From nobody@FreeBSD.org  Sat Mar 30 09:38:44 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (unknown [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id BB2A637B416
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 30 Mar 2002 09:38:43 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g2UHcbs12872;
	Sat, 30 Mar 2002 09:38:37 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200203301738.g2UHcbs12872@freefall.freebsd.org>
Date: Sat, 30 Mar 2002 09:38:37 -0800 (PST)
From: Gurusamy Sarathy <gsar@ActiveState.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: installing a SIGCHLD handler makes libc_r coredump
X-Send-Pr-Version: www-1.0

>Number:         36539
>Category:       kern
>Synopsis:       installing a SIGCHLD handler makes libc_r coredump
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 30 09:40:01 PST 2002
>Closed-Date:    Wed Jul 03 08:02:00 PDT 2002
>Last-Modified:  Wed Jul 03 08:02:00 PDT 2002
>Originator:     Gurusamy Sarathy
>Release:        4.2
>Organization:
ActiveState Corp.
>Environment:
FreeBSD clamp 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Mon Nov 20 13:02:55 GMT 2000     jkh@bento.FreeBSD.org:/usr/src/sys/compile/GENERIC  i386
      
>Description:
The test case should be self-explanatory.

% cc -g -o sig sig.c
% ./sig
Fatal error '_pq_remove: Not in priority queue' at line ? in file /usr/src/lib/libc_r/uthread/uthread_priority_queue.c (errno = ?)
Abort (core dumped)
% gdb ./sig ./sig.core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
Core was generated by `sig'.
Program terminated with signal 6, Abort trap.
Reading symbols from /usr/lib/libc_r.so.4...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x280a4320 in kill () from /usr/lib/libc_r.so.4
(gdb) bt
#0  0x280a4320 in kill () from /usr/lib/libc_r.so.4
#1  0x280ee6a6 in abort () from /usr/lib/libc_r.so.4
#2  0x280baffd in _thread_exit () from /usr/lib/libc_r.so.4
#3  0x280b440e in _pq_remove () from /usr/lib/libc_r.so.4
#4  0x280b6cb5 in _thread_kern_scheduler () from /usr/lib/libc_r.so.4
#5  0x0 in ?? ()
(gdb) q
      
>How-To-Repeat:
/*
 * Demonstrate crash in libc when a SIGCHLD handler is installed
 * either using sigaction() or signal() on FreeBSD 4.2-RELEASE.
 *
 * This program has different behavior when built with and without
 * -pthread.  When built with -pthread, it will coredump somewhere
 * in libc's uthread_priority_queue.c after running for a few
 * seconds.
 *
 * Build with:
 *    cc -g -o sig sig.c -pthread
 */

#include <stdio.h>
#include <signal.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>

void
reaper(int sig)
{
    int status;
    pid_t pid;
    int save_errno = errno;
    while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
        ;
    errno = save_errno;
    return;
}

int
main(int ac, char **av)
{
    struct sigaction sa;

    sa.sa_handler = reaper;
    sa.sa_flags = 0;
    sigemptyset(&sa.sa_mask);
    sigaction(SIGCHLD,&sa,NULL);
    /*signal(SIGCHLD,reaper);*/  /* this has the same problem */
    /*syscall(SYS_sigaction,SIGCHLD,&sa,NULL);*/ /* workaround */

    while (1) {
        pid_t c = fork();
        if (c < 0) {
            fprintf(stderr, "fork() failed: %s\n", strerror(errno));
            exit(1);
        }
        if (!c) {
            exit(0);
        }
        usleep(1); /* slow down, don't make too many children */
    }
}
      
>Fix:
None known.  See workaround mentioned in the test case.      
>Release-Note:
>Audit-Trail:

From: Maxim Konovalov <maxim@macomnet.ru>
To: Gurusamy Sarathy <gsar@ActiveState.com>
Cc: bug-followup@freebsd.org
Subject: Re: kern/36539: installing a SIGCHLD handler makes libc_r coredump
Date: Mon, 1 Apr 2002 18:16:52 +0400 (MSD)

 > >Environment:
 > FreeBSD clamp 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Mon Nov 20 13:02:55 GMT 2000     jkh@bento.FreeBSD.org:/usr/src/sys/compile/GENERIC  i386
 >
 > >Description:
 > The test case should be self-explanatory.
 >
 > % cc -g -o sig sig.c
 ^^^^^^^^^^^^^^^^^^^^^^
 
 Is this a typo? As far as I understand the subject it should be
 
 % cc -g -o sig sig.c -pthread
 
 > % ./sig
 > Fatal error '_pq_remove: Not in priority queue' at line ? in file /usr/src/lib/libc_r/uthread/uthread_priority_queue.c (errno = ?)
 > Abort (core dumped)
 
 Anyway, I cannot reproduce the bug on 4.5-STABLE.
 
