c++ - Threads looping system() and cout corrupt the stack -
the process running following code crashes segmentation fault:
#include <stdlib.h> #include <iostream> #include <pthread.h> void* f( void* ) { while( true ) { // crashes inside call (with cerr, too). std::cout << 0; } return null; } int main() { pthread_t t; pthread_create( &t, null, &f, null ); while( true ) { // crashes script/app; true simple. system( "true" ); } return 0; }
it crashes every other execution within few seconds (output has anywhere thousands millions of '0's). crashes few functions deep in cout << 0
call above code. depending on functions called or data put on stack in f()
, crashes in different places. in gdb, stack doesn't make sense regard order of function calls. deduce stack corrupted.
i found there problems multi-threaded applications calling fork() (see 2 of comments mentioning stack corruption). forking/cloning process copies file descriptors if aren't set fd_cloexec
. however, there no explicitly created file descriptors. (i tried setting fd_cloexec
on fileno( stdout )
, fileno( stderr )
no positive change.)
even without explicit file descriptors can not mix threads , fork()
? need replace system()
call equivalent functionality? or there bug in kernel causes crash , has been fixed after 2.6.30?
other details
i running on arm at91 processor (armv5tejl) linux 2.6.30 (with overlays , patches specific set of peripherals) compiled gcc 4.3.2.
linux 2.6.30 #1 thu may 29 15:43:04 cdt 2014 armv5tejl gnu/linux
i had been [cross] compiling -g
, -o0
, without still crashes:
arm-atmel-linux-gnueabi-g++ -o system_thread system_thread.cpp -lpthread
i've tried -fstack-protector-all
flag: crashes in __stack_chk_fail()
, other function pointers or data corrupted , crashes earlier.
the libraries loads (from strace):
libpthread.so.0 libstdc++.so.6 libm.so.6 libgcc_s.so.1 libc.so.6
note: since not crash , not responsive ^c
, typically run in background:
$ killall -9 system_thread; rm -f log; system_thread >log &
i have compiled program few different architectures , linux kernel versions, have not seen crash anywhere else:
linux 3.10.29 #1 wed feb 12 17:12:39 cst 2014 armv5tejl gnu/linux linux 3.6.0-dirty #3 wed may 28 13:53:56 cdt 2014 microblaze gnu/linux linux 3.13.0-27-generic #50-ubuntu smp thu may 15 18:06:16 utc 2014 x86_64 x86_64 gnu/linux linux 3.8.0-35-generic #50~precise1-ubuntu smp wed dec 4 17:25:51 utc 2013 x86_64 x86_64 x86_64 gnu/linux
edit: note on same architecture (armv5tejl) not crash linux 3.10.29. also, not crash when running on earlier version of "appliance" (older server , client applications), having same version of linux - 2.6.30. environment of os has effect.
busybox v1.20.1 provides sh
system()
calls.
this reproducible on arm processor using 2.6.30 kernel mentioned, not in master. can use git bisect
find bug fixed (it took 16 iterations). note that, since git bisect
meant find regressions, in case master "good" past version "bad," need reverse meanings of "good" , "bad".
the culprit found bisection this commit, fix "an instance of userspace data corruption" involving fork(). symptom similar symptom describe, , corrupt memory outside of stack. after backporting commit , the required parent 2.6.30 kernel, code posted no longer crashes.
Comments
Post a Comment