search

google / sanitizers

AddressSanitizer, ThreadSanitizer, MemorySanitizer
Other
11.02k stars 996 forks source link

TSAN Segmentation fault : GCC 9.1.0, libtsan, centOS 6 #1338

Open kulkrohit opened 3 years ago

kulkrohit commented 3 years ago

Here is the trace:

0 0x0000000000000000 in ?? ()

1 0x00007ffff6e63d17 in __sanitizer::MonotonicNanoTime () at ../../../../libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cc:794

2 0x00007ffff6e3ffa4 in sanitizer::SizeClassAllocator64<tsan::AP64>::PopulateFreeArray (this=this@entry=0x7ffff70d4940 <__tsan::allocator_placeholder>, stat=stat@entry=0x7ffff5a0db70,

class_id=class_id@entry=2, region=region@entry=0x7c0000000180, requested_count=<optimized out>) at ../../../../libsanitizer/sanitizer_common/sanitizer_common.h:386

3 0x00007ffff6e401ba in sanitizer::SizeClassAllocator64<tsan::AP64>::GetFromAllocator (this=this@entry=0x7ffff70d4940 <__tsan::allocator_placeholder>, stat=stat@entry=0x7ffff5a0db70,

class_id=class_id@entry=2, chunks=chunks@entry=0x7ffff5a00840, n_chunks=n_chunks@entry=128) at ../../../../libsanitizer/sanitizer_common/sanitizer_allocator_primary64.h:133

4 0x00007ffff6e4022e in sanitizer::SizeClassAllocator64LocalCache<sanitizer::SizeClassAllocator64<__tsan::AP64> >::Refill (this=this@entry=0x7ffff5a00010, c=c@entry=0x7ffff5a00830,

allocator=allocator@entry=0x7ffff70d4940 <__tsan::allocator_placeholder>, class_id=class_id@entry=2) at ../../../../libsanitizer/sanitizer_common/sanitizer_allocator_local_cache.h:104

5 0x00007ffff6e3eaaf in sanitizer::SizeClassAllocator64LocalCache<sanitizer::SizeClassAllocator64<__tsan::AP64> >::Allocate (class_id=2,

allocator=0x7ffff70d4940 <__tsan::allocator_placeholder>, this=<optimized out>) at ../../../../libsanitizer/sanitizer_common/sanitizer_common.h:385

6 sanitizer::CombinedAllocator<sanitizer::SizeClassAllocator64<__tsan::AP64>, sanitizer::SizeClassAllocatorLocalCache<sanitizer::SizeClassAllocator64<__tsan::AP64> >, sanitizer::LargeMmapAllocator<tsan::MapUnmapCallback, __sanitizer::LargeMmapAllocatorPtrArrayDynamic> >::Allocate (alignment=16, size=, cache=,

this=0x7ffff70d4940 <__tsan::allocator_placeholder>) at ../../../../libsanitizer/sanitizer_common/sanitizer_allocator_combined.h:62

7 __tsan::user_alloc_internal (signal=, align=16, sz=32, pc=140737335247302, thr=0x7ffff6784740) at ../../../../libsanitizer/tsan/tsan_mman.cc:162

8 __tsan::user_alloc_internal (thr=0x7ffff6784740, pc=140737335247302, sz=32, align=16, signal=) at ../../../../libsanitizer/tsan/tsan_mman.cc:154

9 0x00007ffff6e3ec7b in __tsan::user_calloc (thr=thr@entry=0x7ffff6784740, pc=, size=size@entry=1, n=n@entry=32) at ../../../../libsanitizer/tsan/tsan_mman.cc:197

10 0x00007ffff6dfc1d7 in __interceptor_calloc (size=1, n=32) at ../../../../libsanitizer/tsan/tsan_interceptors.cc:681

11 0x0000003e18201310 in _dlerror_run () from /lib64/libdl.so.2

12 0x0000003e1820107a in dlsym () from /lib64/libdl.so.2

13 0x00007ffff6e70b65 in interception::GetRealFunctionAddress (func_name=func_name@entry=0x7ffff6e864b9 "mmap", func_addr=func_addr@entry=0x7ffff70c28a8 <interception::real_mmap>,

real=real@entry=140737335402592, wrapper=wrapper@entry=140737335402592) at ../../../../libsanitizer/interception/interception_linux.cc:31

14 0x00007ffff6e223a5 in InitializeCommonInterceptors () at ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:7240

15 __tsan::InitializeInterceptors () at ../../../../libsanitizer/tsan/tsan_interceptors.cc:2595

16 0x00007ffff6e46688 in __tsan::Initialize (thr=thr@entry=0x7ffff6784740) at ../../../../libsanitizer/tsan/tsan_rtl.cc:372

17 0x00007ffff6dfaa93 in tsan::ScopedInterceptor::ScopedInterceptor (this=this@entry=0x7fffffffd5b0, thr=0x7ffff6784740, pc=140737332463438, fname=0x7ffff6e852ed "cxa_atexit")

at ../../../../libsanitizer/tsan/tsan_interceptors.cc:242

18 0x00007ffff6dfbd36 in __interceptor___cxa_atexit (f=f@entry=0x7ffff6b51620 <std::pmr::(anonymous namespace)::constant_init<std::pmr::(anonymous namespace)::newdel_res_t>::~constant_init()>,

arg=arg@entry=0x7ffff6dc91c8 <std::pmr::(anonymous namespace)::newdel_res>, dso=0x7ffff6dc9020) at ../../../../libsanitizer/tsan/tsan_interceptors.cc:405

19 0x00007ffff6b5474e in static_initialization_and_destruction_0 (initialize_p=1, __priority=65535) at ../../../../../libstdc++-v3/src/c++17/memory_resource.cc:1394

20 _GLOBAL__sub_I_memory_resource.cc(void) () at ../../../../../libstdc++-v3/src/c++17/memory_resource.cc:1394

21 0x00007ffff6b6c0e2 in __do_global_ctors_aux () from /cad/tools/gnu/gcc/9.1.0/lib64/libstdc++.so.6

22 0x00007fffffffd6a8 in ?? ()

23 0x0000000000000001 in ?? ()

24 0x00007fffffffd6a8 in ?? ()

25 0x00007ffff6a7489b in _init () from /cad/tools/gnu/gcc/9.1.0/lib64/libstdc++.so.6

26 0x00007ffff69df9c0 in ?? ()

27 0x0000003e1760e985 in _dl_init_internal () from /lib64/ld-linux-x86-64.so.2

28 0x0000003e17600b6a in _dl_start_user () from /lib64/ld-linux-x86-64.so.2

29 0x0000000000000001 in ?? ()

30 0x00007fffffffdb26 in ?? ()

31 0x0000000000000000 in ?? ()

dvyukov commented 3 years ago

Interesting. It seems we call real_clock_gettime before interceptor initialization. Wonder why it never fired before... Shouldn't COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED check in real_clock_gettime help?... Does setting allocator_release_to_os_interval_ms=0 help?

kulkrohit commented 3 years ago

allocator_release_to_os_interval_ms=0 does not help either. Same trace as above.

dvyukov commented 3 years ago

Weird, MonotonicNanoTime should not even be called with allocator_release_to_os_interval_ms=0: https://github.com/llvm/llvm-project/blob/84e8257937ec6a332aa0b688f4dce57016516ffd/compiler-rt/lib/sanitizer_common/sanitizer_allocator_primary64.h#L714 But maybe gcc9 has some other version of the code...

kulkrohit commented 3 years ago

Actually slightly different trace with allocator_release_to_os_interval_ms=0

0 0x0000000000000000 in ?? ()

1 0x00007ffff6e63d17 in __sanitizer::MonotonicNanoTime() () from /cad/tools/gnu/gcc/9.1.0/lib64/libtsan.so.0

2 0x00007ffff6e3ffa4 in sanitizer::SizeClassAllocator64<tsan::AP64>::PopulateFreeArray(sanitizer::AllocatorStats*, unsigned long, sanitizer::SizeClassAllocator64<__tsan::AP64>::RegionInfo*, unsigned long) () at ../../../../libsanitizer/sanitizer_common/sanitizer_common.h:386

3 0x00007ffff6e401ba in sanitizer::SizeClassAllocator64<tsan::AP64>::GetFromAllocator(__sanitizer::AllocatorStats, unsigned long, unsigned int, unsigned long) ()

at ../../../../libsanitizer/sanitizer_common/sanitizer_allocator_primary64.h:133

4 0x00007ffff6e4022e in sanitizer::SizeClassAllocator64LocalCache<sanitizer::SizeClassAllocator64<__tsan::AP64> >::Refill(sanitizer::SizeClassAllocator64LocalCache<sanitizer::SizeClassAllocator64<__tsan::AP64> >::PerClass, sanitizer::SizeClassAllocator64<tsan::AP64>, unsigned long) () at ../../../../libsanitizer/sanitizer_common/sanitizer_allocator_local_cache.h:104

5 0x00007ffff6e3eaaf in tsan::user_alloc_internal(tsan::ThreadState*, unsigned long, unsigned long, unsigned long, bool) ()

at ../../../../libsanitizer/sanitizer_common/sanitizer_common.h:385

6 0x00007ffff6e3ec7b in __tsan::user_calloc(__tsan::ThreadState*, unsigned long, unsigned long, unsigned long) () at ../../../../libsanitizer/tsan/tsan_mman.cc:197

7 0x00007ffff6dfc1d7 in calloc () at ../../../../libsanitizer/tsan/tsan_interceptors.cc:681

8 0x0000003e18201310 in _dlerror_run (operate=0x3e182010b0 , args=0x7fffffffd390) at dlerror.c:142

9 0x0000003e1820107a in __dlsym (handle=, name=) at dlsym.c:71

10 0x00007ffff6e70b65 in __interception::GetRealFunctionAddress(char const, unsigned long, unsigned long, unsigned long) () from /cad/tools/gnu/gcc/9.1.0/lib64/libtsan.so.0

11 0x00007ffff6e223a5 in __tsan::InitializeInterceptors() () at ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:7240

12 0x00007ffff6e46688 in tsan::Initialize(tsan::ThreadState*) () at ../../../../libsanitizer/tsan/tsan_rtl.cc:372

13 0x00007ffff6dfaa93 in __tsan::ScopedInterceptor::ScopedInterceptor () at ../../../../libsanitizer/tsan/tsan_interceptors.cc:242

14 0x00007ffff6dfbd36 in __interceptor___cxa_atexit () at ../../../../libsanitizer/tsan/tsan_interceptors.cc:405

15 0x00007ffff6b5474e in _GLOBAL__sub_I_memory_resource.cc () at ../../../../../libstdc++-v3/src/c++17/memory_resource.cc:1394

16 0x00007ffff6b6c0e2 in __do_global_ctors_aux () from /cad/tools/gnu/gcc/9.1.0/lib64/libstdc++.so.6

17 0x00007fffffffd5b8 in ?? ()

18 0x0000000000000001 in ?? ()

19 0x00007fffffffd5b8 in ?? ()

20 0x00007ffff6a7489b in _init () from /cad/tools/gnu/gcc/9.1.0/lib64/libstdc++.so.6

21 0x00007ffff69df9c0 in ?? ()

22 0x0000003e1760e985 in call_init (main_map=0x3e17822190, argc=-153368496, argv=0x7fffffffd530, env=0x7fffffffd5c8) at dl-init.c:70

23 _dl_init (main_map=0x3e17822190, argc=-153368496, argv=0x7fffffffd530, env=0x7fffffffd5c8) at dl-init.c:134

24 0x0000003e17600b6a in _dl_start_user () from /lib64/ld-linux-x86-64.so.2

25 0x0000000000000001 in ?? ()

26 0x00007fffffffda79 in ?? ()

27 0x0000000000000000 in ?? ()