Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

bash crashes when forking jobs and dynamically switching posix mode

5 views
Skip to first unread message

Mike Frysinger

unread,
May 11, 2012, 11:43:54 AM5/11/12
to bug-...@gnu.org
in light of the recent discussion, i thought i could switch posix mode on/off
on the fly so that i restricted myself to this mode only when using `wait`.
unfortunately, that randomly crashes bash :). simple test case:

$ cat test.sh
#!/bin/bash
max=20
num=0
set -m
#set -o posix
trap ': $(( --num ))' CHLD
while : ; do
sleep 0.$(( $RANDOM % 10 ))s &
: $(( ++num ))
if [[ $num -ge $max ]] ; then
set -o posix
wait
set +o posix
fi
done

$ bash --version | head -1
GNU bash, version 4.1.5(1)-release (x86_64-pc-linux-gnu)
$ ./test.sh
malloc: ../bash/execute_cmd.c:3555: assertion botched
free: called with already freed block argument
Aborting...Aborted (core dumped)

i've also seen various corruption like:
*** glibc detected *** /bin/bash: malloc(): memory corruption (fast):
0x0000000001a1ee90 ***

or:
*** glibc detected *** /bin/bash: double free or corruption (fasttop):
0x00000000013ea130 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x773e5)[0x7fe20e8a03e5]
/bin/bash(pop_stream+0x5d)[0x419f8d]
/bin/bash[0x44e479]
/bin/bash(run_unwind_frame+0x22)[0x44e5e2]
/bin/bash(parse_string+0x131)[0x4677b1]
/bin/bash(xparse_dolparen+0x65)[0x424125]
/bin/bash[0x447938]
/bin/bash[0x448a26]
/bin/bash[0x449f5c]
/bin/bash(expand_string_assignment+0x6a)[0x44a0ca]
/bin/bash[0x44429a]
/bin/bash[0x44465f]
/bin/bash[0x44b2ed]
/bin/bash(execute_command_internal+0x1755)[0x42bff5]
/bin/bash(execute_command+0x4e)[0x42ee2e]
/bin/bash[0x42f4b4]
/bin/bash(execute_command_internal+0xa06)[0x42b2a6]
/bin/bash[0x42f593]
/bin/bash(execute_command_internal+0xa06)[0x42b2a6]
/bin/bash(execute_command+0x4e)[0x42ee2e]
/bin/bash[0x42f55e]
/bin/bash(execute_command_internal+0xa06)[0x42b2a6]
/bin/bash(execute_command+0x4e)[0x42ee2e]
/bin/bash[0x42f55e]
/bin/bash(execute_command_internal+0xa06)[0x42b2a6]
/bin/bash(execute_command+0x4e)[0x42ee2e]
/bin/bash[0x42f55e]
/bin/bash(execute_command_internal+0xa06)[0x42b2a6]
/bin/bash(execute_command+0x4e)[0x42ee2e]
/bin/bash(execute_command_internal+0x12bf)[0x42bb5f]
/bin/bash(execute_command+0x4e)[0x42ee2e]
/bin/bash(reader_loop+0x8c)[0x418fcc]
/bin/bash(main+0xdb9)[0x417919]
/lib64/libc.so.6(__libc_start_main+0xed)[0x7fe20e84a3ed]
/bin/bash[0x4181dd]
-mike
signature.asc

Chet Ramey

unread,
May 11, 2012, 1:37:58 PM5/11/12
to Mike Frysinger, bug-...@gnu.org, chet....@case.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 5/11/12 11:43 AM, Mike Frysinger wrote:
> in light of the recent discussion, i thought i could switch posix mode on/off
> on the fly so that i restricted myself to this mode only when using `wait`.
> unfortunately, that randomly crashes bash :). simple test case:

Did you try this with bash-4.2?

I've been running it for quite a while with the current development version
and, while it has to reallocate the jobs list a lot so it keeps track of
only the latest 1024 jobs, it hasn't crashed. RHEL 5.

Chet
- --
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU ch...@case.edu http://cnswww.cns.cwru.edu/~chet/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+tTnYACgkQu1hp8GTqdKuqvwCbBek4ZOPrs83TRmai/6putYFq
p6cAoIuxoTUFSJBgA4YKmGAnROQu0sr1
=wi+6
-----END PGP SIGNATURE-----

Mike Frysinger

unread,
May 11, 2012, 2:15:18 PM5/11/12
to chet....@case.edu, bug-...@gnu.org
On Friday 11 May 2012 13:37:58 Chet Ramey wrote:
> On 5/11/12 11:43 AM, Mike Frysinger wrote:
> > in light of the recent discussion, i thought i could switch posix mode
> > on/off on the fly so that i restricted myself to this mode only when
> > using `wait`.
> > unfortunately, that randomly crashes bash :). simple test case:
>
> Did you try this with bash-4.2?

bash-4.2_p28 was where i first noticed the crashes (those tracebacks from
glibc). the first crash was on an ubuntu bash-4.1.
-mike
signature.asc

Chet Ramey

unread,
May 11, 2012, 2:25:08 PM5/11/12
to Mike Frysinger, bug-...@gnu.org, chet....@case.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 5/11/12 11:43 AM, Mike Frysinger wrote:
> in light of the recent discussion, i thought i could switch posix mode on/off
> on the fly so that i restricted myself to this mode only when using `wait`.
> unfortunately, that randomly crashes bash :). simple test case:

I ran through around 20,000 children on RHEL5 before I quit, and it didn't
crash using bash-4.2.28. However, there is a change in the development
branch that does a better job of not running the SIGCHLD trap in a signal
handling context. That's the only change I can see, though it should not
matter because the posix mode toggling means that code isn't executed.

Chet
- --
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU ch...@case.edu http://cnswww.cns.cwru.edu/~chet/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+tWYMACgkQu1hp8GTqdKtjjwCfdf25kdV6xSHhJrU75IBDQuEN
lxkAnRbqGJDljZTCPD6oApBXKS602KIp
=PvTQ
-----END PGP SIGNATURE-----

Mike Frysinger

unread,
May 11, 2012, 2:49:48 PM5/11/12
to chet....@case.edu, bug-...@gnu.org
On Friday 11 May 2012 14:25:08 Chet Ramey wrote:
> On 5/11/12 11:43 AM, Mike Frysinger wrote:
> > in light of the recent discussion, i thought i could switch posix mode
> > on/off on the fly so that i restricted myself to this mode only when
> > using `wait`.
>
> > unfortunately, that randomly crashes bash :). simple test case:
> I ran through around 20,000 children on RHEL5 before I quit, and it didn't
> crash using bash-4.2.28. However, there is a change in the development
> branch that does a better job of not running the SIGCHLD trap in a signal
> handling context. That's the only change I can see, though it should not
> matter because the posix mode toggling means that code isn't executed.

hrm, i'll see if i can't get something that crashes better for me
-mike
signature.asc
0 new messages