theRockLiu / thread-sanitizer

Automatically exported from code.google.com/p/thread-sanitizer
0 stars 0 forks source link

TSan doesn't understand the synchronization in getaddrinfo #25

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
See https://code.google.com/p/chromium/issues/detail?id=270675

[ RUN      ] HostResolverImplTest.MultipleAttempts
==================
WARNING: ThreadSanitizer: data race (pid=17661)
  Write of size 8 at 0x7d2400004770 by thread T4: 
    #0 free /usr/local/google/asan/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:475 (net_unittests+0x0000002082dc)
    #1 <null> <null>:0 (libc.so.6+0x000000119a77)
    #2 net::RuleBasedHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) net/dns/mock_host_resolver.cc:372 (net_unittests+0x0000017ddaef)
    #3 net::HostResolverProc::ResolveUsingPrevious(std::string const&, net::AddressFamily, int, net::AddressList*, int*) net/dns/host_resolver_proc.cc:79 (net_unittests+0x000001e8e120)
    #4 net::(anonymous namespace)::LookupAttemptHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) net/dns/host_resolver_impl_unittest.cc:373 (net_unittests+0x0000007c3769)
    #5 net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) net/dns/host_resolver_impl.cc:671 (net_unittests+0x000001e7bb00)
    #6 Run base/bind_internal.h:248 (net_unittests+0x000001e817dd)
...
  Previous write of size 8 at 0x7d2400004770 by thread T2: 
    #0 malloc /usr/local/google/asan/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:429 (net_unittests+0x000000207e03)
    #1 <null> <null>:0 (libc.so.6+0x0000001195c8)
    #2 net::RuleBasedHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) net/dns/mock_host_resolver.cc:372 (net_unittests+0x0000017ddaef)
    #3 net::HostResolverProc::ResolveUsingPrevious(std::string const&, net::AddressFamily, int, net::AddressList*, int*) net/dns/host_resolver_proc.cc:79 (net_unittests+0x000001e8e120)
    #4 net::(anonymous namespace)::LookupAttemptHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) net/dns/host_resolver_impl_unittest.cc:373 (net_unittests+0x0000007c3769)
    #5 net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) net/dns/host_resolver_impl.cc:671 (net_unittests+0x000001e7bb00)
    #6 Run base/bind_internal.h:248 (net_unittests+0x000001e817dd)
...

The relevant piece of Chromium source is here:

https://code.google.com/p/chromium/codesearch#chromium/src/net/dns/host_resolver
_proc.cc&q=SystemHostResolverCall&sq=package:chromium&type=cs&l=122

Original issue reported on code.google.com by gli...@google.com on 9 Aug 2013 at 3:42

GoogleCodeExporter commented 9 years ago
Some debugging:

[  PASSED  ] 1 test.

  YOU HAVE 63 DISABLED TESTS

==================
WARNING: ThreadSanitizer: data race (pid=27755)
  Write of size 8 at 0x7d2400016770 by thread T5:
    #0 free /usr/local/google/asan/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:475 (net_unittests+0x0000002082dc)
    #1 <null> <null>:0 (libc.so.6+0x000000119a77)
    #2 net::RuleBasedHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) /usr/local/google/chrome-asan/src/out/Release/../../net/dns/mock_host_resolver.cc:372 (net_unittests+0x0000017ddaef)

In gdb:

[Switching to Thread 0x7ff2dd1b9b40 (LWP 27789)]

