Forking the symbolizer process may cause instrumented fork handler to run

[GoogleCodeExporter]

$ cat atfork.c 
#include <pthread.h>
#include <stdio.h>

int glob = 0;

void *worker(void *unused) {
  glob++;
  return NULL;
}

void atfork() {
  fprintf(stderr, "HI!\n");
  glob++;
}

int main() {
  pthread_atfork(atfork, NULL, NULL);
  pthread_t t;
  pthread_create(&t, NULL, worker, NULL);
  glob++;
  pthread_join(t, NULL);
  return 0;
}
$ clang -fsanitize=thread -fPIE atfork.c -o atfork -g
$ ./atfork
HI!
(the process hangs)

$ gdb -p 25254
(gdb) thread apply all bt

Thread 3 (Thread 0x7f0331b8a700 (LWP 25255)):
#0  0x00007f0331c4b08d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007f0331c4af2c in __sleep (seconds=0) at 
../sysdeps/unix/sysv/linux/sleep.c:138
#2  0x00007f0332cff650 in __interceptor_sleep ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:241
#3  0x00007f0332d561bd in BackgroundThread () at 
/usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/ts
an/rtl/tsan_rtl.cc:144
#4  0x00007f0332870e9a in start_thread (arg=0x7f0331b8a700) at 
pthread_create.c:308
#5  0x00007f0331c7f3fd in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#6  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f032ffff700 (LWP 25256)):
#0  0x00007f0332cf4b47 in internal_syscall<unsigned long, int, 
__sanitizer::MutexState, int, int, int> ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_syscall_linux_x86_64.inc:74
#1  Lock () at 
/usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sa
nitizer_common/sanitizer_linux.cc:428
#2  0x00007f0332d5f6fd in Lock ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_thread_registry.h:84
#3  GenericScopedLock () at 
/usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sa
nitizer_common/sanitizer_mutex.h:173
#4  ReportRace () at 
/usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/ts
an/rtl/tsan_rtl_report.cc:644
#5  0x00007f0332d5c01a in __tsan_report_race_thunk ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl_amd64.S:131
#6  0x00007f0332d59ed5 in __tsan_write4 () at 
/usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/ts
an/rtl/tsan_rtl.cc:436
#7  0x00007f0332d63122 in atfork () at atfork.c:13
#8  0x00007f0331c4b115 in __libc_fork () at 
../nptl/sysdeps/unix/sysv/linux/x86_64/../fork.c:96
#9  0x00007f0332cfba9b in StartSymbolizerSubprocess ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc:237
#10 0x00007f0332cfb71b in Restart ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc:143
#11 SendCommand ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc:128
#12 0x00007f0332cfc792 in SendCommand ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc:658
#13 0x00007f0332cfbdba in SymbolizePC ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc:525
#14 0x00007f0332d621ef in SymbolizeCode ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_symbolize.cc:114
#15 0x00007f0332d5e0be in SymbolizeStack ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cc:135
#16 0x00007f0332d5e424 in AddMemoryAccess ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cc:180
#17 0x00007f0332d5fb0a in ReportRace () at 
/usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/ts
an/rtl/tsan_rtl_report.cc:672
#18 0x00007f0332d5c01a in __tsan_report_race_thunk ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl_amd64.S:131
#19 0x00007f0332d59ed5 in __tsan_write4 () at 
/usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/ts
an/rtl/tsan_rtl.cc:436
#20 0x00007f0332d630a6 in worker (unused=0x0) at atfork.c:7
---Type <return> to continue, or q <return> to quit---
#21 0x00007f0332d0463e in __tsan_thread_start_func ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:842
#22 0x00007f0332870e9a in start_thread (arg=0x7f032ffff700) at 
pthread_create.c:308
#23 0x00007f0331c7f3fd in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#24 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f0332c81340 (LWP 25254)):
#0  0x00007f0332872148 in pthread_join (threadid=139651666933504, 
thread_return=0x0) at pthread_join.c:89
#1  0x00007f0332d04ac5 in __interceptor_pthread_join ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:901
#2  0x00007f0332d631fe in main () at atfork.c:21

We need to either avoid calling __libc_fork() from StartSymbolizerSubprocess() 
or intercept pthread_atfork() and disable the handlers for non-user fork() 
calls.

Original issue reported on code.google.com by gli...@chromium.org on 13 May 2014 at 3:32

[GoogleCodeExporter]

Fixed in r208707.

Original comment by gli...@google.com on 13 May 2014 at 4:28

• Changed state: Fixed

[GoogleCodeExporter]

Adding Project:ThreadSanitizer as part of GitHub migration.

Original comment by gli...@google.com on 30 Jul 2015 at 9:21

• Added labels: ProjectThreadSanitizer