coredump from C-c-ed function

[xftroxgpx]

Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-unknown-linux-gnu' 
-DCONF_VENDOR='unknown' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' 
-DSHELL -DHAVE_CONFIG_H   -I.  -I. -I./include -I./lib  -D_FORTIFY_SOURCE=2 
-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong 
-DDEFAULT_PATH_VALUE='/usr/local/sbin:/usr/local/bin:/usr/bin' 
-DSTANDARD_UTILS_PATH='/usr/bin' -DSYS_BASHRC='/etc/bash.bashrc' 
-DSYS_BASH_LOGOUT='/etc/bash.bash_logout' -DNON_INTERACTIVE_LOGIN_SHELLS 
-Wno-parentheses -Wno-format-security
uname output: Linux z5 4.15.0-rc9-g0c5b9b5d9adb #177 SMP PREEMPT Mon Jan 22 
09:51:52 CET 2018 x86_64 GNU/Linux
Machine Type: x86_64-unknown-linux-gnu

Bash Version: 4.4
Patch Level: 12
Release Status: release

Description:
bash coredumps by interrupting a called a function via C-c

Repeat-By:
1. get interactive bash shell
2. paste this function definition at command prompt
function dv3() {
  local ec=1
  time while test "$ec" -ne "0"; do
sleep 1
ls /$RANDOM
ec="$?"
  done
}
3. now call it: $ dv3
4. C-c at any point

two things can happen:
A) coredump and immediate exit (also command history is not saved)
B) (coredump?(unsure) and) you still have the bash prompt but the next dv3 
command will do A.

Stacktraces sample:
Jan 23 09:16:53 systemd-coredump[12705]: Process 12703 (bash) of user 1000 
dumped core.

Stack trace of thread 12703:
#0  0x7f624c8ff3dc _int_malloc (libc.so.6)
#1  0x7f624c9012f3 malloc (libc.so.6)
#2  0x0047224e xmalloc (bash)
#3  0x0045eb2b array_create (bash)
#4  0x0045eb71 array_copy (bash)
#5  0x00459e86 run_exit_trap (bash)
#6  0x0045c7c9 n/a (bash)
#7  0x0045c911 termsig_sighandler (bash)
#8  0x7f624c8b38e0 __restore_rt (libc.so.6)
#9  0x7f624c8ff49d _int_malloc (libc.so.6)
#10 0x7f624c9012f3 malloc (libc.so.6)
#11 0x0047224e xmalloc (bash)
#12 0x0042a1c9 make_bare_word (bash)
#13 0x0043c8ed copy_word_list (bash)
#14 0x0043ce3f copy_command (bash)
#15 0x0043ce09 copy_command (bash)
#16 0x0043cf5e n/a (bash)
#17 0x0043cbb1 copy_command (bash)
#18 0x0043cbf9 copy_command (bash)
#19 0x0043cc3a copy_command (bash)
#20 0x00434c01 n/a (bash)
#21 0x004310d9 n/a (bash)
#22 0x00431e4c execute_command_internal (bash)
#23 0x0047894f parse_and_execute (bash)
#24 0x0044dd71 command_substitute (bash)
#25 0x0045285e n/a (bash)
#26 0x00453d11 n/a (bash)
#27 0x00455409 expand_prompt_string (bash)
#28 0x0041dd74 decode_prompt_string (bash)
#29 0x0041e791 n/a (bash)
#30 0x00427c46 yyparse (bash)
#31 0x0041c12f parse_command (bash)
#32 0x0041c218 read_command (bash)
#33 0x0041c3f9 reader_loop (bash)
#34 0x0041b1b5 main (bash)
#35 0x7f624c89ff4a __libc_start_main (libc.so.6)
#36 0x0041b6fa _start (bash)
Jan 23 09:16:53 systemd-coredump[12710]: Process 12708 (bash) of user 1000 
dumped core.

Stack trace of thread 12708:
#0  0x7f624c8ff3dc _int_malloc (libc.so.6)
#1  0x7f624c9012f3 malloc (libc.so.6)
#2  0x0047224e xmalloc (bash)
#3  0x0045ead4 array_create_element (bash)
#4  0x0045eb4d array_create (bash)
#5  0x0045eb71 array_copy (bash)
#6  0x00459e86 run_exit_trap (bash)
#7  0x0045c7c9 n/a (bash)
#8  0x0045c911 termsig_sighandler (bash)
#9  0x7f624c8b38e0 __restore_rt (libc.so.6)
#10 0x7f624c8ff49d _int_malloc (libc.so.6)
#11 0x7f624c9012f3 malloc (libc.so.6)
#12 0x0047224e xmalloc (bash)
#13 0x0042a1c9 make_bare_word (bash)
#14 0x0043c8ed copy_word_list (bash)
#15 0x0043ce3f copy_command (bash)
#16 0x0043cdf4 copy_command (bash)
#17 0x0043cbf9 copy_command (bash)
#18 0x0043cbe8 copy_command (bash)
#19 0x0043cc3a copy_command (bash)
#20 0x00434c01 n/a (bash)
#21 0x004310d9 n/a (bash)
#22 0x00431e4c execute_command_internal (bash)
#23 0x0047894f parse_and_execute (bash)
#24 0x0044dd71 command_substitute (bash)
#25 0x0045285e n/a (bash)
#26 0x00453d11 n/a (bash)
#27 0x00455409 expand_prompt_string (bash)
#28 0x0041dd74 decode_prompt_string (bash)
#29 0x0041e791 n/a (bash)
#30 0x00427c46 yyparse (bash)
#31 0x0041c12f parse_command (bash)
#32 0x0041c218 read_command (bash)
#33 0x0041c3f9 reader_loop (bash)
#34 0x0041b1b5 main (bash)
#35 0x7f624c89ff4a __libc_start_main (libc.so.6)
#36 0x0041b6fa _start (bash)
Jan 23 09:16:56 log

Re: coredump from C-c-ed function

[xftroxgpx]

​

 Original Message 
 On January 23, 2018 2:54 PM, Chet Ramey  wrote:

>On 1/23/18 3:30 AM, xftroxgpx wrote:
>
>>Bash Version: 4.4
>> Patch Level: 12
>> Release Status: release
>>Description:
>> bash coredumps by interrupting a called a function via C-c
>>Repeat-By:
>>1. get interactive bash shell
>>
>>2. paste this function definition at command prompt
>> function dv3() {
>> local ec=1
>> time while test "$ec" -ne "0"; do
>> sleep 1
>> ls /$RANDOM
>> ec="$?"
>> done
>> }
>>
>>3. now call it: $ dv3
>>
>>4. C-c at any point
>>
>>
> $ ./bash
> $ echo $BASH_VERSION
> 4.4.12(2)-release
> $ function dv3() {
>>local ec=1
>> time while test "$ec" -ne "0"; do
>> sleep 1
>> ls /$RANDOM
>> ec="$?"
>> done
>> }
>>
>$ type dv3
> dv3 is a function
> dv3 ()
> {
> local ec=1;
> time while test "$ec" -ne "0"; do
> sleep 1;
> /bin/ls -F /$RANDOM;
> ec="$?";
> done
> }
> $ dv3
> /bin/ls: cannot access /10692: No such file or directory
> /bin/ls: cannot access /8614: No such file or directory
> /bin/ls: cannot access /22963: No such file or directory
> ^C
>
> real  0m3.189s
> user  0m0.002s
> sys   0m0.008s
> $
>
> (I have an alias for ls.)
Seems like you hit variant B) here.
where you get to see the prompt but there still was a coredump, which looks 
like this on `journalctl -efa --no-hostname`, for me:
$ type dv3
dv3 is a function
dv3 () 
{ 
local ec=1;
time while test "$ec" -ne "0"; do
sleep 1;
ls --color=auto /$RANDOM;
ec="$?";
done
}
$ dv3
ls: cannot access '/10004': No such file or directory
ls: cannot access '/9610': No such file or directory
^C

real0m3.001s
user0m0.001s
sys 0m0.008s
$

#still got prompt
#(in another terminal) partial output of `journalctl -efa --no-hostname` is:
Jan 23 16:19:50 systemd-coredump[2517]: Process 2515 (bash) of user 1000 dumped 
core.

Stack trace of thread 2515:
#0  0x7f3763d7649d _int_malloc (libc.so.6)
#1  0x7f3763d782f3 malloc (libc.so.6)
#2  0x0047224e xmalloc (bash)
#3  0x0042a1c9 make_bare_word (bash)
#4  0x0043c8ed copy_word_list (bash)
#5  0x0043ce3f copy_command (bash)
#6  0x0043ce09 copy_command (bash)
#7  0x0043cf5e n/a (bash)
#8  0x0043cbb1 copy_command (bash)
#9  0x0043cbf9 copy_command (bash)
#10 0x0043cc3a copy_command (bash)
#11 0x00434c01 n/a (bash)
#12 0x004310d9 n/a (bash)
#13 0x00431e4c execute_command_internal (bash)
#14 0x0047894f parse_and_execute (bash)
#15 0x0044dd71 command_substitute (bash)
#16 0x0045285e n/a (bash)
#17 0x00453d11 n/a (bash)
#18 0x00455409 expand_prompt_string (bash)
#19 0x0041dd74 decode_prompt_string (bash)
#20 0x0041e791 n/a (bash)
#21 0x00427c46 yyparse (bash)
#22 0x0041c12f parse_command (bash)
#23 0x0041c218 read_command (bash)
#24 0x0041c3f9 reader_loop (bash)
#25 0x0041b1b5 main (bash)
#26 0x7f3763d16f4a __libc_start_main (libc.so.6)
#27 0x0041b6fa _start (bash)
Jan 23 16:19:50 systemd-coredump[2522]: Process 2520 (bash) of user 1000 dumped 
core.

Stack trace of thread 2520:
#0  0x7f3763d7649d _int_malloc (libc.so.6)
#1  0x7f3763d782f3 malloc (libc.so.6)
#2  0x0047224e xmalloc (bash)
#3  0x0042a1c9 make_bare_word (bash)
#4  0x0043c8ed copy_word_list (bash)
#5  0x0043ce3f copy_command (bash)
#6  0x0043cdf4 copy_command (bash)
#7  0x0043cbf9 copy_command (bash)
#8  0x0043cbe8 copy_command (bash)
#9  0x0043cc3a copy_command (bash)
#10 0x00434c01 n/a (bash)
#11 0x004310d9 n/a (bash)
#12 0x00431e4c execute_command_internal (bash)
#13 0x0047894f parse_and_execute (bash)
#14 0x0044dd71 command_substitute (bash)
#15 0x0045285e n/a (bash)
#16 0x00453d11 n/a (bash)
#17 0x00455409 expand_prompt_string (bash)
#18 0x0041dd74 decode_prompt_string (bash)
#19 0x0041e791 n/a (bash)
#20 0x00427c46 yyparse (bash)
#21 0x0041c12f parse_command (bash)
#22 0x0041c218 read_command (bash)
#23 0x0041c3f9 reader_loop (bash)
#24 0x0041b1b5 main (bash)
#25 0x7f3763d16f4a __libc_start_main (libc.so.6)
#26 0x0041b6fa _start (bash)

#continuing in original terminal, where I still got a prompt
$ echo a
a
$

#still got a prompt
#looking at journalctl again:
Jan 23 16:22:44 systemd-coredump[2726]: Process 2724 (bash) of user 1000 dumped 
core.

Stack trace of thread 2724:
#0  0x7f3

Re: coredump from C-c-ed function

[xftroxgpx]

 Original Message 
 On January 23, 2018 5:33 PM, Chet Ramey  wrote:

>On 1/23/18 9:57 AM, Chet Ramey wrote:
>>On 1/23/18 8:54 AM, Chet Ramey wrote:
>>>On 1/23/18 3:30 AM, xftroxgpx wrote:
>>>>Bash Version: 4.4
>>>> Patch Level: 12
>>>> Release Status: release
>>>>Description:
>>>> bash coredumps by interrupting a called a function via C-c
>>>>
>>>OK, I got it to crash. It has something to do with the command timing.
>> I'll take a look.
>>
>
> This was fixed back in November as a result of
>https://savannah.gnu.org/support/?109403
>
> and the fix is in the devel branch.
>
>The lyf so short, the craft so long to lerne.'' - ChaucerArs longa, vita 
>brevis'' - Hippocrates
> Chet Ramey, UTech, CWRU chet@case.eduhttp://tiswww.cwru.edu/~chet/
>

I can confirm that the issue is completely gone with the bash version from the 
devel branch. Thank you for pointing me to it!
GNU bash, version 4.4.12(1)-maint (x86_64-pc-linux-gnu)
tested latest commit e7e095ceb37ba7649a5d56a008147b379027f6f4

I had no idea that the latest bash(from master) is almost 1 year old:
commit bc007799f0e1362100375bb95d952d28de4c62fb (origin/master, origin/HEAD, 
master)
Date:   Fri Jan 27 11:25:44 2017 -0500

Bash-4.4 patch 12

what I was using: 
https://git.archlinux.org/svntogit/packages.git/log/trunk?h=packages/bash

Cheers! Best wishes!