Triol opened a new issue, #2731:
URL: https://github.com/apache/brpc/issues/2731
**Describe the bug (描述bug)**
1、父进程启动bthread
2、fork出子进程
3、子进程的Sampler踩了内存
**To Reproduce (复现方法)**
编译执行 使用valgrind可见
```C++
#include <sys/stat.h>
#include <sys/unistd.h>
#include <brpc/server.h>
#include <bthread/bthread.h>
#include <iostream>
#include <thread>
#include <gflags/gflags.h>
using namespace std;
void child_proc();
void parent_proc();
void *empty_th(void *) { std::cout << "do nothing but start bthread
worker\n"; }
int main(int argc, char *argv[]) {
gflags::ParseCommandLineFlags(&argc, &argv, true);
// preload: start bthread
bthread_t tid;
bthread_start_background(&tid, nullptr, empty_th, nullptr);
bthread_join(tid, nullptr);
std::cout << "start to fork\n";
int ret = fork();
if (ret == 0) {
child_proc();
} else if (ret > 0) {
parent_proc();
} else {
assert(false && "cannot fork");
}
return 0;
}
void child_proc() {
std::cout << "start child, pid: " << getpid() << "\n";
for (int i = 0; i < 40; i++) {
std::thread th([&] {
char mem[40960];
memset(mem, 0x7f, sizeof(mem));
while(true) sleep(3);
});
th.detach();
}
}
void parent_proc() {
std::cout << "start parent, pid: " << getpid() << "\n";
while(true) sleep(3);
}
/*
* g++ -std=c++11 ./test.cc -lpthread -lbrpc -lgflags
* valgrind ./a.out
*/
```
```
10:36:53 docker /home valgrind ./a.out
==13029== Memcheck, a memory error detector
==13029== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==13029== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==13029== Command: ./a.out
==13029==
do nothing but start bthread workerstart parent, pid: 13029
do nothing but start bthread workerstart child, pid: 13041
==13041== Thread 2 bvar_sampler:
==13041== Jump to the invalid address stated on the next line
==13041== at 0x7F7F7F7F7F7F7F7F: ???
==13041== by 0x5269B10: bvar::detail::SamplerCollector::run()
(sampler.cpp:173)
==13041== by 0x526A7EF:
bvar::detail::SamplerCollector::sampling_thread(void*) (sampler.cpp:113)
==13041== by 0x4E44863: start_thread (pthread_create.c:477)
==13041== by 0x7102C1E: clone (clone.S:95)
==13041== Address 0x7f7f7f7f7f7f7f7f is not stack'd, malloc'd or (recently)
free'd
==13041==
```
**Expected behavior (期望行为)**
子进程能正常运作
**Versions (各种版本)**
OS:CentOS Linux release 7.8.2003 (Core)
Compiler: gcc (GCC) 7.5.0
brpc: master
protobuf: protobuf-2.2.1
**Additional context/screenshots (更多上下文/截图)**
已经可以确认是timer thread线程中那几个开在栈上的bvar
在fork之后 因线程的栈空间被强制回收,没有走bvar的析构流程,导致其sampler指向了无效地址
我构造的demo里面开辟大量的栈空间可以稳定将其内存踩坏
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org
For additional commands, e-mail: dev-h...@brpc.apache.org
