proplib bug

[Adam Hamsik <haaaad%gmail.com@localhost>]

Hi folks,

Today during my school project work I have found this really strange  
bug in proplib.
I have not been able to find what is wrong, but it is easily  
reproducible with this code [1].

Example backtrace

# ./prop_test 16
pdk_key = dic_test
Memory fault (core dumped)
# gdb prop_test prop_test.core
GNU gdb 6.5
[snip]
Core was generated by `prop_test'.
Program terminated with signal 11, Segmentation fault.
#0  0xbbb60cff in _malloc_prefork () from /usr/lib/libc.so.12
(gdb) bt
#0  0xbbb60cff in _malloc_prefork () from /usr/lib/libc.so.12
#1  0xbbb60f17 in free () from /usr/lib/libc.so.12
#2  0xbbbd5c20 in _prop_dict_keysym_put (pdk=0xbb804040) at /usr/src/ 
common/lib/libprop/prop_dictionary.c:213
#3  0xbbbd6079 in _prop_dict_keysym_free (stack=0xbb5ff9e4,  
obj=0xbb5ffb04) at /usr/src/common/lib/libprop/prop_dictionary.c:228
#4  0xbbbd3f4a in prop_object_release (obj=0xbb804040) at /usr/src/ 
common/lib/libprop/prop_object.c:1085
#5  0xbbbd697d in _prop_dictionary_free (stack=0xbb5ffb64,  
obj=0xbb5ffc84) at /usr/src/common/lib/libprop/prop_dictionary.c:385
#6  0xbbbd3f4a in prop_object_release (obj=0xbb801040) at /usr/src/ 
common/lib/libprop/prop_object.c:1085
#7  0x080489b9 in prop_test (data=0x0) at prop_test.c:39
#8  0xbbbe5af7 in pthread_create () from /usr/lib/libpthread.so.0
#9  0xbbb25160 in swapcontext () from /usr/lib/libc.so.12


I have found that _prop_dict_keysym_put is called with pdk =  
"dict_test"(dictionary keysym).
I think that it is some weird race condition bug because sometimes I  
need more than one run
to trigger it even for e.g. 64 threads.

I had to disable usage of NetBSD rb implementation because without it  
backtrace was like this

# ./prop_test 16
Memory fault (core dumped)
# gdb prop_test prop_test.core
GNU gdb 6.5
[snip]
Core was generated by `prop_test'.
Program terminated with signal 11, Segmentation fault.
#0  0xbbb27fd8 in rb_tree_remove_node () from /usr/lib/libc.so.12
(gdb) bt
#0  0xbbb27fd8 in rb_tree_remove_node () from /usr/lib/libc.so.12
#1  0xbbbd5fbc in _prop_dict_keysym_free (stack=0xba1ffae4,  
obj=0xba1ffc04) at /usr/src/common/lib/libprop/prop_dictionary.c:224
#2  0xbbbd3eba in prop_object_release (obj=0xb9504040) at /usr/src/ 
common/lib/libprop/prop_object.c:1085
#3  0xbbbd68d1 in _prop_dictionary_free (stack=0xba1ffc64,  
obj=0xba1ffd84) at /usr/src/common/lib/libprop/prop_dictionary.c:384
#4  0xbbbd3eba in prop_object_release (obj=0xb9401040) at /usr/src/ 
common/lib/libprop/prop_object.c:1085
#5  0x08048945 in prop_test (data=0x0) at prop_test.c:41
#6  0xbbbe5af7 in pthread_create () from /usr/lib/libpthread.so.0
#7  0xbbb25160 in swapcontext () from /usr/lib/libc.so.12

My NetBSD version is
NetBSD x350 5.99.01 NetBSD 5.99.01 (GENERIC.DM) #2: Sat Nov  1  
02:01:59 CET 2008  haad@:/usr/src/sys/arch/i386/compile/GENERIC.DM i386

with old(4.99.72) userland.


Any ideas how to debug this ?

[1] www.netbsd.org/~haad/prop_test.c

Regards

Adam.