104a96eb3 unsigned int std::__1::__sort4<lld::macho::RebaseSection::finalizeContents()::$_0&, lld::macho::Location*>(lld::macho::Location*, lld::macho::Location*, lld::macho::Location*, lld::macho::Location*, lld::macho::RebaseSection::finalizeContents()::$_0&) + 35
7  ld64.lld.darwinnew       0x0000000104a97077 unsigned int std::__1::__sort5<lld::macho::RebaseSection::finalizeContents()::$_0&, lld::macho::Location*>(lld::macho::Location*, lld::macho::Location*, lld::macho::Location*, lld::macho::Location*, lld::macho::Location*, lld::macho::RebaseSection::finalizeContents()::$_0&) + 39
8  ld64.lld.darwinnew       0x0000000104a9634d void std::__1::__sort<lld::macho::RebaseSection::finalizeContents()::$_0&, lld::macho::Location*>(lld::macho::Location*, lld::macho::Location*, lld::macho::RebaseSection::finalizeContents()::$_0&) + 157
9  ld64.lld.darwinnew       0x0000000104a90b64 lld::macho::RebaseSection::finalizeContents() + 180
10 ld64.lld.darwinnew       0x0000000104a9e68e lld::macho::writeResult() + 7358
11 ld64.lld.darwinnew       0x0000000104a7bdab lld::macho::link(llvm::ArrayRef<char const*>, bool, llvm::raw_ostream&, llvm::raw_ostream&) + 15291
12 ld64.lld.darwinnew       0x00000001046a522b lldMain(int, char const**, llvm::raw_ostream&, llvm::raw_ostream&, bool) + 1163
13 ld64.lld.darwinnew       0x00000001046a4c65 main + 245
14 libdyld.dylib            0x00007fff2034b631 start + 1
clang-12: error: unable to execute command: Segmentation fault: 11
clang-12: error: linker command failed due to signal (use -v to see invocation)
make: *** [btm] Error 254

Comment 1 schuett 2020-12-04 11:51:51 PST

llvm@f69936f52973750d4746624abf9b6607827b08b1

Comment 2 schuett 2020-12-04 11:56:32 PST

Created attachment 24237 [details]
the crash dump

Comment 3 schuett 2020-12-04 12:03:44 PST

Created attachment 24238 [details]
lldb stack trace

Comment 4 schuett 2020-12-06 03:44:46 PST

Created attachment 24240 [details]
lldb2

Comment 5 Nico Weber 2020-12-07 13:19:13 PST

If you set `LLD_REPRODUCE=foo.tar` or pass --reproduce=foo.tar to lld, it'll create an archive you can upload that lets us reproduce the crash.

Comment 6 schuett 2020-12-07 13:26:30 PST

Created attachment 24246 [details]
reproducer

Comment 7 Nico Weber 2020-12-08 07:35:09 PST

Symbolized stack:

#0  0x00000000026a7610 in lld::macho::InputSection::getVA  at ../../lld/MachO/InputSection.cpp:29
#1  0x00000000026acdf1 in lld::macho::Location::getVA  at ../../lld/MachO/SyntheticSections.cpp:99
#2  0x00000000026b118a in lld::macho::RebaseSection::finalizeContents()::$_0::operator() const  at ../../lld/MachO/SyntheticSections.cpp:168
#3  0x00000000026b0c52 in __gnu_cxx::__ops::_Iter_comp_iter::operator()  at /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/predefined_ops.h:156
#4  0x00000000026b11ec in std::__move_median_to_first  at /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_algo.h:82
#5  0x00000000026b0976 in std::__unguarded_partition_pivot  at /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_algo.h:1924
#6  0x00000000026b078c in std::__introsort_loop  at /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_algo.h:1958
#7  0x00000000026b0699 in std::__sort  at /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_algo.h:1974
#8  0x00000000026b0622 in std::sort  at /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_algo.h:4892
#9  0x00000000026b05dd in llvm::sort  at ../../llvm/include/llvm/ADT/STLExtras.h:1464
#10 0x00000000026ad093 in llvm::sort  at ../../llvm/include/llvm/ADT/STLExtras.h:1469
#11 0x00000000026acf00 in lld::macho::RebaseSection::finalizeContents  at ../../lld/MachO/SyntheticSections.cpp:167
#12 0x00000000026ce0b0 in (anonymous namespace)::Writer::run  at ../../lld/MachO/Writer.cpp:712
#13 0x00000000026cde5a in lld::macho::writeResult () at ../../lld/MachO/Writer.cpp:735
#14 0x000000000267b3ac in lld::macho::link  at ../../lld/MachO/Driver.cpp:826
#15 0x00000000021e4cb1 in lldMain  at ../../lld/tools/lld/lld.cpp:159
#16 0x00000000021e48e7 in main  at ../../lld/tools/lld/lld.cpp:211




So we're trying to sort the synthetic section locations and then hit an InputSection without parent. It's a debug section:

(gdb) p this->name
$7 = {static npos = 18446744073709551615, Data = 0x7ffff5a7e388 "__debug_ranges", Length = 14}
(gdb) p this->segname
$8 = {static npos = 18446744073709551615, Data = 0x7ffff5a7e398 "__DWARF", Length = 7}

Comment 8 Nico Weber 2020-12-08 07:57:04 PST

Here's a small stand-alone repro:


$ cat test.cc
struct A {
  A() : a(0) {}
  int a;
} a;

$ out/gn/bin/clang --target=x86_64-apple-macos test.cc -g -c

$ out/gn/bin/ld64.lld.darwinnew -dylib test.o
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace.
Stack dump:
0.	Program arguments: out/gn/bin/ld64.lld.darwinnew -dylib test.o
...

Comment 9 Nico Weber 2020-12-08 08:18:47 PST

This assert finds the parent-less InputSection Location that we later crash on:

$ git diff
diff --git a/lld/MachO/Writer.cpp b/lld/MachO/Writer.cpp
index fc4e36c9eb5..d2b5c9029bf 100644
--- a/lld/MachO/Writer.cpp
+++ b/lld/MachO/Writer.cpp
@@ -394,8 +394,10 @@ void Writer::scanRelocations() {
           target->prepareSymbolRelocation(s, isec, r);
       } else {
         assert(r.referent.is<InputSection *>());
-        if (!r.pcrel)
+        if (!r.pcrel) {
+          assert(isec->parent);
           in.rebase->addEntry(isec, r.offset);
+        }
       }
     }
   }


It's hit here (with the repro in comment 8), and adding an `&& isec->parent` to the other if makes the crash go away. However it also breaks MachO/x86-64-reloc-unsigned.s

Should we link __DWARF,__debug_ranges at all or should we just refer to the .o files like with other debug info? (I don't know the debug info handling of the linker well.)

Comment 10 schuett 2020-12-08 10:12:39 PST

I used the open-source clang. The most interesting flags are probably:
-O3 -g0 -glldb

Comment 11 Jez Ng 2020-12-08 10:33:36 PST

> Should we link __DWARF,__debug_ranges at all or should we just refer to the .o files like with other debug info?

We don't emit any debug info section, including `__debug_ranges`. The problem here is that the debug sections are filtered out late in the link process, after rebase/bind opcodes have been emitted for them. I think filtering them out during the parsing stage would be the best fix... I'll put up a diff for it later.