SIGSEGV after infinite recursion in __vfprintf_chk?
Luca Ceresoli
list@lucaceresoli.net
Thu Feb 25 17:48:00 GMT 2010
Hi,
I'm trying to set up a build environment from scratch for Beagle board
(Cortex A8, http://elinux.org/BeagleBoard) with crosstool-NG 1.6.0.
I'm stuck at a problem that seems toolchain-related.
Sympthom: most programs (but not all) end with a segmentation fault.
Details follow.
I configured CT-NG to build the arm-cortex_a8-linux-gnueabi (glibc)
toolchain and used it to build:
- barebox
- U-boot
- Linux
(git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6.git)
and they work without any problem as far as I could test them.
Then I set up a minimal root filesystem by means of buildroot and busybox,
using on the same toolchain, but I get "Segmentation fault" when I try to do
almost anything except logging in, "cat <file>", pwd and cd.
So I wrote a minimal C program and run it through CT-NG's gdb (which luckily
does not segfault!), and it seems it infinitely recurses in
__vfprintf_chk(). SIGSEGV comes immediately after.
I'm not sure which details might be useful, so I'll paste a clean gdb
session for now. The target file is statically compiled.
It could be worth saying that CT-NG uses by default Linux headers from
2.6.31.12, while my kernel is the OMAP fork, derived from 2.6.32.
I also tried to configure CT-NG to use the 2.6.32 headers, without
noticeable difference.
Anybody can suggest in which direction I should investigate?
Thank you in advance.
Luca Ceresoli
--------------8<---------------
# /bin/hw_s
Hello, world!
Hello again.
Segmentation fault
# /usr/bin/gdb /bin/hw_s
dlopen failed on 'libthread_db.so.1' - libthread_db.so.1: cannot open shared object file: No such file or directory
GDB will not be able to debug pthreads.
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-cortex_a8-linux-gnueabi"...
(gdb) break main
Breakpoint 1 at 0x8260: file hw.c, line 7.
(gdb) break printf
Breakpoint 2 at 0x8fe8
(gdb) break __vfprintf_chk
Breakpoint 3 at 0x14c5c
(gdb) run
Starting program: /bin/hw_s
Breakpoint 1, main () at hw.c:7
7 FILE *f = 0xabcd;
(gdb) list
2 #include <stdio.h>
3 #include <mntent.h>
4
5 int main(void)
6 {
7 FILE *f = 0xabcd;
8 int number = 123;
9
10 printf("Hello, world!\n");
11 sleep(1);
(gdb)
12 printf("Hello again.\n");
13 printf("number = %d\n", number); <<-- SIGSEGV HERE!!!!
14 printf("f = %p\n", f); <<-- Never reaches this line
15
16 /* printf("f = %p\n", f);*/
17 printf("Now call setmntent()...\n");
18 sleep(1);
19 f = setmntent("/proc/mounts", "r");
20 /* printf("f = %p\n", f);*/
21
(gdb)
22 return 0;
23 }
(gdb) cont
Continuing.
Hello, world!
Hello again.
Breakpoint 2, 0x00008fe8 in printf ()
(gdb) bt full
#0 0x00008fe8 in printf ()
No symbol table info available.
#1 0x000082a4 in main () at hw.c:13
f = (FILE *) 0xabcd
number = 123
(gdb) cont
Continuing.
Breakpoint 3, 0x00014c5c in __vfprintf_chk ()
(gdb) bt full
#0 0x00014c5c in __vfprintf_chk ()
No symbol table info available.
#1 0x00009014 in printf ()
No symbol table info available.
