seen with 2.25.51.20151028 on aarch64-linux-gnu, GCC used is 20151028 from the gcc-5-branch. The test case also crashes with ld.gold, filing a separate issue. $ (cd tst; sh doit.sh) ld: BFD (GNU Binutils for Ubuntu) 2.25.51.20151028 assertion fail ../../bfd/elfnn-aarch64.c:4631 Segmentation fault (core dumped) test case at http://people.canonical.com/~doko/tmp/tst-binutils-20151028.tar.xz Program received signal SIGSEGV, Segmentation fault. tpoff_base (info=0x51c3e8 <link_info>) at ../../bfd/elfnn-aarch64.c:4633 4633 bfd_vma base = align_power ((bfd_vma) TCB_SIZE, (gdb) bt #0 tpoff_base (info=0x51c3e8 <link_info>) at ../../bfd/elfnn-aarch64.c:4633 #1 0x0000007fb7f1a144 in elf64_aarch64_relocate_section (output_bfd=0x7fb7f85fe8, info=0x51c3e8 <link_info>, input_bfd=0x7fffffd400, input_section=0x7fb7fc94a8 <elf64_bed>, contents=0x4 <error: Cannot access memory at address 0x4>, relocs=<optimized out>, local_syms=0x537440, local_sections=0x7fb7f032dc <bfd_bwrite+52>) at ../../bfd/elfnn-aarch64.c:6203 #2 0x0000007fb7f3f0d8 in elf_link_input_bfd (flinfo=flinfo@entry=0x7fffffd568, input_bfd=input_bfd@entry=0xff7e9b0) at ../../bfd/elflink.c:10166 #3 0x0000007fb7f4052c in bfd_elf_final_link (abfd=<optimized out>, info=<optimized out>) at ../../bfd/elflink.c:11359 #4 0x000000000041c470 in ldwrite () at ../../ld/ldwrite.c:581 #5 0x00000000004069dc in main (argc=127, argv=0x112ffffd818) at ../../ld/ldmain.c:430
corrupt stack for ld.gold as well. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1". /usr/bin/ld.gold: internal error in relocate_tls, at ../../gold/aarch64.cc:7387 [Inferior 1 (process 3298) exited with code 01] (gdb) bt No stack.
backtrace from a ld built with -O0 Program received signal SIGSEGV, Segmentation fault. 0x0000007fb7ed9524 in tpoff_base (info=0x550460 <link_info>) at ../../bfd/elfnn-aarch64.c:4633 4633 bfd_vma base = align_power ((bfd_vma) TCB_SIZE, (gdb) bt #0 0x0000007fb7ed9524 in tpoff_base (info=0x550460 <link_info>) at ../../bfd/elfnn-aarch64.c:4633 #1 0x0000007fb7edcd80 in elf64_aarch64_relocate_section (output_bfd=0x56b440, info=0x550460 <link_info>, input_bfd=0xffb29b0, input_section=0xffc3d98, contents=0x1f18c2a0 "\341\003", relocs=0xffdfef0, local_syms=0x1ed7b780, local_sections=0x1fd54230) at ../../bfd/elfnn-aarch64.c:6203 #2 0x0000007fb7f19240 in elf_link_input_bfd (flinfo=0x7fffffd640, input_bfd=0xffb29b0) at ../../bfd/elflink.c:10166 #3 0x0000007fb7f1bb58 in bfd_elf_final_link (abfd=0x56b440, info=0x550460 <link_info>) at ../../bfd/elflink.c:11359 #4 0x0000000000427378 in ldwrite () at ../../ld/ldwrite.c:581 #5 0x0000000000423eac in main (argc=274, argv=0x7fffffd8c8) at ../../ld/ldmain.c:430 still no backtrace for ld.gold
caused by we always call tpoff_base when we need to do tls relaxation which is wrong. tpoff_base shouldn't be called if there is no tls object defined in the input section. it's only valid when we are doing X -> TLS local executable relaxation, not for any others. Normally elfNN_aarch64_tls_relax don't need relocation value, as it just need to change the relocation type to the relaxed types then set the return type to bfd_reloc_continue thus the next iteration of relocate section should apply the relaxed relocation properly, but for the large model IE-> LE, BFD_RELOC_AARCH64_TLSIE_MOVW_GOTTPREL_G1 it's an exception, as the original IE model contains only two relocation entries, while the relaxed LE model for large requires three entries, we can't play the type change trick anymore, we can only resolve the relocation just inside elfNN_aarch64_tls_relax, and set the return type to bfd_reloc_ok, thus we need the extra relocation value here. We need to fix the code to call tpoff_base only when needed.
This regression is caused by: commit 3ebe65c0ff9f8f76c9971b1cc078273298f0c693 Author: Renlin Li <renlin.li@arm.com> Date: Fri Oct 2 17:48:31 2015 +0100
The buggy commit is reverted. Mark as fixed.