Re: arm-elf-ld 2.16.1 crash at bfd/elf32-arm.c:5536

[Shaun Jackman <sjackman at gmail dot com>]

On 7/29/05, Nick Clifton <nickc@redhat.com> wrote:
> Sorry - I had a quick look at the code, but it appears to be good.  So
> we really are going to need a test case that can reproduce the problem.

> Either that or maybe you could do some debugging for us ?  It looks like
> bad data is being placed into the section's map array or else the
> section has never had its target specific data pointer initialised
> correctly.  Can you find out the answers to these questions:

Here's the debugging results. I hope it's useful.

>    * Which section is being processed when the seg fault occurs ?

.data

(gdb) p *sec
$10 = {name = 0x9099f9f ".data", id = 995, index = 0, next = 0x90a1b30,
  flags = 291, user_set_vma = 1, linker_mark = 1, linker_has_input = 0,
  gc_mark = 0, segment_mark = 0, sec_info_type = 0, use_rela_p = 1,
  has_tls_reloc = 0, has_gp_reloc = 0, need_finalize_relax = 0,
  reloc_done = 0, vma = 0, lma = 0, size = 6, rawsize = 0,
  output_offset = 7176, output_section = 0x8e29060, alignment_power = 0,
  relocation = 0x0, orelocation = 0x0, reloc_count = 0, filepos = 52,
  rel_filepos = 0, line_filepos = 0, userdata = 0x0, contents = 0x0,
  lineno = 0x0, lineno_count = 0, entsize = 0, kept_section = 0x0,
  moving_line_filepos = 0, target_index = 0, used_by_bfd = 0x9099fdc,
  constructor_chain = 0x0, owner = 0x905f050, symbol = 0x9099fa8,
  symbol_ptr_ptr = 0x90a1b14, link_order_head = 0x0, link_order_tail = 0x0}


>    * What is the value for elf32_arm_section_data() for that section ?

(gdb) p *(struct _arm_elf_section_data *)sec->used_by_bfd
$11 = {elf = {this_hdr = {sh_name = 27, sh_type = 1, sh_flags = 3,
      sh_addr = 0, sh_size = 6, sh_entsize = 0, sh_link = 0, sh_info = 0,
      sh_offset = 52, sh_addralign = 1, bfd_section = 0x90a1a8c,
      contents = 0x0}, rel_hdr = {sh_name = 0, sh_type = 0, sh_flags = 0,
      sh_addr = 0, sh_size = 0, sh_entsize = 0, sh_link = 0, sh_info = 0,
      sh_offset = 0, sh_addralign = 0, bfd_section = 0x0, contents = 0x0},
    rel_hdr2 = 0x0, rel_count = 0, rel_count2 = 0, this_idx = 0, rel_idx = 0,
    rel_idx2 = 0, dynindx = 0, linked_to = 0x0, rel_hashes = 0x0,
    relocs = 0x0, local_dynrel = 0x0, sreloc = 0x0, group = {name = 0x0,
      id = 0x0}, sec_group = 0x0, next_in_group = 0x0, sec_info = 0x0},
  mapcount = 151410616, map = 0x9065808}

>    * Was the map for this section ever bfd_zalloc()ed by
> elf32_arm_new_section_hook()

I don't know about this particular map that's causing the crash, but
elf32_arm_new_section_hook is called for the .data section many times.
This is the first occurence.

(gdb) p *sec
$15 = {name = 0x8dc12b9 ".data", id = 17, index = 1, next = 0x0, flags = 0,
...
(gdb) bt
#0  elf32_arm_new_section_hook (abfd=0x8db8900, sec=0x8dc2fd8)
    at ../../bfd/elf32-arm.c:5522
#1  0x08068ea5 in bfd_section_init (abfd=0x8db8900, newsect=0x8dc2fd8)
    at ../../bfd/section.c:699
#2  0x0807ac82 in _bfd_elf_make_section_from_shdr (abfd=0x8db8900,
    hdr=0x8dc1170, name=0x8dc12b9 ".data") at ../../bfd/elf.c:692
...

> or bfd_realloc()ed by elf32_arm_output_symbol_hook() ?

No, bfd_realloc() is never called.

>    * Are their other values in the map array, and if so are they valid ?
>   (ie could something else be stomping on this, correctly allocated and
> initialised, memory).

(gdb) p *map
$7 = {vma = 0, type = 22 '\026'}
(gdb) p mapcount
$8 = 151410616

I noticed that mapcount varies from run to run. I'd guess that this is
not supposed to happen.

Hope this helps! Cheers,
Shaun