#2 0x000082a4 in main () at hw.c:13
f = (FILE *) 0xabcd
number = 123
(gdb) disas
Dump of assembler code for function __vfprintf_chk:
0x00014c5c <__vfprintf_chk+0>: push {r4, r5, r6, r7, r8, r9, r10, lr}
0x00014c60 <__vfprintf_chk+4>: ldr r4, [r0]
0x00014c64 <__vfprintf_chk+8>: mov r5, r0
0x00014c68 <__vfprintf_chk+12>: mov r7, r1
0x00014c6c <__vfprintf_chk+16>: ands r4, r4, #32768 ; 0x8000
0x00014c70 <__vfprintf_chk+20>: mov r8, r2
0x00014c74 <__vfprintf_chk+24>: mov r10, r3
0x00014c78 <__vfprintf_chk+28>: bne 0x14ce0 <__vfprintf_chk+132>
0x00014c7c <__vfprintf_chk+32>: ldr r6, [r0, #72]
0x00014c80 <__vfprintf_chk+36>: bl 0x8a10 <__aeabi_read_tp>
0x00014c84 <__vfprintf_chk+40>: sub r9, r0, #1184 ; 0x4a0
0x00014c88 <__vfprintf_chk+44>: ldr r3, [r6, #8]
0x00014c8c <__vfprintf_chk+48>: cmp r3, r9
0x00014c90 <__vfprintf_chk+52>: beq 0x14cd4 <__vfprintf_chk+120>
0x00014c94 <__vfprintf_chk+56>: mov r1, #1 ; 0x1
0x00014c98 <__vfprintf_chk+60>: mov r2, r6
0x00014c9c <__vfprintf_chk+64>: ldr r3, [r2]
0x00014ca0 <__vfprintf_chk+68>: cmp r3, r4
0x00014ca4 <__vfprintf_chk+72>: bne 0x14cc0 <__vfprintf_chk+100>
0x00014ca8 <__vfprintf_chk+76>: mov r0, r4
0x00014cac <__vfprintf_chk+80>: mvn r3, #61440 ; 0xf000
0x00014cb0 <__vfprintf_chk+84>: mov lr, pc
0x00014cb4 <__vfprintf_chk+88>: sub pc, r3, #63 ; 0x3f
0x00014cb8 <__vfprintf_chk+92>: bcc 0x14c9c <__vfprintf_chk+64>
0x00014cbc <__vfprintf_chk+96>: mov r3, r4
0x00014cc0 <__vfprintf_chk+100>:cmp r3, #0 ; 0x0
0x00014cc4 <__vfprintf_chk+104>:bne 0x14db4 <__vfprintf_chk+344>
0x00014cc8 <__vfprintf_chk+108>:ldr r3, [r5, #72]
0x00014ccc <__vfprintf_chk+112>:mov r6, r3
0x00014cd0 <__vfprintf_chk+116>:str r9, [r3, #8]
0x00014cd4 <__vfprintf_chk+120>:ldr r3, [r6, #4]
0x00014cd8 <__vfprintf_chk+124>:add r3, r3, #1 ; 0x1
0x00014cdc <__vfprintf_chk+128>:str r3, [r6, #4]
0x00014ce0 <__vfprintf_chk+132>:cmp r7, #0 ; 0x0
0x00014ce4 <__vfprintf_chk+136>:mov r2, r8
0x00014ce8 <__vfprintf_chk+140>:mov r0, r5
0x00014cec <__vfprintf_chk+144>:mov r1, #1 ; 0x1
0x00014cf0 <__vfprintf_chk+148>:ldrgt r3, [r5, #60]
0x00014cf4 <__vfprintf_chk+152>:orrgt r3, r3, #4 ; 0x4
0x00014cf8 <__vfprintf_chk+156>:strgt r3, [r5, #60]
0x00014cfc <__vfprintf_chk+160>:mov r3, r10
0x00014d00 <__vfprintf_chk+164>:bl 0x14c5c <__vfprintf_chk>
0x00014d04 <__vfprintf_chk+168>:cmp r7, #0 ; 0x0
0x00014d08 <__vfprintf_chk+172>:mov r8, r0
0x00014d0c <__vfprintf_chk+176>:ldrle r3, [r5, #60]
