|
Message-ID: <tencent_E5CC5CDC958D0A29F2918809FB928756C00A@qq.com>
Date: Mon, 8 Jul 2024 21:23:28 +0800
From: "AK47" <250200715@...com>
To: "musl" <musl@...ts.openwall.com>
Subject: Maybe A Bug about timer_create and pthread_barrier_wait
Hello:
I had a low-probability crash in the child thread when using the timer_create interface. After debug, I found that the crash occured when the sub-thread accessed in code "if (b->_b_waiters)" which is a stack variable created in the main thread and passed to child thread by args. It looks like the main thread's timer_create has finished executing at this point, so the variables (start_args) on the stack have been cleaned up. I take a look at the pthread_barrier_wait code and I think it should be a scheduling problem in pthread_barrier_wait.
Take the timer_create as an example, when the child thread is the first thread for "pthread_barrier_wait" and it is suspened after it executes the code "a_store(&b->_b_lock, 0)", then the main thread in timer_create will arrive as the last thread, it will nerver wait for the child thread to be rescheduled, the main thread can pass the barrier and continue execution, the args created in timer_create will be cleaned up. when the child thread is finally rescheduled, it access the "b->_b_waiters" which has already been cleaned up by main thread and the crash will occur.
Is there a bug here? Looking forward to your reply.
/* First thread to enter the barrier becomes the "instance owner" */
if (!inst) {
struct instance new_inst = { 0 };
int spins = 200;
b->_b_inst = inst = &new_inst;
a_store(&b->_b_lock, 0);
if (b->_b_waiters) __wake(&b->_b_lock, 1, 1); // crash here b->_b_waiters
while (spins-- && !inst->finished)
/* First thread to enter the barrier becomes the "instance owner" */
if (!inst) {
struct instance new_inst = { 0 };
int spins = 200;
b->_b_inst = inst = &new_inst;
a_store(&b->_b_lock, 0);
// when the child thread is the first thread and is scheduled out here
if (b->_b_waiters) __wake(&b->_b_lock, 1, 1);
while (spins-- && !inst->finished)
Li
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.