From owner-freebsd-stable@freebsd.org  Thu Aug 27 20:16:53 2015
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61DE79C32FB
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Thu, 27 Aug 2015 20:16:53 +0000 (UTC)
 (envelope-from kostikbel@gmail.com)
Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 09845C5D
 for <freebsd-stable@freebsd.org>; Thu, 27 Aug 2015 20:16:52 +0000 (UTC)
 (envelope-from kostikbel@gmail.com)
Received: from tom.home (kostik@localhost [127.0.0.1])
 by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id t7RKGlAk042489
 (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
 Thu, 27 Aug 2015 23:16:47 +0300 (EEST)
 (envelope-from kostikbel@gmail.com)
DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua t7RKGlAk042489
Received: (from kostik@localhost)
 by tom.home (8.15.2/8.15.2/Submit) id t7RKGijb042488;
 Thu, 27 Aug 2015 23:16:44 +0300 (EEST)
 (envelope-from kostikbel@gmail.com)
X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com
 using -f
Date: Thu, 27 Aug 2015 23:16:44 +0300
From: Konstantin Belousov <kostikbel@gmail.com>
To: Michiel Boland <boland37@xs4all.nl>
Cc: Mark Martinec <Mark.Martinec+freebsd@ijs.si>, freebsd-stable@freebsd.org
Subject: Re: Latest stable (r287104) bash leaves zombies on exit
Message-ID: <20150827201644.GO2072@kib.kiev.ua>
References: <E1ZUucG-000C5n-0C@dilbert.ingresso.co.uk>
 <63a84f64baf8768a551fc6464e8e9526@mailbox.ijs.si>
 <20150827162602.GJ2072@kib.kiev.ua> <55DF5C95.90502@xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <55DF5C95.90502@xs4all.nl>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no
 autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2015 20:16:53 -0000

On Thu, Aug 27, 2015 at 08:53:09PM +0200, Michiel Boland wrote:
> The xterm program has a SIGCHLD signal handler that calls wait().
> If the handler is invoked while xterm is exiting, a deadlock occurs in rtld.
> 
> Cheers
> Michiel
> 
> #0  _umtx_op_err () at /usr/src/lib/libthr/arch/amd64/amd64/_umtx_op_err.S:37
> #1  0x000000080305a2b0 in __thr_rwlock_rdlock (rwlock=0x803272980,
>      flags=<value optimized out>, tsp=<value optimized out>)
>      at /usr/src/lib/libthr/thread/thr_umtx.c:277
> #2  0x000000080306179c in _thr_rtld_rlock_acquire (lock=0x803272980)
>      at thr_umtx.h:196
Please from the frame 2, do p *curthread.

> #3  0x00000008006a72c2 in rlock_acquire (lock=0x8008ba860,
>      lockstate=0x7fffffffd5b8) at /usr/src/libexec/rtld-elf/rtld_lock.c:201
> #4  0x00000008006a0c8d in _rtld_bind (obj=0x8006bc000, reloff=6840)
>      at /usr/src/libexec/rtld-elf/rtld.c:701
> #5  0x000000080069e46d in _rtld_bind_start ()
>      at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:121
> #6  0x0000000000445d34 in reapchild (n=20) at main.c:5177
> #7  <signal handler called>
It is more or less obvious that the reapchild(), which is the signal
handler, was called directly without a libthr thr_sighandler() wrapped
around it. This should be the cause of the problem.

I just verified that the signal handler is correctly wrapped for me, on
the latest stable/10.  Both with the pre-linked libthr.so and with the
library loaded dynamically at runtime.  I used the test program at the
end of the message, put breakpoint on the sigusr2_handler, and looked
at the backtrace, which must include thr_sighandler().  It did in my
case, for binary built with and without -lpthread.

Can you verify the presence of thr_sighandler() in the backtrace for
this test program, on your system ?

> #8  objlist_call_fini () at /usr/src/libexec/rtld-elf/rtld.c:769
> #9  0x00000008006a0c2b in rtld_exit () at /usr/src/libexec/rtld-elf/rtld.c:2710
> #10 0x00000008024e5406 in __cxa_finalize (dso=0x0)
>      at /usr/src/lib/libc/stdlib/atexit.c:200
> #11 0x000000080248692c in exit (status=0) at /usr/src/lib/libc/stdlib/exit.c:67
> #12 0x0000000000445f35 in Exit (n=0) at main.c:5078
> #13 0x0000000000456020 in Cleanup (code=0) at misc.c:5238
> #14 0x000000000044da49 in NormalExit () at misc.c:5222
> #15 0x000000000045a616 in readPtyData (xw=0x804cdc000, select_mask=0x6add80,
>      data=0x804d64000) at ptydata.c:221
> #16 0x0000000000421c48 in in_put (xw=0x804cdc000) at charproc.c:4700
> #17 0x0000000000421b6a in doinput () at charproc.c:4856
> #18 0x000000000041d992 in VTparse (xw=0x804cdc000) at charproc.c:4382
> #19 0x000000000041d87a in VTRun (xw=0x804cdc000) at charproc.c:6997
> #20 0x0000000000442c01 in main (argc=3, argv=0x7fffffffe6d0) at main.c:2607
> 
> #6  0x0000000000445d34 in reapchild (n=20) at main.c:5177
> 5177        pid = wait(NULL);
> Current language:  auto; currently minimal
> (gdb) l
> 5172        int olderrno = errno;
> 5173        int pid;
> 5174
> 5175        DEBUG_MSG("handle:reapchild\n");
> 5176
> 5177        pid = wait(NULL);
> 5178

/* $Id: rtld_sigresolv.c,v 1.6 2015/08/27 19:40:42 kostik Exp kostik $ */
/* /usr/local/opt/gcc-5.2.0/bin/gcc -Wall -Wextra -gdwarf-2 -O -o rtld_sigresolv rtld_sigresolv.c */

#include <sys/types.h>
#include <sys/wait.h>

#include <dlfcn.h>
#include <err.h>
#include <pthread.h>
#include <signal.h>
#include <stdlib.h>
#include <string.h>

static void
sigusr1_handler(int signo __unused, siginfo_t *si __unused, void *u __unused)
{
}

static void
sigusr2_handler(int signo __unused, siginfo_t *si __unused, void *u __unused)
{

	/* Do something which triggers symbol resolution. */
	wait(NULL);
}

static void
atexit_code(void)
{

	raise(SIGUSR2);
}

static void *
dummy_thread(void *arg __unused)
{

	return (NULL);
}

int
main(void)
{
	struct sigaction sa;
	void *thr_handle;
	int (*pthr_create)(pthread_t *, const pthread_attr_t *,
	    void *(*)(void *), void *);
	pthread_t pthread;
	int error;

	memset(&sa, 0, sizeof(sa));
	sa.sa_flags = SA_SIGINFO;
	sa.sa_sigaction = sigusr1_handler;
	error = sigaction(SIGUSR1, &sa, NULL);
	if (error != 0)
		err(1, "sigaction SIGUSR1");
	sa.sa_sigaction = sigusr2_handler;
	error = sigaction(SIGUSR2, &sa, NULL);
	if (error != 0)
		err(1, "sigaction SIGUSR2");
	raise(SIGUSR1); /* pre-resolve the raise symbol */

	error = atexit(atexit_code);
	if (error != 0)
		err(1, "atexit");

	thr_handle = dlopen("libpthread.so", RTLD_LAZY | RTLD_GLOBAL);
	if (thr_handle == NULL)
		errx(1, "dlopen(\"libpthread.so\"): %s", dlerror());
	pthr_create = dlsym(thr_handle, "pthread_create");
	if (pthr_create == NULL)
		errx(1, "dlsym(\"pthread_create\"): %s", dlerror());

	error = pthr_create(&pthread, NULL, dummy_thread, NULL);
	if (error != 0)
		errc(1, error, "pthread_create");
	
	return (0);
}