Subject: bin/15256: ksh on sparc dumps core sometimes when SIGWINCH arrives unexpectedly
To: None <gnats-bugs@gnats.netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: netbsd-bugs
Date: 01/15/2002 14:50:47
>Number:         15256
>Category:       bin
>Synopsis:       ksh on sparc dumps core sometimes when SIGWINCH arrives unexpectedly
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jan 15 11:51:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Greg A. Woods
>Release:        2001/06/24
>Organization:
Planix, Inc.; Toronto, Ontario; Canada
>Environment:
System: NetBSD 1.5W
Architecture: sparc
Machine: sparc
>Description:

	I finally caught a reasonably good core dump from a crash of ksh
	that sometimes happens as it runs my ~/.profile and I happen to
	resize the xterm window before the first prompt appears.

	how trapsig() gets called with a parameter of 87996 I cannot
	even begin to guess though given that 'holdlen' is a variable
	not a function (static in vi.c no less), and that line 99 of
	exec.c does not call "holdlen", leads me to suspect that
	something a wee bit earlier along has trashed the stack and the
	trashed return address now simply comes closest to matching that
	of holdlen.

		vi.c:1381:static int	holdlen;		/* length of holdbuf */
		exec.c:99:		return exchild(t, flags & ~XTIME, -1); /* run in sub-process */

	I'm guessing SIGWHINCH is the culprit because the only thing
	different from a successful login where no core is dumped is the
	resizing of the window.  Beyond that I'm at a loss....

	Note this only happens to me on sparc.  I've not seen any
	similar core dumps on i386 since the pre-1.3 days.

>How-To-Repeat:

	Create a long and complex ~/.profile that takes a noticable
	amount of time to run even on a fast machine and then resize
	your xterm while it runs.

	I usually see something like this when it happens:

		Memory fault 
		ksh: [: 0: unexpected operator/operand

$ gdb obj/ksh ~woods/ksh.core
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc--netbsd"...

warning: exec file is newer than core file.
Core was generated by `ksh'.
Program terminated with signal 11, Segmentation fault.
#0  0x2fce0 in trapsig (i=87996)
    at /proven/work/woods/NetBSD-src/bin/ksh/trap.c:117
117             trap = p->set = 1;
(gdb) where
#0  0x2fce0 in trapsig (i=87996)
    at /proven/work/woods/NetBSD-src/bin/ksh/trap.c:117
#1  0xefffff74 in ?? ()
#2  0x97c0c in holdlen ()
#3  0x1d3b4 in execute (t=0xacb68, flags=50)
    at /proven/work/woods/NetBSD-src/bin/ksh/exec.c:99
#4  0x1c570 in comsub (xp=0xefffedf0, cp=0xacb68 "")
    at /proven/work/woods/NetBSD-src/bin/ksh/eval.c:877
#5  0x1b1c0 in expand (cp=0xa72b1 "expr \":$varvalue:\" : \".*:$1:.*\"", 
    wp=0xefffee78, f=11) at /proven/work/woods/NetBSD-src/bin/ksh/eval.c:243
#6  0x1adac in eval (ap=0xa7224, f=11)
    at /proven/work/woods/NetBSD-src/bin/ksh/eval.c:95
#7  0x1d42c in execute (t=0xa71c8, flags=256)
    at /proven/work/woods/NetBSD-src/bin/ksh/exec.c:116
#8  0x1de14 in execute (t=0xa7198, flags=0)
    at /proven/work/woods/NetBSD-src/bin/ksh/exec.c:376
#9  0x1d8b4 in execute (t=0xa7168, flags=0)
    at /proven/work/woods/NetBSD-src/bin/ksh/exec.c:194
#10 0x1ddb0 in execute (t=0xa7050, flags=0)
    at /proven/work/woods/NetBSD-src/bin/ksh/exec.c:369
#11 0x1d8b4 in execute (t=0xa7020, flags=0)
    at /proven/work/woods/NetBSD-src/bin/ksh/exec.c:194
#12 0x1df28 in execute (t=0xa6858, flags=0)
    at /proven/work/woods/NetBSD-src/bin/ksh/exec.c:394
#13 0x1e794 in comexec (t=0xa7928, tp=0xa6820, ap=0xa6040, flags=0)
    at /proven/work/woods/NetBSD-src/bin/ksh/exec.c:664
#14 0x1d724 in execute (t=0xa7928, flags=0)
    at /proven/work/woods/NetBSD-src/bin/ksh/exec.c:157
#15 0x28f88 in shell (s=0xa1820, toplevel=0)
    at /proven/work/woods/NetBSD-src/bin/ksh/main.c:623
#16 0x28bd8 in include (name=0x9fe18 "/home/most/woods/.profile", argc=0, 
    argv=0x0, intr_ok=1) at /proven/work/woods/NetBSD-src/bin/ksh/main.c:504
#17 0x288a8 in main (argc=1, argv=0xeffff7c4)
    at /proven/work/woods/NetBSD-src/bin/ksh/main.c:379
#18 0x10238 in ___start ()
(gdb) print p
$1 = (Trap *) 0x340978
(gdb) print *p
Cannot access memory at address 0x340978.
(gdb) print &holdlen
$2 = (int *) 0x93bb8
(gdb) print /x i
$2 = 0x157bc
(gdb) print sigtraps
$2 = {{signal = 0, name = 0x7a868 "EXIT", mess = 0x7a858 "Signal 0", 
    trap = 0xa1360 ". $HOME/.kshlogout ; exit $?", set = 0, flags = 258, 
    cursig = 0, shtrap = 0}, {signal = 1, name = 0x7a850 "HUP", 
    mess = 0x7a848 "Hangup", trap = 0x0, set = 0, flags = 552, 
    cursig = 0x2fcc8 <trapsig>, shtrap = 0}, {signal = 2, 
    name = 0x7a840 "INT", mess = 0x7a830 "Interrupt", trap = 0x0, set = 0, 
    flags = 232, cursig = 0x2fcc8 <trapsig>, shtrap = 0}, {signal = 3, 
    name = 0x7a828 "QUIT", mess = 0x7a820 "Quit", trap = 0x0, set = 0, 
    flags = 232, cursig = 0x2fcc8 <trapsig>, shtrap = 0}, {signal = 4, 
    name = 0x7a818 "ILL", mess = 0x7a800 "Illegal instruction", trap = 0x0, 
    set = 0, flags = 0, cursig = 0, shtrap = 0}, {signal = 5, 
    name = 0x7a7f8 "TRAP", mess = 0x7a7e8 "Trace trap", trap = 0x0, set = 0, 
    flags = 0, cursig = 0, shtrap = 0}, {signal = 6, name = 0x7a7e0 "ABRT", 
    mess = 0x7a7d8 "Abort", trap = 0x0, set = 0, flags = 0, cursig = 0, 
    shtrap = 0}, {signal = 7, name = 0x7a7d0 "EMT", mess = 0x7a7c0 "EMT trap", 
    trap = 0x0, set = 0, flags = 0, cursig = 0, shtrap = 0}, {signal = 8, 
    name = 0x7a7b8 "FPE", mess = 0x7a798 "Floating point exception", 
    trap = 0x0, set = 0, flags = 0, cursig = 0, shtrap = 0}, {signal = 9, 
    name = 0x7a790 "KILL", mess = 0x7a788 "Killed", trap = 0x0, set = 0, 
