Discussion:
[ast-developers] ksh crash
Michal Hlavinka
2014-03-28 15:57:32 UTC
Permalink
Hi,
we've seen ksh crashing sometimes, but for a long time, we was not able
to reproduce it intentionally.

reproducer:

ksh -c 'while((SECONDS<10)); do test -z `/bin/false | /bin/false |
/bin/doesnotexist`; done' 2>/dev/null

Usually, the loop crashes after a few (<10) iterations, sometimes it
takes longer.

Backtrace is usually different. One example:
#0 bestlistreclaim (vm=0x81bd40 <_Vmheap>, pack=0x25fffce494c0,
listp=0x25fffce494c0) at libast/vmalloc/vmbest.c:471
#1 bestpackalloc (vm=0x81bd40 <_Vmheap>, pack=0x25fffce494c0,
size=65568, minz=65568) at libast/vmalloc/vmbest.c:578
#2 bestalloc (vm=0x81bd40 <_Vmheap>, size=65537, local=0)
at libast/vmalloc/vmbest.c:745
#3 ast_malloc (size=65537) at libast/vmalloc/malloc.c:770
#4 sh_iostream (shp=0x81da40 <sh>, fd=4, fn=4) at sh/io.c:329
#5 sh_iorenumber (shp=0x81da40 <sh>, f1=4, f2=0) at sh/io.c:443
#6 sh_exec (shp=0x81bd40 <_Vmheap>, t=0x25fffce494c0, flags=5)
at sh/xec.c:1966
#7 sh_exec (shp=0x81bd40 <_Vmheap>, t=0x25fffce494c0, flags=5)
at sh/xec.c:2206
#8 sh_subshell (shp=0x81da40 <sh>, t=0x25fffce87e90, flags=5, comsub=1)
at sh/subshell.c:611
#9 comsubst (mp=0x25fffce5d8e0, t=0x25fffce87e90, type=1)
at sh/macro.c:2166
#10 copyto (mp=0x25fffce5d8e0, endch=0, newquote=0)
at sh/macro.c:601
#11 sh_macexpand (shp=0x81da40 <sh>, argp=0x25fffce87960,
arghead=0x7fffffffd238, flag=0)
at sh/macro.c:245
#12 arg_expand (shp=0x81da40 <sh>, argp=0x400000,
argchain=0x7fffffffd238, flag=0)
at sh/args.c:1112
#13 sh_argbuild (shp=0x81da40 <sh>, nargs=0x7fffffffd2c4,
comptr=0x25fffce87900, flag=0)
at sh/args.c:950
#14 sh_exec (shp=0x81bd40 <_Vmheap>, t=0x25fffce494c0, flags=4)
at sh/xec.c:993
#15 sh_exec (shp=0x81bd40 <_Vmheap>, t=0x25fffce494c0, flags=5)
at sh/xec.c:2503
#16 exfile (shp=0x81bd40 <_Vmheap>, iop=0x25fffce494c0, fno=8)
at sh/main.c:610
#17 sh_main (ac=3, av=0x7fffffffe188, userinit=0x0)
at sh/main.c:382
#18 main (argc=3, argv=0x7fffffffe188) at sh/pmain.c:45

With VMALLOC_OPTIONS=abort,method=debug it prints
free error:region=0x25c7d034deb0:block=0x25c7d07a46a0:not currently
allocated:
And backtrace goes sh_exec ->job_fork ->job_reap ->jobsave_create
->_ast_free ->dbfree ->dbwarn ->vmdbwarn ->abort

Loading...