Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crash in Unix.select #5959

Closed
vicuna opened this issue Mar 25, 2013 · 5 comments
Closed

Crash in Unix.select #5959

vicuna opened this issue Mar 25, 2013 · 5 comments

Comments

@vicuna
Copy link

vicuna commented Mar 25, 2013

Original bug ID: 5959
Reporter: toots
Assigned to: @damiendoligez
Status: resolved (set by @xavierleroy on 2017-02-16T10:13:43Z)
Resolution: unable to duplicate
Priority: normal
Severity: crash
Platform: Windows
OS: Windows
OS Version: XP
Version: 4.00.1
Target version: later
Category: platform support (windows, cross-compilation, etc)
Monitored by: smimram @alainfrisch

Bug description

I have been working on updating the mingw-ocaml cross-compiler for 4.00.1 and found a pretty bad bug in Unix.select() emulation.

I can reproduce it with a windows build of liquidsoap an input.harbor. It uses Unix.select() to handle remote socket connections. I will try to have a minimal reproduction example.

Meanwhile, I've added some extra debugging printing and have been able to get this trace of the crash. It happens in the socket_poll_add function in otherlibs/win32unix/select.c. Here's a trace of relevant logs:

DBUG (pid:8, tid: 38): Scanning list of worker to find one that already handle socket
DBUG (pid:8, tid: 38): Searching for an available job for type 4 for descriptor 140
DBUG (pid:8, tid: 38): Entered while loop.
DBUG (pid:8, tid: 38): Non socket case.
DBUG (pid:8, tid: 38): Entered while loop.
DBUG (pid:8, tid: 38): Socket case.
DBUG (pid:8, tid: 38): Acessing aQueries.
wine: Unhandled exception 0x80000001 at address 0x5c9f60 (thread 0026), starting debugger...

(note: I'm using wine here for convenience but the bug happens exactly the same way on a "real" windows)

Here's the corresponding annotated code:

DEBUG_PRINT("Scanning list of worker to find one that already handle socket");
/* Search for job */
DEBUG_PRINT("Searching for an available job for type %d for descriptor %d", SELECT_TYPE_SOCKET, hFileDescr);
while (res != NULL)
{
DEBUG_PRINT("Entered while loop.");
if (res->EType == SELECT_TYPE_SOCKET)
{
DEBUG_PRINT("Socket case.");
i = res->nQueriesCount - 1;
DEBUG_PRINT("Acessing aQueries.");
aQueries = res->aQueries;
<---- CRASH HERE!

I'm attaching a longer debug logs in case the crash may be due to previous select() call.

I've reverted the select.c code to http://caml.inria.fr/svn/ocaml/trunk@11223 and it works agin. If we can assume that http://caml.inria.fr/svn/ocaml/version/4.00@12800 is only aesthetic then I'd say commit http://caml.inria.fr/svn/ocaml/trunk@12023 is the culprit.

Hope this helps!