 $ rm -f sig
 $ cc -g -o sig sig.c
 $ ./sig
 ^C
 $ rm -f sig
 $ cc -g -o sig sig.c -pthread
 $ ldd sig
 sig:
         libc_r.so.4 => /usr/lib/libc_r.so.4 (0x28065000)
 $ ./sig
 ^C
 $ uname -a
 FreeBSD golf.macomnet.net 4.5-STABLE FreeBSD 4.5-STABLE #0: Tue Mar 19
 18:55:07 MSK 2002 maxim@golf.macomnet.net:/usr/obj/usr/src/sys/GOLF  i386
 
 -- 
 Maxim Konovalov, MAcomnet, Internet-Intranet Dept., system engineer
 phone: +7 (095) 796-9079, mailto:maxim@macomnet.ru
 
 

From: Gurusamy Sarathy <gsar@ActiveState.com>
To: Maxim Konovalov <maxim@macomnet.ru>
Cc: Gurusamy Sarathy <gsar@ActiveState.com>, bug-followup@freebsd.org
Subject: Re: kern/36539: installing a SIGCHLD handler makes libc_r coredump 
Date: Mon, 01 Apr 2002 07:04:51 -0800

 On Mon, 01 Apr 2002 18:16:52 +0400, Maxim Konovalov wrote:
 >> % cc -g -o sig sig.c
 >^^^^^^^^^^^^^^^^^^^^^^
 >
 >Is this a typo? As far as I understand the subject it should be
 
 Oops, yes it's a cut-n-paste goof.  Sorry about that.
 
 >% cc -g -o sig sig.c -pthread
 >
 >> % ./sig
 >> Fatal error '_pq_remove: Not in priority queue' at line ? in file /usr/src/l
 >ib/libc_r/uthread/uthread_priority_queue.c (errno = ?)
 >> Abort (core dumped)
 >
 >Anyway, I cannot reproduce the bug on 4.5-STABLE.
 
 Interesting.  How long did you run it for?  The problem does not always
 show up here right away, but on a reasonable fast box invariably
 coredumps within a minute.
 
 >$ rm -f sig
 >$ cc -g -o sig sig.c
 >$ ./sig
 >^C
 >$ rm -f sig
 >$ cc -g -o sig sig.c -pthread
 >$ ldd sig
 >sig:
 >        libc_r.so.4 => /usr/lib/libc_r.so.4 (0x28065000)
 >
 >$ ./sig
 >^C
 >$ uname -a
 >FreeBSD golf.macomnet.net 4.5-STABLE FreeBSD 4.5-STABLE #0: Tue Mar 19
 >18:55:07 MSK 2002 maxim@golf.macomnet.net:/usr/obj/usr/src/sys/GOLF  i386
 
 Thanks for checking.  I'll try 4.5 next.
 
 
 Sarathy
 gsar@ActiveState.com

From: Maxim Konovalov <maxim@macomnet.ru>
To: Gurusamy Sarathy <gsar@ActiveState.com>
Cc: bug-followup@freebsd.org
Subject: Re: kern/36539: installing a SIGCHLD handler makes libc_r coredump
Date: Mon, 1 Apr 2002 19:36:52 +0400 (MSD)

 [...]
 > >Anyway, I cannot reproduce the bug on 4.5-STABLE.
 >
 > Interesting.  How long did you run it for?  The problem does not always
 > show up here right away, but on a reasonable fast box invariably
 > coredumps within a minute.
 
 For about ten minutes. It is Pentium II, 660MHz.
 
 > >$ rm -f sig
 > >$ cc -g -o sig sig.c
 > >$ ./sig
 > >^C
 > >$ rm -f sig
 > >$ cc -g -o sig sig.c -pthread
 > >$ ldd sig
 > >sig:
 > >        libc_r.so.4 => /usr/lib/libc_r.so.4 (0x28065000)
 > >
 > >$ ./sig
 > >^C
 > >$ uname -a
 > >FreeBSD golf.macomnet.net 4.5-STABLE FreeBSD 4.5-STABLE #0: Tue Mar 19
 > >18:55:07 MSK 2002 maxim@golf.macomnet.net:/usr/obj/usr/src/sys/GOLF  i386
 >
 > Thanks for checking.  I'll try 4.5 next.
 
 It would be great.
 
 -- 
 Maxim Konovalov, MAcomnet, Internet-Intranet Dept., system engineer
 phone: +7 (095) 796-9079, mailto:maxim@macomnet.ru
 
State-Changed-From-To: open->closed 
State-Changed-By: mp 
State-Changed-When: Wed Jul 3 08:01:03 PDT 2002 
State-Changed-Why:  
This appears to still be fixed in 4.6 and -current. Time to close it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=36539 
>Unformatted:
