zsh-workers
 help / color / mirror / code / Atom feed
From: "Antoine C." <acalando@free.fr>
To: zsh-workers@zsh.org
Subject: [BUG] abort due to malloc/free problem
Date: Mon, 28 Jan 2019 15:58:05 +0100 (CET)	[thread overview]
Message-ID: <2063069324.1568135698.1548687485026.JavaMail.root@zimbra62-e11.priv.proxad.net> (raw)

Hello,

I have a set of scripts which crash after some time (can be 10mn or more than 1 hour).
These scripts are continually launching subshells and commands in background then waiting for them to finish.

It occurs with the Ubuntu 18.04.1 version 5.4.2 and also the last on the git 5.7.

I compiled with:
./configure --enable-zsh-debug --enable-multibyte

I tried a few combinations and noticed that --enable-zsh-mem prevented the abort.

I get the following messages:

   free(): invalid size
   zsh: abort (core dumped)

or:

   double free or corruption (out)
   zsh: abort (core dumped)

or just:

   zsh: segmentation fault (core dumped)

Backtrace from the core files give:

#0  _int_malloc (av=av@entry=0x7f21c9231c40 <main_arena>, bytes=bytes@entry=448) at malloc.c:3735
#1  0x00007f21c8edd0fc in __GI___libc_malloc (bytes=448) at malloc.c:3057
#2  0x000055dbbb7d2206 in zalloc (size=448) at mem.c:966
#3  0x000055dbbb7c19d5 in clearjobtab (monitor=1) at jobs.c:1705
#4  0x000055dbbb790a85 in entersubsh (flags=3, retp=0x7ffc8db68bd8) at exec.c:1138
#5  0x000055dbbb795db3 in execcmd_fork (state=0x7ffc8db6c070, how=4, type=8, varspc=0x0, filelistp=0x7ffc8db68d60, text=0x55dbbba51ea0 <jbuf> "( $WGET ${(e)URL} -O $filename -a $LOG.$task; rc=$? ; print  &>> $LOG.$task; )", oautocont=-1, close_if_forked=-1) at exec.c:2748
#6  0x000055dbbb79627c in execcmd_exec (state=0x7ffc8db6c070, eparams=0x7ffc8db690a0, input=0, output=0, how=4, last1=2, close_if_forked=-1) at exec.c:2868
#7  0x000055dbbb7937e6 in execpline2 (state=0x7ffc8db6c070, pcode=11459, how=4, input=0, output=0, last1=0) at exec.c:1927
#8  0x000055dbbb79239c in execpline (state=0x7ffc8db6c070, slcode=35842, how=4, last1=0) at exec.c:1658
#9  0x000055dbbb79163f in execlist (state=0x7ffc8db6c070, dont_change_job=1, exiting=0) at exec.c:1413
#10 0x000055dbbb7cb7a2 in execif (state=0x7ffc8db6c070, do_exec=0) at loop.c:576
#11 0x000055dbbb79965d in execcmd_exec (state=0x7ffc8db6c070, eparams=0x7ffc8db69910, input=0, output=0, how=18, last1=2, close_if_forked=-1) at exec.c:3910
#12 0x000055dbbb7937e6 in execpline2 (state=0x7ffc8db6c070, pcode=10563, how=18, input=0, output=0, last1=0) at exec.c:1927
#13 0x000055dbbb79239c in execpline (state=0x7ffc8db6c070, slcode=150530, how=18, last1=0) at exec.c:1658
#14 0x000055dbbb79163f in execlist (state=0x7ffc8db6c070, dont_change_job=1, exiting=0) at exec.c:1413
