Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005959OCamlOCaml windowspublic2013-03-25 17:222014-09-26 22:32
Reportertoots 
Assigned Todoligez 
PrioritynormalSeveritycrashReproducibilityalways
StatusassignedResolutionopen 
PlatformWindowsOSWindowsOS VersionXP
Product Version4.00.1 
Target Version4.02.2+devFixed in Version 
Summary0005959: Crash in Unix.select
DescriptionI have been working on updating the mingw-ocaml cross-compiler for 4.00.1 and found a pretty bad bug in Unix.select() emulation.

I can reproduce it with a windows build of liquidsoap an input.harbor. It uses Unix.select() to handle remote socket connections. I will try to have a minimal reproduction example.

Meanwhile, I've added some extra debugging printing and have been able to get this trace of the crash. It happens in the socket_poll_add function in otherlibs/win32unix/select.c. Here's a trace of relevant logs:

DBUG (pid:8, tid: 38): Scanning list of worker to find one that already handle socket
DBUG (pid:8, tid: 38): Searching for an available job for type 4 for descriptor 140
DBUG (pid:8, tid: 38): Entered while loop.
DBUG (pid:8, tid: 38): Non socket case.
DBUG (pid:8, tid: 38): Entered while loop.
DBUG (pid:8, tid: 38): Socket case.
DBUG (pid:8, tid: 38): Acessing aQueries.
wine: Unhandled exception 0x80000001 at address 0x5c9f60 (thread 0026), starting debugger...

(note: I'm using wine here for convenience but the bug happens exactly the same way on a "real" windows)

Here's the corresponding annotated code:

  DEBUG_PRINT("Scanning list of worker to find one that already handle socket");
  /* Search for job */
  DEBUG_PRINT("Searching for an available job for type %d for descriptor %d", SELECT_TYPE_SOCKET, hFileDescr);
  while (res != NULL)
  {
    DEBUG_PRINT("Entered while loop.");
    if (res->EType == SELECT_TYPE_SOCKET)
    {
      DEBUG_PRINT("Socket case.");
      i = res->nQueriesCount - 1;
      DEBUG_PRINT("Acessing aQueries.");
      aQueries = res->aQueries;
<---- CRASH HERE!

I'm attaching a longer debug logs in case the crash may be due to previous select() call.

I've reverted the select.c code to http://caml.inria.fr/svn/ocaml/trunk@11223 [^] and it works agin. If we can assume that http://caml.inria.fr/svn/ocaml/version/4.00@12800 [^] is only aesthetic then I'd say commit http://caml.inria.fr/svn/ocaml/trunk@12023 [^] is the culprit.

Hope this helps!

