[uClibc 0005694]: uClibc-0.9.30-rc2 apps always segfault

bugs at busybox.net bugs at busybox.net
Sun Oct 26 11:29:07 UTC 2008


A NOTE has been added to this issue. 
====================================================================== 
http://busybox.net/bugs/view.php?id=5694 
====================================================================== 
Reported By:                rhabarber1848
Assigned To:                uClibc
====================================================================== 
Project:                    uClibc
Issue ID:                   5694
Category:                   Other
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             10-23-2008 06:48 PDT
Last Modified:              10-26-2008 04:29 PDT
====================================================================== 
Summary:                    uClibc-0.9.30-rc2 apps always segfault
Description: 
I am working on extending the Tuxbox environment with working uClibc
support[2].
Currently uClibc 0.9.28.3 is working well with our setup but getting
0.9.30-rc2
to work seems impossible.

Our compile environment includes:
- binutils 2.17.50.0.9 (2.19.50.0.1 shows the same result)
- gcc-3.4.6 including uClibc-patches
- Linux kernel 2.4.36.6
- Busybox 1.7.2

Booting into a uClibc 0.9.30-rc2 environment shows this:

[...]
Mounted devfs on /dev
Freeing unused kernel memory: 72k init
ELF0x30000000
ELF0x3001d09c
ELELELFDone relocating ldso; we can now use globals and make function
calls!
_dl_get_ready_to_run:172: Cool, ldso survived making function calls
_dl_malloc:920: mmapping more memory
_dl_get_ready_to_run:354: Lib Loader: (0x30000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:620: Loading: (0x3001e000) /lib/libcrypt.so.0
_dl_get_ready_to_run:620: Loading: (0x30043000) /lib/libgcc_s_nof.so.1
_dl_get_ready_to_run:620: Loading: (0x30060000) /lib/libc.so.0
_dl_get_ready_to_run:620: Loading: (0x30060000) /lib/libc.so.0
_dl_get_ready_to_run:620: Loading: (0x30060000) /lib/libc.so.0
_dl_get_ready_to_run:747: Beginning relocation fixups

After this point the boot process hangs.
Booting into a uClibc-0.9.28.3 environment, then chroot'ing into
uClibc 0.9.30-rc2 produces SEGFAULT for all binaries tested.
Here is a gdb backtrace, please note that both uClibc 0.9.28.3 and
0.9.30-rc2
were compiled with debug options enabled:

# gdb --args chroot /mnt /bin/busybox ash
ELF0x30000000
ELF0x30016820
ELFELFELFDone relocating ldso; we can now use globals and make function
calls!
_dl_get_ready_to_run:197: Cool, ldso survived making function calls
_dl_malloc:899: mmapping more memory
_dl_get_ready_to_run:352: Lib Loader: (0x30000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:621: Loading: (0x30017000) /lib/libintl.so.0
_dl_get_ready_to_run:621: Loading: (0x30028000) /lib/libncurses.so.5
_dl_get_ready_to_run:621: Loading: (0x30097000) /lib/libm.so.0
_dl_get_ready_to_run:621: Loading: (0x300cb000) /lib/libdl.so.0
_dl_get_ready_to_run:621: Loading: (0x300de000) /lib/libgcc_s_nof.so.1
_dl_get_ready_to_run:621: Loading: (0x300fb000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x300fb000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x300fb000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x300de000) /lib/libgcc_s_nof.so.1
_dl_get_ready_to_run:621: Loading: (0x300fb000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x300fb000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x300fb000) /lib/libc.so.0
_dl_get_ready_to_run:744: Beginning relocation fixups
transfering control to application @ 0x10033cb0
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "powerpc-tuxbox-linux-uclibc"...
(no debugging symbols found)
(gdb) run
Starting program: /sbin/chroot /mnt /bin/busybox ash
ELF0x30000000
ELF0x30016820
ELFELFELFDone relocating ldso; we can now use globals and make function
calls!
_dl_get_ready_to_run:197: Cool, ldso survived making function calls
_dl_malloc:899: mmapping more memory
_dl_get_ready_to_run:352: Lib Loader: (0x30000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:621: Loading: (0x30017000) /lib/libcrypt.so.0
_dl_get_ready_to_run:621: Loading: (0x3003d000) /lib/libgcc_s_nof.so.1
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:744: Beginning relocation fixups
transfering control to application @ 0x10003550
ELF0x30000000
ELF0x30016820
ELFELFELFDone relocating ldso; we can now use globals and make function
calls!
_dl_get_ready_to_run:197: Cool, ldso survived making function calls
_dl_malloc:899: mmapping more memory
_dl_get_ready_to_run:352: Lib Loader: (0x30000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:621: Loading: (0x30017000) /lib/libcrypt.so.0
_dl_get_ready_to_run:621: Loading: (0x3003d000) /lib/libgcc_s_nof.so.1
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:744: Beginning relocation fixups
transfering control to application @ 0x10003550