#15 0x000055dbbb7ca7ee in execfor (state=0x7ffc8db6c070, do_exec=0) at loop.c:175
#16 0x000055dbbb79965d in execcmd_exec (state=0x7ffc8db6c070, eparams=0x7ffc8db6a1f0, input=0, output=0, how=2, last1=2, close_if_forked=-1) at exec.c:3910
#17 0x000055dbbb7937e6 in execpline2 (state=0x7ffc8db6c070, pcode=10307, how=2, input=0, output=0, last1=0) at exec.c:1927
#18 0x000055dbbb79239c in execpline (state=0x7ffc8db6c070, slcode=171010, how=2, last1=0) at exec.c:1658
#19 0x000055dbbb79163f in execlist (state=0x7ffc8db6c070, dont_change_job=1, exiting=0) at exec.c:1413
#20 0x000055dbbb7ca7ee in execfor (state=0x7ffc8db6c070, do_exec=0) at loop.c:175
#21 0x000055dbbb79965d in execcmd_exec (state=0x7ffc8db6c070, eparams=0x7ffc8db6aad0, input=0, output=0, how=2, last1=2, close_if_forked=-1) at exec.c:3910
#22 0x000055dbbb7937e6 in execpline2 (state=0x7ffc8db6c070, pcode=9923, how=2, input=0, output=0, last1=0) at exec.c:1927
#23 0x000055dbbb79239c in execpline (state=0x7ffc8db6c070, slcode=521218, how=2, last1=0) at exec.c:1658
#24 0x000055dbbb79163f in execlist (state=0x7ffc8db6c070, dont_change_job=1, exiting=0) at exec.c:1413
#25 0x000055dbbb7ca7ee in execfor (state=0x7ffc8db6c070, do_exec=0) at loop.c:175
#26 0x000055dbbb79965d in execcmd_exec (state=0x7ffc8db6c070, eparams=0x7ffc8db6b3b0, input=0, output=0, how=18, last1=2, close_if_forked=-1) at exec.c:3910
#27 0x000055dbbb7937e6 in execpline2 (state=0x7ffc8db6c070, pcode=9667, how=18, input=0, output=0, last1=0) at exec.c:1927
#28 0x000055dbbb79239c in execpline (state=0x7ffc8db6c070, slcode=620546, how=18, last1=0) at exec.c:1658
#29 0x000055dbbb79163f in execlist (state=0x7ffc8db6c070, dont_change_job=1, exiting=0) at exec.c:1413
#30 0x000055dbbb7ca7ee in execfor (state=0x7ffc8db6c070, do_exec=0) at loop.c:175
#31 0x000055dbbb79965d in execcmd_exec (state=0x7ffc8db6c070, eparams=0x7ffc8db6bc90, input=0, output=0, how=18, last1=2, close_if_forked=-1) at exec.c:3910
#32 0x000055dbbb7937e6 in execpline2 (state=0x7ffc8db6c070, pcode=7811, how=18, input=0, output=0, last1=0) at exec.c:1927
#33 0x000055dbbb79239c in execpline (state=0x7ffc8db6c070, slcode=750594, how=18, last1=0) at exec.c:1658
#34 0x000055dbbb79163f in execlist (state=0x7ffc8db6c070, dont_change_job=0, exiting=0) at exec.c:1413
#35 0x000055dbbb790c7a in execode (p=0x7f21c9e243b0, dont_change_job=0, exiting=0, context=0x55dbbb82bdb6 "toplevel") at exec.c:1192
#36 0x000055dbbb7b7c53 in loop (toplevel=1, justonce=0) at init.c:209
#37 0x000055dbbb7bbd10 in zsh_main (argc=2, argv=0x7ffc8db6c358) at init.c:1758
#38 0x000055dbbb76edfa in main (argc=2, argv=0x7ffc8db6c358) at ./main.c:93