Breakpoint 3, __interceptor_free () at 
/usr/local/google/asan/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.
cc:472
472       if (cur_thread()->in_symbolizer)
(gdb) bt  
#0  __interceptor_free () at 
/usr/local/google/asan/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.
cc:472
#1  0x00007ff2e609ca78 in __check_pf (seen_ipv4=0x7ff2dd1474de, 
seen_ipv6=0x7ff2dd1474df, in6ai=0x7ff2dd1474a0, in6ailen=0x7ff2dd1474b0) at 
../sysdeps/unix/sysv/linux/check_pf.c:366
#2  0x00007ff2e6051f6d in __GI_getaddrinfo (name=0x7d0c0006dc98 "127.0.0.1", 
service=<optimized out>, hints=0x7ff2dd147700, pai=0x7ff2dd147730) at 
../sysdeps/posix/getaddrinfo.c:2372
#3  0x00007ff2ed3372f6 in SystemHostResolverCall () at 
../../net/dns/host_resolver_proc.cc:192
#4  0x00007ff2ecc86af0 in Resolve () at ../../net/dns/mock_host_resolver.cc:372
#5  0x00007ff2ed337121 in ResolveUsingPrevious () at 
../../net/dns/host_resolver_proc.cc:79
#6  0x00007ff2ebc6c76a in Resolve () at 
../../net/dns/host_resolver_impl_unittest.cc:373
#7  0x00007ff2ed324b01 in DoLookup () at ../../net/dns/host_resolver_impl.cc:671
#8  0x00007ff2ed32a7de in Run () at ../../base/bind_internal.h:248
#9  MakeItSo () at ../../base/bind_internal.h:927
#10 Run () at ../../base/bind_internal.h:1377
#11 0x00007ff2ed654ae0 in Run () at ../../base/callback.h:396
#12 ThreadMain () at ../../base/threading/worker_pool_posix.cc:101
#13 0x00007ff2ed6489f1 in ThreadFunc () at 
../../base/threading/platform_thread_posix.cc:80
#14 0x00007ff2eb6b3ef5 in __tsan_thread_start_func () at 
/usr/local/google/asan/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.
cc:808
#15 0x00007ff2e6b5be9a in start_thread (arg=0x7ff2dd1b9b40) at 
pthread_create.c:308
#16 0x00007ff2e6076ccd in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#17 0x0000000000000000 in ?? ()
(gdb) i r 
rax            0x1      1   
rbx            0x7d2400016770   137593572386672
rcx            0x7ff2e609c97d   140681218214269
rdx            0x7d2400016770   137593572386672
rsi            0x90     144 
rdi            0x7d2400016770   137593572386672
rbp            0x7ff2dd1474a0   0x7ff2dd1474a0
rsp            0x7ff2dd1472a0   0x7ff2dd1472a0
r8             0x5      5   
r9             0x4736   18230
r10            0x1      1   
r11            0x246    582 
r12            0x7ff2dd1474b0   140681067918512
r13            0x7ff2dd1474de   140681067918558
r14            0x7ff2dd1474df   140681067918559
r15            0x15     21  
rip            0x7ff2eb6b1264   0x7ff2eb6b1264 <__interceptor_free()+20>
eflags         0x202    [ IF ]
cs             0x33     51  
ss             0x2b     43  
ds             0x0      0   
es             0x0      0   
fs             0x0      0   
gs             0x0      0   

The corresponding piece of __check_pf() in 
eglibc-2.15/sysdeps/unix/sysv/linux/check_pf.c is:

359       if (data != NULL)
360         {
361           /* It worked.  */
362           *seen_ipv4 = data->seen_ipv4;
363           *seen_ipv6 = data->seen_ipv6;
364           *in6ailen = data->in6ailen;
365           *in6ai = data->in6ai;
366 
367           if (olddata != NULL && olddata->usecnt > 0
368               && atomic_add_zero (&olddata->usecnt, -1))
369             free (olddata);
370 
371           return;
372         }

Original comment by gli...@google.com on 9 Aug 2013 at 3:46

GoogleCodeExporter commented 9 years ago

Original comment by gli...@chromium.org on 9 Aug 2013 at 3:48

GoogleCodeExporter commented 9 years ago
What is setaddrinfo?

Original comment by dvyu...@google.com on 13 Aug 2013 at 12:11

GoogleCodeExporter commented 9 years ago
That's freeaddrinfo, of course.

Original comment by gli...@google.com on 13 Aug 2013 at 12:15

GoogleCodeExporter commented 9 years ago
My understanding was that freeaddrinfo is not involved here, is it true?

Original comment by dvyu...@google.com on 13 Aug 2013 at 12:18

GoogleCodeExporter commented 9 years ago
Um, yes, on the second thought you're right.

Original comment by gli...@google.com on 13 Aug 2013 at 12:20

GoogleCodeExporter commented 9 years ago
glider, please verify, this must be fixed in r191066.

Original comment by dvyu...@google.com on 17 Oct 2013 at 8:24

GoogleCodeExporter commented 9 years ago

Original comment by gli...@google.com on 17 Oct 2013 at 10:57

GoogleCodeExporter commented 9 years ago

Original comment by dvyu...@google.com on 25 Apr 2014 at 10:20