Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
DescriptionMarcela Mašláňová
2010-10-06 17:03:38 UTC
+++ This bug was initially created as a clone of Bug #622190 +++
Description of problem:
Sending signal to thread without signal handler in thread causes perl to segfault
Version-Release number of selected component (if applicable):
perl-5.10.1-116.fc13.x86_64
How reproducible:
Every time
Steps to Reproduce:
1.
Run next program perl script:
use strict;
use threads;
sub thr_func
{
print "thread started\n";
while(1) {
sleep(100);
}
}
my $thr = threads->create('thr_func');
$thr->kill('TERM');
Actual results:
catchsegv perl test.pl
produces:
*** Segmentation fault
Register dump:
RAX: 0000000001bda7c0 RBX: 0000000001ba2040 RCX: 000000000000000a
RDX: 0000000001beee70 RSI: 0000000000000000 RDI: 0000000001bda280
RBP: 0000000000000001 R8 : 0000000001c03cb0 R9 : 00000000000036d3
R10: 00007fff367f3770 R11: 000000383311eaf0 R12: 000000000000003c
R13: 0000000000000008 R14: 0000000001bda280 R15: 0000000001c03cb0
RSP: 00007fff367f39f0
RIP: 00007f17604f5165 EFLAGS: 00010206
CS: 0033 FS: 0000 GS: 0000
Trap: 0000000e Error: 00000006 OldMask: 00000000 CR2: 0000003c
FPUCW: 0000037f FPUSW: 00000000 TAG: 00000000
RIP: 00000000 RDP: 00000000
ST(0) 0000 0000000000000032 ST(1) 0000 000000000000000e
ST(2) 0000 ffffffff801f8000 ST(3) 0000 ffffffff9b52007e
ST(4) 0000 0000000000000000 ST(5) 0000 0000000000000000
ST(6) 0000 0000000000000000 ST(7) 0000 0000000000000005
mxcsr: 1fa0
XMM0: 000000000000000000000000ffffff00 XMM1: 000000000000000000000000ffffff00
XMM2: 000000000000000000000000ffffff00 XMM3: 000000000000000000000000ffffff00
XMM4: 000000000000000000000000ffffff00 XMM5: 000000000000000000000000ffffff00
XMM6: 000000000000000000000000ffffff00 XMM7: 000000000000000000000000ffffff00
XMM8: 000000000000000000000000ffffff00 XMM9: 000000000000000000000000ffffff00
XMM10: 000000000000000000000000ffffff00 XMM11: 000000000000000000000000ffffff00
XMM12: 000000000000000000000000ffffff00 XMM13: 000000000000000000000000ffffff00
XMM14: 000000000000000000000000ffffff00 XMM15: 000000000000000000000000ffffff00
Backtrace:
/usr/lib64/perl5/auto/threads/threads.so(XS_threads_kill+0x145)[0x7f17604f5165]
/usr/lib64/perl5/CORE/libperl.so(Perl_pp_entersub+0x5a5)[0x38330a6865]
/usr/lib64/perl5/CORE/libperl.so(Perl_runops_standard+0x16)[0x38330a4b56]
/usr/lib64/perl5/CORE/libperl.so(perl_run+0x338)[0x383304d0e8]
perl(main+0xec)[0x400cac]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x3f7581ec5d]
perl[0x400af9]
Expected results:
Additional info:
--- Additional comment from ppisar on 2010-08-17 15:59:22 CEST ---
All Fedoras affected (F14 has threads-1.75).
perl-5.10.1, threads 1.72 debug:
Program received signal SIGSEGV, Segmentation fault.
XS_threads_kill (my_perl=0x603010, cv=<value optimized out>) at threads.xs:1260
1260 PL_psig_pend[signal]++;
threads.xs:
/* Set the signal for the thread */
thread = S_SV_to_ithread(aTHX_ ST(0));
MUTEX_LOCK(&thread->mutex);
if (thread->interp) {
dTHXa(thread->interp);
1260 → PL_psig_pend[signal]++;
PL_sig_pending = 1;
}
MUTEX_UNLOCK(&thread->mutex);
0x00007ffff1f4614a <+298>: mov 0x10(%r14),%r14
0x00007ffff1f4614e <+302>: test %r14,%r14
0x00007ffff1f46151 <+305>: je 0x7ffff1f46175 <XS_threads_kill+341>
0x00007ffff1f46153 <+307>: mov %r14,%rdi
0x00007ffff1f46156 <+310>: shl $0x2,%r12
0x00007ffff1f4615a <+314>: callq 0x7ffff1f43e68 <Perl_Ipsig_pend_ptr@plt>
0x00007ffff1f4615f <+319>: add (%rax),%r12
0x00007ffff1f46162 <+322>: mov %r14,%rdi
=> 0x00007ffff1f46165 <+325>: addl $0x1,(%r12)
0x00007ffff1f4616a <+330>: callq 0x7ffff1f44138 <Perl_Isig_pending_ptr@plt>
%r12 has value 0x28, thus the code tries to increment value on address 0x28 that has been obtained by dereferencing %rax that is return value of Perl_Ipsig_pend_ptr@plt function. The function is hidden by PL_psig_pend macro probably.
--- Additional comment from ppisar on 2010-08-17 19:21:13 CEST ---
There is something wrong with `make install' phase of threads module. When running the test case against built but installed module, there is no segfault:
$ perl -I blib/arch -I blib/lib /tmp/perl_thread_kill
Signal SIGTERM received, but no signal handler set.
After installing (just `make install DESTDIR=/somewhere'), run against files from DESTDIR causes segfault:
$ make install DESTDIR=/tmp/threads-1.77-build
Files found in blib/arch: installing files in blib/lib into architecture dependent library tree
Installing /tmp/threads-1.77-build/usr/lib64/perl5/auto/threads/threads.bs
Installing /tmp/threads-1.77-build/usr/lib64/perl5/auto/threads/threads.so
Installing /tmp/threads-1.77-build/usr/lib64/perl5/threads.pm
Installing /tmp/threads-1.77-build/usr/share/man/man3/threads.3pm
Appending installation info to /tmp/threads-1.77-build/usr/lib64/perl5/perllocal.pod
$ perl -I /tmp/threads-1.77-build/usr/lib64/perl5/ /tmp/perl_thread_kill
Segmentation fault
I verified with strace that module is loaded from desired directory only.
--- Additional comment from ppisar on 2010-08-18 11:03:13 CEST ---
So, it's not in the `make install'. The problem is with perl include paths:
petr@dhcp-0-146:/tmp/threads-1.77-build/usr/lib64/perl5 $ find
.
./threads.pm
./auto
./auto/threads
./auto/threads/.packlist
./auto/threads/threads.bs
./auto/threads/threads.so
./perllocal.pod
petr@dhcp-0-146:/tmp/threads-1.77-build/usr/lib64/perl5 $ perl -I . /tmp/perl_thread_kill
Perl exited with active threads:
1 running and unjoined
0 finished and unjoined
0 running and detached
petr@dhcp-0-146:/tmp/threads-1.77-build/usr/lib64/perl5 $ perl -I $PWD /tmp/perl_thread_kill
Segmentation fault
Comment 2Marcela Mašláňová
2010-10-06 17:06:23 UTC
*** This bug has been marked as a duplicate of bug 626330 ***