[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bash runs into segmentation fault (malloc: block on free list clobbered)
|
From: |
Dang Tan Hoa |
|
Subject: |
Bash runs into segmentation fault (malloc: block on free list clobbered) |
|
Date: |
Wed, 6 Sep 2023 14:13:26 +0700 |
Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL
-DHAVE_CONFIG_H -I. -I. ./bash -I../bash/include -I../bash/lib
-D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4
-Wformat -Wformat-security -Werror=format-security -Wall
uname output: Linux mcgrath 3.13.0-117-generic #164~precise1-Ubuntu SMP Mon
Apr 10 16:16:25 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Machine Type: x86_64-pc-linux-gnu
Bash Version: 5.1.16
Patch Level: 16
Release Status: release
Description:
Sometimes, Bash runs into segmentation-fault due to memory
management (malloc: block on free list clobbered).
<<Backtrace info>>
GNU gdb (GDB) 7.6.1
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-unknown-linux-gnueabi".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /bin/bash...done.
[New LWP 5525]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `/bin/bash -l -'.
Program terminated with signal 6, Aborted.
#0 0xb6d62c84 in raise () from /lib/libc.so.6
Thread 1 (Thread 0xb6f23000 (LWP 5525)):
#0 0xb6d62c84 in raise () from /lib/libc.so.6
No symbol table info available.
#1 0xb6d63fcc in abort () from /lib/libc.so.6
No symbol table info available.
#2 0x00050e78 in programming_error (
format=0x10af48 "malloc: block on free list clobbered")
at /home/sw/tps/bash/error.c:175
args = {__ap = 0xbe9c9194}
h = <optimized out>
#3 0x000efd1c in xbotch (mem=mem@entry=0x2030c38, e=e@entry=0,
s=0x10af48 "malloc: block on free list clobbered",
file=file@entry=0xf447c "/home/sw/tps/bash/make_cmd.c", line=line@entry
=91)
at /home/sw/tps/bash/lib/malloc/malloc.c:376
No locals.
#4 0x000f0994 in internal_malloc (n=n@entry=3,
file=file@entry=0xf447c "/home/sw/tps/bash/make_cmd.c", line=line@entry=91,
flags=flags@entry=1)
at /home/sw/tps/bash/lib/malloc/malloc.c:882
p = 0x2030c30
nunits = 1
m = <optimized out>
z = <optimized out>
nbytes = 16
#5 0x000f0fe4 in sh_malloc (bytes=bytes@entry=3,
file=file@entry=0xf447c "/home/sw/tps/bash/make_cmd.c", line=line@entry
=91)
at /home/sw/tps/bash/lib/malloc/malloc.c:1360
No locals.
#6 0x00092314 in sh_xmalloc (bytes=3,
file=0xf447c "/home/sw/tps/bash/make_cmd.c", line=line@entry=91)
at /home/sw/tps/bash/xmalloc.c:223
temp = <optimized out>
#7 0x000378e0 in make_bare_word (string=0x1ff9418 "-e")
at /home/sw/tps/bash/make_cmd.c:91
temp = 0x2056728
#8 0x00050304 in copy_word (w=0x1ffac48)
at /home/sw/tps/bash/copy_cmd.c:61
new_word = 0x10af48
#9 0x000503f4 in copy_word_list (list=0x1ffac68)
at /home/sw/tps/bash/copy_cmd.c:80
new_list = 0x230c9e8
tl = <optimized out>
#10 0x000509d0 in copy_simple_command (com=0x1ffabe8)
at /home/sw/tps/bash/copy_cmd.c:333
new_simple = 0x2310e68
#11 copy_command (command=<optimized out>)
at /home/sw/tps/bash/copy_cmd.c:439
new_command = 0x2307528
#12 0x0005091c in copy_if_command (com=0x1ffaba8)
at /home/sw/tps/bash/copy_cmd.c:284
new_if = 0x2311a68
#13 copy_command (command=<optimized out>)
