[llvm-bugs] [Bug 109742] TSAN encountered segmentation fault at `__sanitizer::CombinedAllocatorTsan::Allocate` due to thread created by `glibc2.36 aio_write()`

Mon, 23 Sep 2024 19:09:46 -0700

Issue 109742
Summary TSAN encountered segmentation fault at `__sanitizer::CombinedAllocatorTsan::Allocate` due to thread created by `glibc2.36 aio_write()`
Labels new issue
Assignees
Reporter JpengYounger 
    The internal implementation of `glibc2.36 aio_write` calls the internal interface `__pthread_create` to create a thread. TSAN is unable to interceptor `__pthread_create`.
segmentation fault call trace:
0  0x0000000000462000 in __sanitizer::CombinedAllocatorTsan<__sanitizer::SizeClassAllocator64<__tsan::AP64>, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::Allocate(__sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64> >*, unsigned long, unsigned long) () 
#1  0x000000000045effa in __tsan::user_alloc_internal(__tsan::ThreadState*, unsigned long, unsigned long, unsigned long, bool) ()
#2  0x000000000045f128 in __tsan::user_alloc(__tsan::ThreadState*, unsigned long, unsigned long) ()
#3  0x000000000041d88e in malloc ()
#4  0x00007ffff7ab61b3 in __aio_notify_only () from /lib64/libc.so.6
#5  0x00007ffff7ab623b in __aio_notify () from /lib64/libc.so.6
#6  0x00007ffff7ab579b in handle_fildes_io () from /lib64/libc.so.6
#7  0x00007ffff7aacaa4 in start_thread () from /lib64/libc.so.6
#8  0x00007ffff7b29740 in clone ()

Test case to reproduce the bug.
`#define _GNU_SOURCE
#include <aio.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>

#define MY_SIVAL 27

volatile sig_atomic_t flag;


static void
callback (sigval_t s)
{
  flag = s.sival_int;
}

static int
wait_flag (void)
{
  while (flag == 0)
    {
      puts ("Sleeping...");
      sleep (1);
 }

  if (flag != MY_SIVAL)
    {
      printf ("signal handler received wrong signal, flag is %d\n", flag);
      return 1;
 }

  return 0;
}


static int
do_test (void)
{
 char name[] = "/tmp/aio5.XXXXXX";
  int fd;
  struct aiocb *arr[1];
  struct aiocb cb;
  static const char buf[] = "Hello World\n";
  struct sigevent ev;

  fd = mkstemp (name);
  if (fd == -1)
    {
      printf ("cannot open temp name: %m\n");
 return 1;
    }

  unlink (name);

  arr[0] = &cb;

 cb.aio_fildes = fd;
  cb.aio_lio_opcode = LIO_WRITE;
  cb.aio_reqprio = 0;
  cb.aio_buf = (void *) buf;
  cb.aio_nbytes = sizeof (buf) - 1;
 cb.aio_offset = 0;
  cb.aio_sigevent.sigev_notify = SIGEV_THREAD;
 cb.aio_sigevent.sigev_notify_function = callback;
 cb.aio_sigevent.sigev_notify_attributes = NULL;
 cb.aio_sigevent.sigev_value.sival_int = MY_SIVAL;

  ev.sigev_notify = SIGEV_THREAD;
  ev.sigev_notify_function = callback;
 ev.sigev_notify_attributes = NULL;
  ev.sigev_value.sival_int = MY_SIVAL;

  /* First use aio_write.  */
  if (aio_write (arr[0]) < 0)
    {
      if (errno == ENOSYS)
        {
          puts ("no aio support in this configuration");
          return 0;
 }
      printf ("aio_write failed: %m\n");
      return 1;
 }

  if (wait_flag ())
    return 1;

  puts ("aio_write OK");

  flag = 0;
  /* Again with lio_listio.  */
  if (lio_listio (LIO_NOWAIT, arr, 1, &ev) < 0)
    {
      printf ("lio_listio failed: %m\n");
      return 1;
    }

  if (wait_flag ())
    return 1;

  puts ("all OK");

  return 0;
}


int main(){
    do_test();
    return 0;
}`

_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to