Re: malloc crash - Corinna Vinschen

public inbox for cygwin-developers@cygwin.com
 help / color / mirror / Atom feed

From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin-developers@cygwin.com
Subject: Re: malloc crash
Date: Mon, 25 Oct 2021 10:59:41 +0200	[thread overview]
Message-ID: <YXZx/WcY/CIKknPo@calimero.vinschen.de> (raw)
In-Reply-To: <6a4d6675-7e4d-bcb3-9aff-acc0788d211d@cornell.edu>

On Oct 24 17:46, Ken Brown wrote:
> I'm trying to debug the fifo problem reported here:
> 
>   https://cygwin.com/pipermail/cygwin/2021-October/249635.html
> 
> To keep my email self-contained, here are the reproduction instructions.
> Run the attached script with argument 1000.  The output is supposed to look
> like this:
> [...]
>     func=0x18004a218 <dll_crt0_1(void*)>, arg=0x0, buf=0xffffcdb0)
>     at ../../../../temp/winsup/cygwin/cygtls.cc:40
> #17 0x00000001800476c1 in _cygtls::call (func=0x18004a218 <dll_crt0_1(void*)>,
>     arg=0x0) at ../../../../temp/winsup/cygwin/cygtls.cc:27
> #18 0x000000018004aac9 in _dll_crt0 ()
>     at ../../../../temp/winsup/cygwin/dcrt0.cc:1099
> #19 0x0000000000000000 in ?? ()
> Backtrace stopped: previous frame inner to this frame (corrupt stack?)
> 
> Typing 'finish' enough times until it won't return anymore shows that there
> is an infinite loop starting with an access violation here:
> 
> (gdb) f 8
> #8  0x0000000180191a5c in init_top (m=0x18036f860 <_gm_>, p=0x800010000,
>     psize=65456) at ../../../../temp/winsup/cygwin/malloc.cc:3903
> 3903      p->head = psize | PINUSE_BIT;

The address p=0x800010000 indicates that this malloc tries to alloc heap
space, and the address 0x800010000 is right at the start.  Exec'd
process, so this SEGV is rather strange, becasue that would mean this
part of the VM isn't commited.  How's that supposed to happen?  Malloc
should have called sbrk before, which in turn would have committed this
part of the heap.  Puzzeling.

> If I'm reading the backtrace correctly, the access violation occurs while
> Cygwin is trying to allocate storage for the main thread object of the
> exec'd process.

Looks like it, yes.

> I'm not familiar enough with the relevant Cygwin internals to take the
> analysis any further, but my guess is that the problem is somehow triggered
> by the creation of a new thread at the end of
> fhandler_fifo::fixup_after_exec:
> 
>       new cygthread (fifo_reader_thread, this, "fifo_reader", thr_sync_evt);
> 
> Is this a bug in the fifo code?  Is there some reason I shouldn't be
> creating a new thread in fixup_after_exec?

I'm not aware of any.  Starting cygthreads is an integral part of
process startup, e. g., the wait_sig thread.

Has the thread already been started at this point?


Corinna

next prev parent reply	other threads:[~2021-10-25  8:59 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-24 21:46 Ken Brown
2021-10-25  8:56 ` Takashi Yano
2021-10-25 13:37   ` Ken Brown
2021-10-25  8:59 ` Corinna Vinschen [this message]
2021-10-25 12:35   ` Ken Brown
2021-10-25 15:39     ` Corinna Vinschen
2021-10-25 21:29       ` Mark Geisert
2021-10-25 22:02         ` Ken Brown
2021-10-25 23:36           ` Mark Geisert
2021-10-26  0:18             ` Takashi Yano
2021-10-26  0:54               ` Mark Geisert
2021-10-26  8:30                 ` Mark Geisert
2021-10-26  8:52                   ` Takashi Yano
2021-10-26  8:59                     ` Mark Geisert
2021-10-26  9:26                       ` Takashi Yano
2021-10-26  9:31                         ` Corinna Vinschen
2021-10-26  9:28                       ` Corinna Vinschen
2021-10-26  9:27                 ` Corinna Vinschen
2021-10-26  9:24           ` Corinna Vinschen
2021-10-26 14:32             ` Ken Brown
2021-10-26 16:03               ` Corinna Vinschen
2021-10-26 16:36                 ` Ken Brown
2021-10-26 16:49                   ` Corinna Vinschen
2021-10-26 17:10                     ` Ken Brown
2021-10-27  0:44                     ` Takashi Yano
2021-10-27  9:01                       ` Corinna Vinschen
2021-10-26 16:44                 ` Takashi Yano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YXZx/WcY/CIKknPo@calimero.vinschen.de \
    --to=corinna-cygwin@cygwin.com \
    --cc=cygwin-developers@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).