Postscriptum: longer debug printout:
DBUG (pid:8, tid: 38): Scanning list of worker to find one that already handle socket
DBUG (pid:8, tid: 38): Searching for an available job for type 4 for descriptor 164
DBUG (pid:8, tid: 38): Entered while loop.
DBUG (pid:8, tid: 38): Socket case.
DBUG (pid:8, tid: 38): Acessing aQueries.
DBUG (pid:8, tid: 38): If we didn't find the socket but this worker has available slots, store it.
DBUG (pid:8, tid: 38): Previous socket query located -- we're finished.
DBUG (pid:8, tid: 38): Socket a4 updated to 93
DBUG (pid:8, tid: 38): Finish dispatching handle a4
DBUG (pid:8, tid: 38): Adding handle 54 to set 116e8d4
DBUG (pid:8, tid: 38): Begin dispatching handle 54
DBUG (pid:8, tid: 38): Waiting for 1 on handle 54
DBUG (pid:8, tid: 38): Handle 54 is a pipe handle
DBUG (pid:8, tid: 38): Need to check availability of data on pipe
DBUG (pid:8, tid: 38): Searching an available worker handling pipe
DBUG (pid:8, tid: 38): Searching an available job for type 3
DBUG (pid:8, tid: 38): Finish dispatching handle 54
DBUG (pid:8, tid: 38): Dispatch write fd
DBUG (pid:8, tid: 38): Dispatch exceptional fd
DBUG (pid:8, tid: 38): Building events done array
DBUG (pid:8, tid: 38): Job submitted to worker b424b8
DBUG (pid:8, tid: 42): Worker has 1 queries to service
DBUG (pid:8, tid: 42): Polling read for 140
DBUG (pid:8, tid: 38): Job submitted to worker 2132c8
DBUG (pid:8, tid: 38): Need to watch 2 workers
DBUG (pid:8, tid: 38): Waiting for one select worker to be done
DBUG (pid:8, tid: 40): Checking data pipe
DBUG (pid:8, tid: 40): Finish checking data on pipe
DBUG (pid:8, tid: 41): Build final result
DBUG (pid:8, tid: 41): out select
DBUG (pid:8, tid: 41): in select
DBUG (pid:8, tid: 41): nothing to do
DBUG (pid:8, tid: 38): One worker is done
DBUG (pid:8, tid: 38): Sending stop signal to every select workers
DBUG (pid:8, tid: 38): Waiting for every select worker to be done
DBUG (pid:8, tid: 42): Restore a blocking socket
DBUG (pid:8, tid: 38): Every worker is done
DBUG (pid:8, tid: 38): Error status: 0 (0 is ok)
DBUG (pid:8, tid: 38): Building result
DBUG (pid:8, tid: 38): Free selectdata resources
DBUG (pid:8, tid: 38): Freeing data of 214a88
DBUG (pid:8, tid: 38): Freeing data of b3ef98
DBUG (pid:8, tid: 38): Free local allocated resources
DBUG (pid:8, tid: 38): Raise error if required
DBUG (pid:8, tid: 38): Build final result
DBUG (pid:8, tid: 38): out select
DBUG (pid:8, tid: 38): in select
DBUG (pid:8, tid: 38): Non socket value encountered
DBUG (pid:8, tid: 38): Will wait 299983 ms
DBUG (pid:8, tid: 38): Dispatch read fd
DBUG (pid:8, tid: 38): Adding handle a4 to set 116e8d4
DBUG (pid:8, tid: 38): Begin dispatching handle a4
DBUG (pid:8, tid: 38): Waiting for 1 on handle a4
DBUG (pid:8, tid: 38): Handle a4 is a socket handle
DBUG (pid:8, tid: 38): Scanning list of worker to find one that already handle socket
DBUG (pid:8, tid: 38): Searching for an available job for type 4 for descriptor 164
DBUG (pid:8, tid: 38): res == NULL case.
DBUG (pid:8, tid: 38): No job for type 4 found, create one
DBUG (pid:8, tid: 38): Done creating new job.
DBUG (pid:8, tid: 38): Socket a4 added
DBUG (pid:8, tid: 38): Finish dispatching handle a4
DBUG (pid:8, tid: 38): Adding handle 5c to set 116e8d4
DBUG (pid:8, tid: 38): Begin dispatching handle 5c
DBUG (pid:8, tid: 38): Waiting for 1 on handle 5c
DBUG (pid:8, tid: 38): Handle 5c is a pipe handle
DBUG (pid:8, tid: 38): Need to check availability of data on pipe
DBUG (pid:8, tid: 38): Searching an available worker handling pipe
DBUG (pid:8, tid: 38): Searching an available job for type 3
DBUG (pid:8, tid: 38): No job for type 3 found, create one
DBUG (pid:8, tid: 38): Finish dispatching handle 5c
DBUG (pid:8, tid: 38): Adding handle 90 to set 116e8d4
DBUG (pid:8, tid: 38): Begin dispatching handle 90
DBUG (pid:8, tid: 38): Waiting for 1 on handle 90
DBUG (pid:8, tid: 38): Handle 90 is a pipe handle
DBUG (pid:8, tid: 38): Need to check availability of data on pipe
DBUG (pid:8, tid: 38): Searching an available worker handling pipe
DBUG (pid:8, tid: 38): Searching an available job for type 3
DBUG (pid:8, tid: 38): Finish dispatching handle 90
DBUG (pid:8, tid: 38): Adding handle 8c to set 116e8d4
DBUG (pid:8, tid: 38): Begin dispatching handle 8c
DBUG (pid:8, tid: 38): Waiting for 1 on handle 8c
DBUG (pid:8, tid: 38): Handle 8c is a socket handle
DBUG (pid:8, tid: 38): Scanning list of worker to find one that already handle socket
DBUG (pid:8, tid: 38): Searching for an available job for type 4 for descriptor 140
DBUG (pid:8, tid: 38): Entered while loop.
DBUG (pid:8, tid: 38): Non socket case.
DBUG (pid:8, tid: 38): Entered while loop.
DBUG (pid:8, tid: 38): Socket case.
DBUG (pid:8, tid: 38): Acessing aQueries.
wine: Unhandled exception 0x80000001 at address 0x5c9f60 (thread 0026), starting debugger...

@vicuna
Copy link
Author

vicuna commented Jun 14, 2013

Comment author: @alainfrisch

I will try to have a minimal reproduction example.

This would be really helpful!

@vicuna
Copy link
Author

vicuna commented Jul 17, 2014

Comment author: @mshinwell

(Damien is going to ping the original reporter of this problem.)

@vicuna
Copy link
Author

vicuna commented Nov 23, 2015

Comment author: @xavierleroy

Any update on this problem report?

@vicuna
Copy link
Author

vicuna commented Dec 1, 2015

Comment author: @alainfrisch

Postponing. I don't think we can do anything without a reproduction example.

@vicuna
Copy link
Author

vicuna commented Feb 16, 2017

Comment author: @xavierleroy

Marking "unable to reproduce".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants