[FYI] gcc 4.5.1 causes the Linux kernel to hang
[ This is FYI only. Documenting what I found with gcc 4.5.1 (but is
fixed in 4.5.4 ]
Part of my test suit is to build the kernel with a compiler before asm
goto was supported (to test jump labels without it).
Recently I noticed that the kernel started to hang when building with
it. For a while, I just disabled that test, but I finally got some time
to look at why it was happening. I took my config that was causing the
hang and started a bisect. It came down to this commit:
commit 54acd4397d7e7a725c94101180cd9f38ef701acc
Author: Kees Cook
Date: Wed Aug 17 14:42:09 2016 -0700
rculist: Consolidate DEBUG_LIST for list_add_rcu()
Which I thought was a tad weird. But testing the commit before would
boot fine, and this one would hang again. I then checked out a recent
4.13-rc release, tested it and it hung. Then I reverted the change
(with the attached patch) and it booted fine! Thinking that there may
be some subtle bug with that code, I dug deeper. Here's the NMI
watchdog lockup dump:
NMI watchdog: Watchdog detected hard LOCKUP on cpu 1
Modules linked in:
CPU: 1 PID: 1 Comm: systemd Not tainted 4.13.0-rc3-test+ #347
Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v03.03
07/14/2016
task: 8801195a8040 task.stack: c9008000
RIP: 0010:cgroup_migrate_execute+0x1bc/0x540
RSP: 0018:c900baa8 EFLAGS: 0046
RAX: 81e71830 RBX: 81e71910 RCX: c900b928
RDX: 81e71830 RSI: 880119725918 RDI: 8801195f8aa8
RBP: c900bb88 R08: 01c0 R09: c900b858
R10: 8801195f8b78 R11: c900b868 R12: 81e717c0
R13: 81e71830 R14: 81e70758 R15: 81e717c0
FS: 7f4eff598d80() GS:88011ea8() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 0043fc899e30 CR3: 0001142ba000 CR4: 001406e0
Call Trace:
? cgroup_migrate+0xb8/0xd0
cgroup_migrate+0xc0/0xd0
? cgroup_migrate_execute+0x540/0x540
cgroup_attach_task+0x1a9/0x260
? cgroup_attach_task+0x97/0x260
? get_task_cred+0x90/0xb0
__cgroup_procs_write+0x314/0x370
? __cgroup_procs_write+0x85/0x370
cgroup_procs_write+0x14/0x20
cgroup_file_write+0x77/0x190
kernfs_fop_write+0x11c/0x1d0
__vfs_write+0x34/0x140
? __sb_start_write+0x11d/0x1d0
? file_start_write.clone.19+0x28/0x30
vfs_write+0xcb/0x120
? __fdget_pos+0x12/0x50
SyS_write+0x59/0xc0
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x7f4efdb5ac30
RSP: 002b:7ffdf4e99388 EFLAGS: 0246 ORIG_RAX: 0001
RAX: ffda RBX: 0001 RCX: 7f4efdb5ac30
RDX: 0002 RSI: 0043fcfd52b0 RDI: 0006
RBP: 0002 R08: 0043fcfd40a0 R09: 7f4eff598d80
R10: 0043fcfd52b0 R11: 0246 R12: 0002
R13: 7f4eff2a073e R14: 0043fcfd3fc0 R15: 0006
Code: 52 08 15 81 31 c0 e8 04 8c 04 00 44 89 a5 24 ff ff ff 49 8b 47 70 48 39
85 38 ff ff ff 4c 8d b0 28 ef ff ff 4d 8b ae d8 10 00 00 <0f> 84 80 00 00 00 49
81 ed d8 10 00 00 eb 0a 4d 89 ee 4c 8d aa
It would always lock up in the same location. That
cgroup_migrate_execute() call. That is here:
spin_lock_irq(&css_set_lock);
list_for_each_entry(cset, &tset->src_csets, mg_node) {
list_for_each_entry_safe(task, tmp_task, &cset->mg_tasks,
cg_list) {
struct css_set *from_cset = task_css_set(task);
struct css_set *to_cset = cset->mg_dst_cset;
get_css_set(to_cset);
to_cset->nr_tasks++;
css_set_move_task(task, from_cset, to_cset, true);
put_css_set_locked(from_cset);
from_cset->nr_tasks--;
}
}
Adding several trace_printk()s, I found that the cset->mg_node was an
empty list (list_empty(&cset->mg_node) returns true), but the
tset->src_csets point to it. I added more printks to when that is added
and removed and found something interesting:
cgroup_migrate_add_task: src=c900bc18 src->next=c900bc18
src->prev=c900bc18
cgroup_migrate_add_task: add tail 81e71910 to c900bc18
(empty=1)
cgroup_migrate_add_task: cset=81e71910 cset->next=81e71910
(c900bc18) cset->prev=c900bc18
cgroup_migrate_execute: start cset loop
cgroup_migrate_execute: list empty 81e71910 from c900bc18
cgroup_migrate_execute: start loop on 81e71830 node 81e71910
empty 1
cgroup_migrate_execute: cset=81e71910 cset->next=81e71910
cset->prev=81e71910
cgroup_migrate_execute: loop from 81e717c0 to 880113ddbba8
The set up in cgroup_migrate_add_task() added the cset to the test
list, but the cset was never initialized to be part of the list. And the
third trace_printk() above had this:
trace_printk("cset=
Re: Heads-Up: early LTO debug to land, breaking Mach-O / [X]COFF
