From: Ken Brown <kbrown@cornell.edu>
To: cygwin-developers@cygwin.com
Subject: Re: malloc crash
Date: Mon, 25 Oct 2021 08:35:01 -0400 [thread overview]
Message-ID: <97873b16-7ec3-02d7-1861-3ec62a79c37e@cornell.edu> (raw)
In-Reply-To: <YXZx/WcY/CIKknPo@calimero.vinschen.de>
On 10/25/2021 4:59 AM, Corinna Vinschen wrote:
> On Oct 24 17:46, Ken Brown wrote:
>> I'm trying to debug the fifo problem reported here:
>>
>> https://cygwin.com/pipermail/cygwin/2021-October/249635.html
>>
>> To keep my email self-contained, here are the reproduction instructions.
>> Run the attached script with argument 1000. The output is supposed to look
>> like this:
>> [...]
>> func=0x18004a218 <dll_crt0_1(void*)>, arg=0x0, buf=0xffffcdb0)
>> at ../../../../temp/winsup/cygwin/cygtls.cc:40
>> #17 0x00000001800476c1 in _cygtls::call (func=0x18004a218 <dll_crt0_1(void*)>,
>> arg=0x0) at ../../../../temp/winsup/cygwin/cygtls.cc:27
>> #18 0x000000018004aac9 in _dll_crt0 ()
>> at ../../../../temp/winsup/cygwin/dcrt0.cc:1099
>> #19 0x0000000000000000 in ?? ()
>> Backtrace stopped: previous frame inner to this frame (corrupt stack?)
>>
>> Typing 'finish' enough times until it won't return anymore shows that there
>> is an infinite loop starting with an access violation here:
>>
>> (gdb) f 8
>> #8 0x0000000180191a5c in init_top (m=0x18036f860 <_gm_>, p=0x800010000,
>> psize=65456) at ../../../../temp/winsup/cygwin/malloc.cc:3903
>> 3903 p->head = psize | PINUSE_BIT;
>
> The address p=0x800010000 indicates that this malloc tries to alloc heap
> space, and the address 0x800010000 is right at the start. Exec'd
> process, so this SEGV is rather strange, becasue that would mean this
> part of the VM isn't commited. How's that supposed to happen? Malloc
> should have called sbrk before, which in turn would have committed this
> part of the heap. Puzzeling.
>
>> If I'm reading the backtrace correctly, the access violation occurs while
>> Cygwin is trying to allocate storage for the main thread object of the
>> exec'd process.
>
> Looks like it, yes.
>
>> I'm not familiar enough with the relevant Cygwin internals to take the
>> analysis any further, but my guess is that the problem is somehow triggered
>> by the creation of a new thread at the end of
>> fhandler_fifo::fixup_after_exec:
>>
>> new cygthread (fifo_reader_thread, this, "fifo_reader", thr_sync_evt);
>>
>> Is this a bug in the fifo code? Is there some reason I shouldn't be
>> creating a new thread in fixup_after_exec?
>
> I'm not aware of any. Starting cygthreads is an integral part of
> process startup, e. g., the wait_sig thread.
>
> Has the thread already been started at this point?
Yes, here's the backtrace of that thread:
Thread 5 (Thread 9692.0x7c4c):
#0 0x00000001801934f9 in sys_alloc (m=0x18036f860 <_gm_>, nb=1040) at
../../../../temp/winsup/cygwin/malloc.cc:4232
#1 0x0000000180196b96 in dlmalloc (bytes=1024) at
../../../../temp/winsup/cygwin/malloc.cc:4669
#2 0x00000001801993e1 in dlrealloc (oldmem=0x0, bytes=1024) at
../../../../temp/winsup/cygwin/malloc.cc:5187
#3 0x00000001800e8eed in realloc (p=0x0, size=1024) at
../../../../temp/winsup/cygwin/malloc_wrapper.cc:73
#4 0x000000018008b6c4 in fhandler_fifo::add_client_handler (this=0x1803a0d80,
new_pipe_instance=false) at ../../../../temp/winsup/cygwin/fhandler_fifo.cc:330
#5 0x000000018008b9ee in fhandler_fifo::update_my_handlers (this=0x1803a0d80)
at ../../../../temp/winsup/cygwin/fhandler_fifo.cc:407
#6 0x000000018008bfe6 in fhandler_fifo::fifo_reader_thread_func
(this=0x1803a0d80) at ../../../../temp/winsup/cygwin/fhandler_fifo.cc:531
#7 0x000000018008bcda in fifo_reader_thread (param=0x1803a0d80) at
../../../../temp/winsup/cygwin/fhandler_fifo.cc:453
#8 0x000000018004684f in cygthread::callfunc (this=0x180276620 <threads>,
issimplestub=false) at ../../../../temp/winsup/cygwin/cygthread.cc:48
#9 0x0000000180046a25 in cygthread::stub (arg=0x180276620 <threads>) at
../../../../temp/winsup/cygwin/cygthread.cc:91
#10 0x000000018004771c in _cygtls::call2 (this=0x114ce00, func=0x180046856
<cygthread::stub(void*)>, arg=0x180276620 <threads>, buf=0x114cce0) at
../../../../temp/winsup/cygwin/cygtls.cc:40
#11 0x00000001800476c1 in _cygtls::call (func=0x180046856
<cygthread::stub(void*)>, arg=0x180276620 <threads>) at
../../../../temp/winsup/cygwin/cygtls.cc:27
#12 0x00000001800e4e65 in threadfunc_fe (arg=0x180276620 <threads>) at
../../../../temp/winsup/cygwin/init.cc:28
#13 0x00007ffe94c27034 in KERNEL32!BaseThreadInitThunk () from
/c/WINDOWS/System32/KERNEL32.DLL
#14 0x00007ffe950a2651 in ntdll!RtlUserThreadStart () from
/c/WINDOWS/SYSTEM32/ntdll.dll
#15 0x0000000000000000 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
It's also trying to allocate memory. Is this a race between two threads
allocating memory?
Ken
next prev parent reply other threads:[~2021-10-25 12:35 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-24 21:46 Ken Brown
2021-10-25 8:56 ` Takashi Yano
2021-10-25 13:37 ` Ken Brown
2021-10-25 8:59 ` Corinna Vinschen
2021-10-25 12:35 ` Ken Brown [this message]
2021-10-25 15:39 ` Corinna Vinschen
2021-10-25 21:29 ` Mark Geisert
2021-10-25 22:02 ` Ken Brown
2021-10-25 23:36 ` Mark Geisert
2021-10-26 0:18 ` Takashi Yano
2021-10-26 0:54 ` Mark Geisert
2021-10-26 8:30 ` Mark Geisert
2021-10-26 8:52 ` Takashi Yano
2021-10-26 8:59 ` Mark Geisert
2021-10-26 9:26 ` Takashi Yano
2021-10-26 9:31 ` Corinna Vinschen
2021-10-26 9:28 ` Corinna Vinschen
2021-10-26 9:27 ` Corinna Vinschen
2021-10-26 9:24 ` Corinna Vinschen
2021-10-26 14:32 ` Ken Brown
2021-10-26 16:03 ` Corinna Vinschen
2021-10-26 16:36 ` Ken Brown
2021-10-26 16:49 ` Corinna Vinschen
2021-10-26 17:10 ` Ken Brown
2021-10-27 0:44 ` Takashi Yano
2021-10-27 9:01 ` Corinna Vinschen
2021-10-26 16:44 ` Takashi Yano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=97873b16-7ec3-02d7-1861-3ec62a79c37e@cornell.edu \
--to=kbrown@cornell.edu \
--cc=cygwin-developers@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).