Open janoosthoek opened 1 year ago
I encountered similar segfaults when using getaddrinfo_a
.
I was able to reproduce the bug in:
The segfault isn't triggered in:
To reproduce:
#include <arpa/inet.h>
#include <iostream>
#include <netdb.h>
#include <signal.h>
#include <thread>
int main() {
sigevent sev = { };
sev.sigev_notify = SIGEV_THREAD;
sev.sigev_notify_function = [](union sigval sigval) {
std::cout << "notify fun" << std::endl;
};
struct gaicb host = {};
struct addrinfo hints = {};
hints.ai_flags = AI_CANONNAME;
host.ar_name = "example.com";
host.ar_request = &hints;
struct gaicb *foo = &host;
if (getaddrinfo_a(GAI_NOWAIT, &foo, 1, &sev) != 0) {
throw std::system_error(errno, std::system_category(), "getaddrinfo_a failed");
}
std::this_thread::sleep_for(std::chrono::seconds(2));
std::cout << "done" << std::endl;
return 0;
}
clang++ -fsanitize=thread test.cpp -lm -lc -lpthread -ldl -lanl
g++ -fsanitize=thread test.cpp -lm -lc -lpthread -ldl -lanl
$ TSAN_OPTIONS="verbosity=3" ./a.out
==4056237==Installed the sigaction for signal 11
==4056237==Installed the sigaction for signal 7
==4056237==Installed the sigaction for signal 8
==4056237==Using llvm-symbolizer found at: /nix/store/4gs7pdssnsc1yvz860wacxinmw4vj8p9-llvm-14.0.6/bin/llvm-symbolizer
***** Running under ThreadSanitizer v3 (pid 4056237) *****
ThreadSanitizer: growing sync allocator: 0 out of 1048576*1024
ThreadSanitizer: growing heap block allocator: 0 out of 262144*4096
Segmentation fault (core dumped)
Stacktrace:
[0] from 0x0000000000494bf8 in __tsan::user_alloc_internal(__tsan::ThreadState*, unsigned long, unsigned long, unsigned long, bool)
[1] from 0x0000000000495274 in __tsan::user_alloc(__tsan::ThreadState*, unsigned long, unsigned long)
[2] from 0x000000000043c946 in malloc
[3] from 0x00007ffff7d3b472 in global_state_allocate
[4] from 0x00007ffff7d0e90c in __libc_allocate_once_slow
[5] from 0x00007ffff7d3bc37 in __nss_database_get
[6] from 0x00007ffff7cf63ec in gaih_inet.constprop
[7] from 0x00007ffff7cf78a6 in getaddrinfo
[8] from 0x00007ffff7d37729 in handle_requests
[9] from 0x00007ffff7c88e86 in start_thread
While I run this test inside a Nix shell, it's not related to Nix and also happens on my Arch system. It also doesn't matter if I use SIGEV_THREAD
or a normal signal handler. It seems the thread started internally by getaddrinfo_a
is enough to trigger the problem. Running it with GAI_WAIT
instead of GAI_NOWAIT
didn't make a difference either.
The program exits normally when the thread sanitizer is disabled. I wasn't able to mitigate this by disabling the thread sanitizer for this specific function call.
Hi all,
this bug was verified with clang 14 stable release and perhaps someone can point me to my failure.
I was lazy and took this code from https://medium.com/vswe/posix-timer-1502348c2f9f because we use this also in our large scale application and needed a sample test app.
to reproduce:
results in:
Looks like the thread that is spawned will crash upon timer trigger. Any help, greatly appreciated!
Br, Jan