Hi Richard, > On Fri, 12 May 2017, Richard Biener wrote: > >> >> This is a heads-up that I am in the process of implementing the last >> of Jasons review comments on the dwarf2out parts of early LTO debug >> support. I hope to post final patches early next week after thoroughly >> re-testing everything. >> >> Note that Mach-O and [X]COFF support in the simple-object machinery >> is still missing for the early LTO debug feature so I am going to >> break LTOing with DWARF debuginfo on Darwin and Windows (CCing >> maintainers). Mach-O support has been worked on a bit by Iain >> and myself but the simple-object piece is still missing. >> A workaround is to use stabs on these targets with LTO. unfortunately, the patch not only broke LTO on Darwin, but bootstrap completely (seen on x86_64-apple-darwin17.0.0): /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c: In function 'void init_sections_and_labels(bool)': /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27184:1: error: '%ld' directive writing between 1 and 10 bytes into a region of size 9 [-Werror=format-overflow=] init_sections_and_labels (bool early_lto_debug) ^~~~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27184:1: note: directive argument in the range [0, 4294967295] In file included from ./tm.h:21:0, from /var/gcc/src/hg/trunk/local/gcc/target.h:52, from /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:61: /var/gcc/src/hg/trunk/local/gcc/config/darwin.h:759:15: note: 'sprintf' output between 23 and 32 bytes into a destination of size 30 sprintf (LABEL, "*%s%ld", PREFIX, (long)(NUM)); \ ^~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27210:4: note: in expansion of macro 'ASM_GENERATE_INTERNAL_LABEL' ASM_GENERATE_INTERNAL_LABEL (debug_skeleton_line_section_label, ^~~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27184:1: error: '%ld' directive writing between 1 and 10 bytes into a region of size 7 [-Werror=format-overflow=] init_sections_and_labels (bool early_lto_debug) ^~~~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27184:1: note: directive argument in the range [0, 4294967295] In file included from ./tm.h:21:0, from /var/gcc/src/hg/trunk/local/gcc/target.h:52, from /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:61: /var/gcc/src/hg/trunk/local/gcc/config/darwin.h:759:15: note: 'sprintf' output between 25 and 34 bytes into a destination of size 30 sprintf (LABEL, "*%s%ld", PREFIX, (long)(NUM)); \ ^~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27229:4: note: in expansion of macro 'ASM_GENERATE_INTERNAL_LABEL' ASM_GENERATE_INTERNAL_LABEL (debug_skeleton_abbrev_section_label, ^~~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27184:1: error: '%ld' directive writing between 1 and 10 bytes into a region of size 9 [-Werror=format-overflow=] init_sections_and_labels (bool early_lto_debug) ^~~~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27184:1: note: directive argument in the range [0, 4294967295] In file included from ./tm.h:21:0, from /var/gcc/src/hg/trunk/local/gcc/target.h:52, from /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:61: /var/gcc/src/hg/trunk/local/gcc/config/darwin.h:759:15: note: 'sprintf' output between 23 and 32 bytes into a destination of size 30 sprintf (LABEL, "*%s%ld", PREFIX, (long)(NUM)); \ ^~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27238:4: note: in expansion of macro 'ASM_GENERATE_INTERNAL_LABEL' ASM_GENERATE_INTERNAL_LABEL (debug_skeleton_line_section_label, ^~~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27184:1: error: '%ld' directive writing between 1 and 10 bytes into a region of size 9 [-Werror=format-overflow=] init_sections_and_labels (bool early_lto_debug) ^~~~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27184:1: note: directive argument in the range [0, 4294967295] In file included from ./tm.h:21:0, from /var/gcc/src/hg/trunk/local/gcc/target.h:52, from /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:61: /var/gcc/src/hg/trunk/local/gcc/config/darwin.h:759:15: note: 'sprintf' output between 23 and 32 bytes into a destination of size 30 sprintf (LABEL, "*%s%ld", PREFIX, (long)(NUM)); \ ^~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27245:4: note: in expansion of macro 'ASM_GENERATE_INTERNAL_LABEL' ASM_GENERATE_INTERNAL_LABEL (debug_skeleton_info_section_label, ^~~ /var/gcc/src/hg/trunk/local/gcc/dwarf2out.c:27184:1: error: '%ld' directive writing between 1 and 10 bytes into a region of size 7 [-Werror=format-overflow=] init_sections_and_labels (boo
gcc-6-20170823 is now available
Snapshot gcc-6-20170823 is now available on ftp://gcc.gnu.org/pub/gcc/snapshots/6-20170823/ and on various mirrors, see http://gcc.gnu.org/mirrors.html for details. This snapshot has been generated from the GCC 6 SVN branch with the following options: svn://gcc.gnu.org/svn/gcc/branches/gcc-6-branch revision 251321 You'll find: gcc-6-20170823.tar.xzComplete GCC SHA256=e5543ee3257101bcd347ad6767c10a9aeb2a300fe252ca40ed1aeba4d84f5cee SHA1=eab7dd4fc644cea06904dc6a03b84413ec552d52 Diffs from 6-20170816 are available in the diffs/ subdirectory. When a particular snapshot is ready for public consumption the LATEST-6 link is updated and a message is sent to the gcc list. Please do not use a snapshot before it has been announced that way.
