Python 3 fails to spawn a thread

[bugaevc]

To reproduce: install Python 3 (the binary package from python.org),

Darling [~]$ python3
Python 3.7.0 (v3.7.0:1bf9cc5093, Jun 26 2018, 23:26:24) 
[Clang 6.0 (clang-600.0.57)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from threading import Thread
>>> t = Thread(target=print)
>>> t.start()
Segmentation fault: 11 (core dumped)

Some poking around:

Stacktrace:

(gdb) bt
#0  0x00007ffff50b0243 in sysmalloc (nb=nb@entry=592, av=av@entry=0x7ffff53e7c40) at malloc.c:2680
#1  0x00007ffff50b11b1 in _int_malloc (av=av@entry=0x7ffff53e7c40, bytes=bytes@entry=576)
    at malloc.c:4133
#2  0x00007ffff50b14f5 in tcache_init () at malloc.c:2995
#3  0x00007ffff50b24a6 in tcache_init () at malloc.c:3050
#4  __GI___libc_malloc (bytes=288) at malloc.c:3050
#5  0x00007ffff50b324a in __libc_calloc (n=n@entry=18, elem_size=elem_size@entry=16) at malloc.c:3401
#6  0x00007ffff5a4b992 in allocate_dtv (result=result@entry=0x7ffff4aa7700) at ../elf/dl-tls.c:286
#7  0x00007ffff5a4c30e in __GI__dl_allocate_tls (mem=mem@entry=0x7ffff4aa7700) at ../elf/dl-tls.c:530
#8  0x00007ffff58031a6 in allocate_stack (stack=<synthetic pointer>, pdp=<synthetic pointer>, 
    attr=0x7fffffdfc7a0) at allocatestack.c:627
#9  pthread_create@@GLIBC_2.2.5 () at pthread_create.c:644
#10 0x00007ffff5c64935 in __darling_thread_create (stack_size=5242880, pth_obj_size=8192, 
    entry_point=0x7ffff661de94, arg3=140737346360992, arg4=140737320554408, arg5=5242880, 
    arg6=134220031, thread_self_trap=0x7ffff6633900) at ../src/libelfloader/native/threads.c:95
(lldb) bt
  * frame #0: 0x00007ffff66804b8 libsystem_kernel.dylib`__darling_thread_create(stack_size=5242880, pthobj_size=8192, entry_point=0x00007ffff661de94, arg3=140737346360992, arg4=140737320554408, arg5=5242880, arg6=134220031, thread_self_trap=(libsystem_kernel.dylib`thread_self_trap)) at elfcalls_wrapper.c:34
    frame #1: 0x00007ffff6695936 libsystem_kernel.dylib`sys_bsdthread_create(thread_start=0x00007ffff78956a0, arg=0x00007ffff5ff8fa8, stack=0x0000000000500000, pthread=0x0000000000000000, flags=134220031) at bsdthread_create.c:51
    frame #2: 0x00007ffff6696ffb libsystem_kernel.dylib`_darling_bsd_syscall at syscalls-table.S:19
    frame #3: 0x00007ffff667b55a libsystem_kernel.dylib`__bsdthread_create at ___bsdthread_create.S:9
    frame #4: 0x00007ffff660e51a libsystem_pthread.dylib`_pthread_create(thread=0x00007fffffdfdb48, attr=0x00007fffffdfdb50, start_routine=(Python`t_bootstrap), arg=0x00007ffff5ff8fa8, from_mach_thread=false) at pthread.c:1219
    frame #5: 0x00007ffff660e2b0 libsystem_pthread.dylib`pthread_create(thread=0x00007fffffdfdb48, attr=0x00007fffffdfdb50, start_routine=(Python`t_bootstrap), arg=0x00007ffff5ff8fa8) at pthread.c:1244
    frame #6: 0x00007ffff784dab3 Python`PyThread_start_new_thread + 179
    frame #7: 0x00007ffff78952dc Python`thread_PyThread_start_new_thread + 268
    frame #8: 0x00007ffff775093c Python`_PyMethodDef_RawFastCallKeywords + 668
    frame #9: 0x00007ffff774fdba Python`_PyCFunction_FastCallKeywords + 42
    frame #10: 0x00007ffff780f5ae Python`call_function + 782
    frame #11: 0x00007ffff780c601 Python`_PyEval_EvalFrameDefault + 25313
    frame #12: 0x00007ffff77501f0 Python`function_code_fastcall + 128
    frame #13: 0x00007ffff780f5bb Python`call_function + 795
    frame #14: 0x00007ffff780c546 Python`_PyEval_EvalFrameDefault + 25126
    frame #15: 0x00007ffff7810096 Python`_PyEval_EvalCodeWithName + 2422
    frame #16: 0x00007ffff7806244 Python`PyEval_EvalCode + 100
    frame #17: 0x00007ffff7842c37 Python`PyRun_InteractiveOneObjectEx + 599
    frame #18: 0x00007ffff78424f2 Python`PyRun_InteractiveLoopFlags + 226
    frame #19: 0x00007ffff78423dc Python`PyRun_AnyFileExFlags + 60
    frame #20: 0x00007ffff7860a24 Python`pymain_main + 8276
    frame #21: 0x00007ffff7860da1 Python`_Py_UnixMain + 129
    frame #22: 0x00007ffff6753b99 libdyld.dylib`start + 1

Code:

(gdb) l malloc.c:2670
2665	                          aligned_brk += MALLOC_ALIGNMENT - front_misalign;
2666	                        }
2667	                    }
2668	
2669	                  /* Find out current end of memory */
2670	                  if (snd_brk == (char *) (MORECORE_FAILURE))
2671	                    {
2672	                      snd_brk = (char *) (MORECORE (0));
2673	                    }
2674	                }
2675	
2676	              /* Adjust top based on results of second sbrk */
2677	              if (snd_brk != (char *) (MORECORE_FAILURE))
2678	                {
2679	                  av->top = (mchunkptr) aligned_brk;
2680	                  set_head (av->top, (snd_brk - aligned_brk + correction) | PREV_INUSE);
2681	                  av->system_mem += correction;
2682	
2683	                  /*
2684	                     If not the first time through, we either have a

set_head (av->top, (snd_brk - aligned_brk + correction) | PREV_INUSE);

expands to

((av->top)->mchunk_size = ((snd_brk - aligned_brk + correction) | 0x1));

and

(gdb) p &(av->top->mchunk_size)
$3 = (size_t *) 0x7ffff7ffe1c8

which happens to be in Python's ro data page back on the Darwin side:

7ffff7ffe000-7ffff7fff000 r--p 00002000 08:03 687520                     /Library/Frameworks/Python.framework/Versions/3.7/Resources/Python.app/Contents/MacOS/Python

[bugaevc]

Fixed in darlinghq/darling-newlkm@d9addc0