On Thu, 10 Oct 2002, Oleg Nesterov wrote:
>
> Suppose process P in thread group was cloned _without_
> CLONE_DETACHED flag. Then another thread, group_leader
> for simplicity, does exec and calls de_thread(). It kills
> P via _broadcast_thread_group(). While doing do_exit(),
> P skips release_task(), because its exit_signal != -1,
> and becomes TASK_ZOMBIE.
>
> Then leader calls schedule() with TASK_UNINTERRUPTIBLE
> in while(oldsig->count > 1) {...} and sleeps forever,
> because nobody can do wake_up_process(sig->group_exit_task).
>
This program should hang leaving task in D state.
#include <unistd.h>
#include <signal.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <asm/unistd.h>
#define CLONE_SIGHAND 0x00000800
#define CLONE_THREAD 0x00010000
#define __NR_sys_clone __NR_clone
static inline _syscall2(int,sys_clone, int,flag, void*,stack)
int main(void)
{
static char stack[1024];
int pid = sys_clone(CLONE_THREAD | CLONE_SIGHAND | SIGCHLD, stack);
if (pid < 0) {
printf("ERR!! clone: %s.\n", strerror(errno));
return -1;
}
if (pid == 0) _exit(0);
execlp("echo", "echo", "Should not happen.", 0);
printf("ERR!! exec: %s.\n", strerror(errno));
return 0;
}
Oleg.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/