Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1862029 - [Rawhide] gcc crashes at brew during Firefox build
Summary: [Rawhide] gcc crashes at brew during Firefox build
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: gcc
Version: 33
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1863557 (view as bug list)
Depends On:
Blocks: F33FTBFS
TreeView+ depends on / blocked
 
Reported: 2020-07-30 08:53 UTC by Martin Stransky
Modified: 2020-10-09 18:56 UTC (History)
13 users (show)

Fixed In Version: gcc-10.2.1-3.fc33
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-09-25 15:11:19 UTC
Type: Bug
Embargoed:
bcotton: fedora_prioritized_bug+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
GNU Compiler Collection 96690 0 P2 RESOLVED [10 Regression] ICE in write_type since r10-6087 2021-01-14 12:46:38 UTC
GNU Compiler Collection 97032 0 P2 RESOLVED [8/9/10/11 Regression] ICE output_operand: invalid use of register 'frame' since r8-1911 2021-01-14 12:46:38 UTC

Description Martin Stransky 2020-07-30 08:53:46 UTC 
Build task:
https://koji.fedoraproject.org/koji/taskinfo?taskID=48182591

/builddir/build/BUILD/firefox-79.0/objdir/dist/include/mozilla/dom/workerinternals/JSSettings.h:26:8:   required from here
/builddir/build/BUILD/firefox-79.0/objdir/dist/include/nsTArray.h:645:13: warning: 'void* memcpy(void*, const void*, size_t)' writing to an object of non-trivially copyable type 'struct mozilla::dom::workerinternals::JSSettings::JSGCSetting'; use copy-assignment or copy-initialization instead [-Wclass-memaccess]
  645 |       memcpy(aElements + aStart, aValues, aCount * sizeof(ElemType));
      |       ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /builddir/build/BUILD/firefox-79.0/objdir/dist/include/mozilla/dom/workerinternals/RuntimeService.h:17,
                 from /builddir/build/BUILD/firefox-79.0/dom/base/Navigator.cpp:57,
                 from Unified_cpp_dom_base3.cpp:137:
/builddir/build/BUILD/firefox-79.0/objdir/dist/include/mozilla/dom/workerinternals/JSSettings.h:27:10: note: 'struct mozilla::dom::workerinternals::JSSettings::JSGCSetting' declared here
   27 |   struct JSGCSetting {
      |          ^~~~~~~~~~~
*** WARNING *** there are active plugins, do not report this as a bug unless you can reproduce it without enabling any plugins.
Event                            | Plugins
PLUGIN_FINISH_UNIT               | annobin: Generate final annotations
PLUGIN_START_UNIT                | annobin: Generate global annotations
PLUGIN_ALL_PASSES_START          | annobin: Generate per-function annotations
PLUGIN_ALL_PASSES_END            | annobin: Register per-function end symbol
In file included from /builddir/build/BUILD/firefox-79.0/objdir/dist/include/mozilla/dom/TypedArray.h:13,
                 from /builddir/build/BUILD/firefox-79.0/objdir/dist/include/mozilla/dom/ToJSValue.h:14,
                 from /builddir/build/BUILD/firefox-79.0/objdir/dist/include/mozilla/dom/EventListenerBinding.h:13,
                 from /builddir/build/BUILD/firefox-79.0/objdir/dist/include/mozilla/EventListenerManager.h:11,
                 from /builddir/build/BUILD/firefox-79.0/objdir/dist/include/mozilla/DOMEventTargetHelper.h:18,
                 from /builddir/build/BUILD/firefox-79.0/dom/base/InProcessBrowserChildMessageManager.h:11,
                 from /builddir/build/BUILD/firefox-79.0/dom/base/InProcessBrowserChildMessageManager.cpp:7,
                 from Unified_cpp_dom_base3.cpp:11:
/builddir/build/BUILD/firefox-79.0/objdir/dist/include/js/ArrayBufferMaybeShared.h: At top level:
/builddir/build/BUILD/firefox-79.0/objdir/dist/include/js/ArrayBufferMaybeShared.h:89:31: internal compiler error: in write_type, at cp/mangle.c:2081
   89 | extern JS_PUBLIC_API uint8_t* GetArrayBufferMaybeSharedData(
      |                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://bugzilla.redhat.com/bugzilla> for instructions.
The bug is not reproducible, so it is likely a hardware or OS problem.
Comment 1 Martin Stransky 2020-08-03 19:17:00 UTC 
*** Bug 1863557 has been marked as a duplicate of this bug. ***
Comment 2 Ben Cotton 2020-08-11 13:50:53 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle.
Changing version to 33.
Comment 3 Martin Stransky 2020-08-18 06:45:20 UTC 
I'm going to try clang if that helps.
Comment 4 Miro Hrončok 2020-08-18 12:18:55 UTC 
Proposing as prioritized bug, see https://pagure.io/fesco/issue/2020#comment-671672
Comment 5 Jeff Law 2020-08-18 17:39:27 UTC 
Just a note, Jakub is on PTO this week, so I wouldn't expect any progress until he returns.

