Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: "crash: free invalid next size (fast)" on completion

X-seq: zsh-workers 49887
From: Johan Ström <johan@xxxxxxxxxxx>
To: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
Cc: zsh-workers@xxxxxxx
Subject: Re: "crash: free invalid next size (fast)" on completion
Date: Thu, 24 Mar 2022 08:31:53 +0100
Archived-at: <https://zsh.org/workers/49887>
In-reply-to: <CAH+w=7Yn_jyvHiOtpMAmq8rFESM16LgEdzgGx7t0E+c2ctS1fg@mail.gmail.com>
List-id: <zsh-workers.zsh.org>
References: <df2ea61b-d0ea-ba95-98e0-d0fe84b800d0@stromnet.se> <CAH+w=7Yn_jyvHiOtpMAmq8rFESM16LgEdzgGx7t0E+c2ctS1fg@mail.gmail.com>

Hi,

On 2022-03-23 18:14, Bart Schaefer wrote:

(Following up to zsh-users so this thread doesn't appear abandoned;
further discussion should probably be directed to
zsh-workers@xxxxxxx.)

Continuing on zsh-worker


On Tue, Mar 22, 2022 at 12:41 AM Johan Ström <johan@xxxxxxxxxxx> wrote:

last week (and now today again, on several terminals after being idle since Friday) I noticed that several of my terminals crashed and closed when writing `git <tab>` or `ls <tab>`. Managed to capture one such crash on video before terminal closed, and it printed "free invalid next size (fast)".

...

                 Stack trace of thread 843836:
                 #5  0x00007f36842f104d _int_free (libc.so.6 + 0x9b04d)
                 #6  0x00007f36842f3be3 free (libc.so.6 + 0x9dbe3)
                 #7  0x00007f36839ffa7f unmetafy_line (zle.so + 0x33a7f)
                 #8  0x00007f3683a0427a n/a (zle.so + 0x3827a)
                 #9  0x00007f36839fcc34 completecall (zle.so + 0x30c34)

These terminals have been running for ~5 days.
On newly opened terminals, tab completion works fine.

Have had 5.8-1 on this machine since July, never had any issues. 5.8.1-1 installed on 16 Feb.

Hm.  There's nothing in the zsh code changes I see that would cause
this effect; an actually idle shell should have been sitting blocked
on read.  Is there any sort of periodic event that might be sending a
signal to those shells?

There is nothing in my .zsh config that I'm aware of that would doanything periodic. PS1 is simple: "%m %~$". The terminal is foot(https://codeberg.org/dnkl/foot) and window manager is sway(wlroots-based), not sure if they'd do anything.. The terminal wasseemingly identical to how I left it at least.A bunch of other packages have been updated at the same time, so couldof course be something external. But I have not experienced any crashesor issues in any other programs.

Took a quick look on the 5.8..5.8.1 diff and there seems to be somebuffer juggling going on, didn't look too close but perhaps there issome overflow or double free or something?


Do other completions crash, or only completions that involve file names?

Not sure, will check with some known completion if I see it again(typically have a bunch of terminal open, and at least previouslymultiple of them seemed to break)

Follow-Ups:
- Re: "crash: free invalid next size (fast)" on completion
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author