[Bug 4291] New: Segmentation fault with all binaries that use threads when compiled with gcc 4.6

bugzilla at busybox.net bugzilla at busybox.net
Tue Oct 4 09:16:51 UTC 2011


https://bugs.busybox.net/show_bug.cgi?id=4291

           Summary: Segmentation fault with all binaries that use threads
                    when compiled with gcc 4.6
           Product: uClibc
           Version: 0.9.32
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P5
         Component: Threads
        AssignedTo: unassigned at uclibc.org
        ReportedBy: s.neumann at raumfeld.com
                CC: uclibc-cvs at uclibc.org
   Estimated Hours: 0.0


We are using buildroot to build our software stack for an embedded device based
on a Marvell PXA300. Here's the output from /proc/cpuinfo:

Processor       : XScale-V3 based processor rev 1 (v5l)
BogoMIPS        : 206.64
Features        : swp half thumb fastmult edsp iwmmxt 
CPU implementer : 0x69
CPU architecture: 5TE
CPU variant     : 0x0
CPU part        : 0x688
CPU revision    : 1

Our buildroot environment is up-to-date with current git and we are using
uclibc 0.9.32 with NPTL as thread library implementation. Currently we are
using gcc 4.3.6 and things work fine. Here are some details from the BR2 CPU
configuration:

BR2_iwmmxt=y
BR2_ARM_TYPE="ARM_IWMMXT"
BR2_ARM_EABI=y
BR2_ARCH="arm"
BR2_ENDIAN="LITTLE"
BR2_GCC_TARGET_TUNE="iwmmxt"
BR2_GCC_TARGET_ARCH="iwmmxt"
BR2_GCC_TARGET_ABI="aapcs-linux"

As I said above, with gcc 4.3.6 everything works nicely. Now we tried to update
the compiler to version 4.6.1. With that change, and only that change, any
binary that uses threads started to segfault at startup. Non-threaded binaries
still work, so we have a system compiled with gcc 4.6.1 that is basically
working. But as soon as we try to start a threaded binary, it will segfault.

I tried to shed some light on this with gdb, but the stack-trace I got was
definitely corrupt. 

Here's an strace from starting dbus-daemon:

# strace dbus-daemon
init_tls [ld.so]
_dl_determine_tlsoffset [ld.so]
_dl_allocate_tls_storage (1696) [ld.so]
execve("/usr/bin/dbus-daemon", ["dbus-daemon"], [/* 15 vars */]) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000,
-1, 0) = 0x40031000
open("/lib/libxml2.so.2", O_RDONLY)     = -1 ENOENT (No such file or directory)
open("/lib/libxml2.so.2", O_RDONLY)     = -1 ENOENT (No such file or directory)
open("/usr/lib/libxml2.so.2", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=1409657, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000,
-1, 0) = 0x40103000
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\230\237\1\0004\0\0\0"..., 4096)
= 4096
mmap2(NULL, 1196032, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x401d7000
mmap2(0x401d7000, 1140664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) =
0x401d7000
mmap2(0x402f5000, 19828, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x116)
= 0x402f5000
mmap2(0x402fa000, 3068, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x402fa000
close(3)                                = 0
munmap(0x40103000, 4096)                = 0
open("/lib/libpthread.so.0", O_RDONLY)  = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=97011, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000,
-1, 0) = 0x400e8000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0pC\0\0004\0\0\0"...,
4096) = 4096
mmap2(NULL, 114688, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40127000
mmap2(0x40127000, 65988, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) =
0x40127000
mmap2(0x4013f000, 4124, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x10) =
0x4013f000
mmap2(0x40141000, 4316, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40141000
close(3)                                = 0
munmap(0x400e8000, 4096)                = 0
open("/lib/librt.so.0", O_RDONLY)       = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=13795, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000,
-1, 0) = 0x4001f000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0`\16\0\0004\0\0\0"...,
4096) = 4096
mmap2(NULL, 49152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40050000
mmap2(0x40050000, 8280, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) =
0x40050000
mmap2(0x4005a000, 4100, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2) =
0x4005a000
close(3)                                = 0
munmap(0x4001f000, 4096)                = 0
open("/lib/libgcc_s.so.1", O_RDONLY)    = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=41256, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000,
-1, 0) = 0x40061000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\234'\0\0004\0\0\0"...,
4096) = 4096
mmap2(NULL, 73728, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400a7000
mmap2(0x400a7000, 39468, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) =
0x400a7000
mmap2(0x400b8000, 3136, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x9) =
0x400b8000
close(3)                                = 0
munmap(0x40061000, 4096)                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=315063, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000,
-1, 0) = 0x40013000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0`\235\0\0004\0\0\0"...,
4096) = 4096
mmap2(NULL, 348160, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40143000
mmap2(0x40143000, 290456, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) =
0x40143000
mmap2(0x40192000, 4840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x47) =
0x40192000
mmap2(0x40194000, 14504, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40194000
close(3)                                = 0
munmap(0x40013000, 4096)                = 0
open("/lib/libdl.so.0", O_RDONLY)       = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=9223, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000,
-1, 0) = 0x40072000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\354\t\0\0004\0\0\0"...,
4096) = 4096
mmap2(NULL, 45056, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40198000
mmap2(0x40198000, 7276, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) =
0x40198000
mmap2(0x401a1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1) =
0x401a1000
mmap2(0x401a2000, 4, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
-1, 0) = 0x401a2000
close(3)                                = 0
munmap(0x40072000, 4096)                = 0
open("/lib/libm.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=64543, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000,
-1, 0) = 0x40096000
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\374\22\0\0004\0\0\0"..., 4096)
= 4096
mmap2(NULL, 98304, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400bd000
mmap2(0x400bd000, 57164, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) =
0x400bd000
mmap2(0x400d3000, 4097, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xe) =
0x400d3000
close(3)                                = 0
munmap(0x40096000, 4096)                = 0
open("/lib/libgcc_s.so.1", O_RDONLY)    = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=41256, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=315063, ...}) = 0
close(3)                                = 0
open("/lib/libdl.so.0", O_RDONLY)       = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=9223, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=315063, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=315063, ...}) = 0
close(3)                                = 0
open("/lib/libdl.so.0", O_RDONLY)       = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=9223, ...}) = 0
close(3)                                = 0
open("/lib/libpthread.so.0", O_RDONLY)  = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=97011, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=315063, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=315063, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0700, st_size=315063, ...}) = 0
close(3)                                = 0
stat("/lib/ld-uClibc.so.0", {st_mode=S_IFREG|0700, st_size=25452, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x400f0000
munmap(0x400f0000, 4096)                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x4005e000
munmap(0x4005e000, 4096)                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40081000
munmap(0x40081000, 4096)                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000,
-1, 0) = 0x4008d000
set_tls(0x4008d490, 0x4008db30, 0x4008db38, 0x4008d490, 0x400a5f74) = 0
mprotect(0x4013f000, 4096, PROT_READ)   = 0
mprotect(0x4005a000, 4096, PROT_READ)   = 0
mprotect(0x40192000, 4096, PROT_READ)   = 0
mprotect(0x401a1000, 4096, PROT_READ)   = 0
mprotect(0x400d3000, 4096, PROT_READ)   = 0
mprotect(0x400a5000, 4096, PROT_READ)   = 0
set_tid_address(0x4008d068)             = 1261
set_robust_list(0x4008d070, 0xc)        = 0
rt_sigaction(SIGRTMIN, {0x4013028c, [], SA_SIGINFO|0x4000000}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x40130138, [], SA_RESTART|SA_SIGINFO|0x4000000}, NULL,
8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x400e6000
munmap(0x400e6000, 4096)                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40079000
munmap(0x40079000, 4096)                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40021000
munmap(0x40021000, 4096)                = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=16}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo ...}) =
0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo ...}) =
0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x400ec000
munmap(0x400ec000, 4096)                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40006000
munmap(0x40006000, 4096)                = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Segmentation fault

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the uClibc-cvs mailing list