0004814: pthread_rwlock_unlock segfault! - BusyBox Bug and Patch Tracking

BusyBox Bug and Patch Tracking

Viewing Issue Simple Details [ Jump to Notes ]

[ View Advanced ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0004814

[uClibc] Posix Threads

crash

always

09-03-08 14:39

Reporter

Gustavo Moreira

View Status

public

Assigned To

uClibc

Priority

normal

Resolution

open

Status

assigned

Product Version

Summary

0004814: pthread_rwlock_unlock segfault!

Description

I'm using uClibc 0.9.29, the rwlock struct is into Posix (shm_open/mmap) shared memory with PTHREAD_PROCESS_SHARED process-shared attribute.
Four processes are using this rwlock concurrently, but curiously ever breaks here.
I added some additional information that I think will be helpful.
uClibc was compiled with Thread library implementation (linuxthreads (stable/old))
# HAS_NO_THREADS is not set
UCLIBC_HAS_THREADS=y
PTHREADS_DEBUG_SUPPORT=y
LINUXTHREADS_OLD=y

Additional Information

Breakpoint 1, page_configa_mode (psettings=0xb7db6000) at write_settings.c:456
456 time(&now);
(gdb) n
457 idle=is_idle(psettings);
(gdb)
459 pthread_rwlock_wrlock(&psettings->rwlock);
(gdb) p psettings->rwlock
$1 = {__rw_lock = {__status = 0, __spinlock = 0}, __rw_readers = 0, __rw_writer = 0x0, __rw_read_waiting = 0x0, __rw_write_waiting = 0x0, __rw_kind = 0, __rw_pshared = 1}
(gdb) n
460 psettings->config.sistema.estado.time_manual_mode_expire=(idle)
(gdb) p psettings->rwlock
$2 = {__rw_lock = {__status = 0, __spinlock = 0}, __rw_readers = 0, __rw_writer = 0xb7e85300, __rw_read_waiting = 0x4025300, __rw_write_waiting = 0x0, __rw_kind = 0,
__rw_pshared = 1}
(gdb) n
463 pthread_rwlock_unlock(&psettings->rwlock);
(gdb) p psettings->rwlock
$3 = {__rw_lock = {__status = 0, __spinlock = 0}, __rw_readers = 0, __rw_writer = 0xb7e85300, __rw_read_waiting = 0x4025300, __rw_write_waiting = 0x0, __rw_kind = 0,
__rw_pshared = 1}
(gdb) n

Program received signal SIGSEGV, Segmentation fault.
0xb7e7c50a in pthread_rwlock_unlock () from /lib/libpthread.so.0
(gdb) bt
0 0xb7e7c50a in pthread_rwlock_unlock () from /lib/libpthread.so.0
0000001 0x0804a152 in page_configa_mode (psettings=0xb7db6000) at write_settings.c:463
2 0x0804927a in main () at write_settings.c:138

(gdb) bt
0 0xb7e7c50a in pthread_rwlock_unlock () from /lib/libpthread.so.0
0000001 0x0804a152 in page_configa_mode (psettings=0xb7db6000) at write_settings.c:463
2 0x0804927a in main () at write_settings.c:138

The complete function in C is:

451 int page_configa_mode(settings_t *psettings)
452 {
453 time_t now;
454 unsigned char idle;
455
456 time(&now);
457 idle=is_idle(psettings);
458
459 pthread_rwlock_wrlock(&psettings->rwlock);
460 psettings->config.sistema.estado.time_manual_mode_expire=(idle)
461 ? now+psettings->config.sistema.timeout_manual*MINUTOS
462 : TIME_MANUAL_MODE_PENDING;
463 pthread_rwlock_unlock(&psettings->rwlock);
464
465 return 1;
466 }

The complete function in assembly is:

