11751 – chrt Segmentation fault

Bug 11751 - chrt Segmentation fault

Summary: chrt Segmentation fault

Status:	RESOLVED FIXED

Alias:	None

Product:	Busybox
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	1.29.x
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-04-04 15:48 UTC by Bin Zhang
Modified:	2019-04-05 17:49 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bin Zhang 2019-04-04 15:48:53 UTC

chrt woks with Buildroot 2018.02.x, now Segmentation fault with Buildroot 2019.02.1

I don't know how to debug.

pid 198 is one of the four threads of mpd.
chrt works with others pids, but with this one:
# chrt -p 198
Segmentation fault

# gdb --args chrt -p 198
GNU gdb (GDB) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "aarch64-buildroot-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from chrt...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/chrt -p 198

Program received signal SIGSEGV, Segmentation fault.
0x0000ffffb24f6510 in strlen () from /lib64/libc.so.6
(gdb) bt
#0  0x0000ffffb24f6510 in strlen () from /lib64/libc.so.6
#1  0x0000ffffb24c3e80 in vfprintf () from /lib64/libc.so.6
#2  0x0000ffffb24c99fc in printf () from /lib64/libc.so.6
#3  0x000000000042fd94 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Comment 1 Denys Vlasenko 2019-04-05 11:21:51 UTC

can you strace this invocation?

Comment 2 Bin Zhang 2019-04-05 14:04:53 UTC

# pidof mpd
142
# cat /proc/146/stat
stat    statm   status
# cat /proc/146/status 
Name:	output:Interfac
Umask:	0022
State:	S (sleeping)
Tgid:	142
Ngid:	0
Pid:	146

# chrt -p 146
Segmentation fault

# strace chrt -p 146
execve("/usr/bin/chrt", ["chrt", "-p", "146"], 0xffffd7c4b5e0 /* 14 vars */) = 0
brk(NULL)                               = 0x24016000
faccessat(AT_FDCWD, "/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/tls/aarch64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib64/tls/aarch64", 0xffffdb428560, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/tls/libresolv.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib64/tls", 0xffffdb428560, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/aarch64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib64/aarch64", 0xffffdb428560, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\3207\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=80392, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xffffa5f44000
mmap(NULL, 154072, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xffffa5ef3000
mprotect(0xffffa5f05000, 65536, PROT_NONE) = 0
mmap(0xffffa5f15000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0xffffa5f15000
mmap(0xffffa5f17000, 6616, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xffffa5f17000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\360\r\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1414752, ...}) = 0
mmap(NULL, 1486920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xffffa5d87000
mprotect(0xffffa5eda000, 61440, PROT_NONE) = 0
mmap(0xffffa5ee9000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x152000) = 0xffffa5ee9000
mmap(0xffffa5eef000, 12360, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xffffa5eef000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xffffa5f42000
mprotect(0xffffa5ee9000, 16384, PROT_READ) = 0
mprotect(0xffffa5f15000, 4096, PROT_READ) = 0
mprotect(0x472000, 4096, PROT_READ)     = 0
mprotect(0xffffa5f48000, 4096, PROT_READ) = 0
sched_getscheduler(146)                 = 1073741825
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...}) = 0
brk(NULL)                               = 0x24016000
brk(0x24037000)                         = 0x24037000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x30045e133} ---
+++ killed by SIGSEGV +++
Segmentation fault

Comment 3 Denys Vlasenko 2019-04-05 14:37:29 UTC

sched_getscheduler(146)                 = 1073741825

It's 0x40000001 = SCHED_RESET_ON_FORK | SCHED_FIFO

"Since Linux 2.6.32, the SCHED_RESET_ON_FORK flag can be ORed in policy when calling sched_setscheduler()". Not sure why sched_GETscheduler shows the bit, but it evidently does.

Trying to reference policies[pol].name with that causes SEGV.

Fixed in git.

Comment 4 Bin Zhang 2019-04-05 17:49:07 UTC

It works.
Thank you !