30 May 2021
The weirdest bug I've ever encountered
I am responsible for the reliability of the firmware updates on our devices and this work never gets boring. The thing about firmware updates is that by definition, every bug is caused by the updater because before installing the affected version, the bug was not present. You could say that updates are the cause and the solution of all software problems. So, a lot of update bug reports that find their way to me have nothing to do with the updater per se, they just manifest themselves immediately, giving the impression that the updater is broken. But I'm getting ahead of myself, so let's start from the beginning.
A new bug comes in: Update failed from version X to version Y, error getting log files from sensor. After that, the user manually rebooted the machine and it worked again.
I connect to the machine and download all the logfiles. In the logs, I see that the update installed successfully. After the reboot which starts the newly installed firmware, there were some minor problems: Some processes took a bit longer to start than expected. Other than that, the log looks clean, no errors that could explain this behaviour.
I try to install the affected Firmware version Y on various devices. The problem does not appear. But as luck has it, a co-worker encountered the problem and had the presence of mind to recognize it and leave the system undisturbed for analysis. Connecting to the system is difficult because it is laggy and slow. The device can barely handle simple commands. Weird. Let's run top.
60 processes; 646 threads;
CPU states: 16.0% user, 35.0% kernel
CPU 0 Idle: 55.4%
CPU 1 Idle: 42.4%
Memory: 0 total, 543M avail, page size 4K
PID TID PRI STATE HH:MM:SS CPU COMMAND
1 12 10 Run 1:51:21 17.72% kernel
1 5 10 Run 2:13:10 17.04% kernel
602168 1 10 Rdy 3:30:01 13.98% ps
229398 1 21 Rcv 0:09:32 0.67% smb-tunnelcreek
778301 1 10 Rply 0:00:00 0.62% top
253978 2 21 NSlp 0:05:43 0.40% devi-tsc2007
1 6 10 Rcv 2:08:09 0.25% kernel
7 2 21 Rcv 0:01:41 0.07% io-pkt-v4-hc
581675 15 10 CdV 0:00:17 0.07% telescope
8200 9 21 Rcv 0:00:35 0.05% io-usb
Min Max Average
CPU 0 idle: 55% 55% 55%
CPU 1 idle: 42% 42% 42%
Mem Avail: 543MB 543MB 543MB
Processes: 60 60 60
Threads: 646 646 646
Okay, we immediately have some clues here. The QNX kernel is doing a lot of stuff and so is ps. We see that the CPU load of the two cores is about 50%. But we know that the system has hyperthreading and only has one physical core, so the real load is actually more like 100%. To me, it looks like ps is saturating the core completely, the kernel load is probably caused by whatever ps is doing.
Who is calling ps? With ps -ef we can see the PPID, the parent process id, to track down who spawned this process. Ironically, we use ps to debug this ps problem. Like this, I find that it was spawned by the shell sh, which in turn was spawned by one of our proprietary processes. Equipped with the knowledge of which process is affected and analysing the logs to find out where this process got stuck, I quickly find the offending line of code. It looks like this: int rc = system( "ps -e | grep Foo" ); where Foo is some program whose presence we need to check. Not the prettiest way to implement it, but it is legacy code that worked for many years. I also see that this code only gets executed on certain old hardwares. This explains why the problem never reproduced on most systems, they have newer hardware. Even on the old hardware, it is exceedingly rare and hard to reproduce. Killing the offending ps process, which loops infinitely otherwise, unblocks the system and restores normal operation.
We now know a lot about this problem, but what is the root cause? The ps program causes 100% CPU load... What is this? We use QNX 6.6 and ps is supplied as a closed source binary. To understand this problem, we need to analyse the ps utility itself. We can already do that at the assembly level. The QNX Momentics IDE has an option "Attach to Remote Process via QConn" with which I can tap right into the running process. We see that it is stuck in a loop that calls devctl() over and over again. The return value of this devctl() is 3 which is ESRCH: No such process. This error comes straight from MsgSendv_r which returned -3. It documents that ESRCH means The server died while the calling thread was SEND-blocked or REPLY-blocked..
Okay, so, ps gets stuck in an infinite loop. Dare I say it: Do we have a ps bug on our hands? The QNX ecosystem is generally quite robust. In the past, it almost always ended up being my own mistake when I suspected problems in QNX and its utilities. But how can the infinite loop seen in live assembly debugging be explained with a user error of ps?
At this point, an intermezzo with some QNX history is in order. A bit more than a decade ago, the QNX source code was available to the public. Back then, QNX had a vibrant open source community. People would experiment with the kernel, write various useful utilities and help each other in forums. QNX even had a fully featured Desktop GUI, ran Firefox and was self-hosting, so you could develop for QNX right on QNX itself with full IDE and compiler support. It was beautiful. Then QNX was bought, source code access was revoked and the community largely withered away. Questions were increasingly asked via private support tickets directly to QNX, locked away from the public. QNX know-how becomes harder and harder to acquire, open source software for modern QNX releases is essentially non-existent and the driver situation is a catastrophe. The QNX kernel is the most beautiful and interesting kernel I have ever had the pleasure of working with, but it lies in the shackles of corporate ownership.
Back to the bug. So there is old QNX source code lying around. Do you think anyone has modified the source code of the ps utility throughout the last 15 years? Me neither! Let's dive right into the old code.
The old ps utility compiles for QNX 6.6 on the first try. Nice! It works just like the closed source binary we have. I install my newly compiled ps, write some software to automatically test reboots in a loop overnight and am able to reproduce the problem with this custom ps binary. Perfect! Now we can use the "Attach to Remote Process via QConn" feature again, but this time we have the source code of our ps. I already read the source code of the old ps before I did all of this, and I already had my suspicions as to which devctl() call was being repeated endlessly in the loop, so it comes as no surprise when the debugger points me to the following line:
if (devctl (fd, DCMD_PROC_TIDSTATUS, &tinfo, sizeof (tinfo), 0) == EOK)
The root cause of the bug is the following. For every process in the /proc directory, ps opens a file descriptor to this process' address space (as) file to read the process information to be displayed. For each process, it loops through all the threads of this process, and the bug is that this loop has insufficient termination criteria (in other words, in some cases, it loops infinitely). The problem occurs when the process whose threads we want to inspect terminates right before ps enters this loop. In that case, the devctl() call fails and as you can see in the following simplified snippet, it will never terminate because the if-clause is never entered.
while (1)
{
if (devctl (fd, DCMD_PROC_TIDSTATUS, &tinfo, sizeof (tinfo), 0) == EOK)
{
//[...]
tcount++;
// stop when we have gone through each thread, or when
// the user only want process info
if ((usingThreads == 0) || (tcount == info.num_threads))
break;
}
tinfo.tid++;
}
I also verify this hypothesis by halting the ps process in the debugger, killing the process whose threads we are about to inspect and resuming ps and it hangs in precisely the same way. This is what it looks like in the QNX Momentics IDE:
After this analysis, I'm quite sure that this 15 years old bug is still alive and well in our closed source binary.
Why did this problem suddenly appear in our firmware? We can only speculate, it must have been changes in the scheduling order or timing at boot time. The bug is a race condition, so it can rear its ugly head whenever it wants. The affected code was old and deployed in production for many years.
How did I fix it? I briefly considered shipping our own ps utility, but I was still unsure about other bugs that might potentially be fixed in the latest closed source binary, those fixes would be lost again if I revert to the old open source version. At the end of the day, I decided to comb through our code base and just eliminate the usage of ps in non-interactive code, there weren't that many instances. Our ps utility remains buggy as it is, but it's pretty much impossible to reproduce this bug in an interactive terminal, and our firmware no longer uses it. Needless to say, this particular update problem never occurred again after that.
Does the ps bug still exist in QNX ecosystems more recent than QNX 6.6? Most likely, yes. If it was open source, I would fix it and send a pull request. Because it's not, they have to deal with the issue themselves. Maybe in a decade, an unfortunate soul runs into this bug again. Let's hope this blog post will save them some trouble.
What do we learn?
- No matter how battle-tested and old the code and how reputable the distributor - the code contains bugs.
- Old bugs can manifest themselves seemingly out of nowhere, caused by subtle changes in timing or memory layout.
- Whenever the file system is involved, there is a significant danger that bugs are caused by race conditions.
- Closed source operating systems and ecosystems are a pain to debug. Even old open source releases help.
- Do not use interactive shell utilities in non-interactive code. Avoid
system()whenever possible. Not only is the performance terrible, it can give rise to bugs like this one. - Make sure your loops terminate. Bounded loop variants that increase or decrease strictly monotonically guarantee loop termination. Don't be too clever with loops!
Post comment
Comments
Looking for the Best Web Designing Course in Chennai that also opens doors to creative fields like fashion, animation, and graphic design? At Forerun Software Solutions in Anna Nagar, we have crafted an all‑in‑one program that blends cutting‑edge web skills with the artistic flair taught in Fashion Designing Courses Chennai and the visual storytelling of Animation Courses. Our course starts with a strong foundation in HTML, CSS, JavaScript, and responsive UI frameworks, then adds elective modules inspired by Fashion Technology Courses in Chennai and Graphic Designing Courses. By cross‑training, students learn how to turn color theory from Fashion Designing Classes in Chennai and motion principles from Animation Classes Near Me into engaging, user‑friendly webpages. Classes are fully hands‑on. In the same way a trainee at a Fashion Design Academy Near Me practices sketching garments, our web design learners code real projects from day one. Weekly studio sessions mirror workshops in a Graphic Design Course Chennai, where you polish typography, layout, and branding. Whether you want to style e‑commerce pages that feel like a runway from a Fashion Styling Courses in Chennai syllabus or animate banners reminiscent of a Cartoon Animation Course, the curriculum guides you step by step. Fees stay transparent. Much like the published Fashion Designing Courses Fees in Chennai or Animation Course Fees, our web design pricing includes software licenses, certification exams, and lifetime access to digital resources. We also publish detailed fee charts—ideal for anyone searching Web Designing Course Near Me With Fees or comparing costs the way they would for a Fashion Designer Course Centre. Location matters. Forerun’s lab is five minutes from the Anna Nagar Round T; commuters who normally Google Fashion Designing Institute Near Me or Animation Course Institute Near Me will appreciate how close we are to bus stops and the metro. Weekend and evening batches help working professionals upgrade skills without leaving their current jobs, similar to flexible slots offered by top Diploma Fashion Designing Courses in Chennai.Certification counts. Graduates earn an industry‑recognized Web Designer credential, paralleling a Fashion Designing Certificate Course or a Diploma in Fashion Designing. We also help you build a design portfolio that showcases live websites, graphics, and micro‑animations—assets that employers value as highly as a look‑book from a Chennai Fashion Designing Institute.Career outcomes are vibrant. Alumni work as UI/UX designers, front‑end developers, and visual storytellers for fashion e‑commerce, media studios, and branding agencies. Some even launch boutiques online, merging skills learned in Nearby Fashion Designing Course electives with the coding power of our web track. If you dream of styling a site the same way a designer tailors a gown—or animating a logo as playfully as scenes from an Animation Full Course—this program is your runway. Seats fill quickly. Enroll today to experience Chennai’s most versatile design education—one that unites the precision of code with the creativity of Fashion Designer Classes Near Me and the dynamism of Graphic Design Courses Near Me. Walk in curious; walk out career‑ready, with a portfolio that makes your talent impossible to ignore.
reply
Thanks for sharing this. Home buying can feel stressful, but posts like this make the process easier to understand and plan for.
reply
Buying a home can feel overwhelming at first, but once you understand the process and get pre-approved, things start falling into place. I really appreciate how this post breaks down the steps clearly, super helpful for buyers!
reply
Rummy Modern – Play, Win, and Enjoy the Modern Way of Rummy
Introduction
Rummy Modern is one of the most popular online card gaming platforms in India, offering players a modern and exciting way to enjoy the traditional game of rummy. With its user-friendly interface, secure payment options, and thrilling tournaments, Rummy Modern has quickly become a favorite among rummy lovers who want to play and earn real rewards from the comfort of their homes.
http://rummyappsbonus.com/rummy-modern/
What is Rummy Modern?
Rummy Modern is an online multiplayer card game app that allows users to play different variations of Indian Rummy, including 13-card and 21-card formats. It combines the fun of traditional rummy with the convenience of modern technology. Players can compete with real users across India, participate in cash tournaments, and win exciting prizes.
<a href="http://rummyappsbonus.com/rummy-modern/ ">Rummy Modern</a>
Key Features of Rummy Modern
🃏 Multiple Game Modes: Play Classic Rummy, Points Rummy, Pool Rummy, and Deals Rummy.
