Bug 2098125 - Possible deadlock in calls to textdomain(3) with preloaded libasan
Summary: Possible deadlock in calls to textdomain(3) with preloaded libasan
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: compiler-rt
Version: 37
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: serge_sans_paille
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-06-17 10:55 UTC by Frantisek Sumsal
Modified: 2023-01-02 16:10 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-01-02 16:10:37 UTC
Type: Bug
Embargoed:
tstellar: mirror+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FC-545 0 None None None 2022-07-21 18:54:17 UTC

Description Frantisek Sumsal 2022-06-17 10:55:56 UTC 
Description of problem:
There appears to be a deadlock in libasan when a library calling `textdomain(3)` pre-loads libasan via $LD_PRELOAD. 

I noticed this when extending our systemd integration test suite under ASan/UBSan[0], as `textdomain()` is used by procps-ng utils (ps, pidof, pkill, ...). These utilities are linked against libsystemd.so, so the $LD_PRELOAD is necessary in such cases (if systemd is built with ASan), rendering the tests broken.

This issue is reproducible with libasan from both clang and gcc on Rawhide.

[0] https://github.com/systemd/systemd/pull/23741#issuecomment-1158704791

Version-Release number of selected component (if applicable):
compiler-rt-14.0.0-1.fc37.x86_64

Steps to Reproduce:
# LD_PRELOAD=/usr/lib64/clang/14.0.0/lib/libclang_rt.asan-x86_64.so ps --help
# LD_PRELOAD=/usr/lib64/clang/14.0.0/lib/libclang_rt.asan-x86_64.so ltrace -- ps --help

Actual results:
The first call simply hangs. Subsequent ltrace shows that the ps utility is stuck on the `textdomain()` call:

```
# LD_PRELOAD=/usr/lib64/clang/14.0.0/lib/libclang_rt.asan-x86_64.so ltrace -- ps --help
__cxa_atexit(0x564ac8a48d70, 0, 0x564ac8a50f80, 0x564ac8a50f78)                                                      = 0
strrchr("ps", '/')                                                                                                   = nil
setlocale(LC_ALL, "")                                                                                                = "C.UTF-8"
bindtextdomain("procps-ng", "/usr/share/locale")                                                                     = "/usr/share/locale"
textdomain("procps-ng"
```

Similar thing can be observed with other utils, like pidof:

```
# LD_PRELOAD=/usr/lib64/clang/14.0.0/lib/libclang_rt.asan-x86_64.so ltrace -- pidof bash
setlocale(LC_ALL, "")                                                                                                = "C.UTF-8"
bindtextdomain("procps-ng", "/usr/share/locale")                                                                     = "/usr/share/locale"
textdomain("procps-ng"
```

Expected results:
In this specific case, ps should simply dump its help message:

```
# ps --help

Usage:
 ps [options]

 Try 'ps --help <simple|list|output|threads|misc|all>'
  or 'ps --help <s|l|o|t|m|a>'
 for additional help text.

For more details see ps(1).
```

Additional info:
This issue appears to be reported several times on multiple places, without any resolution:

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1716928
[2] https://github.com/llvm/llvm-project/issues/49223
[3] https://sourceware.org/bugzilla/show_bug.cgi?id=27653
Comment 1 serge_sans_paille 2022-07-01 14:06:49 UTC 
Tentative patch submitted upstream: https://reviews.llvm.org/D128992
Comment 2 Ben Cotton 2022-08-09 13:39:11 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 37 development cycle.
Changing version to 37.
Comment 3 Nikita Popov 2023-01-02 16:10:37 UTC 
The aforementioned patch has since landed, and I've confirmed that "LD_PRELOAD=/usr/lib64/clang/15.0.6/lib/libclang_rt.asan-x86_64.so ps --help" does work without hanging now.
Note You need to log in before you can comment on or make changes to this bug.