From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.75]) by sourceware.org (Postfix) with ESMTPS id B17403858C2C for ; Mon, 25 Oct 2021 08:59:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B17403858C2C Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=cygwin.com Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=cygwin.com Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue107 [212.227.15.183]) with ESMTPSA (Nemesis) id 1Ml76o-1n6Xrv0M9c-00lSk8 for ; Mon, 25 Oct 2021 10:59:43 +0200 Received: by calimero.vinschen.de (Postfix, from userid 500) id DA9D7A80D4C; Mon, 25 Oct 2021 10:59:41 +0200 (CEST) Date: Mon, 25 Oct 2021 10:59:41 +0200 From: Corinna Vinschen To: cygwin-developers@cygwin.com Subject: Re: malloc crash Message-ID: Reply-To: cygwin-developers@cygwin.com Mail-Followup-To: cygwin-developers@cygwin.com References: <6a4d6675-7e4d-bcb3-9aff-acc0788d211d@cornell.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <6a4d6675-7e4d-bcb3-9aff-acc0788d211d@cornell.edu> X-Provags-ID: V03:K1:NM8/WW2f786FUqL7sKQrqKrMT4TOOXvUuXFDC1mduJV4gl59L0Q X+L4vbpI4uWaD96VbC60/DLkMP12qj8ZdGunr5LM3L3bS5DfieEeWvSnt3dFPZSaq4WQdbv DGUIcmq1onUzYXTnCShMDPbTqJx2ge2mSaaJ7IX6fm+/jWVf0E71MdBI1xVKfFczSx+LyFy Z+PVsrVnsMumCaqQf+1qA== X-UI-Out-Filterresults: notjunk:1;V03:K0:0Kj4S02Hrek=:tZfVZRl3ql9gNfvUgQxO78 axBa6dpybmxzl3LnKxo5ntTScPQaUKf/eoLUooaFx9tMCC1hYzm1OYGxjf/A0emX6zI5/T+l9 Go29rXS37krhTjkHV8fD8znE/EVZWFXu2oc6455L5Pc9si9yWgVBGScpmE2AJ42/Ka8+ggo7N ZdebbM1uRqCJaRTAeV6WnzBxVdKmt2YULlFjWDcdsYHciVAMDQKZXcXCpzA+19Y5t2vacjuWf j2yj1oVAbqgMRJrnLfMZhBptN+ZU4sVlAmn/RhV8KJahdGc1fL/UA4cF0Kg7sYf/Lpi83LcBd cPv/fulrVHK5gGX3G4tGXlyWGBDyPAwXRmws8MY0ZCpVoUlGUimnWaGjLvBv5ELdkOl/4rBJ7 veH+0eBA6oJsu4PZdh63AXHs9U+axv1mE44d/mSk8OAFbFJAikTBxL1ASA2r5Cs8aOyQ0Nj1G xUtkiWMBb+pK2w/IdhnEu2Z2EeiKClKWca+Iv7f5KO3uSTBHAfGyIJQ7PNH8gnaNPDTd1piuD e1Iac8GvSxeLlw/NPmJpxnOxX+QeHxZKoqvC8xLz0u9fiVaxbwCkR1Etnpcbxjk4jxVORczLV 5/1dDeHO+3usGsgQ545OzgS1EEmH3/epfTMxUOlN9Nc6hx/gSK6rz5g1/ZVKn5+N9v3Daj7av q1L8rtVO2UVZ4fJb2HMruJGJj1RDEN/Lo5OFF/JP9zEyQRsCwfXP8+Vt2QJ0G2nzZcPf4jlWV fT+J1eUTdXS8DDnU X-Spam-Status: No, score=-99.5 required=5.0 tests=BAYES_00, GOOD_FROM_CORINNA_CYGWIN, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NEUTRAL, TXREP, WEIRD_PORT autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin-developers@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Cygwin core component developers mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Oct 2021 08:59:48 -0000 On Oct 24 17:46, Ken Brown wrote: > I'm trying to debug the fifo problem reported here: > > https://cygwin.com/pipermail/cygwin/2021-October/249635.html > > To keep my email self-contained, here are the reproduction instructions. > Run the attached script with argument 1000. The output is supposed to look > like this: > [...] > func=0x18004a218 , arg=0x0, buf=0xffffcdb0) > at ../../../../temp/winsup/cygwin/cygtls.cc:40 > #17 0x00000001800476c1 in _cygtls::call (func=0x18004a218 , > arg=0x0) at ../../../../temp/winsup/cygwin/cygtls.cc:27 > #18 0x000000018004aac9 in _dll_crt0 () > at ../../../../temp/winsup/cygwin/dcrt0.cc:1099 > #19 0x0000000000000000 in ?? () > Backtrace stopped: previous frame inner to this frame (corrupt stack?) > > Typing 'finish' enough times until it won't return anymore shows that there > is an infinite loop starting with an access violation here: > > (gdb) f 8 > #8 0x0000000180191a5c in init_top (m=0x18036f860 <_gm_>, p=0x800010000, > psize=65456) at ../../../../temp/winsup/cygwin/malloc.cc:3903 > 3903 p->head = psize | PINUSE_BIT; The address p=0x800010000 indicates that this malloc tries to alloc heap space, and the address 0x800010000 is right at the start. Exec'd process, so this SEGV is rather strange, becasue that would mean this part of the VM isn't commited. How's that supposed to happen? Malloc should have called sbrk before, which in turn would have committed this part of the heap. Puzzeling. > If I'm reading the backtrace correctly, the access violation occurs while > Cygwin is trying to allocate storage for the main thread object of the > exec'd process. Looks like it, yes. > I'm not familiar enough with the relevant Cygwin internals to take the > analysis any further, but my guess is that the problem is somehow triggered > by the creation of a new thread at the end of > fhandler_fifo::fixup_after_exec: > > new cygthread (fifo_reader_thread, this, "fifo_reader", thr_sync_evt); > > Is this a bug in the fifo code? Is there some reason I shouldn't be > creating a new thread in fixup_after_exec? I'm not aware of any. Starting cygthreads is an integral part of process startup, e. g., the wait_sig thread. Has the thread already been started at this point? Corinna