[uClibc 0003124]: smbd segfaults on arm architecture

bugs at busybox.net bugs at busybox.net
Sat Apr 26 12:09:34 UTC 2008


A NOTE has been added to this issue. 
====================================================================== 
http://busybox.net/bugs/view.php?id=3124 
====================================================================== 
Reported By:                naffarin
Assigned To:                uClibc
====================================================================== 
Project:                    uClibc
Issue ID:                   3124
Category:                   Architecture Specific
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             04-26-2008 01:53 PDT
Last Modified:              04-26-2008 05:09 PDT
====================================================================== 
Summary:                    smbd segfaults on arm architecture
Description: 
Using a buildroot compiled uclibc toolchain and version 0.9.29 of uclibc a
samba smbd (actually all samba binaries) segfaults immediately after
starting.
The toolchain has been compiled using linuxthreads.old/stable. Other
programs compiled with the toolchain work, e.g. busybox.

a gdb session shows the following output:

bash-3.2# gdb smbd
ELF header=0x40000000
First Dynamic section entry=0x40013ea8
Scanning DYNAMIC section
Done scanning DYNAMIC section
About to do library loader relocations
Done relocating ldso; we can now use globals and make function calls!
_dl_get_ready_to_run:169: Cool, ldso survived making function calls
_dl_malloc:892: mmapping more memory
_dl_get_ready_to_run:340: Lib Loader: (0x40000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:609: Loading: (0x40015000)
/mnt/HD_a2/uclibc_db/lib/libncurses.so.5
_dl_get_ready_to_run:609: Loading: (0x40060000)
/mnt/HD_a2/uclibc_db/lib/libm.so.0
_dl_get_ready_to_run:609: Loading: (0x4008e000)
/mnt/HD_a2/uclibc_db/lib/libdl.so.0
_dl_get_ready_to_run:609: Loading: (0x4009a000)
/mnt/HD_a2/uclibc_db/lib/libgcc_s.so.1
_dl_get_ready_to_run:609: Loading: (0x400a3000)
/mnt/HD_a2/uclibc_db/lib/libc.so.0
_dl_get_ready_to_run:609: Loading: (0x400a3000)
/mnt/HD_a2/uclibc_db/lib/libc.so.0
_dl_get_ready_to_run:609: Loading: (0x4009a000)
/mnt/HD_a2/uclibc_db/lib/libgcc_s.so.1
_dl_get_ready_to_run:609: Loading: (0x400a3000)
/mnt/HD_a2/uclibc_db/lib/libc.so.0
_dl_get_ready_to_run:609: Loading: (0x400a3000)
/mnt/HD_a2/uclibc_db/lib/libc.so.0
_dl_get_ready_to_run:609: Loading: (0x400a3000)
/mnt/HD_a2/uclibc_db/lib/libc.so.0
_dl_get_ready_to_run:736: Beginning relocation fixups
transfering control to application @ 0x39ea0
GNU gdb 6.6
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "arm-linux-uclibc"...
Using host libthread_db library
"/mnt/HD_a2/uclibc_db/lib/libthread_db.so.1".
(gdb) set -args --help
No symbol "args" in current context.
(gdb) set args --help
(gdb) r
Starting program: /mnt/HD_a2/uclibc_db/usr/sbin/smbd --help
ELF header=0x40000000
First Dynamic section entry=0x40013ea8
Scanning DYNAMIC section
Done scanning DYNAMIC section
About to do library loader relocations
Done relocating ldso; we can now use globals and make function calls!
_dl_get_ready_to_run:169: Cool, ldso survived making function calls
_dl_get_ready_to_run:261: Position Independent Executable:
app_tpnt->loadaddr=0x2a000000
_dl_malloc:892: mmapping more memory
_dl_get_ready_to_run:340: Lib Loader: (0x40000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:609: Loading: (0x40015000)
/mnt/HD_a2/uclibc_db/lib/libcrypt.so.0
_dl_get_ready_to_run:609: Loading: (0x40033000)
/mnt/HD_a2/uclibc_db/lib/libresolv.so.0
_dl_get_ready_to_run:609: Loading: (0x4003c000)
/mnt/HD_a2/uclibc_db/lib/libdl.so.0
_dl_get_ready_to_run:609: Loading: (0x40048000)
/mnt/HD_a2/uclibc_db/lib/libgcc_s.so.1
_dl_get_ready_to_run:609: Loading: (0x40051000)
/mnt/HD_a2/uclibc_db/lib/libc.so.0
_dl_get_ready_to_run:609: Loading: (0x40051000)
/mnt/HD_a2/uclibc_db/lib/libc.so.0
_dl_get_ready_to_run:609: Loading: (0x40051000)
/mnt/HD_a2/uclibc_db/lib/libc.so.0
_dl_get_ready_to_run:609: Loading: (0x40051000)
/mnt/HD_a2/uclibc_db/lib/libc.so.0
_dl_get_ready_to_run:609: Loading: (0x40051000)
/mnt/HD_a2/uclibc_db/lib/libc.so.0
_dl_get_ready_to_run:736: Beginning relocation fixups