0x0804a0d5 <page_configa_mode+0>: push %ebp
0x0804a0d6 <page_configa_mode+1>: mov %esp,%ebp
0x0804a0d8 <page_configa_mode+3>: sub $0x18,%esp
0x0804a0db <page_configa_mode+6>: sub $0xc,%esp
0x0804a0de <page_configa_mode+9>: lea 0xfffffffc(%ebp),%eax
0x0804a0e1 <page_configa_mode+12>: push %eax
0x0804a0e2 <page_configa_mode+13>: call 0x8048e88 <time@plt>
0x0804a0e7 <page_configa_mode+18>: add $0x10,%esp
0x0804a0ea <page_configa_mode+21>: sub $0xc,%esp
0x0804a0ed <page_configa_mode+24>: pushl 0x8(%ebp)
0x0804a0f0 <page_configa_mode+27>: call 0x804c990 <is_idle>
0x0804a0f5 <page_configa_mode+32>: add $0x10,%esp
0x0804a0f8 <page_configa_mode+35>: mov %al,0xfffffffb(%ebp)
0x0804a0fb <page_configa_mode+38>: sub $0xc,%esp
0x0804a0fe <page_configa_mode+41>: pushl 0x8(%ebp)
0x0804a101 <page_configa_mode+44>: call 0x8048e48 <pthread_rwlock_wrlock@plt>
0x0804a106 <page_configa_mode+49>: add $0x10,%esp
0x0804a109 <page_configa_mode+52>: mov 0x8(%ebp),%eax
0x0804a10c <page_configa_mode+55>: mov %eax,0xfffffff4(%ebp)
0x0804a10f <page_configa_mode+58>: cmpb $0x0,0xfffffffb(%ebp)
0x0804a113 <page_configa_mode+62>: je 0x804a137 <page_configa_mode+98>
0x0804a115 <page_configa_mode+64>: mov 0x8(%ebp),%eax
0x0804a118 <page_configa_mode+67>: mov 0x24(%eax),%edx
0x0804a11b <page_configa_mode+70>: mov %edx,%eax
0x0804a11d <page_configa_mode+72>: add %eax,%eax
0x0804a11f <page_configa_mode+74>: add %edx,%eax
0x0804a121 <page_configa_mode+76>: lea 0x0(,%eax,4),%edx
0x0804a128 <page_configa_mode+83>: add %edx,%eax
0x0804a12a <page_configa_mode+85>: shl $0x2,%eax
0x0804a12d <page_configa_mode+88>: mov 0xfffffffc(%ebp),%edx
0x0804a130 <page_configa_mode+91>: add %eax,%edx
0x0804a132 <page_configa_mode+93>: mov %edx,0xfffffff0(%ebp)
0x0804a135 <page_configa_mode+96>: jmp 0x804a13e <page_configa_mode+105>
0x0804a137 <page_configa_mode+98>: movl $0x1,0xfffffff0(%ebp)
0x0804a13e <page_configa_mode+105>: mov 0xfffffff0(%ebp),%edx
0x0804a141 <page_configa_mode+108>: mov 0xfffffff4(%ebp),%eax
0x0804a144 <page_configa_mode+111>: mov %edx,0x4c(%eax)
0x0804a147 <page_configa_mode+114>: sub $0xc,%esp
0x0804a14a <page_configa_mode+117>: pushl 0x8(%ebp)
0x0804a14d <page_configa_mode+120>: call 0x8048fd8 <pthread_rwlock_unlock@plt>
0x0804a152 <page_configa_mode+125>: add $0x10,%esp
0x0804a155 <page_configa_mode+128>: mov $0x1,%eax
0x0804a15a <page_configa_mode+133>: leave
0x0804a15b <page_configa_mode+134>: ret

Attached Files

Relationships

There are no notes attached to this issue.

Issue History
Date Modified	Username	Field	Change
09-03-08 14:39	Gustavo Moreira	New Issue
09-03-08 14:39	Gustavo Moreira	Status	new => assigned
09-03-08 14:39	Gustavo Moreira	Assigned To	=> uClibc
09-03-08 14:43	Gustavo Moreira	Issue Monitored: Gustavo Moreira