From nobody Sun Mar 6 00:20:37 2022 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 632D41A090D9 for ; Sun, 6 Mar 2022 00:27:27 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.org (uucp.dinoex.org [IPv6:2a0b:f840::12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "uucp.dinoex.sub.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KB2V63Tnsz3DWL; Sun, 6 Mar 2022 00:27:25 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.sub.de (uucp.dinoex.org [185.220.148.12]) by uucp.dinoex.org (8.17.1/8.17.1) with ESMTPS id 2260R4Ke071077 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Sun, 6 Mar 2022 01:27:04 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) X-Authentication-Warning: uucp.dinoex.sub.de: Host uucp.dinoex.org [185.220.148.12] claimed to be uucp.dinoex.sub.de Received: (from uucp@localhost) by uucp.dinoex.sub.de (8.17.1/8.17.1/Submit) with UUCP id 2260R4hc071076; Sun, 6 Mar 2022 01:27:04 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) Received: from gate.intra.daemon.contact (gate-e [192.168.98.2]) by citylink.dinoex.sub.de (8.16.1/8.16.1) with ESMTP id 2260MstI022349; Sun, 6 Mar 2022 01:22:54 +0100 (CET) (envelope-from peter@gate.intra.daemon.contact) Received: from gate.intra.daemon.contact (gate-e [192.168.98.2]) by gate.intra.daemon.contact (8.16.1/8.16.1) with ESMTPS id 2260Kb0l021816 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Sun, 6 Mar 2022 01:20:37 +0100 (CET) (envelope-from peter@gate.intra.daemon.contact) Received: (from peter@localhost) by gate.intra.daemon.contact (8.16.1/8.16.1/Submit) id 2260Kbtm021815; Sun, 6 Mar 2022 01:20:37 +0100 (CET) (envelope-from peter) Date: Sun, 6 Mar 2022 01:20:37 +0100 From: Peter To: Eugene Grosbein Cc: freebsd-stable@freebsd.org, Konstantin Belousov Subject: Re: Program crashes on stable/13 (but not on 12.3) Message-ID: References: List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Milter: Spamilter (Reciever: uucp.dinoex.sub.de; Sender-ip: 185.220.148.12; Sender-helo: uucp.dinoex.sub.de;) X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (uucp.dinoex.org [185.220.148.12]); Sun, 06 Mar 2022 01:27:07 +0100 (CET) X-Rspamd-Queue-Id: 4KB2V63Tnsz3DWL X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of pmc@citylink.dinoex.sub.org designates 2a0b:f840::12 as permitted sender) smtp.mailfrom=pmc@citylink.dinoex.sub.org X-Spamd-Result: default: False [-2.60 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.987]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; DMARC_NA(0.00)[sub.org]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.31)[-0.311]; MLMMJ_DEST(0.00)[freebsd-stable]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:205376, ipnet:2a0b:f840::/32, country:DE]; RCVD_TLS_LAST(0.00)[] X-ThisMailContainsUnwantedMimeParts: N On Sun, Mar 06, 2022 at 04:26:10AM +0700, Eugene Grosbein wrote: ! 06.03.2022 2:26, Peter wrote: ! ! Adding kib@ to CC: in case this is connected to recent commit by him. It is. ! > Hija, ! > ! > this program crashes SEGV on stable/13 after 135962 iterations, ! > but continues to run on 12.3. ! > ! > My stable/13 is still at 22ba2970766 - if You happen to be on a ! > newer level, then please just try this out. ! > ! > ------------------------------------------------------ ! > #include ! > #include ! > #include ! > ! > main() { ! > char buf[] = "12345678901234567890123456789012345678901234567890"; ! > int fd = open("/dev/null", O_RDONLY); ! > int i = 0; ! > ! > close(1); ! > dup2(fd, 1); ! > close(fd); ! > ! > while(1) { ! > fputs(buf, stdout); ! > fflush(stdout); ! > i++; ! > fprintf(stderr, "%d\n", i); ! > } ! > } ! > ------------------------------------------------------ ! > ! > I know that the code is bogus, but this is exactly what one of our ! > ports does (and why it started to crash after upgrading to stable/13). ! > ! > And I think it should not SEGV, anyway. ! > ! > For the full story, read here: ! > ! > https://forums.freebsd.org/threads/random-program-crashes-no-coredumps-and-error-94.84285/ ! ! fflush() in our libc recently got some change due to very old PR ! https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=76398 ! ! That change was merged to stable/13 after 13.0-RELEASE: ! https://cgit.freebsd.org/src/commit/?id=afa9a1f5ec9974793a8744c55036ef5c4d08903d Yes, this is the cause, I now checked before and after. I don't really see why it does what it does, even less why it only happens after so many invocations. I wouldn't bother much about it, because such crappy code somehow deserves to crash - but then, concerned is sysutils/bareos-client backup tool, and arbitrary memory corruption appears there, and I am not sure if this could lead to silently corrupted backup data. So it's probably not the best idea to keep this into 13.1.