Under 2.6.32-rcX, processes using libgc (garbage collection C library), including w3m, or mktable tool which is part of w3m build process, crash with segmentation fault. This does not happen with 2.6.31 and back. Kernel version which has the problem: 2.6.32-rc4 (didn't check earlier RCs). Kernel version that does not have the problem: 2.6.31. Steps to reproduce: install w3m run w3m w3m will crash at startup, about 2 times out of 3. Tested with both w3m in Fedora 11 and ubuntu 8.10 Dmesg shows this output: [ 126.011833] w3m[2317]: segfault at ffe00010 ip 00000000f76f0453 sp 00000000ffdfefd0 error 4 in libgc.so.1.0.2[f76dd000+23000] Note: when run under gdb, the crash does not happen. strace w3m shows: $ strace w3m execve("/usr/bin/w3m", ["w3m"], [/* 19 vars */]) = 0 brk(0) = 0x8ffa000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7760000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=21239, ...}) = 0 mmap2(NULL, 21239, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf775a000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/tls/i686/cmov/libm.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@4\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=149332, ...}) = 0 mmap2(NULL, 151680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf7734000 mmap2(0xf7758000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x23) = 0xf7758000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/tls/i686/cmov/libnsl.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\00001\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=87804, ...}) = 0 mmap2(NULL, 100328, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf771b000 mmap2(0xf7730000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0xf7730000 mmap2(0xf7732000, 6120, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf7732000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/tls/i686/cmov/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \n\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=9676, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf771a000 mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf7716000 mmap2(0xf7718000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xf7718000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/libgc.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\231"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=147456, ...}) = 0 mmap2(NULL, 212700, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf76e2000 mmap2(0xf7705000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x23) = 0xf7705000 mmap2(0xf7706000, 65244, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf7706000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/i686/cmov/libssl.so.0.9.8", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\305\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=282052, ...}) = 0 mmap2(NULL, 284952, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf769c000 mmap2(0xf76de000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x41) = 0xf76de000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/i686/cmov/libcrypto.so.0.9.8", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\303\3"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=1340100, ...}) = 0 mmap2(NULL, 1352408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf7551000 mmap2(0xf7683000, 86016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x132) = 0xf7683000 mmap2(0xf7698000, 13016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf7698000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/libgpm.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\26"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=21968, ...}) = 0 mmap2(NULL, 25716, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf754a000 mmap2(0xf754f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0xf754f000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/libncurses.so.5", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\220"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=190584, ...}) = 0 mmap2(NULL, 194420, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf751a000 mmap2(0xf7547000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2c) = 0xf7547000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340g\1"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1425800, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7519000 mmap2(NULL, 1431152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf73bb000 mmap2(0xf7513000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x158) = 0xf7513000 mmap2(0xf7516000, 9840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf7516000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/tls/i686/cmov/libpthread.so.0", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000H\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=116457, ...}) = 0 mmap2(NULL, 98784, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf73a2000 mmap2(0xf73b7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0xf73b7000 mmap2(0xf73b9000, 4576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf73b9000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/libgcc_s.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\34"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=54740, ...}) = 0 mmap2(NULL, 57864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf7393000 mmap2(0xf73a0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc) = 0xf73a0000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/libz.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\31\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=83552, ...}) = 0 mmap2(NULL, 86284, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf737d000 mmap2(0xf7391000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0xf7391000 close(3) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf737c000 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf737b000 set_thread_area({entry_number:-1 -> 12, base_addr:0xf737b6b0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 mprotect(0xf73a0000, 4096, PROT_READ) = 0 mprotect(0xf73b7000, 4096, PROT_READ) = 0 mprotect(0xf7513000, 8192, PROT_READ) = 0 mprotect(0xf754f000, 4096, PROT_READ) = 0 mprotect(0xf7683000, 32768, PROT_READ) = 0 mprotect(0xf76de000, 4096, PROT_READ) = 0 mprotect(0xf7718000, 4096, PROT_READ) = 0 mprotect(0xf7730000, 4096, PROT_READ) = 0 mprotect(0xf7758000, 4096, PROT_READ) = 0 mprotect(0x80c7000, 4096, PROT_READ) = 0 mprotect(0xf777d000, 4096, PROT_READ) = 0 munmap(0xf775a000, 21239) = 0 set_tid_address(0xf737b6f8) = 2371 set_robust_list(0xf737b700, 0xc) = 0 futex(0xffa326b0, 0x81 /* FUTEX_??? */, 1) = 0 rt_sigaction(SIGRTMIN, {0xf73a62e0, [], SA_SIGINFO}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {0xf73a6720, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0 uname({sys="Linux", node="robin", ...