From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-34572-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 17742 invoked by alias); 19 Feb 2015 11:24:05 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
X-Seq: 34572
Received: (qmail 5581 invoked from network); 19 Feb 2015 11:24:02 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI,
	SPF_HELO_PASS autolearn=ham version=3.3.2
From: Kamil Dudka <kdudka@redhat.com>
To: zsh-workers@zsh.org
Subject: deadlock in free() called from a signal handler
Date: Thu, 19 Feb 2015 12:06:45 +0100
Message-ID: <37490085.zXPQGCoLTl@kdudka.brq.redhat.com>
User-Agent: KMail/4.14.4 (Linux/3.18.7-200.fc21.x86_64; KDE/4.14.4; x86_64; ; )
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22

We have a bug report about deadlock in zsh due to a call to free() from
a signal handler.  I have discovered a similar issue here on the list:

http://www.zsh.org/mla/workers/2014/msg01402.html

However, the above comment does not sound correct to me.  zfree() contains
calls to do signal queueing, only if zsh is compiled with ZSH_MEM, which
is not the default configuration.  Is this on purpose?

Would it make sense to surround also the plain free() wrapper by the signal
queueing macros?  I would be happy to provide a patch...

A backtrace of the deadlock (captured with zsh-4.3.10-9.el6.x86_64, but the
customer claims the issue is still reproducible with upstream zsh-5.0.7)
follows:

#0  __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:97
#1  0x000000380167d0a0 in _L_lock_5189 () from /lib64/libc-2.12.so
#2  0x00000038016789fb in _int_free (av=0x380198fe80, p=0x289d910, have_lock=0) at malloc.c:4959
#3  0x0000000000441d9d in freejob (jn=0x28854a0, deleting=1) at jobs.c:1031
#4  0x0000000000442d55 in printjob (jn=0x28854a0, lng=0, synch=<value optimized out>) at jobs.c:994
#5  0x00000000004458f1 in update_job (jn=0x28854a0) at jobs.c:460
#6  0x0000000000471fa3 in zhandler (sig=<value optimized out>) at signals.c:532
#7  <signal handler called>
#8  0x0000003801678723 in _int_free (av=0x380198fe80, p=0x289d2c0, have_lock=0) at malloc.c:4969
#9  0x00000000004228b5 in setunderscore (str=0x7f25cd27bd60 "ACTIONS\213\060\061") at exec.c:2162
#10 0x0000000000427851 in execcmd (state=<value optimized out>, input=0, output=0, how=0, last1=2) at exec.c:2571
#11 0x000000000042a396 in execpline2 (state=0x7fff909bd190, pcode=<value optimized out>, how=2, input=0, output=0, last1=0) at exec.c:1569
#12 0x000000000042a756 in execpline (state=0x7fff909bd190, slcode=<value optimized out>, how=2, last1=0) at exec.c:1355
#13 0x000000000042b9df in execlist (state=0x7fff909bd190, dont_change_job=1, exiting=0) at exec.c:1152
#14 0x0000000000449902 in execif (state=0x7fff909bd190, do_exec=0) at loop.c:515
#15 0x0000000000429274 in execcmd (state=<value optimized out>, input=0, output=0, how=0, last1=2) at exec.c:3016
#16 0x000000000042a396 in execpline2 (state=0x7fff909bd190, pcode=<value optimized out>, how=2, input=0, output=0, last1=0) at exec.c:1569
#17 0x000000000042a756 in execpline (state=0x7fff909bd190, slcode=<value optimized out>, how=2, last1=0) at exec.c:1355
#18 0x000000000042b9df in execlist (state=0x7fff909bd190, dont_change_job=1, exiting=0) at exec.c:1152
#19 0x000000000042bcb3 in execode (p=0x2898980, dont_change_job=1, exiting=0) at exec.c:980
#20 0x000000000042be34 in runshfunc (prog=0x2898980, wrap=0x0, name=0x7f25cd27b3a8 "PROCESS_CONTROLFILE") at exec.c:4469
#21 0x0000000000425e44 in doshfunc (shfunc=0x2898850, doshargs=<value optimized out>, noreturnval=<value optimized out>) at exec.c:4363
#22 0x00000000004262ad in execshfunc (shf=0x2898850, args=0x7f25cd27b290) at exec.c:4089
#23 0x0000000000429dd2 in execcmd (state=<value optimized out>, input=0, output=0, how=0, last1=2) at exec.c:3064
#24 0x000000000042a396 in execpline2 (state=0x7fff909c0310, pcode=<value optimized out>, how=18, input=0, output=0, last1=0) at exec.c:1569
...
#53 0x0000000000429274 in execcmd (state=<value optimized out>, input=0, output=0, how=0, last1=2) at exec.c:3016
#54 0x000000000042a396 in execpline2 (state=0x7fff909c0310, pcode=<value optimized out>, how=18, input=0, output=0, last1=0) at exec.c:1569
#55 0x000000000042a756 in execpline (state=0x7fff909c0310, slcode=<value optimized out>, how=18, last1=0) at exec.c:1355
#56 0x000000000042b9df in execlist (state=0x7fff909c0310, dont_change_job=0, exiting=0) at exec.c:1152
#57 0x000000000042bcb3 in execode (p=0x7f25cd282c98, dont_change_job=0, exiting=0) at exec.c:980
#58 0x000000000043c657 in loop (toplevel=1, justonce=0) at init.c:183
#59 0x000000000043e1fe in zsh_main (argc=<value optimized out>, argv=<value optimized out>) at init.c:1471
#60 0x000000380161ed1d in __libc_start_main (main=0x40db10 <main>, argc=2, ubp_av=0x7fff909c0548, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fff909c0538) at libc-start.c:226
#61 0x000000000040da49 in _start ()