MOO-cows Mailing List Archive

Re: Panic with 1.7.9p2

Date: Wed, 6 Mar 1996 21:05:08 PST
From:
asb@media.mit.edu
cc: Amy Bruckman <asb@media-lab.media.mit.edu>, moo-cows.PARC@xerox.com, asb@media.mit.edu
In-Reply-to: "Your message of \"Wed, 06 Mar 96 17:48:53 PST.\" <96Mar6.184854pdt.7634@silk.parc.xerox.com>, 6 Mar"


Your message dated: Wed, 06 Mar 96 17:48:53 PST
> > I suppose "don't do that!"  is
> > a reasonable reply...  :-) 

> Don't do that.

Like I said. :-)


> being an Alpha, each list element is 16 bytes, so you're trying to make a
> *sublist* that's 524,315 elements long 

Yikes!

I think what must've happened is that the bug (which I've definitely fixed!)
caused the list length to double each time it recursed.
It recursed 19 times.
2^19 == 524,288


I ftp'd a fresh copy of 1.7.9p2 and LambdaCore.latest, and wrote a one line
program called crash:

  return this:crash({@args[1], @args[1]});

And viola:

  ;#2:crash({"foo"})
  *** Shutting down: server panic ***

This is again on a Dec Alpha running OSF/1 V3.2A. 

The scary thing is, I didn't even need to suspend!
Trying this on a Sun SparcStation IPC running SunOs 4.1.3, even with a
suspend before and after, the task just runs out of seconds.

So the problem is: anyone can easily crash any MOO running on a fast enough
processor.

Thanks for your help.


-- Amy


ps. This is redundant, but FYI, from my fresh copy of the 1.7.9p2/LambdaCore:

Mar  6 23:48:05: *** PANIC: memory allocation (size 67108880) failed!
Mar  6 23:48:05: #2:crash, line 1:  server panic
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #2:crash, line 1
Mar  6 23:48:05: ... called from #-1:Input to EVAL, line 1
Mar  6 23:48:05: ... called from built-in function eval()
Mar  6 23:48:05: ... called from #57:eval_cmd_string (this == #2), line 18
Mar  6 23:48:05: ... called from #57:eval*-d (this == #2), line 10
Mar  6 23:48:05: (End of traceback)
Mar  6 23:48:05: PANIC-DUMPING on lc.db.new.PANIC ...
Mar  6 23:48:08: PANIC-DUMPING on lc.db.new.PANIC finished

Core file created by program "moo"

signal IOT/Abort trap at   [__kill:41 +0x8,0x3ff801072d8]        Source not avai
lable
(dbx) where
>  0 __kill(0x11fffef90, 0x100000008, 0x1407f87a0, 0x1447fc1e0, 0x3ff800df50c) [
"../../../../../src/usr/ccs/lib/libc/alpha/kill.s":41, 0x3ff801072d8]
   1 raise(0x6, 0x1407e1b40, 0x67, 0x140018d2b, 0x200000) ["../../../../../src/u
sr/ccs/lib/libc/raise.c":87, 0x3ff8011bbe0]
   2 abort(0x14, 0x140018d2b, 0x200000, 0x0, 0x0) ["../../../../../src/usr/ccs/l
ib/libc/abort.c":131, 0x3ff8010a050]
   3 abort_server(0x200000, 0x0, 0x0, 0x0, 0x1200286c4) ["server.c":117, 0x12002
856c]
   4 panic(0x0, 0x0, 0x1200286c4, 0x6, 0x12002c070) ["server.c":145, 0x1200286c0
]
   5 mymalloc(0x4000010, 0x7, 0x120015038, 0x1407d4720, 0x100000002) ["storage.c
":79, 0x12002c06c]
   6 new_list(0x11ffff190, 0x400000, 0x120027ecc, 0x2, 0x120028190) ["list.c":43
, 0x12001cd58]
   7 listconcat(0x11ffff308, 0x1427fc1c0, 0x100000004, 0x1427fc1c0, 0x100000004)
 ["list.c":148, 0x12001d4ac]
   8 run(0x100000060, 0x0, 0x1, 0x0, 0x12003a268) ["execute.c":542, 0x120016434]
   9 do_task(0x11ffff908, 0xffffffffffffffff, 0x0, 0x100000004, 0x1407f95a0) ["e
xecute.c":1295, 0x12001a108]
  10 do_input_task(0x1407292e0, 0x100000000, 0x0, 0x1407d56b0, 0x120030e30) ["ex
ecute.c":1412, 0x12001a970]
  11 do_command_task(0x1407f67e0, 0x1407f7e20, 0x120030558, 0x1, 0x120031e00) ["
tasks.c":499, 0x120030e5c]
 12 run_ready_tasks(0x120022768, 0x1, 0x120028e48, 0x2, 0x120028e80) ["tasks.c"
:883, 0x120031d08]
  13 main_loop(0x0, 0x11ffffe6c, 0x23, 0x100000002, 0x12002b018) ["server.c":337
, 0x120028e8c]
  14 main(0x100000004, 0x11ffffd70, 0x120009abc, 0x120009a10, 0x3ff00000000) ["s
erver.c":1006, 0x12002b034]

Follow-Ups:

Re: Panic with 1.7.9p2

From: Zachary DeAquila <zachary@zachs.place.org>

References:

Re: Panic with 1.7.9p2

From: Pavel Curtis <pavel@parc.xerox.com>

Prev: Re: Panic with 1.7.9p2
Next: Re: Panic with 1.7.9p2
Index: MOO-cows
Thread: MOO-cows

Home | Subject Index | Thread Index