0x00014d10 <__vfprintf_chk+180>:ldrgt r3, [r5, #60]
0x00014d14 <__vfprintf_chk+184>:bicgt r3, r3, #4 ; 0x4
0x00014d18 <__vfprintf_chk+188>:strgt r3, [r5, #60]
0x00014d1c <__vfprintf_chk+192>:ldr r2, [r5]
0x00014d20 <__vfprintf_chk+196>:bic r3, r3, #20 ; 0x14
0x00014d24 <__vfprintf_chk+200>:str r3, [r5, #60]
0x00014d28 <__vfprintf_chk+204>:tst r2, #32768 ; 0x8000
0x00014d2c <__vfprintf_chk+208>:bne 0x14d90 <__vfprintf_chk+308>
0x00014d30 <__vfprintf_chk+212>:ldr r6, [r5, #72]
0x00014d34 <__vfprintf_chk+216>:ldr r3, [r6, #4]
0x00014d38 <__vfprintf_chk+220>:sub r3, r3, #1 ; 0x1
0x00014d3c <__vfprintf_chk+224>:str r3, [r6, #4]
0x00014d40 <__vfprintf_chk+228>:cmp r3, #0 ; 0x0
0x00014d44 <__vfprintf_chk+232>:bne 0x14d90 <__vfprintf_chk+308>
0x00014d48 <__vfprintf_chk+236>:str r3, [r6, #8]
0x00014d4c <__vfprintf_chk+240>:ldr r5, [r6]
0x00014d50 <__vfprintf_chk+244>:mov r1, #0 ; 0x0
0x00014d54 <__vfprintf_chk+248>:mov r2, r6
0x00014d58 <__vfprintf_chk+252>:mov r4, r5
0x00014d5c <__vfprintf_chk+256>:ldr r3, [r2]
0x00014d60 <__vfprintf_chk+260>:cmp r3, r4
0x00014d64 <__vfprintf_chk+264>:bne 0x14d80 <__vfprintf_chk+292>
0x00014d68 <__vfprintf_chk+268>:mov r0, r4
0x00014d6c <__vfprintf_chk+272>:mvn r3, #61440 ; 0xf000
0x00014d70 <__vfprintf_chk+276>:mov lr, pc
0x00014d74 <__vfprintf_chk+280>:sub pc, r3, #63 ; 0x3f
0x00014d78 <__vfprintf_chk+284>:bcc 0x14d5c <__vfprintf_chk+256>
0x00014d7c <__vfprintf_chk+288>:mov r3, r4
0x00014d80 <__vfprintf_chk+292>:cmp r5, r3
0x00014d84 <__vfprintf_chk+296>:bne 0x14d4c <__vfprintf_chk+240>
0x00014d88 <__vfprintf_chk+300>:cmp r5, #1 ; 0x1
0x00014d8c <__vfprintf_chk+304>:bgt 0x14d98 <__vfprintf_chk+316>
0x00014d90 <__vfprintf_chk+308>:mov r0, r8
0x00014d94 <__vfprintf_chk+312>:pop {r4, r5, r6, r7, r8, r9, r10, pc}
0x00014d98 <__vfprintf_chk+316>:mov r3, r1
0x00014d9c <__vfprintf_chk+320>:mov r0, r6
0x00014da0 <__vfprintf_chk+324>:mov r2, #1 ; 0x1
0x00014da4 <__vfprintf_chk+328>:add r1, r1, #129 ; 0x81
0x00014da8 <__vfprintf_chk+332>:mov r7, #240 ; 0xf0
0x00014dac <__vfprintf_chk+336>:svc 0x00000000
0x00014db0 <__vfprintf_chk+340>:b 0x14d90 <__vfprintf_chk+308>
0x00014db4 <__vfprintf_chk+344>:mov r0, r6
0x00014db8 <__vfprintf_chk+348>:bl 0x143f0 <__lll_lock_wait_private>
0x00014dbc <__vfprintf_chk+352>:b 0x14cc8 <__vfprintf_chk+108>
0x00014dc0 <__vfprintf_chk+356>:ldr r3, [r5]
0x00014dc4 <__vfprintf_chk+360>:mov r8, r0