    flags = 0, cursig = 0, shtrap = 0}, {signal = 10, name = 0x7a780 "BUS", 
    mess = 0x7a770 "Bus error", trap = 0x0, set = 0, flags = 0, cursig = 0, 
    shtrap = 0}, {signal = 11, name = 0x7a768 "SEGV", 
    mess = 0x7a758 "Memory fault", trap = 0x0, set = 0, flags = 0, cursig = 0, 
    shtrap = 0}, {signal = 12, name = 0x7a750 "SYS", 
    mess = 0x7a740 "Bad system call", trap = 0x0, set = 0, flags = 0, 
    cursig = 0, shtrap = 0}, {signal = 13, name = 0x7a738 "PIPE", 
    mess = 0x7a728 "Broken pipe", trap = 0x0, set = 0, flags = 0, cursig = 0, 
    shtrap = 0}, {signal = 14, name = 0x7a720 "ALRM", 
    mess = 0x7a710 "Alarm clock", trap = 0x0, set = 0, flags = 0, cursig = 0, 
    shtrap = 0}, {signal = 15, name = 0x7a708 "TERM", 
    mess = 0x7a6f8 "Terminated", trap = 0x0, set = 0, flags = 104, 
    cursig = 0x2fcc8 <trapsig>, shtrap = 0}, {signal = 16, 
    name = 0x7a6f0 "URG", mess = 0x7a6d8 "Urgent I/O condition", trap = 0x0, 
    set = 0, flags = 0, cursig = 0, shtrap = 0}, {signal = 17, 
    name = 0x7a6d0 "STOP", mess = 0x7a6b8 "Stopped (signal)", trap = 0x0, 
    set = 0, flags = 0, cursig = 0, shtrap = 0}, {signal = 18, 
    name = 0x7a6b0 "TSTP", mess = 0x7a6a8 "Stopped", trap = 0x0, set = 0, 
    flags = 37, cursig = 0x1, shtrap = 0}, {signal = 19, 
    name = 0x7a6a0 "CONT", mess = 0x7a690 "Continued", trap = 0x0, set = 0, 
    flags = 0, cursig = 0, shtrap = 0}, {signal = 20, name = 0x7a688 "CHLD", 
    mess = 0x7a678 "Child exited", trap = 0x0, set = 0, flags = 41, 
    cursig = 0x2fcc8 <trapsig>, shtrap = 0x24564 <j_sigchld>}, {signal = 21, 
    name = 0x7a670 "TTIN", mess = 0x7a658 "Stopped (tty input)", trap = 0x0, 
    set = 0, flags = 37, cursig = 0x1, shtrap = 0}, {signal = 22, 
    name = 0x7a650 "TTOU", mess = 0x7a638 "Stopped (tty output)", trap = 0x0, 
    set = 0, flags = 37, cursig = 0x1, shtrap = 0}, {signal = 23, 
    name = 0x7a630 "IO", mess = 0x7a620 "I/O possible", trap = 0x0, set = 0, 
    flags = 0, cursig = 0, shtrap = 0}, {signal = 24, name = 0x7a618 "XCPU", 
    mess = 0x7a600 "CPU time limit exceeded", trap = 0x0, set = 0, flags = 0, 
    cursig = 0, shtrap = 0}, {signal = 25, name = 0x7a5f8 "XFSZ", 
    mess = 0x7a5d8 "File size limit exceeded", trap = 0x0, set = 0, flags = 0, 
    cursig = 0, shtrap = 0}, {signal = 26, name = 0x7a5d0 "VTALRM", 
    mess = 0x7a5b8 "Virtual timer expired", trap = 0x0, set = 0, flags = 0, 
    cursig = 0, shtrap = 0}, {signal = 27, name = 0x7a5b0 "PROF", 
    mess = 0x7a598 "Profiling timer expired", trap = 0x0, set = 0, flags = 0, 
    cursig = 0, shtrap = 0}, {signal = 28, name = 0x7a590 "WINCH", 
    mess = 0x7a578 "Window size change", trap = 0x0, set = 0, flags = 41, 
    cursig = 0x2fcc8 <trapsig>, shtrap = 0x1643c <x_sigwinch>}, {signal = 29, 
    name = 0x7a570 "INFO", mess = 0x7a558 "Information request", trap = 0x0, 
    set = 0, flags = 0, cursig = 0, shtrap = 0}, {signal = 30, 
    name = 0x7a550 "USR1", mess = 0x7a538 "User defined signal 1", trap = 0x0, 
    set = 0, flags = 0, cursig = 0, shtrap = 0}, {signal = 31, 
    name = 0x7a530 "USR2", mess = 0x7a518 "User defined signal 2", trap = 0x0, 
    set = 0, flags = 0, cursig = 0, shtrap = 0}, {signal = 32, 
    name = 0x7a510 "PWR", mess = 0x7a4f8 "Power-fail/Restart", trap = 0x0, 
    set = 0, flags = 0, cursig = 0, shtrap = 0}, {signal = 33, 
    name = 0x7a4f0 "ERR", mess = 0x7a4e0 "Error handler", trap = 0x0, set = 0, 
    flags = 0, cursig = 0, shtrap = 0}}
(gdb) 

	I'll keep this core file around for a while for further
	examination in case anyone has any clues or suggestions to
	offer.....

>Fix:

	unknown

>Release-Note:
>Audit-Trail:
>Unformatted: