bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

core dump on SIGHUP

From: Tom Robinson
Subject: core dump on SIGHUP
Date: Mon, 13 Jun 2005 12:32:15 -0700
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) 
Configuration Information:
Machine: i686
OS: linux-gnu
Compiler: gcc
Compilation :
uname output: Linux 2.4.20-31.9 i686
Machine Type: i686-pc-linux-gnu

Bash Version: 2.05a
Patch Level: ?
Release Status: release

Description:
I have seen bash dump core a few times. It is extremely difficult to reproduce naturally. The problem occurs when a SIGHUP is received during a malloc by bash. After examining the backtrace of the core, I am able to reproduce the problem using gbd. I have been able to reproduce this on a number of different platforms. After the SIGHUP, bash calls a handler to clean up, write the history, etc. But it calls free() from history_do_write() which in turn calls internal_free() where the problem occurs. There is a comment right before the xbotch() 
but I can't tell if that is relevant here.

Any help on this would be appreciated.

Repeat-By:

# gdb bash
   :
(gdb) break decode_prompt_string
Breakpoint 1 at 0x80600e0: file parse.y, line 3667.
(gdb) r
Starting program: bash

Breakpoint 1, decode_prompt_string (string=0x10b <Address 0x10b out of bounds>)
   at parse.y:3667
3667      result = (char *)xmalloc (result_size = PROMPT_GROWTH);
(gdb) c
Continuing.
[root@walstib bin]# ulimit -c 100000

Breakpoint 1, decode_prompt_string (string=0x10b <Address 0x10b out of bounds>)
   at parse.y:3667
3667      result = (char *)xmalloc (result_size = PROMPT_GROWTH);
(gdb) c
Continuing.
[root@walstib bin]# ulimit -c 10000000000

Breakpoint 1, decode_prompt_string (string=0x10b <Address 0x10b out of bounds>)
   at parse.y:3667
3667      result = (char *)xmalloc (result_size = PROMPT_GROWTH);
(gdb) c
Continuing.
[root@walstib bin]# ls
core.23751   bash
   :

Breakpoint 1, decode_prompt_string (string=0x10b <Address 0x10b out of bounds>)
   at parse.y:3667
3667      result = (char *)xmalloc (result_size = PROMPT_GROWTH);
(gdb) break malloc.c:662
Breakpoint 2 at 0x80ad936: file malloc.c, line 662.
(gdb) c
Continuing.

Breakpoint 2, internal_malloc (n=48,
   file=0x80b01c0 "/usr/src/bash/src/parse.y", line=3667, flags=1)
   at malloc.c:662
662       if ((p = nextf[nunits]) == NULL)


(gdb) signal SIGHUP
Continuing with signal SIGHUP.

Breakpoint 2, internal_malloc (n=20, file=0x0, line=0, flags=0) at malloc.c:662
662       if ((p = nextf[nunits]) == NULL)
(gdb) c
Continuing.

Breakpoint 2, internal_malloc (n=42, file=0x0, line=0, flags=0) at malloc.c:662
662       if ((p = nextf[nunits]) == NULL)
(gdb) c
Continuing.

malloc: unknown:0: assertion botched
free: underflow detected; mh_nbytes out of range
last command: ls
Stopping myself...
Program received signal SIGABRT, Aborted.
0xffffe002 in ?? ()
(gdb) c
Continuing.

Program received signal SIGABRT, Aborted.
0xffffe002 in ?? ()
(gdb) bt
#0  0xffffe002 in ?? ()
#1  0x42028a73 in abort () from /lib/tls/libc.so.6
#2  0x0806c733 in programming_error (
   format=0x80c2b40 "free: underflow detected; mh_nbytes out of range") at
error.c:258
#3  0x080adac4 in internal_free (mem=0x80daa08, file=0x0, line=0, flags=0) at
malloc.c:759
#4  0x080adfd4 in free (mem=0x80daa08) at malloc.c:1073
#5  0x080aae93 in history_do_write (filename=0x80d3968 "/root/.bash_history",
nelements=3,
   overwrite=0) at histfile.c:381
#6  0x080aaeff in append_history (nelements=3, filename=0x80d3968
"/root/.bash_history")
   at histfile.c:398
#7  0x0808068a in maybe_save_shell_history () at bashhist.c:344
#8  0x0807c694 in termination_unwind_protect (sig=1) at sig.c:409
#9  <signal handler called>
#10 internal_malloc (n=48, file=0x80b01c0
"/usr/src/bash/src/parse.y",
   line=3667, flags=134627174) at malloc.c:662
#11 0x080adeee in sh_malloc (bytes=48,
   file=0x80b01c0 "/usr/src/bash/src/parse.y", line=3667) at
malloc.c:987
#12 0x080890e9 in sh_xmalloc (bytes=48,
   file=0x80b01c0 "/usr/src/parse.y", line=3667) at
xmalloc.c:143
#13 0x080600fe in decode_prompt_string (string=0x80d9b48 "[\\u@\\h \\W]\\$ ")
   at parse.y:3667
#14 0x0806005a in prompt_again () at parse.y:3583
#15 0x0805d791 in yylex () at parse.y:1964
#16 0x0805c80e in yyparse () at bison.simple:432
#17 0x0805b7cf in parse_command () at eval.c:213
#18 0x0805b83e in read_command () at eval.c:257
#19 0x0805b583 in reader_loop () at eval.c:124
#20 0x08059beb in main (argc=1, argv=0xbfffeb74, env=0xbfffeb7c) at shell.c:668
#21 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6
reply via email to
[Prev in Thread] Current Thread [Next in Thread]