[PATCH] Fix timer_create to initialize timer_t properly
Suzuki Poulose
suzuki@in.ibm.com
Wed Sep 2 15:45:00 GMT 2009
Hi
The timer_create() doesn't set the sigev_notify field of the internal
struct timer allocated for SIGEV_THREAD sigevent handlers.
This causes the timers never getting deleted from the list maintained at
__active_timer_sigev_thread.
timer_delete:
if (kt->sigev_notify == SIGEV_THREAD)
{
/* Remove the timer from the list. */
This keeps a narrow window for a timer to get triggered, and before it
gets a chance, if the timer gets deleted the timer gets freed. But we
still find it in the __active_timer_sigev_thread list and tries to
execute it, resulting in a crash !
The problem is very intermittent. But I can recreate this using the
following shell script:
For eg:
while true; do ./tst-timer >/dev/null; [ $? -ne 0 ] && break; done
Illegal instruction (core dumped)
gdb tst-timer core.28182
[..]
[New Thread 28183]
Core was generated by `./tst-timer'.
Program terminated with signal 4, Illegal instruction.
#0 0x00000200001a8b72 in main_arena () from /lib64/libc.so.6
(gdb) bt
#0 0x00000200001a8b72 in main_arena () from /lib64/libc.so.6
#1 0x000002000002dcda in timer_sigev_thread (arg=0x80004010) at
../nptl/sysdeps/unix/sysv/linux/timer_routines.c:65
#2 0x00000200001b3a74 in start_thread (arg=<value optimized out>) at
pthread_create.c:299
#3 0x000002000011a3ce in thread_start () from /lib64/libc.so.6
(gdb) info th
3 Thread 28183 0x000002000011a34c in clone () from /lib64/libc.so.6
2 Thread 28182 0x00000200000e4428 in ?? () from /lib64/libc.so.6
* 1 Thread 28227 0x00000200001a8b72 in main_arena () from /lib64/libc.so.6
The attached patch fixes the issue.
I have verified the patch on s390x architecture.
Thoughts ?
Thanks
Suzuki
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: fix-timer-create-delete-crash.diff
URL: <http://sourceware.org/pipermail/libc-alpha/attachments/20090902/be010ee1/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tst-timer.c
URL: <http://sourceware.org/pipermail/libc-alpha/attachments/20090902/be010ee1/attachment.c>
More information about the Libc-alpha
mailing list