Description of problem: Sending signal to thread without signal handler in thread causes perl to segfault Version-Release number of selected component (if applicable): perl-5.10.1-116.fc13.x86_64 How reproducible: Every time Steps to Reproduce: 1. Run next program perl script: use strict; use threads; sub thr_func { print "thread started\n"; while(1) { sleep(100); } } my $thr = threads->create('thr_func'); $thr->kill('TERM'); Actual results: catchsegv perl test.pl produces: *** Segmentation fault Register dump: RAX: 0000000001bda7c0 RBX: 0000000001ba2040 RCX: 000000000000000a RDX: 0000000001beee70 RSI: 0000000000000000 RDI: 0000000001bda280 RBP: 0000000000000001 R8 : 0000000001c03cb0 R9 : 00000000000036d3 R10: 00007fff367f3770 R11: 000000383311eaf0 R12: 000000000000003c R13: 0000000000000008 R14: 0000000001bda280 R15: 0000000001c03cb0 RSP: 00007fff367f39f0 RIP: 00007f17604f5165 EFLAGS: 00010206 CS: 0033 FS: 0000 GS: 0000 Trap: 0000000e Error: 00000006 OldMask: 00000000 CR2: 0000003c FPUCW: 0000037f FPUSW: 00000000 TAG: 00000000 RIP: 00000000 RDP: 00000000 ST(0) 0000 0000000000000032 ST(1) 0000 000000000000000e ST(2) 0000 ffffffff801f8000 ST(3) 0000 ffffffff9b52007e ST(4) 0000 0000000000000000 ST(5) 0000 0000000000000000 ST(6) 0000 0000000000000000 ST(7) 0000 0000000000000005 mxcsr: 1fa0 XMM0: 000000000000000000000000ffffff00 XMM1: 000000000000000000000000ffffff00 XMM2: 000000000000000000000000ffffff00 XMM3: 000000000000000000000000ffffff00 XMM4: 000000000000000000000000ffffff00 XMM5: 000000000000000000000000ffffff00 XMM6: 000000000000000000000000ffffff00 XMM7: 000000000000000000000000ffffff00 XMM8: 000000000000000000000000ffffff00 XMM9: 000000000000000000000000ffffff00 XMM10: 000000000000000000000000ffffff00 XMM11: 000000000000000000000000ffffff00 XMM12: 000000000000000000000000ffffff00 XMM13: 000000000000000000000000ffffff00 XMM14: 000000000000000000000000ffffff00 XMM15: 000000000000000000000000ffffff00 Backtrace: /usr/lib64/perl5/auto/threads/threads.so(XS_threads_kill+0x145)[0x7f17604f5165] /usr/lib64/perl5/CORE/libperl.so(Perl_pp_entersub+0x5a5)[0x38330a6865] /usr/lib64/perl5/CORE/libperl.so(Perl_runops_standard+0x16)[0x38330a4b56] /usr/lib64/perl5/CORE/libperl.so(perl_run+0x338)[0x383304d0e8] perl(main+0xec)[0x400cac] /lib64/libc.so.6(__libc_start_main+0xfd)[0x3f7581ec5d] perl[0x400af9] Expected results: Additional info:
All Fedoras affected (F14 has threads-1.75). perl-5.10.1, threads 1.72 debug: Program received signal SIGSEGV, Segmentation fault. XS_threads_kill (my_perl=0x603010, cv=<value optimized out>) at threads.xs:1260 1260 PL_psig_pend[signal]++; threads.xs: /* Set the signal for the thread */ thread = S_SV_to_ithread(aTHX_ ST(0)); MUTEX_LOCK(&thread->mutex); if (thread->interp) { dTHXa(thread->interp); 1260 → PL_psig_pend[signal]++; PL_sig_pending = 1; } MUTEX_UNLOCK(&thread->mutex); 0x00007ffff1f4614a <+298>: mov 0x10(%r14),%r14 0x00007ffff1f4614e <+302>: test %r14,%r14 0x00007ffff1f46151 <+305>: je 0x7ffff1f46175 <XS_threads_kill+341> 0x00007ffff1f46153 <+307>: mov %r14,%rdi 0x00007ffff1f46156 <+310>: shl $0x2,%r12 0x00007ffff1f4615a <+314>: callq 0x7ffff1f43e68 <Perl_Ipsig_pend_ptr@plt> 0x00007ffff1f4615f <+319>: add (%rax),%r12 0x00007ffff1f46162 <+322>: mov %r14,%rdi => 0x00007ffff1f46165 <+325>: addl $0x1,(%r12) 0x00007ffff1f4616a <+330>: callq 0x7ffff1f44138 <Perl_Isig_pending_ptr@plt> %r12 has value 0x28, thus the code tries to increment value on address 0x28 that has been obtained by dereferencing %rax that is return value of Perl_Ipsig_pend_ptr@plt function. The function is hidden by PL_psig_pend macro probably.