Postscriptum: longer debug printout:
DBUG (pid:8, tid: 38): Scanning list of worker to find one that already handle socket
DBUG (pid:8, tid: 38): Searching for an available job for type 4 for descriptor 164
DBUG (pid:8, tid: 38): Entered while loop.
DBUG (pid:8, tid: 38): Socket case.
DBUG (pid:8, tid: 38): Acessing aQueries.
DBUG (pid:8, tid: 38): If we didn't find the socket but this worker has available slots, store it.
DBUG (pid:8, tid: 38): Previous socket query located -- we're finished.
DBUG (pid:8, tid: 38): Socket a4 updated to 93
DBUG (pid:8, tid: 38): Finish dispatching handle a4
DBUG (pid:8, tid: 38): Adding handle 54 to set 116e8d4
DBUG (pid:8, tid: 38): Begin dispatching handle 54
DBUG (pid:8, tid: 38): Waiting for 1 on handle 54
DBUG (pid:8, tid: 38): Handle 54 is a pipe handle
DBUG (pid:8, tid: 38): Need to check availability of data on pipe
DBUG (pid:8, tid: 38): Searching an available worker handling pipe
DBUG (pid:8, tid: 38): Searching an available job for type 3
DBUG (pid:8, tid: 38): Finish dispatching handle 54
DBUG (pid:8, tid: 38): Dispatch write fd
DBUG (pid:8, tid: 38): Dispatch exceptional fd
DBUG (pid:8, tid: 38): Building events done array
DBUG (pid:8, tid: 38): Job submitted to worker b424b8
DBUG (pid:8, tid: 42): Worker has 1 queries to service
DBUG (pid:8, tid: 42): Polling read for 140
DBUG (pid:8, tid: 38): Job submitted to worker 2132c8
DBUG (pid:8, tid: 38): Need to watch 2 workers
DBUG (pid:8, tid: 38): Waiting for one select worker to be done
DBUG (pid:8, tid: 40): Checking data pipe
DBUG (pid:8, tid: 40): Finish checking data on pipe
DBUG (pid:8, tid: 41): Build final result
DBUG (pid:8, tid: 41): out select
DBUG (pid:8, tid: 41): in select
DBUG (pid:8, tid: 41): nothing to do
DBUG (pid:8, tid: 38): One worker is done
DBUG (pid:8, tid: 38): Sending stop signal to every select workers
DBUG (pid:8, tid: 38): Waiting for every select worker to be done
DBUG (pid:8, tid: 42): Restore a blocking socket
DBUG (pid:8, tid: 38): Every worker is done
DBUG (pid:8, tid: 38): Error status: 0 (0 is ok)
DBUG (pid:8, tid: 38): Building result
DBUG (pid:8, tid: 38): Free selectdata resources
DBUG (pid:8, tid: 38): Freeing data of 214a88
DBUG (pid:8, tid: 38): Freeing data of b3ef98
DBUG (pid:8, tid: 38): Free local allocated resources
DBUG (pid:8, tid: 38): Raise error if required
DBUG (pid:8, tid: 38): Build final result
DBUG (pid:8, tid: 38): out select
DBUG (pid:8, tid: 38): in select
DBUG (pid:8, tid: 38): Non socket value encountered
DBUG (pid:8, tid: 38): Will wait 299983 ms
DBUG (pid:8, tid: 38): Dispatch read fd
DBUG (pid:8, tid: 38): Adding handle a4 to set 116e8d4
DBUG (pid:8, tid: 38): Begin dispatching handle a4
DBUG (pid:8, tid: 38): Waiting for 1 on handle a4
DBUG (pid:8, tid: 38): Handle a4 is a socket handle
DBUG (pid:8, tid: 38): Scanning list of worker to find one that already handle socket
DBUG (pid:8, tid: 38): Searching for an available job for type 4 for descriptor 164
DBUG (pid:8, tid: 38): res == NULL case.
DBUG (pid:8, tid: 38): No job for type 4 found, create one
DBUG (pid:8, tid: 38): Done creating new job.
DBUG (pid:8, tid: 38): Socket a4 added
DBUG (pid:8, tid: 38): Finish dispatching handle a4
DBUG (pid:8, tid: 38): Adding handle 5c to set 116e8d4
DBUG (pid:8, tid: 38): Begin dispatching handle 5c
DBUG (pid:8, tid: 38): Waiting for 1 on handle 5c
DBUG (pid:8, tid: 38): Handle 5c is a pipe handle
DBUG (pid:8, tid: 38): Need to check availability of data on pipe
DBUG (pid:8, tid: 38): Searching an available worker handling pipe
DBUG (pid:8, tid: 38): Searching an available job for type 3
DBUG (pid:8, tid: 38): No job for type 3 found, create one
DBUG (pid:8, tid: 38): Finish dispatching handle 5c
DBUG (pid:8, tid: 38): Adding handle 90 to set 116e8d4
DBUG (pid:8, tid: 38): Begin dispatching handle 90
DBUG (pid:8, tid: 38): Waiting for 1 on handle 90
DBUG (pid:8, tid: 38): Handle 90 is a pipe handle
DBUG (pid:8, tid: 38): Need to check availability of data on pipe
DBUG (pid:8, tid: 38): Searching an available worker handling pipe
DBUG (pid:8, tid: 38): Searching an available job for type 3
DBUG (pid:8, tid: 38): Finish dispatching handle 90
DBUG (pid:8, tid: 38): Adding handle 8c to set 116e8d4
DBUG (pid:8, tid: 38): Begin dispatching handle 8c
DBUG (pid:8, tid: 38): Waiting for 1 on handle 8c
DBUG (pid:8, tid: 38): Handle 8c is a socket handle
DBUG (pid:8, tid: 38): Scanning list of worker to find one that already handle socket
DBUG (pid:8, tid: 38): Searching for an available job for type 4 for descriptor 140
DBUG (pid:8, tid: 38): Entered while loop.
DBUG (pid:8, tid: 38): Non socket case.
DBUG (pid:8, tid: 38): Entered while loop.
DBUG (pid:8, tid: 38): Socket case.
DBUG (pid:8, tid: 38): Acessing aQueries.
wine: Unhandled exception 0x80000001 at address 0x5c9f60 (thread 0026), starting debugger...
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0009494)
frisch (developer)
2013-06-14 14:06

> I will try to have a minimal reproduction example.

This would be really helpful!
(0011875)
shinwell (developer)
2014-07-17 12:26

(Damien is going to ping the original reporter of this problem.)

- Issue History
Date Modified Username Field Change
2013-03-25 17:22 toots New Issue
2013-04-25 18:38 doligez Status new => acknowledged
2013-04-25 18:38 doligez Target Version => 4.01.0+dev
2013-06-14 14:06 frisch Note Added: 0009494
2013-06-27 13:33 frisch Assigned To => frisch
2013-06-27 13:33 frisch Status acknowledged => feedback
2013-07-01 19:18 frisch Assigned To frisch =>
2013-08-19 16:22 doligez Target Version 4.01.0+dev => 4.01.1+dev
2014-05-25 20:20 doligez Target Version 4.01.1+dev => 4.02.0+dev
2014-07-17 12:26 shinwell Note Added: 0011875
2014-07-17 12:26 shinwell Assigned To => doligez
2014-07-17 12:26 shinwell Status feedback => assigned
2014-07-17 16:13 frisch Target Version 4.02.0+dev => 4.02.1+dev
2014-09-04 00:25 doligez Target Version 4.02.1+dev => undecided
2014-09-26 22:32 doligez Target Version undecided => 4.02.2+dev


Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker