Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 235747 - linker segfault with MALLOC_PERTURB
Summary: linker segfault with MALLOC_PERTURB
Alias: None
Product: Fedora
Classification: Fedora
Component: binutils
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2007-04-09 21:50 UTC by Dave Jones
Modified: 2015-01-04 22:29 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-04-14 16:50:16 UTC

Attachments (Terms of Use)

Description Dave Jones 2007-04-09 21:50:48 UTC
whilst building a kernel, the final stage of the linking segfaults..

WARNING: vmlinux - Section mismatch: reference to .init.text: from .text between
'iret_exc' (at offset 0xc120eaac) and '_etext'
  LD      arch/i386/boot/compressed/piggy.o
/bin/sh: line 1:  4049 Segmentation fault      (core dumped) ld -m elf_i386 -m
elf_i386 -r --format binary --oformat elf32-i386 -T
arch/i386/boot/compressed/vmlinux.scr arch/i386/boot/compressed/vmlinux.bin.gz
-o arch/i386/boot/compressed/piggy.o
make[2]: *** [arch/i386/boot/compressed/piggy.o] Error 139
make[1]: *** [arch/i386/boot/compressed/vmlinux] Error 2
make: *** [bzImage] Error 2

gdb on the core shows..

Core was generated by `ld -m elf_i386 -m elf_i386 -r --format binary --oformat
elf32-i386 -T arch/i386'.
Program terminated with signal 11, Segmentation fault.
#0  0x401291cc in free () from /lib/
(gdb) bt
#0  0x401291cc in free () from /lib/
#1  0x400750db in bfd_elf_final_link (abfd=0x8cf1a20, info=0x80a3b00)
    at bfd/elflink.c:8900
#2  0x0805ee7a in ldwrite () at ld/ldwrite.c:557
#3  0x0805e2c2 in main (argc=147800232, argv=0xd58) at ld/ldmain.c:527
#4  0x400d3ef0 in __libc_start_main () from /lib/
#5  0x0804ab01 in _start ()

unsetting MALLOC_PERTURB makes it 'behave', though obviously it's just making it

Comment 1 Jakub Jelinek 2007-04-12 21:44:17 UTC
Which exact kernel nvr was that and what was MALLOC_PERTURB value you reproduced
it with?

Comment 2 Dave Jones 2007-04-13 19:11:01 UTC
that was a git clone from linus' tree from 2 days ago.
MALLOC_PERTURB was 30 something (38 I think) to begin with, but it was
reproducable with many others (my .bashrc sets it to $RANDOM, and I had this
happen in multiple terminals).

Comment 3 Jakub Jelinek 2007-04-13 19:20:12 UTC
I tried
MALLOC_PERTURB_=136 mock -r fedora-devel-i386-core --arch=i686
today and that didn't reproduce this for me.
Could you please tar the above files in question for me, so that I can
just run ld to reproduce it?
arch/i386/boot/compressed/vmlinux.scr and
should be hopefully all that is needed (unless vmlinux.scr includes other linker

Comment 5 Jakub Jelinek 2007-04-13 19:56:48 UTC
Reproduced, thanks.

Comment 7 Jakub Jelinek 2007-04-14 16:50:16 UTC
Should be fixed in binutils- in rawhide.

Note You need to log in before you can comment on or make changes to this bug.