> Hi. This appears to happen when creating a shell variable from the initial
> environment. I can't reproduce it. If you can find a way to reliably
> reproduce it, please let me know and we can work on it.
So far, we have encountered this issue three times in our environment. The
following is one of the coredump information
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007fa9f5b822b3 in __pthread_kill_internal (signo=6, threadid=<optimized
out>) at pthread_kill.c:78
#2 0x00007fa9f5b36146 in __GI_raise (sig=sig@entry=6) at
../sysdeps/posix/raise.c:26
#3 0x00007fa9f5b214f7 in __GI_abort () at abort.c:79
#4 0x00007fa9f5b76397 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7fa9f5cb0120 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#5 0x00007fa9f5b8bd0c in malloc_printerr (str=str@entry=0x7fa9f5cae1d4
"malloc(): corrupted top size") at malloc.c:5671
#6 0x00007fa9f5b8f18c in _int_malloc (av=av@entry=0x7fa9f5ce6aa0
<main_arena>, bytes=bytes@entry=48) at malloc.c:4375
#7 0x00007fa9f5b8fbf7 in __GI___libc_malloc (bytes=bytes@entry=48) at
malloc.c:3323
#8 0x000055dce1cceb40 in xmalloc (bytes=bytes@entry=48) at xmalloc.c:114
#9 0x000055dce1c86924 in new_shell_variable (name=name@entry=0x7ffce3c2e25a
"DIRNAME_ALIAS") at variables.c:2804
#10 0x000055dce1c8a490 in make_new_variable (name=name@entry=0x7ffce3c2e25a
"DIRNAME_ALIAS", table=table@entry=0x55dce2a3d720) at variables.c:2821
#11 0x000055dce1c8a51d in bind_variable_internal (name=<optimized out>,
value=0x7ffce3c2e268 "/usr/bin/dirname", table=0x55dce2a3d720,
hflags=<optimized out>, aflags=0) at variables.c:3174
#12 0x000055dce1c8d4c7 in initialize_shell_variables (env=<optimized out>,
privmode=0) at variables.c:460
#13 0x000055dce1c6a508 in shell_initialize () at shell.c:1945
#14 0x000055dce1c6887f in main (argc=3, argv=0x7ffce3c2cb28,
env=0x7ffce3c2cb48) at shell.c:572
(gdb) frame 14
#14 0x000055dce1c6887f in main (argc=3, argv=0x7ffce3c2cb28,
env=0x7ffce3c2cb48) at shell.c:572
572 shell_initialize ();
(gdb) p env[15]
$283 = 0x7ffce3c2e23c "PROCESS_NAME=hofsosdfileagent"
(gdb) p env[16]
$284 = 0x7ffce3c2e25a "DIRNAME_ALIAS"
(gdb) p *global_variables->table->bucket_array[54]
$285 = {next = 0x0, key = 0x55dce2a426e0 "PROCESS_NAME", data = 0x55dce2a42680,
khash = 889366582, times_found = 0}
(gdb) p (SHELL_VAR) *0x55dce2a42680
$286 = {name = 0x55dce2a426c0 "PROCESS_NAME", value = 0x55dce2a42730
"hofsosdfileagent", exportstr = 0x55dce2a42750 "PROCESS_NAME=hofsosdfileagent",
dynamic_value = 0x0, assign_func = 0x0, attributes = 32769, context = 0}
(gdb) p main_arena.top
$287 = (mchunkptr) 0x55dce2a42760
(gdb) p (char*) main_arena.top
$288 = 0x55dce2a42760 "sosdfileagent"
The initialize_shell_variables function is processing env. When the for loop
reaches env[16], glibc needs to use the main_arena.top variable. However, the
value in the address pointed to by the top variable is overwritten by env[15],
causing a glibc exception and resulting in a coredump
We are still continuously find a way to reliably reproduce it, but this may
take some time. We hope you could take a look at the above information and
provide useful suggestions
