Bug 235747 – linker segfault with MALLOC_PERTURB

This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours

Bug 235747 - linker segfault with MALLOC_PERTURB

Summary:	linker segfault with MALLOC_PERTURB

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	binutils (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Jakub Jelinek
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2007-04-09 17:50 EDT by Dave Jones
Modified:	2015-01-04 17:29 EST (History)
CC List:	1 user (show)

See Also:
Fixed In Version:	2.17.50.0.12-4
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2007-04-14 12:50:16 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Dave Jones 2007-04-09 17:50:48 EDT

whilst building a kernel, the final stage of the linking segfaults..

WARNING: vmlinux - Section mismatch: reference to .init.text: from .text between
'iret_exc' (at offset 0xc120eaac) and '_etext'
  LD      arch/i386/boot/compressed/piggy.o
/bin/sh: line 1:  4049 Segmentation fault      (core dumped) ld -m elf_i386 -m
elf_i386 -r --format binary --oformat elf32-i386 -T
arch/i386/boot/compressed/vmlinux.scr arch/i386/boot/compressed/vmlinux.bin.gz
-o arch/i386/boot/compressed/piggy.o
make[2]: *** [arch/i386/boot/compressed/piggy.o] Error 139
make[1]: *** [arch/i386/boot/compressed/vmlinux] Error 2
make: *** [bzImage] Error 2

gdb on the core shows..

Core was generated by `ld -m elf_i386 -m elf_i386 -r --format binary --oformat
elf32-i386 -T arch/i386'.
Program terminated with signal 11, Segmentation fault.
#0  0x401291cc in free () from /lib/libc.so.6
(gdb) bt
#0  0x401291cc in free () from /lib/libc.so.6
#1  0x400750db in bfd_elf_final_link (abfd=0x8cf1a20, info=0x80a3b00)
    at bfd/elflink.c:8900
#2  0x0805ee7a in ldwrite () at ld/ldwrite.c:557
#3  0x0805e2c2 in main (argc=147800232, argv=0xd58) at ld/ldmain.c:527
#4  0x400d3ef0 in __libc_start_main () from /lib/libc.so.6
#5  0x0804ab01 in _start ()

unsetting MALLOC_PERTURB makes it 'behave', though obviously it's just making it
non-fatal.

Comment 1 Jakub Jelinek 2007-04-12 17:44:17 EDT

Which exact kernel nvr was that and what was MALLOC_PERTURB value you reproduced
it with?

Comment 2 Dave Jones 2007-04-13 15:11:01 EDT

that was a git clone from linus' tree from 2 days ago.
MALLOC_PERTURB was 30 something (38 I think) to begin with, but it was
reproducable with many others (my .bashrc sets it to $RANDOM, and I had this
happen in multiple terminals).

Comment 3 Jakub Jelinek 2007-04-13 15:20:12 EDT

I tried
MALLOC_PERTURB_=136 mock -r fedora-devel-i386-core --arch=i686
kernel-2.6.20-1.3054.fc7.src.rpm
today and that didn't reproduce this for me.
Could you please tar the above files in question for me, so that I can
just run ld to reproduce it?
arch/i386/boot/compressed/vmlinux.scr and
arch/i386/boot/compressed/vmlinux.bin.gz
should be hopefully all that is needed (unless vmlinux.scr includes other linker
scripts).

Comment 5 Jakub Jelinek 2007-04-13 15:56:48 EDT

Reproduced, thanks.

Comment 6 Jakub Jelinek 2007-04-13 21:43:59 EDT

http://sources.redhat.com/ml/binutils/2007-04/msg00187.html

Comment 7 Jakub Jelinek 2007-04-14 12:50:16 EDT

Should be fixed in binutils-2.17.50.0.12-4 in rawhide.

Note You need to log in before you can comment on or make changes to this bug.