Bug 235747

Summary: linker segfault with MALLOC_PERTURB
Product: [Fedora] Fedora Reporter: Dave Jones <davej>
Component: binutilsAssignee: Jakub Jelinek <jakub>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: pfrields
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.17.50.0.12-4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-14 16:50:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dave Jones 2007-04-09 21:50:48 UTC 
whilst building a kernel, the final stage of the linking segfaults..

WARNING: vmlinux - Section mismatch: reference to .init.text: from .text between
'iret_exc' (at offset 0xc120eaac) and '_etext'
  LD      arch/i386/boot/compressed/piggy.o
/bin/sh: line 1:  4049 Segmentation fault      (core dumped) ld -m elf_i386 -m
elf_i386 -r --format binary --oformat elf32-i386 -T
arch/i386/boot/compressed/vmlinux.scr arch/i386/boot/compressed/vmlinux.bin.gz
-o arch/i386/boot/compressed/piggy.o
make[2]: *** [arch/i386/boot/compressed/piggy.o] Error 139
make[1]: *** [arch/i386/boot/compressed/vmlinux] Error 2
make: *** [bzImage] Error 2

gdb on the core shows..

Core was generated by `ld -m elf_i386 -m elf_i386 -r --format binary --oformat
elf32-i386 -T arch/i386'.
Program terminated with signal 11, Segmentation fault.
#0  0x401291cc in free () from /lib/libc.so.6
(gdb) bt
#0  0x401291cc in free () from /lib/libc.so.6
#1  0x400750db in bfd_elf_final_link (abfd=0x8cf1a20, info=0x80a3b00)
    at bfd/elflink.c:8900
#2  0x0805ee7a in ldwrite () at ld/ldwrite.c:557
#3  0x0805e2c2 in main (argc=147800232, argv=0xd58) at ld/ldmain.c:527
#4  0x400d3ef0 in __libc_start_main () from /lib/libc.so.6
#5  0x0804ab01 in _start ()

unsetting MALLOC_PERTURB makes it 'behave', though obviously it's just making it
non-fatal.
Comment 1 Jakub Jelinek 2007-04-12 21:44:17 UTC 
Which exact kernel nvr was that and what was MALLOC_PERTURB value you reproduced
it with?
Comment 2 Dave Jones 2007-04-13 19:11:01 UTC 
that was a git clone from linus' tree from 2 days ago.
MALLOC_PERTURB was 30 something (38 I think) to begin with, but it was
reproducable with many others (my .bashrc sets it to $RANDOM, and I had this
happen in multiple terminals).
Comment 3 Jakub Jelinek 2007-04-13 19:20:12 UTC 
I tried
MALLOC_PERTURB_=136 mock -r fedora-devel-i386-core --arch=i686
kernel-2.6.20-1.3054.fc7.src.rpm
today and that didn't reproduce this for me.
Could you please tar the above files in question for me, so that I can
just run ld to reproduce it?
arch/i386/boot/compressed/vmlinux.scr and
arch/i386/boot/compressed/vmlinux.bin.gz
should be hopefully all that is needed (unless vmlinux.scr includes other linker
scripts).
Comment 5 Jakub Jelinek 2007-04-13 19:56:48 UTC 
Reproduced, thanks.
Comment 6 Jakub Jelinek 2007-04-14 01:43:59 UTC 
http://sources.redhat.com/ml/binutils/2007-04/msg00187.html
Comment 7 Jakub Jelinek 2007-04-14 16:50:16 UTC 
Should be fixed in binutils-2.17.50.0.12-4 in rawhide.