malloc crash
Corinna Vinschen
corinna-cygwin@cygwin.com
Tue Oct 26 09:27:18 GMT 2021
On Oct 25 17:54, Mark Geisert wrote:
> Takashi Yano wrote:
> > On Mon, 25 Oct 2021 16:36:50 -0700
> > Mark Geisert wrote:
> > > Ken Brown wrote:
> > > > On 10/25/2021 5:29 PM, Mark Geisert wrote:
> > > > > Corinna Vinschen wrote:
> > > > > > On Oct 25 08:35, Ken Brown wrote:
> > > > > > > On 10/25/2021 4:59 AM, Corinna Vinschen wrote:
> > > > > > > > Has the thread already been started at this point?
> > > > > > >
> > > > > > > Yes, here's the backtrace of that thread:
> > > > > > >
> > > > > > > Thread 5 (Thread 9692.0x7c4c):
> > > > > > > #0 0x00000001801934f9 in sys_alloc (m=0x18036f860 <_gm_>, nb=1040) at
> > > > > > > ../../../../temp/winsup/cygwin/malloc.cc:4232
> > > > > > > #1 0x0000000180196b96 in dlmalloc (bytes=1024) at
> > > > > > > ../../../../temp/winsup/cygwin/malloc.cc:4669
> > > > > > > #2 0x00000001801993e1 in dlrealloc (oldmem=0x0, bytes=1024) at
> > > > > > > ../../../../temp/winsup/cygwin/malloc.cc:5187
> > > > > > > #3 0x00000001800e8eed in realloc (p=0x0, size=1024) at
> > > > > > > ../../../../temp/winsup/cygwin/malloc_wrapper.cc:73
> > > > > >
> > > > > > Er... huh? So both threads are in a malloc function? This shouldn't
> > > > > > have happened, given the clunky muto guarding malloc calls. This is
> > > > > > really strange. Why's the muto not working here?
> > > > >
> > > > > Is it possible both threads have executed malloc_init()?
> > > > > If so, the second one would reinit the muto.
> > > >
> > > > Or does the fifo_reader thread call a malloc function before the main thread has
> > > > called malloc_init()? This would presumably cause __malloc_lock() to fail, but
> > > > there's no error check.
> > >
> > > If there's a global constructor involved, that is known to happen. Constructors
> > > are run from dll_crt0_0(), before malloc_init() is called from dll_crt0_1(). See
> > > dcrt0.cc for the details.
> >
> > So how about moving malloc_init() call from dll_crt0_1() to dll_crl0_0()
> > so that malloc() can be called in fixup_after_fork/exec()?
>
> It appears simple, but this is a touchy area of code. The _0 and _1 are two
> separate phases of process startup. I'd want to hear Corinna's thoughts on
> this.
This would have to be split into two calls then. The muto initialization
can be moved to dll_crt0_0, but the check for user space provided malloc
can only occur after the processes' CRT code has run, so this can only
be done from dll_crt0_1.
> I'd also like to verify somehow that this is the scenario Ken is hitting.
Yeah, that's not a safe bet yet.
Corinna
More information about the Cygwin-developers
mailing list