bin/66242: endless loop in sh(1)

Tue May 4 02:10:26 PDT 2004

>Number:         66242
>Category:       bin
>Synopsis:       endless loop in sh(1)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 04 02:10:25 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry Sivachenko
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
>Environment:
System: FreeBSD mitya.mitya.static.dol.ru 5.2-CURRENT FreeBSD 5.2-CURRENT #1: Sun Apr 18 17:57:01 MSD 2004 mitya at mitya.mitya.static.dol.ru:/usr/obj/usr/src/sys/CAVIA i386

The following sh(1) behaviour can be observed on both -CURRENT and -STABLE.

>Description:
Consider the following script:

#!/bin/sh -T

trap 'echo TRAP!; ps; exit 1' HUP;

echo 'Started...'
read a

Run it and send HUP signal to sh(1) while it is waiting for 'read' command.
You reach trap handler, ps(1) output appears but the script does NOT exit
and sh(1) process starts to eat 100% of CPU.

Here is truss output:
wait4(0xffffffff,0xbfbfe9d8,0x2,0x0)             ERR#10 'No child processes'
wait4(0xffffffff,0xbfbfe9d8,0x2,0x0)             ERR#10 'No child processes'
wait4(0xffffffff,0xbfbfe9d8,0x2,0x0)             ERR#10 'No child processes'
wait4(0xffffffff,0xbfbfe9d8,0x2,0x0)             ERR#10 'No child processes'
wait4(0xffffffff,0xbfbfe9d8,0x2,0x0)             ERR#10 'No child processes'
wait4(0xffffffff,0xbfbfe9d8,0x2,0x0)             ERR#10 'No child processes'
......

Here is backtrace:

(gdb) bt
#0  0x80763fc in wait4 ()
#1  0x8075941 in wait3 ()
#2  0x8051f8a in waitproc (block=1, status=0xbfbffa0c)
    at /mnt/backup/releng_4/src/bin/sh/jobs.c:1025
#3  0x8051cbd in dowait (block=1, job=0x80c6000)
    at /mnt/backup/releng_4/src/bin/sh/jobs.c:926
#4  0x8051b8a in waitforjob (jp=0x80c6000, origstatus=0xbfbffa88)
    at /mnt/backup/releng_4/src/bin/sh/jobs.c:870
#5  0x804be33 in evalcommand (cmd=0x80b6d6c, flags=0, backcmd=0x0)
    at /mnt/backup/releng_4/src/bin/sh/eval.c:904
#6  0x804acc0 in evaltree (n=0x80b6d6c, flags=0)
    at /mnt/backup/releng_4/src/bin/sh/eval.c:281
#7  0x804aafa in evaltree (n=0x80b6e04, flags=0)
    at /mnt/backup/releng_4/src/bin/sh/eval.c:199
#8  0x804aafa in evaltree (n=0x80b6e38, flags=0)
    at /mnt/backup/releng_4/src/bin/sh/eval.c:199
#9  0x804aa73 in evalstring (
    s=0x80c5100 "rm -f /tmp/st28742.box221.zecke.demos.su; _clean SIGHUP /dev/tt
yph.28742.zecke.demos.su 28742;  exit")
    at /mnt/backup/releng_4/src/bin/sh/eval.c:171
#10 0x80598da in dotrap () at /mnt/backup/releng_4/src/bin/sh/trap.c:401
#11 0x804acf6 in evaltree (n=0x80b6d00, flags=0)
    at /mnt/backup/releng_4/src/bin/sh/eval.c:290
#12 0x80528f4 in cmdloop (top=1) at /mnt/backup/releng_4/src/bin/sh/main.c:250

The waitproc() at jobs.c:926 returns -1 and sets errno to ECHILD (because
the child does not exist at that time).
Since (pid <= 0) condition is true at jobs.c:935, -1 is returned and we are
entering dotrap() at jobs.c:870.  dotrap() never alters 'state' field
of struct job.

>How-To-Repeat:

See above.
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: