Exim & cygwin-2.6.0-1 (x86) fatal Signal 6 on start

Exim & cygwin-2.6.0-1 (x86) fatal Signal 6 on start

[Ross Hemingway]

Update to cygwin-2.6.0-1.  Exim has a fatal start error - exim: PID 
3756: service `exim' failed: signal 6 raised.

Rolled back to cygwin-2.5.2-1,  problem averted.

-- 


Regards
--
Ross Hemingway


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Exim & cygwin-2.6.0-1 (x86) fatal Signal 6 on start

[Pierre A. Humblet]

On 9/12/2016 8:26 AM, Ross Hemingway wrote:
> Update to cygwin-2.6.0-1.  Exim has a fatal start error - exim: PID 
> 3756: service `exim' failed: signal 6 raised.
>
> Rolled back to cygwin-2.5.2-1,  problem averted.
>

Sorry for the very long delay in answering.
The debugging below was done from a non-privileged account, and the 
setuid32() should thus fail, but the program should not abort.

It aborts in the call to "free (privs)".
"privs" are obtained by get_priv_list().
When the target user is SYSTEM, get_priv_list()  returns 
(PTOKEN_PRIVILEGES) &sys_privs;
where "sys_privs" is a constant structure that cannot be freed.

Pierre

Breakpoint 2, setuid32 (uid=18) at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/syscalls.cc:3426
3426    {
(gdb) c
Continuing.

Breakpoint 3, create_token (usersid=..., new_groups=...) at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/sec_auth.cc:856
856     {
(gdb) b 978
Breakpoint 4 at 0x180107e98: file 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/sec_auth.cc, 
line 978.
(gdb) c
Continuing.

Breakpoint 4, create_token (usersid=..., new_groups=...) at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/sec_auth.cc:978
978       if (status)
(gdb) n
979         __seterrno_from_nt_status (status);
(gdb) n
993       pop_self_privilege ();
(gdb) n
994       if (token != INVALID_HANDLE_VALUE)
(gdb) n
996       if (privs)
(gdb) n
997         free (privs);
(gdb) s
free (p=0x180247e40 <sys_privs>) at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/malloc_wrapper.cc:36
36        malloc_printf ("(%p), called by %p", p, caller_return_address ());
(gdb) n
35      {
(gdb) n
36        malloc_printf ("(%p), called by %p", p, caller_return_address ());
(gdb) n
37        if (!use_internal)
(gdb) n
41            __malloc_lock ();
(gdb) n
42            dlfree (p);
(gdb) s
dlfree (mem=mem@entry=0x180247e40 <sys_privs>) at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/malloc.cc:4688
4688      if (mem != 0) {
(gdb) p mem
$8 = (void *) 0x180247e40 <sys_privs>
(gdb) n
4701          if (RTCHECK(ok_address(fm, p) && ok_inuse(p))) {
(gdb) n
4689        mchunkptr p  = mem2chunk(mem);
(gdb) n
4701          if (RTCHECK(ok_address(fm, p) && ok_inuse(p))) {
(gdb) n
4780          USAGE_ERROR_ACTION(fm, p);
(gdb) s
abort () at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/signal.cc:364
364       _my_tls.incyg++;
(gdb) n
365       sig_dispatch_pending ();
(gdb) s
364       _my_tls.incyg++;
(gdb) s
365       sig_dispatch_pending ();
(gdb) s
sig_dispatch_pending (fast=fast@entry=false) at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/sigproc.cc:438
438       if (sigq.pending () && &_my_tls != _sig_tls)
(gdb) s
pending_signals::pending (this=0x180212220 <sigq>, this=0x180212220 
<sigq>) at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/sigproc.cc:77
77        bool pending () {retry = true; return !!start.next;}
(gdb) s
sig_dispatch_pending (fast=fast@entry=false) at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/sigproc.cc:438
438       if (sigq.pending () && &_my_tls != _sig_tls)
(gdb) s
440     }
(gdb) s
abort () at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/signal.cc:369
369       sigdelset (&sig_mask, SIGABRT);
(gdb) s
368       sigfillset (&sig_mask);
(gdb) s
sigfillset (set=0xffff9c68) at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/signal.cc:506
506       *set = ~((sigset_t) 0);
(gdb) s
abort () at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/signal.cc:369
369       sigdelset (&sig_mask, SIGABRT);
(gdb) s
sigdelset (set=0xffff9c68, sig=6) at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/signal.cc:466
466     {
(gdb) s
468       if (sig <= 0 || sig >= NSIG)
(gdb) s
466     {
(gdb) s
468       if (sig <= 0 || sig >= NSIG)
(gdb) s
475       *set &= ~SIGTOMASK (sig);
(gdb) s
477     }
(gdb) s
abort () at 
/ext/build/mknetrel/src/cygwin-snapshot-20161214-1/winsup/cygwin/signal.cc:370
370       set_signal_mask (_my_tls.sigmask, sig_mask);


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Exim & cygwin-2.6.0-1 (x86) fatal Signal 6 on start

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 934 bytes --]

On Jan  3 19:36, Pierre A. Humblet wrote:
> 
> On 9/12/2016 8:26 AM, Ross Hemingway wrote:
> > Update to cygwin-2.6.0-1.  Exim has a fatal start error - exim: PID
> > 3756: service `exim' failed: signal 6 raised.
> > 
> > Rolled back to cygwin-2.5.2-1,  problem averted.
> > 
> 
> Sorry for the very long delay in answering.
> The debugging below was done from a non-privileged account, and the
> setuid32() should thus fail, but the program should not abort.
> 
> It aborts in the call to "free (privs)".
> "privs" are obtained by get_priv_list().
> When the target user is SYSTEM, get_priv_list()  returns (PTOKEN_PRIVILEGES)
> &sys_privs;
> where "sys_privs" is a constant structure that cannot be freed.

Thanks for the analysis.  I pushed a fix.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]