Bug 868846

Summary: bash hangs when receive some signal. there is a bug in trap signal handling
Product: Red Hat Enterprise Linux 6 Reporter: Kirby Zhou <kirbyzhou>
Component: bashAssignee: Ondrej Vasik <ovasik>
Status: CLOSED ERRATA QA Contact: Martin Kyral <mkyral>
Severity: urgent Docs Contact: Petr Bokoc <pbokoc>
Priority: urgent    
Version: 6.3CC: deekej, dkutalek, fkrska, havill, jherrman, jkejda, jkurik, kdudka, ko_nakamura, mkolaja, ovasik, pbokoc, qe-baseos-apps, skito, thozza, tnagata, yohmura
Target Milestone: rcKeywords: Patch, ZStream
Target Release: 6.7   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: AMCS
Fixed In Version: bash-4.1.2-40.el6 Doc Type: Bug Fix
Doc Text:
Fixed signal handling in *Bash* Due to the signal handler function calling certain signal-unsafe functions such as `malloc()`, the *Bash* shell in some cases became unresponsive after it received a signal. This update ensures that the signal handler no longer calls signal-unsafe functions, which prevents the described bug from occurring.
 Story Points: ---
Clone Of:
: 1254162 1254163 1254165 1322803 1322804 (view as bug list) Environment:
Last Closed: 2016-05-10 20:49:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1070830, 1254162, 1254163, 1254165, 1322803, 1322804    

Description Kirby Zhou 2012-10-22 09:33:04 UTC 
Description of problem:


Version-Release number of selected component (if applicable):

bash-4.1.2-9.el6_2

How reproducible:

40%


Steps to Reproduce:

In some complex situation, the bash itself will hang.
Check the Trace of stack, we can found there is a bug in its signal handler.
It calls some not-async-signal-safe functions such as malloc in the signal handler function.

(gdb) bt
#0  __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:97
#1  0x0000003c8147bed5 in _L_lock_9323 () from /lib64/libc.so.6
#2  0x0000003c814797c6 in __libc_malloc (bytes=259870211712) at malloc.c:3657
#3  0x0000000000465ef3 in xmalloc (bytes=16) at xmalloc.c:112
#4  0x000000000041de9e in save_token_state () at ./parse.y:1737
#5  0x0000000000450709 in run_pending_traps () at trap.c:337
#6  0x00000000004508fd in trap_handler (sig=12) at trap.c:401
#7  <signal handler called>
#8  _int_malloc (av=0x3c8178be80, bytes=<value optimized out>) at malloc.c:4706


Patch within 4.1.2-9 only fixed the handler of SIGCHLD.
* Thu Apr 19 2012 Roman Rakus <rrakus> - 4.1.2-9
- Don't call malloc in signal handler
  Resolves: #800473
Comment 1 Kirby Zhou 2012-10-22 09:42:44 UTC 
check the following url for a testcase
http://lists.gnu.org/archive/html/bug-bash/2012-10/msg00039.html
Comment 3 RHEL Program Management 2012-12-14 08:08:04 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 6 RHEL Program Management 2013-10-14 00:21:20 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 89 errata-xmlrpc 2016-05-10 20:49:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0800.html