search

google / tcmalloc

Apache License 2.0
4.31k stars 463 forks source link

segmentation fault when build with tsan #199

Closed lhsoft closed 9 months ago

lhsoft commented 1 year ago

The stack is following

#0  0x00007fcae329e98e in __tsan::TraceAddEvent (addr=140509368748613, typ=__tsan::EventTypeFuncEnter,
    fs=<error reading variable: Asked for position 0 of stack, stack only has 0 elements on it.>, thr=<optimized out>)
    at ../../.././libsanitizer/tsan/tsan_rtl.h:857
#1  __tsan::FuncEntry (pc=140509368748613, thr=<optimized out>) at ../../.././libsanitizer/tsan/tsan_rtl.cc:981
#2  __tsan_func_entry (pc=0x7fcae3030a45 <_dlerror_run+277>) at ../../.././libsanitizer/tsan/tsan_interface_inl.h:102
#3  0x000000000240a7a7 in TCMallocInternalCalloc (n=n@entry=1, elem_size=elem_size@entry=32)
    at external/_main~data_deps_ext~com_github_google_tcmalloc/tcmalloc/tcmalloc.cc:1199
#4  0x00007fcae3030a45 in _dlerror_run (operate=operate@entry=0x7fcae3030390 <dlsym_doit>, args=args@entry=0x7fffded0f0b0) at dlerror.c:148
#5  0x00007fcae303040f in __dlsym (handle=handle@entry=0xffffffffffffffff, name=name@entry=0x7fcae32d6cb1 "mmap") at dlsym.c:70
#6  0x00007fcae32c0ef5 in __interception::GetRealFunctionAddress (func_name=func_name@entry=0x7fcae32d6cb1 "mmap",
    func_addr=func_addr@entry=0x7fcae3311ce8 <__interception::real_mmap>, real=real@entry=140509371115456, wrapper=wrapper@entry=140509371115456)
    at ../../.././libsanitizer/interception/interception_linux.cc:31
#7  0x00007fcae3272b05 in InitializeCommonInterceptors () at ../../.././libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:7240
#8  __tsan::InitializeInterceptors () at ../../.././libsanitizer/tsan/tsan_interceptors.cc:2595
#9  0x00007fcae3296a68 in __tsan::Initialize (thr=<optimized out>) at ../../.././libsanitizer/tsan/tsan_rtl.cc:372
#10 0x00007fcae3d484d6 in _dl_init (main_map=0x7fcae3d62190, argc=2, argv=0x7fffded0f218, env=0x7fffded0f230) at dl-init.c:104
#11 0x00007fcae3d3a0ca in _dl_start_user () from /lib64/ld-linux-x86-64.so.2
#12 0x0000000000000002 in ?? ()
#13 0x00007fffded10410 in ?? ()
#14 0x00007fffded10417 in ?? ()
#15 0x0000000000000000 in ?? ()
(gdb)
lhsoft commented 1 year ago

If I use ptmalloc, it works well and I switch to tcmalloc, the seg fault will happen. It looks like when tsan is enabled and tcmalloc is inited before tsan, when tsan begin to init, it will call tcmalloc and tcmlloc will also call tsan to traceAddevent which cause the segmentation fault.

ckennelly commented 9 months ago

TSan links in its own memory allocator so that it can see the allocations and deallocations. Mixing-and-matching allocators might lead to an object being allocated by one of TSan's allocator or TCMalloc and then deallocated with the other, leading to invalid preconditions.