Program received signal SIGTRAP, Trace/breakpoint trap.
0x300026d4 in _dl_load_elf_shared_library (secure=0, rpnt=0x0,
libname=0x0) at dl-elf.c:340
340     dl-elf.c: No such file or directory.
        in dl-elf.c
(gdb) bt full
http://busybox.net/bugs/view.php?id=0  0x300026d4 in _dl_load_elf_shared_library
(secure=0, rpnt=0x0,
libname=0x0) at dl-elf.c:340
        dynamic_addr = 0
        tpnt = (struct elf_resolve *) 0x0
        ppnt = (Elf32_Phdr *) 0x0
        status = 0x0
        dynamic_info = {2147483501, 2147483511, 2147483518, 2147483531,
2147483543, 2147483554, 2147483570,
  2147483584, 2147483590, 2147483599, 0, 22, 22, 22, 22, 19, 16, 20, 16,
21, 0, 16, 2214592512, 6, 4096, 17,
  100, 3, 268435508, 4, 32, 5, 7, 7, 805306368, 8}
        lpnt = (long unsigned int *) 0x0
        minvma = 0
        maxvma = 0
        i = 0
        flags = 0
        piclib = 0
        relro_addr = 0
        relro_size = 0
        st = {st_dev = 0, st_ino = 9, st_mode = 268449032, st_nlink = 0,
st_uid = 0, st_gid = 12, st_rdev = 0,
  st_size = 13, st_blksize = 0, st_blocks = 14, st_atime = 0, __unused1 =
0, st_mtime = 0, __unused2 = 0,
  st_ctime = 0, __unused3 = 0, __unused4 = 0, __unused5 = 0}
        __FUNCTION__ =
"\201)\000\020\200\037\0008\220\t\000\024\201?\0008\200\t\000\020\220\037\0008H\000\001\020"
http://busybox.net/bugs/view.php?id=1  0x54483d2f in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

[1] Tuxbox is a Linux-based software for digital TV receivers like
Dbox2/Dreambox
[2] http://tuxbox-forum.dreambox-fan.de/forum/viewtopic.php?f=7&t=46625
====================================================================== 

---------------------------------------------------------------------- 
 rhabarber1848 - 10-23-08 06:50  
---------------------------------------------------------------------- 
Attached you will find .config for uClibc 0.9.30-rc2-svn. This code is
based
on yesterdays snapshot but the segfaults also happen with 0.9.30-rc2
tarball. 

---------------------------------------------------------------------- 
 rhabarber1848 - 10-23-08 06:54  
---------------------------------------------------------------------- 
gcc-3.4.6 is compiled using two patches, one general uClibc patch[1] based
on
trunk/buildroot/toolchain/gcc/3.4.6/200-uclibc-locale.patch which is
working
well with 0.9.28.3 and another patch consisting of back-ported code from

trunk/buildroot/toolchain/gcc/4.2.4/203-uclibc-locale-no__x.patch
trunk/buildroot/toolchain/gcc/4.2.4/204-uclibc-locale-wchar_fix.patch
trunk/buildroot/toolchain/gcc/4.2.4/205-uclibc-locale-update.patch

to fix locale-related compile bugs. This gcc-uclibc-locale.diff you will
find attached to this bug report.