What would help would be to add -save-temps to the command line and pass along the .ii file.
Comment 6 Marek Polacek 2020-08-18 17:43:15 UTC 
Looks like https://gcc.gnu.org/PR93028 but even that is missing a test.
Comment 7 Ben Cotton 2020-08-26 17:28:15 UTC 
This is accepted as a Prioritized Bug: https://meetbot.fedoraproject.org/fedora-meeting/2020-08-26/fedora_prioritized_bugs_and_issues.2020-08-26-15.00.log.html#l-54
Comment 8 Jakub Jelinek 2020-08-27 16:13:54 UTC 
Should be fixed in gcc-10.2.1-3.fc{33,34}, except that the fc33 build is stuck on s390x :(.
Comment 9 Fedora Update System 2020-08-28 22:57:04 UTC 
FEDORA-2020-ebc729af2b has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-ebc729af2b
Comment 10 Fedora Update System 2020-08-31 14:27:43 UTC 
FEDORA-2020-ebc729af2b has been pushed to the Fedora 33 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-ebc729af2b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-ebc729af2b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 11 Martin Stransky 2020-09-04 11:01:54 UTC 
A different crash comes on i686:

https://kojipkgs.fedoraproject.org//work/tasks/968/50740968/build.log

/builddir/build/BUILD/firefox-80.0.1/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h:4188: internal compiler error: output_operand: invalid use of register 'frame'
 4188 |     }
      | 
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://bugzilla.redhat.com/bugzilla> for instructions.
Comment 12 Ben Cotton 2020-09-09 15:54:51 UTC 
The most recent builds failed due to a missing openh264-devel dependency, but no gcc builds have occurred since then, so it's likely that resolving the dependency issue will still result in the failure reported in comment 11
Comment 13 Martin Stransky 2020-09-10 06:43:31 UTC 
(In reply to Ben Cotton from comment #12)
> The most recent builds failed due to a missing openh264-devel dependency,
> but no gcc builds have occurred since then, so it's likely that resolving
> the dependency issue will still result in the failure reported in comment 11

New build with the fixed dependency is here:
https://koji.fedoraproject.org/koji/taskinfo?taskID=51112798
Comment 14 Miro Hrončok 2020-09-10 08:42:38 UTC 
 0:06.27 mozbuild.configure.options.InvalidOptionError: Unknown option: --with-system-openh264
 0:06.37 *** Fix above errors and then restart with\
 0:06.37                "./mach build"
Comment 15 Martin Stransky 2020-09-10 09:17:13 UTC 
There are builds here:
https://koji.fedoraproject.org/koji/buildinfo?buildID=1605574
Comment 16 Martin Stransky 2020-09-10 19:30:30 UTC 
It's still broken in i686:

https://kojipkgs.fedoraproject.org//work/tasks/1838/51121838/build.log

/builddir/build/BUILD/firefox-80.0.1/toolkit/crashreporter/google-breakpad/src/common/linux/memory_mapped_file.cc:98: internal compiler error: output_operand: invalid use of register 'frame'

arm fails with "memory exhausted" which is not related and may be disabled:

https://kojipkgs.fedoraproject.org//work/tasks/1837/51121837/build.log

and we don't build for s390x/ppc64le/aarch64 right now.
Comment 17 Jakub Jelinek 2020-09-11 19:46:33 UTC 
For the i686 issue, I've tried to reproduce it with:
#include <stdarg.h>

extern int *__errno_location (void);

static __attribute__((noinline)) long
sys_socketcall (int op, ...)
{
  long int res;
  va_list ap;
  va_start (ap, op);
  asm volatile ("push %%ebx; movl %2, %%ebx; int $0x80; pop %%ebx"
		: "=a" (res) : "0" (102), "ri" (op), "c" (ap) : "memory", "esp");
  if (__builtin_expect (res > 4294963200UL, 0))
    {
      *__errno_location () = -res;
      res = -1;
    }
  va_end (ap);
  return res;
}

