Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Dec 2018 17:04:07 +0100
From: Arkadiusz Sienkiewicz <sienkiewiczarkadiusz@...il.com>
To: dalias@...c.org
Cc: musl@...ts.openwall.com
Subject: Re: aio_cancel segmentation fault for in progress write requests

Ok, maybe stacktrace is misleading due to some problem in GDB. However,
that doesn't explain why I'm getting segmentation fault when I execute test
program without gdb. Also commenting aio_cancel line will "fix" seg fault,
so that function is most probable culprit.

pt., 7 gru 2018 o 16:44 Rich Felker <dalias@...c.org> napisaƂ(a):

> On Fri, Dec 07, 2018 at 01:52:31PM +0100, Arkadiusz Sienkiewicz wrote:
> > Hi,
> >
> > I'm experiencing segmentation fault when I invoke aio_cancel on request
> > which is in EINPROGRESS state. This happens only with libc muls (used
> > version - 1.1.12-r8) and only on one (dual Intel Xeon Gold 6128) of few
> > computers I've tried it on - please let me know if you need more
> > information about that machine. Attached is very simple program
> > (aioWrite.cpp) that reproduces this problem.
> >
> > alpine-tmp-0:~$ ./aioWrite
> > Segmentation fault (core dumped)
> >
> > Bt from gdb shows problem is in aio_cancel.
>
> This is not correct:
>
> >
> > (gdb) r
> > Starting program: ~/aioWrite
> > [New LWP 70321]
> >
> > Program received signal ?, Unknown signal.
> > [Switching to LWP 70321]
>
> This just shows that the aio thread received the cancellation request.
> It's not a crash or a problem. However, gdb's reporting of it as
> "Unknown signal" and inability to pass it on correctly indicates that
> something is wrong with the gdb on your system. I've hit this issue a
> lot but it works on some systems and I don't recall what the
> cause/difference behind it is. We should work to figure that out and
> get an appropriate fix in distros that are affected.
>
>
> > #include <stdio.h>
> > #include <sys/types.h>
> > #include <unistd.h>
> > #include <sys/stat.h>
> > #include <fcntl.h>
> > #include <string.h>
> > #include <errno.h>
> > #include <stdlib.h>
> > #include <aio.h>
> >
> > #define TNAME "aio_write/1-1.c"
> >
> > int main() {
> >   char tmpfname[256];
> >   #define BUF_SIZE 512512
> >   char buf[BUF_SIZE];
> >   char check[BUF_SIZE+1];
> >   int fd;
> >   struct aiocb aiocb;
> >   int err;
> >   int ret;
> >
> >   snprintf(tmpfname, sizeof(tmpfname), "pts_aio_write_1_1_%d", getpid());
> >   unlink(tmpfname);
> >   fd = open(tmpfname, O_CREAT | O_RDWR | O_EXCL, S_IRUSR | S_IWUSR);
> >   if (fd == -1) {
> >     printf(TNAME " Error at open(): %s\n", strerror(errno));
> >     exit(1);
> >   }
> >
> >   unlink(tmpfname);
> >
> >   memset(buf, 0xaa, BUF_SIZE);
> >   memset(&aiocb, 0, sizeof(struct aiocb));
> >   aiocb.aio_fildes = fd;
> >   aiocb.aio_buf = buf;
> >   aiocb.aio_nbytes = BUF_SIZE;
> >
> >   if (aio_write(&aiocb) == -1) {
> >     printf(TNAME " Error at aio_write(): %s\n", strerror(errno));
> >     close(fd);
> >     exit(2);
> >   }
> >
> >   int cancellationStatus = aio_cancel(fd, &aiocb);
> >   printf (TNAME " cancelationStatus : %d\n", cancellationStatus);
> >
> >   /* Wait until completion */
> >   while (aio_error (&aiocb) == EINPROGRESS);
> >
> >   close(fd);
> >   printf ("Test PASSED\n");
> >   return 0;
> > }
>
> I just tried this test and it works for me on 32-bit x86. I'll try
> some other systems and see if I can reproduce the issue. It could be a
> bug in the test but I didn't see anything obviously wrong with it.
>
> Rich
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.