Forking the symbolizer process may cause instrumented fork handler to run

[ramosian-glider]

Originally reported on Google Code with ID 61

$ cat atfork.c 
#include <pthread.h>
#include <stdio.h>

int glob = 0;

void *worker(void *unused) {
  glob++;
  return NULL;
}

void atfork() {
  fprintf(stderr, "HI!\n");
  glob++;
}

int main() {
  pthread_atfork(atfork, NULL, NULL);
  pthread_t t;
  pthread_create(&t, NULL, worker, NULL);
  glob++;
  pthread_join(t, NULL);
  return 0;
}
$ clang -fsanitize=thread -fPIE atfork.c -o atfork -g
$ ./atfork
HI!
(the process hangs)

$ gdb -p 25254
(gdb) thread apply all bt

Thread 3 (Thread 0x7f0331b8a700 (LWP 25255)):
#0  0x00007f0331c4b08d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007f0331c4af2c in __sleep (seconds=0) at ../sysdeps/unix/sysv/linux/sleep.c:138
#2  0x00007f0332cff650 in __interceptor_sleep ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:241
#3  0x00007f0332d561bd in BackgroundThread () at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl.cc:144
#4  0x00007f0332870e9a in start_thread (arg=0x7f0331b8a700) at pthread_create.c:308
#5  0x00007f0331c7f3fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#6  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f032ffff700 (LWP 25256)):
#0  0x00007f0332cf4b47 in internal_syscall<unsigned long, int, __sanitizer::MutexState,
int, int, int> ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_syscall_linux_x86_64.inc:74
#1  Lock () at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_linux.cc:428
#2  0x00007f0332d5f6fd in Lock ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_thread_registry.h:84
#3  GenericScopedLock () at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_mutex.h:173
#4  ReportRace () at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cc:644
#5  0x00007f0332d5c01a in __tsan_report_race_thunk ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl_amd64.S:131
#6  0x00007f0332d59ed5 in __tsan_write4 () at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl.cc:436
#7  0x00007f0332d63122 in atfork () at atfork.c:13
#8  0x00007f0331c4b115 in __libc_fork () at ../nptl/sysdeps/unix/sysv/linux/x86_64/../fork.c:96
#9  0x00007f0332cfba9b in StartSymbolizerSubprocess ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc:237
#10 0x00007f0332cfb71b in Restart ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc:143
#11 SendCommand ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc:128
#12 0x00007f0332cfc792 in SendCommand ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc:658
#13 0x00007f0332cfbdba in SymbolizePC ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc:525
#14 0x00007f0332d621ef in SymbolizeCode ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_symbolize.cc:114
#15 0x00007f0332d5e0be in SymbolizeStack ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cc:135
#16 0x00007f0332d5e424 in AddMemoryAccess ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cc:180
#17 0x00007f0332d5fb0a in ReportRace () at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cc:672
#18 0x00007f0332d5c01a in __tsan_report_race_thunk ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl_amd64.S:131
#19 0x00007f0332d59ed5 in __tsan_write4 () at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_rtl.cc:436
#20 0x00007f0332d630a6 in worker (unused=0x0) at atfork.c:7
---Type <return> to continue, or q <return> to quit---
#21 0x00007f0332d0463e in __tsan_thread_start_func ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:842
#22 0x00007f0332870e9a in start_thread (arg=0x7f032ffff700) at pthread_create.c:308
#23 0x00007f0331c7f3fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#24 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f0332c81340 (LWP 25254)):
#0  0x00007f0332872148 in pthread_join (threadid=139651666933504, thread_return=0x0)
at pthread_join.c:89
#1  0x00007f0332d04ac5 in __interceptor_pthread_join ()
    at /usr/local/google/work/chromium/src/third_party/llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:901
#2  0x00007f0332d631fe in main () at atfork.c:21


We need to either avoid calling __libc_fork() from StartSymbolizerSubprocess() or intercept
pthread_atfork() and disable the handlers for non-user fork() calls.

Reported by glider@chromium.org on 2014-05-13 15:32:43

[ramosian-glider]

Fixed in r208707.

Reported by glider@google.com on 2014-05-13 16:28:24

• Status changed: Fixed

[ramosian-glider]

Adding Project:ThreadSanitizer as part of GitHub migration.

Reported by glider@google.com on 2015-07-30 09:21:31

• Labels added: ProjectThreadSanitizer