at /home/sw/tps/bash/copy_cmd.c:423
new_command = 0x23108e8
#14 0x00050a44 in copy_command (command=0x1fdce68)
at /home/sw/tps/bash/copy_cmd.c:449
new_connection = 0x22ecf48
new_command = 0x2311768
#15 0x00050704 in copy_group_command (com=0x1fdce48)
at /home/sw/tps/bash/copy_cmd.c:219
new_group = 0x230bf48
#16 copy_command (command=<optimized out>)
at /home/sw/tps/bash/copy_cmd.c:402
new_command = 0x23100e8
#17 0x00044c14 in execute_function (var=var@entry=0x1fdce08,
words=words@entry=0x2310ec8, flags=flags@entry=32768,
fds_to_close=fds_to_close@entry=0x230bee8, async=async@entry=0,
subshell=subshell@entry=0)
at /home/sw/tps/bash/execute_cmd.c:5043
return_val = <optimized out>
result = <optimized out>
tc = <optimized out>
fc = <optimized out>
save_current = <optimized out>
debug_trap = <optimized out>
error_trap = <optimized out>
return_trap = <optimized out>
funcname_v = 0x1fd3348
bash_source_v = 0x1fd2f88
bash_lineno_v = 0x1fd3088
funcname_a = 0x1fd33c8
bash_source_a = 0x1fd3008
bash_lineno_a = 0x1fd3148
fa = <optimized out>
shell_fn = <optimized out>
sfile = <optimized out>
t = <optimized out>
gs = <optimized out>
gv = <optimized out>
#18 0x00040820 in execute_builtin_or_function (flags=32768,
fds_to_close=0x230bee8, redirects=<optimized out>, var=0x1fdce08,
builtin=0x0, words=0x2310ec8)
at /home/sw/tps/bash/execute_cmd.c:5462
saved_undo_list = 0x0
ofifo = 0
ofifo_list = 0x0
result = <optimized out>
nfifo = <optimized out>
osize = 0
#19 execute_simple_command (fds_to_close=0x230bee8, async=-1, pipe_out=-1,
pipe_in=-1, simple_command=0x230fc08)
at /home/sw/tps/bash/execute_cmd.c:4671
words = 0x2310ec8
result = <optimized out>
builtin_is_special = <optimized out>
old_last_async_pid = <optimized out>
command_line = 0x0
alias_list = <optimized out>
fork_flags = <optimized out>
old_builtin = -1097034368
lastarg = 0x2308168 "setPrompt"
cmdflags = 32768
builtin = 0x0
wd2_len = <optimized out>
lastword = <optimized out>
already_forked = 0
func = 0x1fdce08
old_command_builtin = -1
wd = {word = 0x2267a08 "ALU_SESMGR_RSP_SESS_IDX=2", flags = 4}
#20 execute_command_internal (command=command@entry=0x230fce8,
asynchronous=asynchronous@entry=0, pipe_in=pipe_in@entry=-1,
pipe_out=pipe_out@entry=-1, fds_to_close=fds_to_close@entry=0x230bee8)
at /home/sw/tps/bash/execute_cmd.c:853
exec_result = 0
user_subshell = <optimized out>
invert = 0
ignore_return = 0
was_error_trap = 0
fork_flags = <optimized out>
my_undo_list = 0x0
exec_undo_list = 0x0
tcmd = <optimized out>
save_line_number = 21299
ofifo = 0
nfifo = 987100
osize = 0
saved_fifo = 1
ofifo_list = 0x0
#21 0x00042730 in execute_command (command=0x230fce8)
at /home/sw/tps/bash/execute_cmd.c:404
bitmap = 0x230bee8
result = <optimized out>
#22 0x0004604c in execute_connection (command=command@entry=0x230c568,
asynchronous=asynchronous@entry=0, pipe_in=pipe_in@entry=-1,
pipe_out=pipe_out@entry=-1, fds_to_close=fds_to_close@entry=0x22e4728)
at /home/sw/tps/bash/execute_cmd.c:2813
tc = <optimized out>
second = <optimized out>
ignore_return = <optimized out>
exec_result = 0
was_error_trap = <optimized out>
invert = <optimized out>
save_line_number = 0
#23 0x00041b14 in execute_command_internal (command=0x230c568,
asynchronous=asynchronous@entry=0, pipe_in=pipe_in@entry=-1,
pipe_out=pipe_out@entry=-1, fds_to_close=fds_to_close@entry=0x22e4728)
at /home/sw/tps/bash/execute_cmd.c:1028
exec_result = 0
user_subshell = <optimized out>
invert = 0
ignore_return = 0
was_error_trap = 0
fork_flags = <optimized out>
my_undo_list = 0x0
exec_undo_list = 0x0
tcmd = <optimized out>
save_line_number = 36587304
ofifo = 0
nfifo = 987100
osize = 598804
saved_fifo = 0
ofifo_list = 0xbe9c9740
#24 0x0009ab04 in parse_and_execute (string=<optimized out>,
from_file=from_file@entry=0xf2b48 "PROMPT_COMMAND", flags=flags@entry=5)
at /home/sw/tps/bash/builtins/evalstring.c:490
bitmap = 0x22e4728
code = 0
lreset = 0
should_jump_to_top_level = 0
last_result = 0
command = 0x230c568
pe_sigmask = {__val = {0 <repeats 32 times>}}
#25 0x0003520c in execute_variable_command (
command=0x1ff0808 "stty echo icrnl && setPrompt",
vname=0xf2b48 "PROMPT_COMMAND") at /Users/chet/src/bash/src/parse.y:2737
last_lastarg = 0x2311a88 "port"
ps = {parser_state = 0, token_state = 0x23103e8,
token = 0x1fdbe08 "port", token_buffer_size = 496,
input_line_terminator = 0, eof_encountered = 0,
prompt_string_pointer = 0x11dda8 <ps1_prompt>,
current_command_line_count = 0, remember_on_history = 1,
history_expansion_inhibited = 0, last_command_exit_value = 0,
pipestatus = 0x230da08, last_shell_builtin = 0x0,
this_shell_builtin = 0x0, expand_aliases = 1,
echo_input_at_read = 0, need_here_doc = 0, here_doc_first_line =
0,
redir_stack = {0x0, 0x6e7b4 <hash_search+12>,
0x11a9a0 <variable_context>, 0x1fcabc8, 0xbe9c997c, 0xbe9c9968,
0x47ec4 <var_lookup+36>, 0x46404 <hash_lookup+12>, 0x0, 0xf2b48,
0xbe9c9994, 0xbe9c9980, 0x47f60 <find_variable_internal+124>,
0x47eac <var_lookup+12>, 0x1145a0, 0x0}}
#26 0x00025e94 in execute_prompt_command ()
at /home/sw/tps/bash/eval.c:379
command_to_execute = <optimized out>
pcv = <optimized out>
pcmds = <optimized out>
#27 parse_command ()
at /home/sw/tps/bash/eval.c:405
r = <optimized out>
#28 0x00026088 in read_command ()
at /home/sw/tps/bash/eval.c:456
tmout_var = 0x0
tmout_len = 0
result = <optimized out>
old_alrm = 0x0
#29 0x00026368 in reader_loop ()
at /home/sw/tps/bash/eval.c:174
code = 0
our_indirection_level = 1
current_command = 0x0
#30 0x00025c24 in main (argc=3, argv=0xbe9c9cb4, env=0xbe9c9cc4)
at /home/sw/tps/bash/shell.c:882
i = <optimized out>
code = <optimized out>
old_errexit_flag = <optimized out>
saverst = <optimized out>
locally_skip_execution = 0
arg_index = 3
top_level_arg_index = 3
Thread 1 (Thread 0xb6f23000 (LWP 5525)):
r0 0x0 0
r1 0x1595 5525
r2 0x6 6
r3 0xb6f234c0 3069326528
r4 0xb6e69078 3068563576
r5 0xb6f23000 3069325312
r6 0x0 0
r7 0x10c 268
r8 0x1 1
r9 0xb6e689e0 3068561888
r10 0x1fd33c8 33371080
r11 0xbe9c918c 3197931916
r12 0xfbad2a87 4222429831
sp 0xbe9c904c 0xbe9c904c
lr 0xb6d63fcc -1227472948
pc 0xb6d62c84 0xb6d62c84 <raise+52>
cpsr 0x20040010 537133072
Repeat-By:
There are no specific steps to reproduce the issue.
Thanks and best regards,
Hoa Dang
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Bash runs into segmentation fault (malloc: block on free list clobbered),
Dang Tan Hoa <=