Fatal error in network process code 21.1p14 i386-redhat-linux
Richard Mlynarik
configured using `configure i386-redhat-linux --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --datadir=/usr/share --libdir=/usr/lib --mandir=/usr/share/man/man1 --infodir=/usr/share/info --with-gpm=no --with-sound=native --with-pop --mail-locking=lockf --with-clash-detection --debug=no --error-checking=none --lockdir=/var/lock/xemacs --with-mule=yes --with-database=no --with-ldap=yes --with-hesiod=no --with-menubars=lucid --with-scrollbars=lucid --with-dialogs=athena3d --with-xim=xlib --with-canna=yes --with-wnn=yes --with-wnn6=yes --with-msw=no --with-xfs=yes'
Please describe exactly what actions triggered the bug
and the precise symptoms of the bug:
Running the code appended below (loser.el) enough times against a TCP server
(sample of which provided) which accepts a connection but then
immediately closes it
Sample code to trigger the problem appended.
Internal error: lstream not open #<INTERNAL EMACS BUG (filedesc lstream ) 0x....>
By the way I wrote the original "lstream" code. It was designed so that
such objects could _never_ leak into user object land, hence the
"#<INTERNAL EMACS BUG...>" printed representation. Unfortunately the
code in cvs/xemacs/xemacs-21.5/src/lstream.c appears to retain that
limitation without understanding what what going on -- changing the
message to "#<INTERNAL OBJECT (XEmacs bug?) (filedesc lstream) 0x%lx>"
doesn't change a "BUG" to a "bug?" -- while the implementation has
become such a hairy ball of stuff that a way to escape has crept in.
I guess the bug could be fixed in a more recent Xemacs; I've spent
enough time on this without trying that as well.
Good lick.
gcc -o loser loser.c
./loser 25959
gdb `which xemacs`
(gdb) run -q -l /tmp/loser.el --eval '(lose 25959)'
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/xemacs-21.1.14 -q -l /tmp/loser.el --eval '(lose 25959)'
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Program received signal SIGPIPE, Broken pipe.
0x404c69a4 in __libc_write () from /lib/i686/libc.so.6
(gdb) bt
#0 0x404c69a4 in __libc_write () from /lib/i686/libc.so.6
#1 0x0851ae58 in ?? ()
#2 0x08158319 in sys_write ()
#3 0x0811d229 in make_filedesc_output_stream ()
#4 0x0811c5cc in Lstream_flush_out ()
#5 0x0811c650 in Lstream_flush ()
#6 0x0811c62d in Lstream_flush_out ()
#7 0x0811c650 in Lstream_flush ()
#8 0x080daaaf in connect_to_file_descriptor ()
#9 0x08127222 in send_process ()
#10 0x08127531 in Fprocess_send_string ()
#11 0x080a9dce in Feval ()
#12 0x080a6f1c in Fprogn ()
#13 0x080a9b06 in Feval ()
#14 0x080a7c89 in Funwind_protect ()
#15 0x080a9b06 in Feval ()
#16 0x080a7e3e in condition_case_1 ()
#17 0x080a7fb2 in condition_case_3 ()
#18 0x080a7fe0 in Fcondition_case ()
#19 0x080a9b06 in Feval ()
#20 0x080a6f1c in Fprogn ()
#21 0x080a74fa in Fwhile ()
#22 0x080a9b06 in Feval ()
#23 0x080a6f1c in Fprogn ()
#24 0x080a71fe in FletX ()
#25 0x080a9b06 in Feval ()
#26 0x080a6f1c in Fprogn ()
#27 0x080aaeb9 in Ffetch_bytecode ()
#28 0x080aabee in Fapply ()
#29 0x080a9f85 in Feval ()
#30 0x080aa329 in funcall_recording_as ()
#31 0x080aa506 in Ffuncall ()
#32 0x08089cd9 in Fbyte_code ()
#33 0x080aaef7 in Ffetch_bytecode ()
#34 0x080aa494 in funcall_recording_as ()
#35 0x080aa506 in Ffuncall ()
#36 0x08089cd9 in Fbyte_code ()
#37 0x080aaef7 in Ffetch_bytecode ()
#38 0x080aa494 in funcall_recording_as ()
#39 0x080aa506 in Ffuncall ()
#40 0x08089cd9 in Fbyte_code ()
#41 0x080aaef7 in Ffetch_bytecode ()
#42 0x080aa494 in funcall_recording_as ()
#43 0x080aa506 in Ffuncall ()
#44 0x08089cd9 in Fbyte_code ()
#45 0x080aaef7 in Ffetch_bytecode ()
#46 0x080aabee in Fapply ()
#47 0x080a9f85 in Feval ()
#48 0x080a7e3e in condition_case_1 ()
#49 0x08091920 in Freally_early_error_handler ()
#50 0x080a7b0a in internal_catch ()
#51 0x08091a25 in initial_command_loop ()
#52 0x080a4cbb in Finvocation_directory ()
#53 0x080a5450 in main ()
#54 0x40402627 in __libc_start_main (main=0x80a5340 <main>, argc=6,
ubp_av=0xbffff87c, init=0x807c3c8 <_init>, fini=0x8183ea0 <_fini>,
rtld_fini=0x4000dcc4 <_dl_fini>, stack_end=0xbffff86c)
at ../sysdeps/generic/libc-start.c:129
(gdb) handle SIGPIPE nostop
Signal Stop Print Pass to program Description
SIGPIPE No Yes Yes Broken pipe
(gdb) c
Continuing.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Program received signal SIGPIPE, Broken pipe.
Fatal error: assertion failed, file eval.c, line 1877, abort()
Program received signal SIGABRT, Aborted.
0x40414ae1 in __kill () from /lib/i686/libc.so.6
(gdb) bt
#0 0x40414ae1 in __kill () from /lib/i686/libc.so.6
#1 0x404148ba in raise (sig=6) at ../sysdeps/posix/raise.c:27
#2 0x40416062 in abort () at ../sysdeps/generic/abort.c:88
#3 0x080a81f7 in Fcall_with_condition_handler ()
#4 0x080a859d in Fsignal ()
#5 0x080a85ca in signal_error ()
#6 0x0811c51b in Lstream_flush_out ()
#7 0x0811c650 in Lstream_flush ()
#8 0x0811c62d in Lstream_flush_out ()
#9 0x0811c650 in Lstream_flush ()
#10 0x0811ccdd in Lstream_close ()
#11 0x0808225e in lrecord_type_index ()
#12 0x08083124 in free_marker ()
#13 0x080836d0 in garbage_collect_1 ()
#14 0x080838a9 in Fgarbage_collect ()
#15 0x080a9d52 in Feval ()
#16 0x080a6d8c in Fif ()
#17 0x080a9b06 in Feval ()
#18 0x080a6f1c in Fprogn ()
#19 0x080a7eda in condition_case_1 ()
#20 0x080a7ddd in condition_case_1 ()
#21 0x080a7fb2 in condition_case_3 ()
#22 0x080a7fe0 in Fcondition_case ()
#23 0x080a9b06 in Feval ()
#24 0x080a6f1c in Fprogn ()
#25 0x080a74fa in Fwhile ()
#26 0x080a9b06 in Feval ()
#27 0x080a6f1c in Fprogn ()
#28 0x080a71fe in FletX ()
#29 0x080a9b06 in Feval ()
#30 0x080a6f1c in Fprogn ()
#31 0x080aaeb9 in Ffetch_bytecode ()
#32 0x080aabee in Fapply ()
#33 0x080a9f85 in Feval ()
#34 0x080aa329 in funcall_recording_as ()
#35 0x080aa506 in Ffuncall ()
#36 0x08089cd9 in Fbyte_code ()
#37 0x080aaef7 in Ffetch_bytecode ()
#38 0x080aa494 in funcall_recording_as ()
#39 0x080aa506 in Ffuncall ()
#40 0x08089cd9 in Fbyte_code ()
#41 0x080aaef7 in Ffetch_bytecode ()
#42 0x080aa494 in funcall_recording_as ()
#43 0x080aa506 in Ffuncall ()
#44 0x08089cd9 in Fbyte_code ()
#45 0x080aaef7 in Ffetch_bytecode ()
#46 0x080aa494 in funcall_recording_as ()
#47 0x080aa506 in Ffuncall ()
#48 0x08089cd9 in Fbyte_code ()
#49 0x080aaef7 in Ffetch_bytecode ()
#50 0x080aabee in Fapply ()
#51 0x080a9f85 in Feval ()
#52 0x080a7e3e in condition_case_1 ()
#53 0x08091920 in Freally_early_error_handler ()
#54 0x080a7b0a in internal_catch ()
#55 0x08091a25 in initial_command_loop ()
#56 0x080a4cbb in Finvocation_directory ()
#57 0x080a5450 in main ()
#58 0x40402627 in __libc_start_main (main=0x80a5340 <main>, argc=6,
ubp_av=0xbffff87c, init=0x807c3c8 <_init>, fini=0x8183ea0 <_fini>,
rtld_fini=0x4000dcc4 <_dl_fini>, stack_end=0xbffff86c)
at ../sysdeps/generic/libc-start.c:129
======================================================================
loser.el
(defun lose (port)
(interactive "nUrk: ")
(require 'comint)
(while t
(condition-case e
(let* ((name "*lose*")
(b (get-buffer-create name)))
(switch-to-buffer b)
(comint-mode)
(comint-exec b name (cons "127.0.0.1" port) nil '())
(process-send-string (get-buffer-process b) "\377\373\001")
(process-send-string (get-buffer-process b) "\377\373\001"))
(error (message "URK: %s" e)) (sit-for 1))))
======================================================================
loser.c
#include <arpa/inet.h>
int
main (int argc, char **argv)
{
struct sockaddr_in junk;
int s;
memset (&junk, 0, sizeof (junk));
junk.sin_family = AF_INET;
junk.sin_addr.s_addr = htonl (INADDR_ANY); /* un*x sucks */
junk.sin_port = htons (atoi (argv[1])); /* un*x blows */
s = socket (PF_INET, SOCK_STREAM, 0);
bind (s, (struct sockaddr *)&junk, sizeof (junk));
listen (s, 1);
for (;;)
{
int loser = accept (s, NULL, 0);
close (loser);
}
}
======================================================================