[1] http://cvs.tuxbox.org/tuxbox/cdk/Patches/gcc-uclibc.diff?view=markup 

---------------------------------------------------------------------- 
 rhabarber1848 - 10-23-08 06:57  
---------------------------------------------------------------------- 
Please note that updating gcc is not an option for us.

Weird enough binaries linked against uClibc-0.9.30-rc2 work in uClibc
0.9.28.3
environments:

# pwd
/
# ls -la /lib/libuC*
-rw-r--r--    1 root     root     45305281 Oct 23  2008
/lib/libuClibc-0.9.28.so
# /mnt/bin/busybox
ELF0x30000000
ELF0x30016820
ELFELFELFDone relocating ldso; we can now use globals and make function
calls!
_dl_get_ready_to_run:197: Cool, ldso survived making function calls
_dl_malloc:899: mmapping more memory
_dl_get_ready_to_run:352: Lib Loader: (0x30000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:621: Loading: (0x30017000) /lib/libcrypt.so.0
_dl_get_ready_to_run:621: Loading: (0x3003d000) /lib/libgcc_s_nof.so.1
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:744: Beginning relocation fixups
transfering control to application @ 0x10003508
BusyBox v1.7.2 (2008-10-23 14:19:27 CEST) multi-call binary
Copyright (C) 1998-2006  Erik Andersen, Rob Landley, and others.
Licensed under GPLv2.  See source distribution for full notice.
[...] 

---------------------------------------------------------------------- 
 rhabarber1848 - 10-23-08 06:59  
---------------------------------------------------------------------- 
Attached as kernel_dot_config you will also find the kernel .config used. 

---------------------------------------------------------------------- 
 rhabarber1848 - 10-23-08 14:57  
---------------------------------------------------------------------- 
In my compile environment I was able to get uClibc 0.9.29 to work,
even including gcc-3.4.6 patched with gcc-uclibc-locale.diff, so I
think this patch is not the reason for the segfaults reported here. 

---------------------------------------------------------------------- 
 bernhardf - 10-25-08 01:28  
---------------------------------------------------------------------- 
Please provide a "bt f" at the time of the segfault (on current trunk), not
your breakpoint. 

---------------------------------------------------------------------- 
 rhabarber1848 - 10-25-08 05:28  
---------------------------------------------------------------------- 
(gdb) bt f
http://busybox.net/bugs/view.php?id=0  0x300d5c30 in _dl_run_init_array () from
/lib/libdl.so.0
No symbol table info available.
http://busybox.net/bugs/view.php?id=1  0x300d5cbc in _dl_app_init_array () from
/lib/libdl.so.0
No symbol table info available.
http://busybox.net/bugs/view.php?id=2  0x305e82b4 in __uClibc_main () from
/lib/libc.so.0
No symbol table info available.
http://busybox.net/bugs/view.php?id=3  0x00000000 in ?? ()
No symbol table info available. 

---------------------------------------------------------------------- 
 bernhardf - 10-25-08 11:14  
---------------------------------------------------------------------- 
.. with DOASSERTS, and debugging enabled.. 

---------------------------------------------------------------------- 
 rhabarber1848 - 10-26-08 04:22  
---------------------------------------------------------------------- 
I recompiled uClibc 0.9.28.3 and 0.9.30 (yesterdays SVN snapshot) with
debug options enabled and booted into 0.9.28.3.

