Segmentation fault in sanitizer Alloc function
11 views
Skip to first unread message
Tobias Linton
Feb 17, 2025, 10:55:39 AMFeb 17
to thread-sanitizer
Hi everyone,
I am getting segmentation faults in the `__sanitizer::...::Allocate()` function
when running the thread sanitizer on an application that uses librdkafka, a
library for communicating with Apache Kafka.
It can be reproduced on Oracle Linux 9.5 by installing the `librdkafka-devel`
package and running this program:
```
#include <memory>
#include <librdkafka/rdkafkacpp.h>
int main(int argc, char** argv)
{
std::string kafkaError;
std::unique_ptr<RdKafka::Conf> conf(RdKafka::Conf::create(RdKafka::Conf::CONF_GLOBAL));
std::unique_ptr<RdKafka::Consumer> consumer(RdKafka::Consumer::create(conf.get(), kafkaError));
return 0;
}
```
I have built it with clang-19.1.7 like this:
```
clang++ -g -lrdkafka++ -fsanitize=thread -o kafka-test KafkaTest.cpp
```
When run, it segfaults with this backtrace:
```
#0 0x00005555555f7008 in __sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64> >::Allocate (class_id=7, allocator=0x5555556adec0 <__tsan::allocator_placeholder>,
this=0x8) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_local_cache.h:38
#1 __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__tsan::AP64>, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::Allocate (alignment=16, size=<optimized out>, cache=0x8,
this=0x5555556adec0 <__tsan::allocator_placeholder>) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_combined.h:69
#2 __tsan::user_alloc_internal (signal=true, align=16, sz=112, pc=93824992493684, thr=0x7ffff41beec0) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:209
#3 __tsan::user_alloc_internal (thr=0x7ffff41beec0, pc=93824992493684, sz=112, align=16, signal=<optimized out>) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:192
#4 0x00005555555f771b in __tsan::user_calloc (thr=thr@entry=0x7ffff41beec0, pc=<optimized out>, size=size@entry=1, n=n@entry=112) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:244
#5 0x0000555555594079 in ___interceptor_calloc (size=1, n=112) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:687
#6 0x00007ffff79d9dec in rd_kafka_op_new0.constprop () from /lib64/librdkafka.so.1
#7 0x00007ffff78c778b in rd_kafka_destroy_internal () from /lib64/librdkafka.so.1
#8 0x00007ffff78c885c in rd_kafka_thread_main () from /lib64/librdkafka.so.1
#9 0x00007ffff7ae5bf1 in start_thread () from /lib64/libc.so.6
#10 0x00007ffff7b6adc0 in clone3 () from /lib64/libc.so.6
```
The "librdkafka-devel" package can be installed like this:
```
dnf config-manager --set-enabled ol9_codeready_builder
dnf install librdkafka-devel
```
I have tried with different compiler versions and different versions of
librdkafka, but always with the same result. The same thing also happens with
the librdkafka sample applications.
Does anyone have a suggestion of a way around this? Would it be worth filing a
bug ticket for this case?
Thanks,
Tobias Linton
I am getting segmentation faults in the `__sanitizer::...::Allocate()` function
when running the thread sanitizer on an application that uses librdkafka, a
library for communicating with Apache Kafka.
It can be reproduced on Oracle Linux 9.5 by installing the `librdkafka-devel`
package and running this program:
```
#include <memory>
#include <librdkafka/rdkafkacpp.h>
int main(int argc, char** argv)
{
std::string kafkaError;
std::unique_ptr<RdKafka::Conf> conf(RdKafka::Conf::create(RdKafka::Conf::CONF_GLOBAL));
std::unique_ptr<RdKafka::Consumer> consumer(RdKafka::Consumer::create(conf.get(), kafkaError));
return 0;
}
```
I have built it with clang-19.1.7 like this:
```
clang++ -g -lrdkafka++ -fsanitize=thread -o kafka-test KafkaTest.cpp
```
When run, it segfaults with this backtrace:
```
#0 0x00005555555f7008 in __sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64> >::Allocate (class_id=7, allocator=0x5555556adec0 <__tsan::allocator_placeholder>,
this=0x8) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_local_cache.h:38
#1 __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__tsan::AP64>, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::Allocate (alignment=16, size=<optimized out>, cache=0x8,
this=0x5555556adec0 <__tsan::allocator_placeholder>) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_combined.h:69
#2 __tsan::user_alloc_internal (signal=true, align=16, sz=112, pc=93824992493684, thr=0x7ffff41beec0) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:209
#3 __tsan::user_alloc_internal (thr=0x7ffff41beec0, pc=93824992493684, sz=112, align=16, signal=<optimized out>) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:192
#4 0x00005555555f771b in __tsan::user_calloc (thr=thr@entry=0x7ffff41beec0, pc=<optimized out>, size=size@entry=1, n=n@entry=112) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:244
#5 0x0000555555594079 in ___interceptor_calloc (size=1, n=112) at /home/tobias/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:687
#6 0x00007ffff79d9dec in rd_kafka_op_new0.constprop () from /lib64/librdkafka.so.1
#7 0x00007ffff78c778b in rd_kafka_destroy_internal () from /lib64/librdkafka.so.1
#8 0x00007ffff78c885c in rd_kafka_thread_main () from /lib64/librdkafka.so.1
#9 0x00007ffff7ae5bf1 in start_thread () from /lib64/libc.so.6
#10 0x00007ffff7b6adc0 in clone3 () from /lib64/libc.so.6
```
The "librdkafka-devel" package can be installed like this:
```
dnf config-manager --set-enabled ol9_codeready_builder
dnf install librdkafka-devel
```
I have tried with different compiler versions and different versions of
librdkafka, but always with the same result. The same thing also happens with
the librdkafka sample applications.
Does anyone have a suggestion of a way around this? Would it be worth filing a
bug ticket for this case?
Thanks,
Tobias Linton
Reply all
Reply to author
Forward
0 new messages