💸 Instant Withdrawals: Easy and fast cash withdrawal options directly to your bank or UPI.
🔒 Safe & Secure: The platform uses advanced encryption to keep your data and transactions secure.
🎁 Welcome Bonus: New users can get a welcome bonus or referral rewards after registration.
📱 User-Friendly Design: Smooth gameplay and attractive visuals enhance your overall experience.
🧑🤝🧑 Multiplayer Mode: Play with friends or challenge random players anytime.
How to Download Rummy Modern
Visit the official website or trusted APK download sites.
Download the Rummy Modern APK file.
Install it by allowing “Install from Unknown Sources” on your device.
Register using your mobile number or social account.
Start playing and earning real rewards instantly!
How to Play
Each player is dealt 13 cards.
Arrange your cards into valid sets and sequences.
Use the discard and draw pile strategically.
The player who makes a valid declaration first wins the game.
Why Choose Rummy Modern?
Rummy Modern stands out because of its modern design, smooth gameplay, and fair play policies. It’s not just about winning money; it’s also about enjoying the classic Indian rummy experience in a modern digital format. Whether you’re a beginner or a professional, Rummy Modern has something for everyone.
Responsible Gaming
Rummy Modern promotes responsible gaming and encourages players to play for entertainment purposes only. Always set a budget and play wisely.
Conclusion
Rummy Modern is the perfect blend of fun, skill, and earning opportunities. With its secure platform, exciting tournaments, and smooth user experience, it has redefined how India plays rummy. If you’re looking for a reliable and modern rummy app, Rummy Modern is definitely worth a try!
reply
What is Teen Patti Joy?
Teen Patti Joy is a mobile card game app built around the popular South Asian card game Teen Patti (also known as “3 Patti”).
TEEN PATTI INDIA EXPERT -
http://rummyappsbonus.com/teen-patti-joy/
It is intended for entertainment rather than real-money gambling: the app’s description states that it does not involve real money or cash rewards.
Google Play
The game is aimed at audiences aged 18 and above.
<a href="http://rummyappsbonus.com/teen-patti-joy/ ">Teen Patti Joy</a>
Some key features advertised include:
Daily points/bonus rewards for logging in or playing.
Google Play
The ability to play with others in real time (multiplayer) and join tables of varying stakes.
TEEN PATTI INDIA EXPERT -
Multiple variations or sub-modes of Teen Patti (e.g. “Classic”, “Joker”, “AK47”, “Muflis”, etc.).
TEEN PATTI INDIA EXPERT -
An intuitive / user-friendly interface.
However, there are also user reports and sources raising concerns (which we’ll examine later).
How Teen Patti (the underlying game) Works — a Primer
To understand Teen Patti Joy, it helps to know how Teen Patti generally works:
Players & Cards: Usually involves 3 cards per player, drawn from a standard 52-card deck.
Wikipedia
Objective: Form the highest-ranking hand according to Teen Patti hand rankings (e.g. three-of-a-kind, straight flush, sequence, flush, pair, high card).
Betting Rounds: Players bet in rounds, can fold, call, raise, etc. Some may play “blind” (without seeing cards) or “seen” (after looking at cards).
Showdown: After betting ends, remaining players compare hands to determine the winner.
There are many variants (e.g. “muflis” / low card wins, jokers, wild cards, etc.).
So Teen Patti Joy applies these rules in a virtual / app environment, with added virtual currency, bonuses, and online multiplayer.
reply
Rummy Nabob – Play, Win & Earn Real Cash Online
Online card games are gaining immense popularity in India, and Rummy Nabob is one of the leading platforms where players can enjoy rummy and earn real money from their smartphones. With smooth gameplay, exciting tournaments, and instant withdrawals, Rummy Nabob has become a favorite choice for both beginners and professional players.
What is Rummy Nabob?
<a href="http://rummyappsbonus.com/rummy-nabob/ ">Rummy Nabob</a>
Rummy Nabob is a real cash rummy app that allows users to play various versions of the popular Indian Rummy game and win exciting rewards. The app offers a user-friendly interface, secure transactions, and multiple gaming modes to keep the entertainment going.
Whether you’re a casual gamer or a serious rummy enthusiast, Rummy Nabob provides a platform to test your skills and compete with thousands of players across India.
Visit the official website – http://rummyappsbonus.com/rummy-nabob/
Key Features of Rummy Nabob
🎮 Multiple Rummy Variants
Play different rummy formats like Points Rummy, Pool Rummy, and Deals Rummy.
💸 Real Cash Winnings
Earn real cash prizes by winning matches and tournaments. The app supports secure withdrawal options via UPI, Paytm, and bank transfers.
🔒 Safe & Secure Platform
Rummy Nabob uses advanced encryption and anti-fraud technology to ensure a fair gaming experience.
⚡ Instant Withdrawals
You can withdraw your winnings instantly with minimal processing time.
🎁 Daily Bonuses & Rewards
Get daily login bonuses, referral rewards, and festive offers that increase your earning potential.
📱 User-Friendly Interface
The app is lightweight and designed for smooth performance even on low-end Android devices.
How to Download Rummy Nabob APK
Since Rummy Nabob is a real-money gaming app, it’s not available on the Google Play Store. Here’s how you can download it:
Visit the official website – http://rummyappsbonus.com/rummy-nabob/
Click on the “Download Now” button.
Allow installation from “Unknown Sources” in your phone settings.
Install the APK and sign up using your mobile number.
Complete your KYC to start playing and earning.
How to Play Rummy Nabob
Register/Login: Create an account or log in.
Choose a Game: Select from various rummy tables or tournaments.
Add Cash: Deposit using UPI or wallet options.
Play & Win: Show your skills, make valid sets and sequences, and win money.
Withdraw Earnings: Withdraw instantly to your bank or Paytm account.
Refer & Earn Program
Rummy Nabob also offers a lucrative refer and earn program. Share your referral link with friends — when they join and play, you earn a commission or bonus cash instantly. The more friends you invite, the more you earn.
Is Rummy Nabob Legal in India?
Yes, Rummy Nabob is legal in most Indian states where skill-based gaming is allowed. However, users from states like Assam, Odisha, Telangana, and Andhra Pradesh may not be able to play for real cash due to local laws.
Conclusion
If you love playing cards and want to make real money from your gaming skills, Rummy Nabob is a trusted and fun platform to try. With its secure payments, engaging interface, and instant withdrawal feature, it offers one of the best online rummy experiences in India.
Download Rummy Nabob today and start your journey toward fun and real cash rewards!
reply
That was more than karaoke. it felt like a live concert! You totally owned the mic and won everyone’s hearts. <a href="https://jamsilkaraoke.clickn.co.kr">잠실가라오케</a>
reply
The weirdest bug I've ever encountered is the best, and it brings the solutions to us. There are many people searching for it to get the results. It is helpful to find the services that are bringing the results to us.
reply
I just love the systematic way in which you have tried to explain the issues. You have written the issues in point to point manner to troubleshoot the issue. It’s nice to find such a blog like this. Great work is done!
reply
You made karaoke night the highlight of the evening, fantastic job!
reply
You can access Amerilingua's ESL lesson plans by visiting the website and signing up for one of the subscription plans.
reply
Thank you for your thoughtful! AA Group Travel will make your trip smooth and easy from dedicated support to simple planning that guarantees an enjoyable experience arranging your group’s travel schedule.
reply
We’re a small, passionate team based in Austin, Texas, whose love of the gaming hobby turned into a full-time mission
reply
Thank you for sharing your thoughts! I completely agree with your perspective and appreciate the points you raised. Your insight really adds value to the discussion and gives me something to consider.
reply
"This site is very useful and innovative. We also have a site like this – https://www.dreamzoneannanagar.com/
– do visit us for more details!"
reply
One of the most exciting ways to meet people online today is through cam to cam chat. Unlike text-based chat rooms or scrolling social feeds, cam-to-cam platforms let you connect face-to-face in real time. It’s personal, spontaneous, and surprisingly fun
reply
What a fascinating deep dive into a truly bizarre bug! It's a great reminder that even the most seasoned code can have lurking issues. The QNX history was a really interesting interlude too. Speaking of utilities, if anyone needs to quickly combine JPG images without uploading them to a server, Merge JPG is a fantastic, secure, and in-browser option. The point about avoiding `system()` calls really resonated. Thanks for sharing this debugging journey!
