235747 – linker segfault with MALLOC_PERTURB

Bug 235747 - linker segfault with MALLOC_PERTURB

Summary: linker segfault with MALLOC_PERTURB

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	binutils
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jakub Jelinek
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-04-09 21:50 UTC by Dave Jones
Modified:	2015-01-04 22:29 UTC (History)
CC List:	1 user (show)
Fixed In Version:	2.17.50.0.12-4
Clone Of:
Environment:
Last Closed:	2007-04-14 16:50:16 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Dave Jones 2007-04-09 21:50:48 UTC

whilst building a kernel, the final stage of the linking segfaults..

WARNING: vmlinux - Section mismatch: reference to .init.text: from .text between
'iret_exc' (at offset 0xc120eaac) and '_etext'
  LD      arch/i386/boot/compressed/piggy.o
/bin/sh: line 1:  4049 Segmentation fault      (core dumped) ld -m elf_i386 -m
elf_i386 -r --format binary --oformat elf32-i386 -T
arch/i386/boot/compressed/vmlinux.scr arch/i386/boot/compressed/vmlinux.bin.gz
-o arch/i386/boot/compressed/piggy.o
make[2]: *** [arch/i386/boot/compressed/piggy.o] Error 139
make[1]: *** [arch/i386/boot/compressed/vmlinux] Error 2
make: *** [bzImage] Error 2

gdb on the core shows..

Core was generated by `ld -m elf_i386 -m elf_i386 -r --format binary --oformat
elf32-i386 -T arch/i386'.
Program terminated with signal 11, Segmentation fault.
#0  0x401291cc in free () from /lib/libc.so.6
(gdb) bt
#0  0x401291cc in free () from /lib/libc.so.6
#1  0x400750db in bfd_elf_final_link (abfd=0x8cf1a20, info=0x80a3b00)
    at bfd/elflink.c:8900
#2  0x0805ee7a in ldwrite () at ld/ldwrite.c:557
#3  0x0805e2c2 in main (argc=147800232, argv=0xd58) at ld/ldmain.c:527
#4  0x400d3ef0 in __libc_start_main () from /lib/libc.so.6
#5  0x0804ab01 in _start ()

unsetting MALLOC_PERTURB makes it 'behave', though obviously it's just making it
non-fatal.

Comment 1 Jakub Jelinek 2007-04-12 21:44:17 UTC

Which exact kernel nvr was that and what was MALLOC_PERTURB value you reproduced
it with?

Comment 2 Dave Jones 2007-04-13 19:11:01 UTC

that was a git clone from linus' tree from 2 days ago.
MALLOC_PERTURB was 30 something (38 I think) to begin with, but it was
reproducable with many others (my .bashrc sets it to $RANDOM, and I had this
happen in multiple terminals).

Comment 3 Jakub Jelinek 2007-04-13 19:20:12 UTC

I tried
MALLOC_PERTURB_=136 mock -r fedora-devel-i386-core --arch=i686
kernel-2.6.20-1.3054.fc7.src.rpm
today and that didn't reproduce this for me.
Could you please tar the above files in question for me, so that I can
just run ld to reproduce it?
arch/i386/boot/compressed/vmlinux.scr and
arch/i386/boot/compressed/vmlinux.bin.gz
should be hopefully all that is needed (unless vmlinux.scr includes other linker
scripts).

Comment 5 Jakub Jelinek 2007-04-13 19:56:48 UTC

Reproduced, thanks.

Comment 6 Jakub Jelinek 2007-04-14 01:43:59 UTC

http://sources.redhat.com/ml/binutils/2007-04/msg00187.html

Comment 7 Jakub Jelinek 2007-04-14 16:50:16 UTC

Should be fixed in binutils-2.17.50.0.12-4 in rawhide.

Note You need to log in before you can comment on or make changes to this bug.