DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 563B3SR3087242 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 563B3SR3087242 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=fhdjhbnp X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 89D0D3852FF9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1751540605; bh=Sai5MnFjq2mK4GTKOEpmKRM06/zBJxr+HWKG5OdzoAM=; h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=fhdjhbnpNW+U6brgevHUVmyAd1yphWOVG4Vg/KojmnuFkciMqc6agKWWK9nDDUfG1 Cfd6IMqNmdDOjT4OmXr2UQ0pTqcQXhwJOxnOW3/wxMx0TgF9juD4DeC+Z6la6vXW0+ MLUrlqdJra5adFN2kTCRPebkx9/Cdrd3ogVIV3wg= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 368F83852743 Date: Thu, 3 Jul 2025 13:03:00 +0200 To: cygwin AT cygwin DOT com Subject: Re: Segfault if /proc/PID/maps is opened in parallel threads [CAUSE: RtlQueryProcessDebugInformation] Message-ID: Mail-Followup-To: cygwin AT cygwin DOT com References: <2f7ae08b-80c9-4497-f07c-5d527bbb7ec2 AT t-online DOT de> <17bba06c-4bdd-01df-8477-235aff98b2cb AT t-online DOT de> <9deb7d60-b05d-ad7f-e316-64781687953b AT t-online DOT de> <68cbc37b-4825-6e3f-5918-f4fee20d7c05 AT t-online DOT de> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Corinna Vinschen via Cygwin Reply-To: cygwin AT cygwin DOT com Cc: Corinna Vinschen Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" On Jul 2 18:28, Corinna Vinschen via Cygwin wrote: > On Jul 2 16:18, Christian Franke via Cygwin wrote: > > On Tue, 27 May 2025 17:44:10 +0200 Christian Franke wrote: > > > On Sun, 25 May 2025 16:46:49 +0200, Christian Franke wrote: > > > > On Sat, 24 May 2025 15:19:10 +0200, Christian Franke wrote: > > > > > If /proc/PID/maps is opened in parallel threads, the process PID > > > > > may segfault. > > > > > > > > > > Testcase: > > > > > > > > > > ... > > > > > > > > > > Problem is not reproducible with any of the other /proc/PID/* files. > > > > > > > > > > > > > A closer look shows that the problem is unrelated to thread safety. > > > > The segfault also occurs when the following command is run > > > > simultaneously in two terminals: > > > > > > > > $ while cat /proc/1234/maps > /dev/null; do printf .; done > > > > .............cat: /proc/1234/maps: No such file or directory > > > > > > > > > > The root of the problem is the call of RtlQueryProcessDebugInformation() > > > here: > > > https://cygwin.com/git/?p=newlib-cygwin.git;a=blob;f=winsup/cygwin/fhandler/process.cc;h=8fae9be5#l630 > > > > > > > > > If this part is removed, the segfault does no longer occur. Then > > > /proc/PID/maps still work but the "[win heap ...]" information is > > > missing. No patch provided because I don't know whether this could > > > possibly be fixed without removing this functionality. > > > > > > A test with a separate test program shows that the problem is unrelated > > > to Cygwin: Parallel calls to RtlQueryProcessDebugInformation() with the > > > same PID could be used to crash this process. It also "worked" with > > > Notepad.exe. > > > > > > Possible Windows (Version 10.0.22631.5039) bug? > > Looks very much like a Windows bug to me. But the function is supposed > to be run under a debugger, so there's a chance multiple parallel calls > were never part of the picture. And given the function is undocumented, > I guess we have to keep the broken pieces... > > > Testcase (attached): > > [...] > > Conclusion: Possible Windows bug in RtlQueryProcessDebugInformation(). > > Cygwin should not use this function to provide "nice to have" types of > > information like "[win heap...]" if this may crash the target process. > > RtlQueryProcessDebugInformation isn't only called to emulate maps, > it is also called from within dlsym(). > > A valid patch might be to move the RtlQueryProcessDebugInformation > into its own function which adds a global lock. But obviouly the > function can be called in a non-Cygwin process in parallel, so there's > no 100% safe way to do it. > > Any other idea? I just added two patches, one of them dropping RtlQueryProcessDebugInformation in favor of EnumProcessModules in dlsym(), the other by adding a global mutex to format_process_maps while accessing the debug buffer. I could reproduce the crash even if RtlQueryProcessDebugInformation was serialized. I could only avoid the crash by serializing the entire code from RtlCreateQueryDebugBuffer up to and including RtlDestroyQueryDebugBuffer. This ignores native processes which have a hard time to access /proc anyway. HTH, Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple