From owner-freebsd-hackers@FreeBSD.ORG Fri Apr 30 04:28:37 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1403116A4CE for ; Fri, 30 Apr 2004 04:28:37 -0700 (PDT) Received: from cgp.dol.ru (spiritus.dol.ru [194.87.5.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 950EB43D39 for ; Fri, 30 Apr 2004 04:28:35 -0700 (PDT) (envelope-from mitya@sinbin.demos.su) Received: from [194.87.5.31] (HELO sinbin.demos.su) by cgp.dol.ru (CommuniGate Pro SMTP 4.1.8/D2) with ESMTP-TLS id 160918276 for hackers@freebsd.org; Fri, 30 Apr 2004 15:28:31 +0400 Received: from sinbin.demos.su by sinbin.demos.su with ESMTPœ id i3UBSU5S022870; (8.12.11/D) Fri, 30 Apr 2004 15:28:30 +0400 (MSD) Received: (from mitya@localhost) by sinbin.demos.su (8.12.11/8.12.11/Submit) id i3UBSTZm022863 for hackers@freebsd.org; Fri, 30 Apr 2004 15:28:29 +0400 (MSD) (envelope-from mitya) Date: Fri, 30 Apr 2004 15:28:29 +0400 From: Dmitry Sivachenko To: hackers@freebsd.org Message-ID: <20040430112829.GA93243@sinbin.demos.su> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline WWW-Home-Page: http://mitya.pp.ru/ X-PGP-Key: http://mitya.pp.ru/mitya.asc User-Agent: Mutt/1.5.6i X-Mailman-Approved-At: Fri, 30 Apr 2004 05:21:39 -0700 Subject: /bin/sh question X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Apr 2004 11:28:37 -0000 Hello! We use recent -STABLE. We observed /bin/sh looping forever executing a script. We run this script with -T option to sh(1). When sh(1) receives a HUP, we entering our trap handler which spawns child process. When this process exits, sh(1) loops. The backtrace is the following: (gdb) bt #0 0x80763fc in wait4 () #1 0x8075941 in wait3 () #2 0x8051f8a in waitproc (block=1, status=0xbfbffa0c) at /mnt/backup/releng_4/src/bin/sh/jobs.c:1025 #3 0x8051cbd in dowait (block=1, job=0x80c6000) at /mnt/backup/releng_4/src/bin/sh/jobs.c:926 #4 0x8051b8a in waitforjob (jp=0x80c6000, origstatus=0xbfbffa88) at /mnt/backup/releng_4/src/bin/sh/jobs.c:870 #5 0x804be33 in evalcommand (cmd=0x80b6d6c, flags=0, backcmd=0x0) at /mnt/backup/releng_4/src/bin/sh/eval.c:904 #6 0x804acc0 in evaltree (n=0x80b6d6c, flags=0) at /mnt/backup/releng_4/src/bin/sh/eval.c:281 #7 0x804aafa in evaltree (n=0x80b6e04, flags=0) at /mnt/backup/releng_4/src/bin/sh/eval.c:199 #8 0x804aafa in evaltree (n=0x80b6e38, flags=0) at /mnt/backup/releng_4/src/bin/sh/eval.c:199 #9 0x804aa73 in evalstring ( s=0x80c5100 "rm -f /tmp/st28742.box221.zecke.demos.su; _clean SIGHUP /dev/tt yph.28742.zecke.demos.su 28742; exit") at /mnt/backup/releng_4/src/bin/sh/eval.c:171 #10 0x80598da in dotrap () at /mnt/backup/releng_4/src/bin/sh/trap.c:401 #11 0x804acf6 in evaltree (n=0x80b6d00, flags=0) at /mnt/backup/releng_4/src/bin/sh/eval.c:290 #12 0x80528f4 in cmdloop (top=1) at /mnt/backup/releng_4/src/bin/sh/main.c:250 The waitproc() at jobs.c:926 returns -1 and sets errno to ECHILD (because the child does not exist at that time). Since (pid <= 0) condition is true at jobs.c:935, -1 is returned and we are entering dotrap() at jobs.c:870. dotrap() never alters (struct job *)state. So we get an infinite loop around jobs.c:869. Unfortunatelly I can't provide a simple enough how-to-observe script for this, but the above logic seems weird for me. I can provide additional details or coredump if needed.