bin/45478: /bin/sh coredump

Giorgos Keramidas keramida at freebsd.org
Fri Apr 15 09:20:22 PDT 2005 

The following reply was made to PR bin/45478; it has been noted by GNATS.

From: Giorgos Keramidas <keramida at freebsd.org>
To: Oliver Fromme <olli at secnetix.de>
Cc: bug-followup at freebsd.org, Oliver Fromme <olli at fromme.com>
Subject: Re: bin/45478: /bin/sh coredump
Date: Fri, 15 Apr 2005 19:13:31 +0300

 On 2005-04-15 18:52, Giorgos Keramidas <keramida at freebsd.org> wrote:
 > On 2002-11-19 13:43, Oliver Fromme <olli at secnetix.de> wrote:
 > > Responsible-Changed-By: tjr
 > > Responsible-Changed-Why:
 > > I believe this is caused by the SIGINT handler longjmp()'ing
 > > out when it's in the middle of a malloc() call. Calls to malloc()
 > > and free() should be bracketed in INTON and INTOFF.
 > >
 > > I haven't had much luck tracking this down in the past, but
 > > I'll try again to find the missing INTON/INTOFF.
 >
 > I just happened to stumble upon this bug today.
 
 I managed to get sh to print "Out of space" after a few more
 invocations, and here's the backtrace I get either with gcore or by
 sending a SEGV to the process (there's no other way to stop it from
 printing infinite numbers of "Out of space" error messages):
 
 : (gdb) bt
 : #0  0x2811f2e3 in write () at write.S:2
 : #1  0x0805733d in xwrite (fd=2, buf=0x806a000 "Out of space\namida/Mailbox", nbytes=13)
 :     at output.c:318
 : #2  0x080573b4 in flushout (dest=0x806132c) at output.c:206
 : #3  0x08057418 in flushall () at output.c:196
 : #4  0x0804c733 in exverror (cond=1, msg=0x805eb68 "Out of space", 
 :     ap=0xbfbfe7f4 "4è¿¿\031\222\006(Øó\a(Üò\021(ô\001") at error.c:156
 : #5  0x0804c787 in error (msg=0x806a000 "Out of space\namida/Mailbox") at error.c:166
 : #6  0x0805555c in ckmalloc (nbytes=500) at memalloc.c:61
 : #7  0x0805560d in stalloc (nbytes=496) at memalloc.c:132
 : #8  0x080557ad in growstackblock () at memalloc.c:247
 : #9  0x0804e1f1 in padvance (path=0xbfbfe8ac, name=0x806320c "") at exec.c:192
 : #10 0x08054d38 in chkmail (silent=0) at mail.c:88
 : #11 0x08054f92 in cmdloop (top=1) at main.c:213
 : #12 0x08055138 in main (argc=1, argv=0xbfbfea40) at main.c:183
 
 I don't know if this helps track down the problem though.  If anyone
 with more sh-clue wants me to send the core file or post more data out
 of it, please ask.

More information about the freebsd-bugs mailing list