int
foo (void)
{
  return sys_socketcall (16, 1, 2, 3, 4, 5, 6, 7);
}
and
-O2 -m32 -fPIC -shared -flto -o test test.c -fstack-protector-strong
which seems to create the same RTL IL (ok, off by one pseudo numbers and the memory and esp (which is invalid as the warning says) clobbers swapped),
but strangely during LRA the frame hard reg is eliminated in my simple testcase and is not on firefox, which is the reason why it ICEs.
Guess I'll need to do a side-by-side debugging to find out what is the difference.
Comment 18 Jakub Jelinek 2020-09-12 11:25:55 UTC 
I've filed PR97032 for this, but the ICE goes away if one fixes the bogus code pointed up by the warning (at least on the small testcase in the PR).
/builddir/build/BUILD/firefox-80.0.1/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h: In function 'ElfFileSoName.constprop':
/builddir/build/BUILD/firefox-80.0.1/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h:3462: warning: listing the stack pointer register 'esp' in a clobber list is deprecated [-Wdeprecated]
 3462 |   LSS_INLINE _syscall2(int,     munmap,          void*,       s,
      | 
/builddir/build/BUILD/firefox-80.0.1/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h:3462: note: the value of the stack pointer after an 'asm' statement must be the same as it was before the statement
So, I'd strongly advise to fix firefox (and thus also workaround the bug in the compiler which will be eventually fixed).
As the warning says, clobbers of the stack pointer in inline asm make no sense, the inline asm is not allowed to end with a different sp value from when it started (and changing it in the middle is not clobbering).
So completely untested:
--- firefox-80.0.1/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h	2020-08-31 10:04:19.000000000 -0400
+++ firefox-80.0.1/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h	2020-09-12 07:24:35.298931628 -0400
@@ -1962,7 +1962,7 @@ struct kernel_statfs {
                            LSS_ENTRYPOINT                                     \
                            "pop %%ebx"                                        \
                            args                                               \
-                           : "esp", "memory");                                \
+                           : "memory");                                       \
       LSS_RETURN(type,__res)
     #undef  _syscall0
     #define _syscall0(type,name)                                              \
@@ -2019,7 +2019,7 @@ struct kernel_statfs {
                              : "i" (__NR_##name), "ri" ((long)(arg1)),        \
                                "c" ((long)(arg2)), "d" ((long)(arg3)),        \
                                "S" ((long)(arg4)), "D" ((long)(arg5))         \
-                             : "esp", "memory");                              \
+                             : "memory");                                     \
         LSS_RETURN(type,__res);                                               \
       }
     #undef  _syscall6
@@ -2041,7 +2041,7 @@ struct kernel_statfs {
                              : "i" (__NR_##name),  "0" ((long)(&__s)),        \
                                "c" ((long)(arg2)), "d" ((long)(arg3)),        \
                                "S" ((long)(arg4)), "D" ((long)(arg5))         \
-                             : "esp", "memory");                              \
+                             : "memory");                                     \
         LSS_RETURN(type,__res);                                               \
       }
     LSS_INLINE int LSS_NAME(clone)(int (*fn)(void *), void *child_stack,
@@ -2127,7 +2127,7 @@ struct kernel_statfs {
                            : "0"(-EINVAL), "i"(__NR_clone),
                              "m"(fn), "m"(child_stack), "m"(flags), "m"(arg),
                              "m"(parent_tidptr), "m"(newtls), "m"(child_tidptr)
-                           : "esp", "memory", "ecx", "edx", "esi", "edi");
+                           : "memory", "ecx", "edx", "esi", "edi");
       LSS_RETURN(int, __res);
     }
Comment 19 Martin Stransky 2020-09-13 18:28:38 UTC 
I tried to add the patch to latest i686 builds, Thanks.
Comment 20 Martin Stransky 2020-09-14 07:04:16 UTC 
The i686 workaround seems to be working.
Comment 21 Ben Cotton 2020-09-16 15:26:03 UTC 
Since Firefox builds are succeeding, should we close this bug?
Comment 22 Fedora Update System 2020-09-25 16:38:15 UTC 
FEDORA-2020-ebc729af2b has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 23 Martin Stransky 2020-10-09 18:56:14 UTC 
It's a gcc bug tracked here - https://bugzilla.redhat.com/show_bug.cgi?id=1886399
Comment 24 Martin Stransky 2020-10-09 18:56:38 UTC 
(In reply to Martin Stransky from comment #23)
> It's a gcc bug tracked here -
> https://bugzilla.redhat.com/show_bug.cgi?id=1886399

Err, sorry, wrong bug.
Note You need to log in before you can comment on or make changes to this bug.