Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 770205 - net-fs/samba-4.12.9-r1: smbd terminated w/ SIGEV when build w/ clang, while not w/ gcc
Summary: net-fs/samba-4.12.9-r1: smbd terminated w/ SIGEV when build w/ clang, while n...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal critical (vote)
Assignee: Gentoo's SAMBA Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-12 12:52 UTC by Zhixu Liu
Modified: 2021-03-11 03:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
asm of source3/lib/messages.c from clang (clang.s,995.14 KB, text/plain)
2021-02-12 12:56 UTC, Zhixu Liu
Details
asm of source3/lib/messages.c from gcc (gcc.s,448.60 KB, text/plain)
2021-02-12 12:56 UTC, Zhixu Liu
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Zhixu Liu 2021-02-12 12:52:26 UTC
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fd4c369760b in messaging_recv_cb (ev=0x562c18d05890, msg=0x7ffd31fce8c8 "\251\312\001", msg_len=52, fds=0x7ffd31fce8bc,
    num_fds=0, private_data=<optimized out>) at ../../source3/lib/messages.c:395
395             int64_t fds64[MIN(num_fds, INT8_MAX)];
(gdb) where
#0  0x00007fd4c369760b in messaging_recv_cb (ev=0x562c18d05890, msg=0x7ffd31fce8c8 "\251\312\001", msg_len=52, fds=0x7ffd31fce8bc,
    num_fds=0, private_data=<optimized out>) at ../../source3/lib/messages.c:395
#1  0x00007fd4c2be434a in msg_dgm_ref_recv (ev=0x562c18d05890, msg=0x7ffd31fce8c8 "\251\312\001", msg_len=52, fds=0x7ffd31fce8bc,
    num_fds=0, private_data=<optimized out>) at ../../source3/lib/messages_dgm_ref.c:144
#2  0x00007fd4c2be3094 in messaging_dgm_read_handler (ev=0x562c18d05890, fde=0x562c18d1c160, flags=<optimized out>,
    private_data=<optimized out>) at ../../source3/lib/messages_dgm.c:1294
#3  0x00007fd4c32550de in tevent_common_invoke_fd_handler (fde=fde@entry=0x562c18d1c160, flags=<optimized out>,
    removed=removed@entry=0x0) at ../../tevent_fd.c:138
#4  0x00007fd4c325a8c1 in epoll_event_loop (epoll_ev=0x562c18d1bcc0, tvalp=0x7ffd31fced40) at ../../tevent_epoll.c:736
#5  epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../../tevent_epoll.c:937
#6  0x00007fd4c32595f8 in std_event_loop_once (ev=0x562c18d05890, location=0x562c17636b90 "../../source3/smbd/server.c:1359")
    at ../../tevent_standard.c:110
#7  0x00007fd4c32543a8 in _tevent_loop_once (ev=ev@entry=0x562c18d05890,
    location=location@entry=0x562c17636b90 "../../source3/smbd/server.c:1359") at ../../tevent.c:772
#8  0x00007fd4c3254602 in tevent_common_loop_wait (ev=0x562c18d05890, location=0x562c17636b90 "../../source3/smbd/server.c:1359")
    at ../../tevent.c:895
#9  0x00007fd4c3259658 in std_event_loop_wait (ev=0x562c18d05890, location=0x562c17636b90 "../../source3/smbd/server.c:1359")
    at ../../tevent_standard.c:141
#10 0x0000562c1762d688 in smbd_parent_loop (ev_ctx=ev_ctx@entry=0x562c18d05890, parent=<optimized out>)
    at ../../source3/smbd/server.c:1359
#11 0x0000562c1762cb6d in main (argc=<optimized out>, argv=<optimized out>) at ../../source3/smbd/server.c:2197

Reproducible: Always




build use flag:

[ebuild   R    ] net-fs/samba-4.12.9-r1::gentoo  USE="acl ldap pam python syslog system-mitkrb5 systemd -addc -addns -ads -ceph -client -cluster -cups -debug (-dmapi) (-fam) -gpg -iprint -json -profiling-data -quota (-selinux) -snapper (-system-heimdal) (-test) -winbind -zeroconf" ABI_X86="(64) -32 (-x32)" PYTHON_SINGLE_TARGET="python3_8 -python3_7" 0 KiB

# gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/9.3.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /var/tmp/portage/sys-devel/gcc-9.3.0-r2/work/gcc-9.3.0/configure --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/9.3.0 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/9.3.0/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.3.0 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.3.0/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.3.0/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/9.3.0/include/g++-v9 --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/9.3.0/python --enable-languages=c,c++,jit,fortran --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --enable-nls --without-included-gettext --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo Hardened 9.3.0-r2 p4' --enable-esp --enable-libstdcxx-time --disable-libstdcxx-pch --enable-host-shared --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-multilib --with-multilib-list=m32,m64 --disable-fixed-point --enable-targets=all --enable-libgomp --disable-libssp --disable-libada --enable-systemtap --enable-vtable-verify --enable-lto --without-isl --enable-default-pie --enable-default-ssp
Thread model: posix
gcc version 9.3.0 (Gentoo Hardened 9.3.0-r2 p4)

# clang -v
clang version 11.0.0
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/lib/llvm/11/bin
Selected GCC installation: /usr/lib/gcc/x86_64-pc-linux-gnu/9.3.0
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Selected multilib: .;@m64
Comment 1 Zhixu Liu 2021-02-12 12:56:39 UTC
Created attachment 686460 [details]
asm of source3/lib/messages.c from clang
Comment 2 Zhixu Liu 2021-02-12 12:56:59 UTC
Created attachment 686463 [details]
asm of source3/lib/messages.c from gcc
Comment 3 Zhixu Liu 2021-02-12 13:11:19 UTC
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x00007fd4c369760b in messaging_recv_cb (ev=0x562c18d05890,
> msg=0x7ffd31fce8c8 "\251\312\001", msg_len=52, fds=0x7ffd31fce8bc,
>     num_fds=0, private_data=<optimized out>) at
> ../../source3/lib/messages.c:395
> 395             int64_t fds64[MIN(num_fds, INT8_MAX)];
line 395 should be 394, I add a printf before the original line.
Comment 4 Zhixu Liu 2021-02-14 06:07:24 UTC
build w/ clang after apply following patch:

diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index 63d6362..af508bc 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -391,6 +391,9 @@ static void messaging_recv_cb(struct tevent_context *ev,
                private_data, struct messaging_context);
        struct server_id_buf idbuf;
        struct messaging_rec rec;
+       #include <unistd.h>
+       printf("%s:%d %d\n", __FILE__, __LINE__, getpid());
+       sleep(10);
        int64_t fds64[MIN(num_fds, INT8_MAX)];
        size_t i;

then gdb attach to the pid, and stepi see what happens. a infited loop found:

(gdb)stepi
0x00007f0eaeb77845      397             int64_t fds64[MIN(num_fds, INT8_MAX)];                                                                                                                                                                                                          (gdb)
0x00007f0eaeb77833      397             int64_t fds64[MIN(num_fds, INT8_MAX)];                                                                                                                                                                                                          (gdb)
0x00007f0eaeb7783b      397             int64_t fds64[MIN(num_fds, INT8_MAX)];                                                                                                                                                                                                          (gdb)
0x00007f0eaeb77842      397             int64_t fds64[MIN(num_fds, INT8_MAX)];                                                                                                                                                                                                          (gdb)
0x00007f0eaeb77845      397             int64_t fds64[MIN(num_fds, INT8_MAX)];                                                                                                                                                                                                          (gdb)
0x00007f0eaeb77833      397             int64_t fds64[MIN(num_fds, INT8_MAX)];                                                                                                                                                                                                          (gdb)
0x00007f0eaeb7783b      397             int64_t fds64[MIN(num_fds, INT8_MAX)];                                                                                                                                                                                                          (gdb)
0x00007f0eaeb77842      397             int64_t fds64[MIN(num_fds, INT8_MAX)];                                                                                                                                                                                                          (gdb)
0x00007f0eaeb77845      397             int64_t fds64[MIN(num_fds, INT8_MAX)];  

disassemble shows:

=> 0x00007f0eaeb77833 <+163>:   movq   $0x0,(%rsp)
   0x00007f0eaeb7783b <+171>:   sub    $0x1000,%rsp
   0x00007f0eaeb77842 <+178>:   cmp    %rsp,%rax
   0x00007f0eaeb77845 <+181>:   jge    0x7f0eaeb77833 <messaging_recv_cb+163>

this might be a bug of clang compiler?
Comment 5 Zhixu Liu 2021-03-11 03:08:28 UTC
problem disappeared after upgrade clang to v11.0.1