}) = 0 brk(0) = 0x8ffa000 brk(0x901b000) = 0x901b000 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/share/locale/locale.alias", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=2586, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf775f000 read(3, "# Locale name alias data base.\n#"..., 4096) = 2586 read(3, "", 4096) = 0 close(3) = 0 munmap(0xf775f000, 4096) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=373, ...}) = 0 mmap2(NULL, 373, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf775f000 close(3) = 0 open("/usr/lib/gconv/gconv-modules.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=26040, ...}) = 0 mmap2(NULL, 26040, PROT_READ, MAP_SHARED, 3, 0) = 0xf7374000 close(3) = 0 futex(0xf7515a4c, 0x81 /* FUTEX_??? */, 2147483647) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_MEASUREMENT", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_MEASUREMENT", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=23, ...}) = 0 mmap2(NULL, 23, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf775e000 close(3) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_TELEPHONE", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_TELEPHONE", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=59, ...}) = 0 mmap2(NULL, 59, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf775d000 close(3) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_ADDRESS", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_ADDRESS", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=155, ...}) = 0 mmap2(NULL, 155, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf775c000 close(3) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_NAME", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_NAME", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=77, ...}) = 0 mmap2(NULL, 77, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf775b000 close(3) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_PAPER", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_PAPER", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=34, ...}) = 0 mmap2(NULL, 34, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf775a000 close(3) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_MESSAGES", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_MESSAGES", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 close(3) = 0 open("/usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=52, ...}) = 0 mmap2(NULL, 52, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf7373000 close(3) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_MONETARY", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_MONETARY", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=286, ...}) = 0 mmap2(NULL, 286, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf7372000 close(3) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_COLLATE", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_COLLATE", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=921214, ...}) = 0 mmap2(NULL, 921214, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf7291000 close(3) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_TIME", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_TIME", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=2451, ...}) = 0 mmap2(NULL, 2451, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf7290000 close(3) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_NUMERIC", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_NUMERIC", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=54, ...}) = 0 mmap2(NULL, 54, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf728f000 close(3) = 0 open("/usr/lib/locale/en_US.UTF-8/LC_CTYPE", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/locale/en_US.utf8/LC_CTYPE", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=254076, ...}) = 0 mmap2(NULL, 254076, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf7250000 close(3) = 0 rt_sigaction(SIGPWR, {0xf76fdcb0, ~[INT QUIT ABRT BUS SEGV TERM RTMIN RT_1], SA_RESTART}, NULL, 8) = 0 rt_sigaction(SIGXCPU, {0xf76fd6d0, ~[INT QUIT ABRT BUS SEGV TERM RTMIN RT_1], SA_RESTART}, NULL, 8) = 0 open("/proc/stat", O_RDONLY) = 3 read(3, "cpu 1074 0 374 24485 14 26 3 0 "..., 4096) = 4096 close(3) = 0 open("/proc/self/stat", O_RDONLY) = 3 read(3, "2371 (w3m) R 2370 2370 2291 3481"..., 4096) = 213 close(3) = 0 brk(0x902b000) = 0x902b000 brk(0x903b000) = 0x903b000 brk(0x904b000) = 0x904b000 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ Process 2371 detached filing uder process management because of /proc and sigaction things at the end.
NOT reproduced on Gentoo/2.6.32-rc5, post .config just in case.
Created attachment 23554 [details] .config showing the problem .config attached
Note: I am running 32 bit userspace on 64 bit kernel I just checked 64 bit userspace and it does not seem to have this problem
reproduced in compat mode
oh wow! d899bf7b55f503ba7d3d07ed27c3a37e270fa7db is the first bad commit commit d899bf7b55f503ba7d3d07ed27c3a37e270fa7db Author: Stefani Seibold <stefani@seibold.net> Date: Tue Sep 22 16:45:40 2009 -0700 procfs: provide stack information for threads
With this patch applied, w3m does not crash anymore for me.
The patch fixing the issue in question is: > Assign tsk->stack_start even when doing compat execve(2). > > As side effect, fix segfault inside boehm-gc library. > http://bugzilla.kernel.org/show_bug.cgi?id=14478 > > Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Alexey, please attach it in bugzilla.
diff -puN fs/compat.c~proc-fix-stack_start-in-compat-mode fs/compat.c --- a/fs/compat.c~proc-fix-stack_start-in-compat-mode +++ a/fs/compat.c @@ -1531,6 +1531,8 @@ int compat_do_execve(char * filename, if (retval < 0) goto out; + current->stack_start = current->mm->start_stack; + /* execve succeeded */ current->fs->in_exec = 0; current->in_execve = 0;
commit 89240ba059ca468ae7a8346edf7f95082458c2fc x86, fs: Fix x86 procfs stack information for threads on 64-bit