Re: XWin.exe segmentation fault on Windows 7

[Jon TURNEY <jon.turney@dronecode.org.uk>]

On 08/08/2012 05:51, Chris LeBlanc wrote:
> I'm trying to help a coworker get Cygwin running on her Windows 7
> (64b) machine, but we're seeing a segmentation fault with XWin.exe.
> Previous versions of X11 worked fine on this machine, but recently it
> has been unable to fork processes.  It's been giving the error "fork:
> child -1 - forked process died unexpectedly ...", which is why I've
> been trying to upgrade to the most recent version of Cygwin.

Thanks for the detailed bug report.

Given you were getting fork problems before this upgrade, this might well be a
problem with some other software interfering with cygwin's operation. So you
should take a look at [1], and probably try running XWin with CYGWIN including
detect_bloda [2]

> Any advice on how to get more debug info?  How hard is it to build
> XWin from source?  If it's a minor strcpy() issue it could be a pretty
> easy fix.  Any other advice?

Instructions on building the X server from source are in [3], but with the
debug info package installed you have source and symbols, so you should be
able to set a breakpoint on main and step through the code anyhow.

>       0 [main] XWin 6164 exception::handle: Exception: STATUS_ACCESS_VIOLATION
>     454 [main] XWin 6164 open_stackdumpfile: Dumping stack trace to
> XWin.exe.stackdump
> 
> Program received signal SIGSEGV, Segmentation fault.
> strcpy (dst0=0x40010006 <Address 0x40010006 out of bounds>, src0=0x0)
>     at /usr/src/debug/cygwin-1.7.16-1/newlib/libc/string/strcpy.c:86
> 86            while (!DETECTNULL(*aligned_src))
> (gdb) bt full
> #0  strcpy (dst0=0x40010006 <Address 0x40010006 out of bounds>, src0=0x0)
>     at /usr/src/debug/cygwin-1.7.16-1/newlib/libc/string/strcpy.c:86
>         dst = 0x40010006 <Address 0x40010006 out of bounds>
>         src = 0x0
>         aligned_dst = 0x40010006
>         aligned_src = 0x28a026
> #1  0x751d2ad6 in OutputDebugStringA () from
> /cygdrive/c/Windows/syswow64/KERNELBASE.dll
> No symbol table info available.
> #2  0x40010006 in ?? ()
> No symbol table info available.
> #3  0x00000000 in ?? ()
> No symbol table info available.
> (gdb)

This stack trace looks highly suspicious:
- The presence of the invalid address 0x40010006 as src for strcpy and in the
backtrace
- I think cygwin is supposed to notice it is being debugged and give control
to the debugger and not write a stackdump file
- I don't think OutputDebugStringA() should ever end up calling cygwin's strcpy()

So all this suggests to me some kind of stack corruption has happened.

> Output from XWin.exe.stackdump:
> Exception: STATUS_ACCESS_VIOLATION at eip=61129F8B
> eax=0028D624 ebx=00000000 ecx=00000000 edx=00000000 esi=0028D624 edi=0028AB5C
> ebp=0028A968 esp=0028A95C program=C:\cygwin\bin\XWin.exe, pid 6164, thread main
> cs=0023 ds=002B es=002B fs=0053 gs=002B ss=002B
> Stack trace:
> Frame     Function  Args
> 0028A968  61129F8B  (0028D624, 00000000, 0028FF14, 771170D5)
> 0028AA28  6108E2BA  (0028AA58, 611DF23B, 60FE8510, 00000068)
> 0028AB78  6108EB57  (60FE000C, 00000005, 0028ABC4, 005C2DE9)
> 0028AB98  61091F56  (005C2DCE, 005C2DCC, 00000000, 00000000)
> 0028ABF8  610D5F05  (6C340000, 00000001, 0028FD24, 00000002)
> 0028AC38  00528F43  (00000002, 0028AC60, 800280E8, 8003A441)
> 0028ACF8  61007535  (00000000, 0028CD78, 61006B20, 00000000)
> End of stack trace

Processing this with "awk '/^[0-9]/{print $2}' XWin.exe.stackdump | addr2line
-asf -e /usr/bin/cygwin1.dll", and cleaning up the output by hand a bit, gives...

0x61129f8b	strcpy			strcpy.c:86
0x6108e2ba	fillout_mntent		mount.cc:1636
0x6108eb57	cygdrive_getmntent	mount.cc:1720
0x61091f56	getmntent		mount.cc:1900
0x610d5f05	??			??:0
0x00528f43	main			main.c:145
0x61007535	_Z10dll_crt0_1Pv	dcrt0.cc:982

... which looks a bit more reasonable, and suggests something in the cygwin
DLL is exploding when XWin uses getmntent() in winCheckMount() to check for
FAT and textmode mounts.

[1] http://cygwin.com/faq/faq.using.html#faq.using.bloda
[2] http://cygwin.com/ml/cygwin/2012-02/msg00797.html
[2] http://x.cygwin.com/docs/cg/

-- 
Jon TURNEY
Volunteer Cygwin/X X Server maintainer

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://x.cygwin.com/docs/
FAQ:                   http://x.cygwin.com/docs/faq/