Program received signal SIGSEGV, Segmentation fault.
0x400034e8 in elf_machine_relative (load_off=704643072,
rel_addr=704883812, relative_count=7007)
    at ./ldso/ldso/arm/dl-sysdep.h:140
140     ./ldso/ldso/arm/dl-sysdep.h: No such file or directory.
        in ./ldso/ldso/arm/dl-sysdep.h
(gdb) bt
http://busybox.net/bugs/view.php?id=0  0x400034e8 in elf_machine_relative
(load_off=704643072,
rel_addr=704883812, relative_count=7007)
    at ./ldso/ldso/arm/dl-sysdep.h:140
http://busybox.net/bugs/view.php?id=1  0x40009df0 in _dl_fixup (rpnt=0x4000c130,
now_flag=0) at
ldso/ldso/dl-elf.c:685
http://busybox.net/bugs/view.php?id=2  0x40005ddc in _dl_get_ready_to_run
(tpnt=0x0, load_addr=1073741824,
auxvt=0xbe833a4c, envp=0xbe833bf0, argv=0xbe833be4)
    at ldso/ldso/ldso.c:753
http://busybox.net/bugs/view.php?id=3  0x40002e10 in _dl_start (args=3196271584)
at
ldso/ldso/dl-startup.c:307
http://busybox.net/bugs/view.php?id=4  0x40001bec in _start () at
ldso/ldso/arm/elfinterp.c:332
Backtrace stopped: frame did not save the PC


====================================================================== 

---------------------------------------------------------------------- 
 naffarin - 04-26-08 05:09  
---------------------------------------------------------------------- 
Further tests showed that this bug is due to a patch to ldso.c i found in
the mailing list. The patch was supposed to fix the segfault as described
in http://busybox.net/bugs/view.php?id=1583 and can be fixed by applying
the following fix taken from
http://www.mail-archive.com/toolchain-commits@blackfin.uclinux.org/msg00485.html
which should be in already in the current snapshot of uclibc.

Modified: trunk/uClibc/ldso/ldso/ldso.c (2014 => 2015)

--- trunk/uClibc/ldso/ldso/ldso.c	2007-11-23 14:06:03 UTC (rev 2014)
+++ trunk/uClibc/ldso/ldso/ldso.c	2007-11-23 15:11:13 UTC (rev 2015)
@@ -289,6 +289,7 @@
 			_dl_debug_early("calling mprotect on the application program\n");
 			/* Now cover the application program. */
 			if (app_tpnt->dynamic_info[DT_TEXTREL]) {
+				ElfW(Phdr) *ppnt_outer = ppnt;
 				ppnt = (ElfW(Phdr) *) auxvt[AT_PHDR].a_un.a_val;
 				for (i = 0; i < auxvt[AT_PHNUM].a_un.a_val; i++, ppnt++) {
 					if (ppnt->p_type == PT_LOAD && !(ppnt->p_flags & PF_W))
@@ -297,7 +298,13 @@
 							     (unsigned long) ppnt->p_filesz,
 							     PROT_READ | PROT_WRITE | PROT_EXEC);
 				}
+				ppnt = ppnt_outer;
 			}
+#else
+			if (app_tpnt->dynamic_info[DT_TEXTREL]) {
+				_dl_dprintf(_dl_debug_file, "Can't modify application's text section;
use the GCC option -fPIE for position-independent executables.\n");
+				_dl_exit(1);
+			}
 #endif
 
 #ifndef ALLOW_ZERO_PLTGOT

Issue can be closed. ( I suppose this is also the solution for bug 1583) 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
04-26-08 01:53  naffarin       New Issue                                    
04-26-08 01:53  naffarin       Status                   new => assigned     
04-26-08 01:53  naffarin       Assigned To               => uClibc          
04-26-08 05:09  naffarin       Note Added: 0007224                          
======================================================================




More information about the uClibc-cvs mailing list