https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116863
Bug ID: 116863
Summary: TSAN segfault in
__sanitizer::CombinedAllocator::Allocate
Product: gcc
Version: 14.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: jpeng_xy at 163 dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
The function aio_write() in glibc2.34 (including higher versions of glibc)
calls the internal function __pthread_create() to create a thread. TSAN is
unable to intercept internal function __pthread_create() (nptl: Move
pthread_create, thrd_create into libc:
https://sourceware.org/git/?p=glibc.git;a=commit;h=f47f1d91af985a9028fb399da21eab460d887a15).
segmentation fault call trace:
#0 0x00007ffff6c0b826 in
__sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__tsan::AP64>,
__sanitizer::LargeMmapAllocatorPtrArrayDynamic>::Allocate(__sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64>
>*, unsigned long, unsigned long) ()
from /lib64/libtsan.so.2
#1 0x00007ffff6c08f4d in __tsan::user_alloc_internal(__tsan::ThreadState*,
unsigned long, unsigned long, unsigned long, bool) ()
from /lib64/libtsan.so.2
#2 0x00007ffff6c090b8 in __tsan::user_alloc(__tsan::ThreadState*, unsigned
long, unsigned long) ()
from /lib64/libtsan.so.2
#3 0x00007ffff6bc365c in __interceptor_malloc () from /lib64/libtsan.so.2
#4 0x00007ffff6a198d3 in __aio_notify_only () from /lib/libc.so.6
#5 0x00007ffff6a1995b in __aio_notify () from /lib/libc.so.6
#6 0x00007ffff6a18e2b in handle_fildes_io () from /lib/libc.so.6
#7 0x00007ffff6a10142 in start_thread () from /lib/libc.so.6
#8 0x00007ffff6a8b8a0 in clone () from /lib/libc.so.6
Testcase preproduce bug:
https://sourceware.org/git/?p=glibc.git;a=blob;f=rt/tst-aio5.c;h=15b6558eb8fc66575a098266229792ac007dd283;hb=HEAD
Compilation command: x86_64-linux-gcc tst-aio5.c -Wall -Wextra
-fsanitize=thread
