async scope bug #1731
Closed
async scope bug #1731
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
thanks chris! does it fix the issue to lock the mutex first? |
Contributor
Author
Yes, it does. However, Relacy then gives me yet another bug that I haven't deciphered yet. |
ericniebler
added a commit
to ericniebler/stdexec
that referenced
this pull request
Jan 7, 2026
ericniebler
added a commit
that referenced
this pull request
Jan 7, 2026
address TSAN issue in `async_scope` described by #1731
Contributor
Author
|
Closing this out with #1734 merged - will look to see if there was another race. I'll also be fixing Relacy to work with newer versions of GCC. |
Contributor
Author
I think the other race Relacy was identifying was the one that #1742 is attempting to fix! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I know @ispeters is working on #1713, but while I was updating Relacy to support newer versions of GCC (Relacy works by providing its own implementations of things like std::mutex, so Relacy sometimes needs to update its interposing headers with new GCCs), I noticed a bug in
async_scope.If I change the
spawn_futuretest to create the thread before the scope, then we find that the scope can be destructed while the background thread is finishing up handling__complete. In https://github.com/NVIDIA/stdexec/blob/main/include/exec/async_scope.hpp#L162-L163, after the background thread decrements__active_but before it locks the mutex, the main thread and finish sync waiting onscope.on_empty()then start destructing the scope. Later, the background thread tries to access the now destructed mutex.I added the sleep to force the bug to manifest, and moved the async_scope to the heap to ensure ASAN notices the use-after-free. The only other change I made was to re-order the
static_thread_poolandasync_scopeinstantiations (and mirror their nested destructive order). Without this last change, the bug does not exist sincestatic_thread_pool's destructor joins, ensuring the background thread finishes__complete.I'm guessing this will be more valuable as a test scenario for @ISpeter's work; not sure if we want to address it in
exec::async_scope?Full ASAN report: https://gist.github.com/ccotter/9fa8761d0d500603aa0e92081386fe9f