From owner-freebsd-bugs@FreeBSD.ORG Fri Apr 15 16:20:22 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8AAD516A4D5 for ; Fri, 15 Apr 2005 16:20:22 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4790543D2D for ; Fri, 15 Apr 2005 16:20:22 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j3FGKMRG011771 for ; Fri, 15 Apr 2005 16:20:22 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j3FGKLA9011770; Fri, 15 Apr 2005 16:20:21 GMT (envelope-from gnats) Date: Fri, 15 Apr 2005 16:20:21 GMT Message-Id: <200504151620.j3FGKLA9011770@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Giorgos Keramidas Subject: Re: bin/45478: /bin/sh coredump X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Giorgos Keramidas List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Apr 2005 16:20:22 -0000 The following reply was made to PR bin/45478; it has been noted by GNATS. From: Giorgos Keramidas To: Oliver Fromme Cc: bug-followup@freebsd.org, Oliver Fromme Subject: Re: bin/45478: /bin/sh coredump Date: Fri, 15 Apr 2005 19:13:31 +0300 On 2005-04-15 18:52, Giorgos Keramidas wrote: > On 2002-11-19 13:43, Oliver Fromme wrote: > > Responsible-Changed-By: tjr > > Responsible-Changed-Why: > > I believe this is caused by the SIGINT handler longjmp()'ing > > out when it's in the middle of a malloc() call. Calls to malloc() > > and free() should be bracketed in INTON and INTOFF. > > > > I haven't had much luck tracking this down in the past, but > > I'll try again to find the missing INTON/INTOFF. > > I just happened to stumble upon this bug today. I managed to get sh to print "Out of space" after a few more invocations, and here's the backtrace I get either with gcore or by sending a SEGV to the process (there's no other way to stop it from printing infinite numbers of "Out of space" error messages): : (gdb) bt : #0 0x2811f2e3 in write () at write.S:2 : #1 0x0805733d in xwrite (fd=2, buf=0x806a000 "Out of space\namida/Mailbox", nbytes=13) : at output.c:318 : #2 0x080573b4 in flushout (dest=0x806132c) at output.c:206 : #3 0x08057418 in flushall () at output.c:196 : #4 0x0804c733 in exverror (cond=1, msg=0x805eb68 "Out of space", : ap=0xbfbfe7f4 "4è¿¿\031\222\006(Øó\a(Üò\021(ô\001") at error.c:156 : #5 0x0804c787 in error (msg=0x806a000 "Out of space\namida/Mailbox") at error.c:166 : #6 0x0805555c in ckmalloc (nbytes=500) at memalloc.c:61 : #7 0x0805560d in stalloc (nbytes=496) at memalloc.c:132 : #8 0x080557ad in growstackblock () at memalloc.c:247 : #9 0x0804e1f1 in padvance (path=0xbfbfe8ac, name=0x806320c "") at exec.c:192 : #10 0x08054d38 in chkmail (silent=0) at mail.c:88 : #11 0x08054f92 in cmdloop (top=1) at main.c:213 : #12 0x08055138 in main (argc=1, argv=0xbfbfea40) at main.c:183 I don't know if this helps track down the problem though. If anyone with more sh-clue wants me to send the core file or post more data out of it, please ask.