crash after receiving SIGCHLD during system call

[David Mosberger]

Hmmh, sure enough: the "movle r6, r3" instruction has hex code
0xd1a06003.  If we decode the lower-half of that (0x6003) as Thumb,
it'd be a "store with immediate offset" instruction, with r3 as
destination, r0 as base, and 0 offset.  The tombstone shows
r3=ff000000.  I'm not sure where to look for the fault-triggering
address in the tombstone, but it seems a store to 0xff00000 was
attempted and that caused the segfault.  Correct?