There is something wrong with `make install' phase of threads module. When running the test case against built but installed module, there is no segfault: $ perl -I blib/arch -I blib/lib /tmp/perl_thread_kill Signal SIGTERM received, but no signal handler set. After installing (just `make install DESTDIR=/somewhere'), run against files from DESTDIR causes segfault: $ make install DESTDIR=/tmp/threads-1.77-build Files found in blib/arch: installing files in blib/lib into architecture dependent library tree Installing /tmp/threads-1.77-build/usr/lib64/perl5/auto/threads/threads.bs Installing /tmp/threads-1.77-build/usr/lib64/perl5/auto/threads/threads.so Installing /tmp/threads-1.77-build/usr/lib64/perl5/threads.pm Installing /tmp/threads-1.77-build/usr/share/man/man3/threads.3pm Appending installation info to /tmp/threads-1.77-build/usr/lib64/perl5/perllocal.pod $ perl -I /tmp/threads-1.77-build/usr/lib64/perl5/ /tmp/perl_thread_kill Segmentation fault I verified with strace that module is loaded from desired directory only.
So, it's not in the `make install'. The problem is with perl include paths: petr@dhcp-0-146:/tmp/threads-1.77-build/usr/lib64/perl5 $ find . ./threads.pm ./auto ./auto/threads ./auto/threads/.packlist ./auto/threads/threads.bs ./auto/threads/threads.so ./perllocal.pod petr@dhcp-0-146:/tmp/threads-1.77-build/usr/lib64/perl5 $ perl -I . /tmp/perl_thread_kill Perl exited with active threads: 1 running and unjoined 0 finished and unjoined 0 running and detached petr@dhcp-0-146:/tmp/threads-1.77-build/usr/lib64/perl5 $ perl -I $PWD /tmp/perl_thread_kill Segmentation fault
This bug has been fixed by upstream in 1.79 version. F15 contains 1.81. Already fixed. F14 contains 1.75. As all changes to 1.81 are fixes, I will rebase to 1.81. F13 contains 1.72. All changes to 1.81 are fixes. Rebase. F12 contains 1.67. Requires other internal functions. Need to look if rebase is possible. Back-porting the fix is not easy as there is a lot of changes in the code.
perl-threads-1.81-1.fc14,perl-5.12.2-136.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/perl-threads-1.81-1.fc14,perl-5.12.2-136.fc14
perl-threads-1.81-1.fc14, perl-5.12.2-136.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update perl-threads perl'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/perl-threads-1.81-1.fc14,perl-5.12.2-136.fc14
perl-5.10.1-120.fc13,perl-threads-1.81-1.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/perl-5.10.1-120.fc13,perl-threads-1.81-1.fc13
threads module has been upgraded to 1.79 in F12.
perl-5.10.0-96.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/perl-5.10.0-96.fc12
perl-5.10.0-96.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
perl-threads-1.81-1.fc14, perl-5.12.2-136.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
perl-5.10.1-120.fc13, perl-threads-1.81-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.