When starting "chroot /mnt /bin/busybox" I receive 

transfering control to application @ 0x10003550
ELF0x30000000
ELF0x3001d09c
ELFELFELFDone relocating ldso; we can now use globals and make function
calls!
_dl_get_ready_to_run:172: Cool, ldso survived making function calls
_dl_malloc:920: mmapping more memory
_dl_get_ready_to_run:354: Lib Loader: (0x30000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:620: Loading: (0x3001e000) /lib/libcrypt.so.0
_dl_get_ready_to_run:620: Loading: (0x30043000) /lib/libgcc_s_nof.so.1
_dl_get_ready_to_run:620: Loading: (0x30060000) /lib/libc.so.0
_dl_get_ready_to_run:620: Loading: (0x30060000) /lib/libc.so.0
_dl_get_ready_to_run:620: Loading: (0x30060000) /lib/libc.so.0
_dl_get_ready_to_run:747: Beginning relocation fixups
Segmentation fault

but when using gdb I can only see a SIGTRAP like the one I posted above.
Weird is that the segfault happens immediatly while SIGTRAP occurs after
~ 60s of visual inactivity:

Program received signal SIGTRAP, Trace/breakpoint trap.
0x300026d4 in _dl_load_elf_shared_library (secure=0, rpnt=0x0,
libname=0x0) at dl-elf.c:340
340     dl-elf.c: No such file or directory.
        in dl-elf.c

Please note that I am not an expert with gdb. I tried to run gdb with some
options to adjust to the chroot:

# gdb --args chroot /mnt /bin/busybox
GNU gdb 6.8
This GDB was configured as "powerpc-tuxbox-linux-uclibc"...
(no debugging symbols found)
(gdb) set sysroot /mnt
(gdb) run
Starting program: /sbin/chroot /mnt /bin/busybox
ELF0x30000000
ELF0x30016820
ELFELFELFDone relocating ldso; we can now use globals and make function
calls!
_dl_get_ready_to_run:197: Cool, ldso survived making function calls
_dl_malloc:899: mmapping more memory
_dl_get_ready_to_run:352: Lib Loader: (0x30000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:621: Loading: (0x30017000) /lib/libcrypt.so.0
_dl_get_ready_to_run:621: Loading: (0x3003d000) /lib/libgcc_s_nof.so.1
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:744: Beginning relocation fixups
transfering control to application @ 0x10003550
ELF0x30000000
ELF0x30016820
ELFELFELFDone relocating ldso; we can now use globals and make function
calls!
_dl_get_ready_to_run:197: Cool, ldso survived making function calls
_dl_malloc:899: mmapping more memory
_dl_get_ready_to_run:352: Lib Loader: (0x30000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:621: Loading: (0x30017000) /lib/libcrypt.so.0
_dl_get_ready_to_run:621: Loading: (0x3003d000) /lib/libgcc_s_nof.so.1
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:744: Beginning relocation fixups
transfering control to application @ 0x10003550

Program received signal SIGTRAP, Trace/breakpoint trap.
0x300026d4 in _dl_start (args=Cannot access memory at address 0x8
) at ./ldso/include/dl-syscall.h:72
72      ./ldso/include/dl-syscall.h: No such file or directory.
        in ./ldso/include/dl-syscall.h

Do you need more informations? 

---------------------------------------------------------------------- 
 rhabarber1848 - 10-26-08 04:29  
---------------------------------------------------------------------- 
Forgot to add "bt f".

This after the 60s pause:

(gdb) set solib-search-path /mnt/lib
(gdb) run
Starting program: /sbin/chroot /mnt /bin/busybox
ELF0x30000000
ELF0x30016820
ELFELFELFDone relocating ldso; we can now use globals and make function
calls!
_dl_get_ready_to_run:197: Cool, ldso survived making function calls
_dl_malloc:899: mmapping more memory
_dl_get_ready_to_run:352: Lib Loader: (0x30000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:621: Loading: (0x30017000) /lib/libcrypt.so.0
_dl_get_ready_to_run:621: Loading: (0x3003d000) /lib/libgcc_s_nof.so.1
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:744: Beginning relocation fixups
transfering control to application @ 0x10003550
ELF0x30000000
ELF0x30016820
ELFELFELFDone relocating ldso; we can now use globals and make function
calls!
_dl_get_ready_to_run:197: Cool, ldso survived making function calls
_dl_malloc:899: mmapping more memory
_dl_get_ready_to_run:352: Lib Loader: (0x30000000) /lib/ld-uClibc.so.0
_dl_get_ready_to_run:621: Loading: (0x30017000) /lib/libcrypt.so.0
_dl_get_ready_to_run:621: Loading: (0x3003d000) /lib/libgcc_s_nof.so.1
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:621: Loading: (0x3005a000) /lib/libc.so.0
_dl_get_ready_to_run:744: Beginning relocation fixups
transfering control to application @ 0x10003550

Program received signal SIGTRAP, Trace/breakpoint trap.
0x300026d4 in _dl_load_elf_shared_library (secure=0, rpnt=0x0,
libname=0x0) at dl-elf.c:340
340     dl-elf.c: No such file or directory.
        in dl-elf.c
(gdb) bt f
http://busybox.net/bugs/view.php?id=0  0x300026d4 in _dl_load_elf_shared_library
(secure=0, rpnt=0x0,
libname=0x0) at dl-elf.c:340
        dynamic_addr = 0
        tpnt = (struct elf_resolve *) 0x0
        ppnt = (Elf32_Phdr *) 0x0
        status = 0x0
        dynamic_info = {2147483511, 2147483518, 2147483531, 2147483543,
2147483554, 2147483570, 2147483584,
  2147483590, 2147483599, 0, 22, 22, 22, 22, 19, 16, 20, 16, 21, 0, 16,
2214592512, 6, 4096, 17, 100, 3,
  268435508, 4, 32, 5, 7, 7, 805306368, 8, 0}
        lpnt = (long unsigned int *) 0x0
        minvma = 0
        maxvma = 0
        i = 0
        flags = 0
        piclib = 0
        relro_addr = 0
        relro_size = 0
        st = {st_dev = 9, st_ino = 268448996, st_mode = 11, st_nlink = 0,
st_uid = 12, st_gid = 0, st_rdev = 13,
  st_size = 0, st_blksize = 14, st_blocks = 0, st_atime = 0, __unused1 =
0, st_mtime = 794978670,
  __unused2 = 794981747, st_ctime = 2036494200, __unused3 = 5591877,
__unused4 = 1379758703,
  __unused5 = 1869873224}
        __FUNCTION__ =
"\201)\000\020\200\037\0008\220\t\000\024\201?\0008\200\t\000\020\220\037\0008H\000\001\020"
http://busybox.net/bugs/view.php?id=1  0x2f004c49 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?) 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
10-23-08 06:48  rhabarber1848  New Issue                                    
10-23-08 06:48  rhabarber1848  Status                   new => assigned     
10-23-08 06:48  rhabarber1848  Assigned To               => uClibc          
10-23-08 06:50  rhabarber1848  File Added: .config                          
10-23-08 06:50  rhabarber1848  Note Added: 0014044                          
10-23-08 06:50  rhabarber1848  Issue Monitored: rhabarber1848                   

10-23-08 06:54  rhabarber1848  File Added: gcc-uclibc-locale.diff               
    
10-23-08 06:54  rhabarber1848  Note Added: 0014054                          
10-23-08 06:57  rhabarber1848  Note Added: 0014064                          
10-23-08 06:58  rhabarber1848  File Added: kernel_dot_config                    
10-23-08 06:59  rhabarber1848  Note Added: 0014074                          
10-23-08 14:57  rhabarber1848  Note Added: 0014094                          
10-25-08 01:28  bernhardf      Note Added: 0014144                          
10-25-08 05:28  rhabarber1848  Note Added: 0014164                          
10-25-08 11:14  bernhardf      Note Added: 0014174                          
10-26-08 04:22  rhabarber1848  Note Added: 0014224                          
10-26-08 04:29  rhabarber1848  Note Added: 0014234                          
======================================================================




More information about the uClibc-cvs mailing list