reply
Wow, what a deep dive into a seemingly impossible bug! I really appreciate the detailed explanation of how you tracked it down using assembly-level debugging and even diving into the old QNX source code. It's a great reminder that even in well-established systems, unexpected issues can arise. Speaking of documentation and avoiding lock-in, if you ever need a quick way to convert your notes to a shareable format, I find Markdown to Word super helpful for creating .docx files from Markdown.
reply
Wow, what a deep dive into a seemingly impossible bug! It's fascinating how you tracked down the root cause within the QNX kernel. The lessons learned about old code manifesting in unexpected ways and the dangers of race conditions are definitely valuable. Speaking of analysis, if you're curious about another kind of analysis, you might find AI Beauty Rating interesting. It's a fun little AI that analyzes facial features, with complete privacy.
reply
That was a fascinating deep dive! It's amazing how a seemingly innocuous system call like `ps` can cause such headaches. The race condition explanation is particularly insightful. Speaking of character quirks, if you're ever stuck brainstorming character backstories, you might find the Character Headcanon Generator helpful for generating unique personality traits.
reply
Wow, what a deep dive into a tricky bug! It's fascinating how seemingly stable systems can still harbor surprises. The analysis of the QNX `ps` utility is impressive. This reinforces the importance of careful loop design and avoiding `system()` calls where possible. Speaking of interesting projects, if you're looking for a fun distraction after debugging, you might enjoy turning your photos into cartoons with the AI Cartoon Image Generator.
reply
This was a fascinating deep dive into a truly weird bug! I especially appreciated the historical context about QNX and the challenges of debugging closed-source systems. It's a great reminder of how subtle changes can trigger old issues. Speaking of generating things, if you ever need help generating prompts for AI image models, check out Image to Prompt, it can help you create perfect prompts instantly.
reply
What a fascinating deep dive! The debugging process you went through with that ps bug is impressive. It's a great reminder that even the most trusted code can have lurking issues. Speaking of interesting tools, if you ever want to turn a picture of your old hardware into a cool cartoon, you might find AI Cartoon Generator fun to play with. Thanks for sharing this insightful experience!
reply
Thank you for another excellent article. Where else could anybody get that kind oof information in such an ideall means of writing? I’ve a presentation next week, and I’m at the look for such info.
reply
Right here is the right site for anyone who wishes to understand this topic. You realize so much its almost hard to argue with you (not that I really will need to…HaHa). You definitely put a fresh spin on a topic that has been written about for decades. Wonderful stuff, just excellent!
reply
This is an incredibly fascinating and detailed account of a truly peculiar bug! The way you traced the issue through logs, system behavior, and even diving into assembly-level debugging is impressive. It’s amazing how such a seemingly simple problem—like an infinite loop in `ps`—could stem from such a nuanced edge case involving process termination timing. The historical context about QNX and its transition from open-source to corporate ownership adds a layer of depth to the story, highlighting how changes in software ecosystems can impact debugging and development. Your persistence in compiling the old `ps` source code and reproducing the issue is a testament to thorough debugging skills. This kind of deep dive into system-level behavior is both educational and inspiring for anyone working in firmware or low-level software. Great read!
reply
I really love your website.. Pleasant colors & theme.
Did you build this amazing site yourself?
Please reply back as I'm attempting to create my own personal website and would love to learn where you got this from
or what the theme is named. Kudos!
reply
I am a real person, why is every comment here spam? I guess the captcha isn't good enough.
reply
Today, I went to the beach with my kids. I found a sea shell and gave it to my 4 year old daughter and said "You can hear the ocean if you put this to your ear." She put the shell
to her ear and screamed. There was a hermit crab inside and it pinched her
ear. She never wants to go back! LoL I know this is completely off topic but I had to tell someone!
reply
Woah! I'm really digging the template/theme of this website.
It's simple, yet effective. A lot of times it's difficult
to get that "perfect balance" between usability and appearance.
I must say you've done a amazing job with this.
reply
I am really impressed with your writing skills and also with the layout on your blog.
Is this a paid theme or did you modify it yourself?
Anyway keep up the nice quality writing, it is rare to
see a great blog like this one nowadays.
reply
I was suggested this web site by my cousin. I am not sure whether this post is written by him as nobody else know such detailed about my problem. You’re wonderful! Thanks!
reply