0x00014dc8 <__vfprintf_chk+364>:ldr r2, [r5, #60]
0x00014dcc <__vfprintf_chk+368>:tst r3, #32768 ; 0x8000
0x00014dd0 <__vfprintf_chk+372>:bic r3, r2, #20 ; 0x14
0x00014dd4 <__vfprintf_chk+376>:str r3, [r5, #60]
0x00014dd8 <__vfprintf_chk+380>:bne 0x14e54 <__vfprintf_chk+504>
0x00014ddc <__vfprintf_chk+384>:ldr r6, [r5, #72]
0x00014de0 <__vfprintf_chk+388>:ldr r3, [r6, #4]
0x00014de4 <__vfprintf_chk+392>:sub r3, r3, #1 ; 0x1
0x00014de8 <__vfprintf_chk+396>:str r3, [r6, #4]
0x00014dec <__vfprintf_chk+400>:cmp r3, #0 ; 0x0
0x00014df0 <__vfprintf_chk+404>:bne 0x14e54 <__vfprintf_chk+504>
0x00014df4 <__vfprintf_chk+408>:str r3, [r6, #8]
0x00014df8 <__vfprintf_chk+412>:ldr r5, [r6]
0x00014dfc <__vfprintf_chk+416>:mov r1, #0 ; 0x0
0x00014e00 <__vfprintf_chk+420>:mov r2, r6
0x00014e04 <__vfprintf_chk+424>:mov r4, r5
0x00014e08 <__vfprintf_chk+428>:ldr r3, [r2]
0x00014e0c <__vfprintf_chk+432>:cmp r3, r4
0x00014e10 <__vfprintf_chk+436>:bne 0x14e2c <__vfprintf_chk+464>
0x00014e14 <__vfprintf_chk+440>:mov r0, r4
0x00014e18 <__vfprintf_chk+444>:mvn r3, #61440 ; 0xf000
0x00014e1c <__vfprintf_chk+448>:mov lr, pc
0x00014e20 <__vfprintf_chk+452>:sub pc, r3, #63 ; 0x3f
0x00014e24 <__vfprintf_chk+456>:bcc 0x14e08 <__vfprintf_chk+428>
0x00014e28 <__vfprintf_chk+460>:mov r3, r4
0x00014e2c <__vfprintf_chk+464>:cmp r5, r3
0x00014e30 <__vfprintf_chk+468>:bne 0x14df8 <__vfprintf_chk+412>
0x00014e34 <__vfprintf_chk+472>:cmp r5, #1 ; 0x1
0x00014e38 <__vfprintf_chk+476>:ble 0x14e54 <__vfprintf_chk+504>
0x00014e3c <__vfprintf_chk+480>:mov r3, r1
0x00014e40 <__vfprintf_chk+484>:mov r0, r6
0x00014e44 <__vfprintf_chk+488>:mov r2, #1 ; 0x1
0x00014e48 <__vfprintf_chk+492>:add r1, r1, #129 ; 0x81
0x00014e4c <__vfprintf_chk+496>:mov r7, #240 ; 0xf0
0x00014e50 <__vfprintf_chk+500>:svc 0x00000000
0x00014e54 <__vfprintf_chk+504>:mov r0, r8
0x00014e58 <__vfprintf_chk+508>:bl 0x61de0 <___Unwind_Resume>
End of assembler dump.
(gdb) cont
Continuing.
Breakpoint 3, 0x00014c5c in __vfprintf_chk ()
(gdb) bt
#0 0x00014c5c in __vfprintf_chk ()
#1 0x00014d04 in __vfprintf_chk ()
#2 0x00009014 in printf ()
#3 0x000082a4 in main () at hw.c:13
(gdb) c
Continuing.
Breakpoint 3, 0x00014c5c in __vfprintf_chk ()
(gdb) bt
#0 0x00014c5c in __vfprintf_chk ()
#1 0x00014d04 in __vfprintf_chk ()
#2 0x00014d04 in __vfprintf_chk ()
#3 0x00009014 in printf ()
#4 0x000082a4 in main () at hw.c:13
(gdb) c
Continuing.
Breakpoint 3, 0x00014c5c in __vfprintf_chk ()
(gdb) bt
#0 0x00014c5c in __vfprintf_chk ()
#1 0x00014d04 in __vfprintf_chk ()
#2 0x00014d04 in __vfprintf_chk ()
#3 0x00014d04 in __vfprintf_chk ()
#4 0x00009014 in printf ()
#5 0x000082a4 in main () at hw.c:13
(gdb) c
Continuing.
Breakpoint 3, 0x00014c5c in __vfprintf_chk ()
(gdb) bt
#0 0x00014c5c in __vfprintf_chk ()
#1 0x00014d04 in __vfprintf_chk ()
#2 0x00014d04 in __vfprintf_chk ()
#3 0x00014d04 in __vfprintf_chk ()
#4 0x00014d04 in __vfprintf_chk ()
#5 0x00009014 in printf ()
#6 0x000082a4 in main () at hw.c:13
(gdb) break *0x00014d04
Breakpoint 4 at 0x14d04
(gdb) cont
Continuing.
Breakpoint 3, 0x00014c5c in __vfprintf_chk ()
(gdb)
Continuing.
Breakpoint 3, 0x00014c5c in __vfprintf_chk ()
(gdb) break *0x00014d00
Breakpoint 5 at 0x14d00
(gdb) cont
Continuing.
Breakpoint 5, 0x00014d00 in __vfprintf_chk ()
(gdb) bt
#0 0x00014d00 in __vfprintf_chk ()
#1 0x00014d04 in __vfprintf_chk ()
#2 0x00014d04 in __vfprintf_chk ()
#3 0x00014d04 in __vfprintf_chk ()
#4 0x00014d04 in __vfprintf_chk ()
#5 0x00014d04 in __vfprintf_chk ()
#6 0x00014d04 in __vfprintf_chk ()
#7 0x00009014 in printf ()
#8 0x000082a4 in main () at hw.c:13
(gdb) info registers
r0 0x83118 536856
r1 0x1 1
r2 0x6339c 406428
r3 0xbef95c3c 3204013116
r4 0x0 0
r5 0x83118 536856
r6 0x8400c 540684
r7 0x1 1
r8 0x6339c 406428
r9 0x85000 544768
r10 0xbef95c3c 3204013116
r11 0xbef95c54 3204013140
r12 0xbef95c3c 3204013116
sp 0xbef95b48 0xbef95b48
lr 0x14c84 85124
pc 0x14d00 0x14d00 <__vfprintf_chk+164>
fps 0x1001000 16781312
cpsr 0x20000010 536870928
(gdb) clear __vfprintf_chk
Deleted breakpoint 3
(gdb) clear *0x14d00
Deleted breakpoint 5
(gdb) cont
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x00014c5c in __vfprintf_chk ()
(gdb) bt
#0 0x00014c5c in __vfprintf_chk ()
#1 0x00014d04 in __vfprintf_chk ()
#2 0x00014d04 in __vfprintf_chk ()
#3 0x00014d04 in __vfprintf_chk ()
#4 0x00014d04 in __vfprintf_chk ()
#5 0x00014d04 in __vfprintf_chk ()
#6 0x00014d04 in __vfprintf_chk ()
...and, after some time...
#120383 0x00014d04 in __vfprintf_chk ()
#120384 0x00014d04 in __vfprintf_chk ()
#120385 0x00014d04 in __vfprintf_chk ()
#120386 0xgdb invoked oom-killer: gfp_mask=0x200da, order=0, oom_adj=0
00014d04 in __vfprintf_chk ()
#[<c002d3b0>] (unwind_backtrace+0x0/0xd8) from [<c007c6f4>] (T.278+0x3c/0x108)
...
#120427 0x00014d04 in __vfprintf_chk ()
#120428 0x00014d04 in __vfprintf_chk ()
Killed
#
--
For unsubscribe information see http://sourceware.org/lists.html#faq
More information about the crossgcc
mailing list