or 

#0  tcache_get (tc_idx=0) at malloc.c:2943
#1  __GI___libc_malloc (bytes=16) at malloc.c:3050
#2  0x000055970fbe2206 in zalloc (size=16) at mem.c:966
#3  0x000055970fbe0282 in pushheap () at mem.c:304
#4  0x000055970fbda580 in execfor (state=0x7fff0c041120, do_exec=0) at loop.c:118
#5  0x000055970fba965d in execcmd_exec (state=0x7fff0c041120, eparams=0x7fff0c03f2a0, input=0, output=0, how=2, last1=2, close_if_forked=-1) at exec.c:3910
#6  0x000055970fba37e6 in execpline2 (state=0x7fff0c041120, pcode=10307, how=2, input=0, output=0, last1=0) at exec.c:1927
#7  0x000055970fba239c in execpline (state=0x7fff0c041120, slcode=171010, how=2, last1=0) at exec.c:1658
#8  0x000055970fba163f in execlist (state=0x7fff0c041120, dont_change_job=1, exiting=0) at exec.c:1413
#9  0x000055970fbda7ee in execfor (state=0x7fff0c041120, do_exec=0) at loop.c:175
#10 0x000055970fba965d in execcmd_exec (state=0x7fff0c041120, eparams=0x7fff0c03fb80, input=0, output=0, how=2, last1=2, close_if_forked=-1) at exec.c:3910
#11 0x000055970fba37e6 in execpline2 (state=0x7fff0c041120, pcode=9923, how=2, input=0, output=0, last1=0) at exec.c:1927
#12 0x000055970fba239c in execpline (state=0x7fff0c041120, slcode=521218, how=2, last1=0) at exec.c:1658
#13 0x000055970fba163f in execlist (state=0x7fff0c041120, dont_change_job=1, exiting=0) at exec.c:1413
#14 0x000055970fbda7ee in execfor (state=0x7fff0c041120, do_exec=0) at loop.c:175
#15 0x000055970fba965d in execcmd_exec (state=0x7fff0c041120, eparams=0x7fff0c040460, input=0, output=0, how=18, last1=2, close_if_forked=-1) at exec.c:3910
#16 0x000055970fba37e6 in execpline2 (state=0x7fff0c041120, pcode=9667, how=18, input=0, output=0, last1=0) at exec.c:1927
#17 0x000055970fba239c in execpline (state=0x7fff0c041120, slcode=620546, how=18, last1=0) at exec.c:1658
#18 0x000055970fba163f in execlist (state=0x7fff0c041120, dont_change_job=1, exiting=0) at exec.c:1413
#19 0x000055970fbda7ee in execfor (state=0x7fff0c041120, do_exec=0) at loop.c:175
#20 0x000055970fba965d in execcmd_exec (state=0x7fff0c041120, eparams=0x7fff0c040d40, input=0, output=0, how=18, last1=2, close_if_forked=-1) at exec.c:3910
#21 0x000055970fba37e6 in execpline2 (state=0x7fff0c041120, pcode=7811, how=18, input=0, output=0, last1=0) at exec.c:1927
#22 0x000055970fba239c in execpline (state=0x7fff0c041120, slcode=750594, how=18, last1=0) at exec.c:1658
#23 0x000055970fba163f in execlist (state=0x7fff0c041120, dont_change_job=0, exiting=0) at exec.c:1413
#24 0x000055970fba0c7a in execode (p=0x7febab4c83b0, dont_change_job=0, exiting=0, context=0x55970fc3bdb6 "toplevel") at exec.c:1192
#25 0x000055970fbc7c53 in loop (toplevel=1, justonce=0) at init.c:209
#26 0x000055970fbcbd10 in zsh_main (argc=2, argv=0x7fff0c041408) at init.c:1758
#27 0x000055970fb7edfa in main (argc=2, argv=0x7fff0c041408) at ./main.c:93

I also tried with MALLOC_CHECK_=3 but it seems that instead of crashing, the script just freeze.

Also, when running with valgrind, the output gets flooded with traces, so I am not sure here if this is really relevant.

If you need other specific tests to be run, I would be glad to help.

Antoine

             reply	other threads:[~2019-01-28 15:05 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-28 14:58 Antoine C. [this message]
2019-01-29 19:10 ` Peter Stephenson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2063069324.1568135698.1548687485026.JavaMail.root@zimbra62-e11.priv.proxad.net \
    --to=acalando@free.fr \
    --cc=zsh-workers@zsh.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).