Illegal instruction at exit() on arm/nommu (was Re: symbol clashes in libpthread.a and libc.a)

Cheung Yik Pang yp.cheung at pithk.com
Wed Feb 8 08:37:05 UTC 2006 

>     Another problem is that all programs, including helloworld, get
> segfaults when they exit:
>
> hello wo[122] helloworld: arm syscall 10420360
> rld!
> Code: GPF: pid(122, <helloworld>) (SVC pc=900a7700 r0=00000006 r3=fffffffc
> sp=90
> 7b7ef4 lr=900aebbc)
> 0ffffffc ef9f0088 (ea017ffe) e59ff410 ea0000bb
> pc : [<00000004>]    lr : [<91dd30ac>]    Not tainted
> sp : 91ddfedc  ip : 91ddfeb0  fp : 91ddfeec
> r10: 91dd4124  r9 : 00000000  r8 : 91dd0180
> r7 : 00000001  r6 : 91dd6774  r5 : 91dd40e4  r4 : 00000000
> r3 : 00000001  r2 : 00000000  r1 : 91dd5771  r0 : 00000000
> Flags: nzCv  IRQs on  FIQs on  Mode USER_32  Segment user
> Control: 1007
> Function entered at [<91dd304c>] from [<91dd1748>]
>  r4 = 91DDFF18
> Function entered at [<91dd1680>] from [<00000000>]
> Illegal instruction

I use gdbserver and gdb/ddd to debugger the helloworld program.  I found
that the program will crash at line 344 of libc/stdlib/atexit.c:

344         (__rtld_fini)();

The value of __rtld_fini was 0x01.  It looks odd to me.

In the assembly dump, it looks like:
    ...
    0x91957aa0 <exit+120>:  ldr     r3, [pc, #52]   ; 0x91957adc <$d+12>
    0x91957aa4 <exit+124>:  ldr     r3, [r3]
    0x91957aa8 <exit+128>:  mov     lr, pc
    0x91957aac <exit+132>:  mov     pc, r3
    ...

After the "mov     pc, r3" instruction from above, the assembly dump
changed to:

    0x00000000:     swi     0x009f0088
    0x00000004:     b       0x60004
    0x00000008:     ldr     pc, [pc, #1040] ; 0x420
    ...

Then the next "stepi" sent me straight to hell:

[173] helloworld: arm syscall 10420360
Code: GPF: pid(173, <helloworld>) (SVC pc=900a7700 r0=00000006 r3=fffffffc
sp=90
093ef4 lr=900aebbc)
0ffffffc ef9f0088 (ef9f0001) e59ff410 ea0000bb
pc : [<00000004>]    lr : [<91957ab0>]    Not tainted
sp : 9196bed0  ip : 9196bea4  fp : 9196bee0
r10: 91958c44  r9 : 00000000  r8 : 00000000
r7 : 00000000  r6 : 00000000  r5 : 00000000  r4 : 00000000
r3 : 00000001  r2 : 00000000  r1 : 91958c64  r0 : 00000000
Flags: nzCv  IRQs on  FIQs on  Mode USER_32  Segment user
Control: 1007
Function entered at [<91957a28>] from [<91954b0c>]
Function entered at [<919549d8>] from [<00000000>]

I don't know how to interpret those information.  Please give me some
advices.  Thank you.

-Cheung

More information about the uClibc mailing list