Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tsan] Multiple TSAN assertions in tests with COMPILER_RT_DEBUG=ON #46204

Open
arichardson opened this issue Jul 27, 2020 · 0 comments
Open

[tsan] Multiple TSAN assertions in tests with COMPILER_RT_DEBUG=ON #46204

arichardson opened this issue Jul 27, 2020 · 0 comments
Labels
bugzilla Issues migrated from bugzilla compiler-rt:tsan Thread sanitizer

Comments

@arichardson
Copy link
Member

Bugzilla Link 46860
Version unspecified
OS All

Extended Description

I am seeing the following test failures on Linux x86_64 (Ubuntu 18.04) with commit 1956cf1 from earlier today.

SanitizerCommon-tsan-x86_64-Linux :: Linux/allow_user_segv.cpp
SanitizerCommon-tsan-x86_64-Linux :: Linux/signal_line.cpp
SanitizerCommon-tsan-x86_64-Linux :: Posix/dedup_token_length_test.cpp
SanitizerCommon-tsan-x86_64-Linux :: Posix/illegal_read_test.cpp
SanitizerCommon-tsan-x86_64-Linux :: Posix/illegal_write_test.cpp
SanitizerCommon-tsan-x86_64-Linux :: Posix/sanitizer_set_report_fd_test.cpp

The backtraces are all similar:

SanitizerCommon-tsan-x86_64-Linux :: Linux/allow_user_segv.cpp
User sigaction installed
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (allow_user_segv.cpp.tmp+0x515b25)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (allow_user_segv.cpp.tmp+0x437fd3)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (allow_user_segv.cpp.tmp+0x4a475d)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (allow_user_segv.cpp.tmp+0x4f433e)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (allow_user_segv.cpp.tmp+0x4f433e)
#​5 __tsan::MemoryRead(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:742 (allow_user_segv.cpp.tmp+0x4f433e)
#​6 __tsan_read4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:29 (allow_user_segv.cpp.tmp+0x4f433e)
#​7 DoSEGV() /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Linux/allow_user_segv.cpp:51:10 (allow_user_segv.cpp.tmp+0x5253cb)
#​8 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Linux/allow_user_segv.cpp:72:10 (allow_user_segv.cpp.tmp+0x525581)
#​9 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​10 _start (allow_user_segv.cpp.tmp+0x41d479)

SanitizerCommon-tsan-x86_64-Linux :: Linux/signal_line.cpp
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (signal_line.cpp.tmp+0x515a05)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (signal_line.cpp.tmp+0x437eb3)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (signal_line.cpp.tmp+0x4a463d)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (signal_line.cpp.tmp+0x4fadde)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (signal_line.cpp.tmp+0x4fadde)
#​5 __tsan::MemoryWrite(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:747 (signal_line.cpp.tmp+0x4fadde)
#​6 __tsan_write4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:45 (signal_line.cpp.tmp+0x4fadde)
#​7 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Linux/signal_line.cpp:16:28 (signal_line.cpp.tmp+0x52515c)
#​8 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​9 _start (signal_line.cpp.tmp+0x41d359)

SanitizerCommon-tsan-x86_64-Linux :: Posix/dedup_token_length_test.cpp
env 'TSAN_OPTIONS=abort_on_error=0, dedup_token_length=1' /local/scratch/alr48/cheri/build/upstream-llvm-project-build/projects/compiler-rt/test/sanitizer_common/tsan-x86_64-Linux/Posix/Output/dedup_token_length_test.cpp.tmp
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (dedup_token_length_test.cpp.tmp+0x515a85)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (dedup_token_length_test.cpp.tmp+0x437f33)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (dedup_token_length_test.cpp.tmp+0x4a46bd)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (dedup_token_length_test.cpp.tmp+0x4fae5e)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (dedup_token_length_test.cpp.tmp+0x4fae5e)
#​5 __tsan::MemoryWrite(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:747 (dedup_token_length_test.cpp.tmp+0x4fae5e)
#​6 __tsan_write4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:45 (dedup_token_length_test.cpp.tmp+0x4fae5e)
#​7 void Xyz::Abc<int, int>() /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/dedup_token_length_test.cpp:17:11 (dedup_token_length_test.cpp.tmp+0x525279)
#​8 bar /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/dedup_token_length_test.cpp:22:3 (dedup_token_length_test.cpp.tmp+0x525181)
#​9 FOO() /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/dedup_token_length_test.cpp:26:3 (dedup_token_length_test.cpp.tmp+0x5251a5)
#​10 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/dedup_token_length_test.cpp:30:3 (dedup_token_length_test.cpp.tmp+0x5251fd)
#​11 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​12 _start (dedup_token_length_test.cpp.tmp+0x41d3d9)

SanitizerCommon-tsan-x86_64-Linux :: Posix/illegal_read_test.cpp
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (illegal_read_test.cpp.tmp+0x5159b5)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (illegal_read_test.cpp.tmp+0x437e63)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (illegal_read_test.cpp.tmp+0x4a45ed)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (illegal_read_test.cpp.tmp+0x4f41ce)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (illegal_read_test.cpp.tmp+0x4f41ce)
#​5 __tsan::MemoryRead(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:742 (illegal_read_test.cpp.tmp+0x4f41ce)
#​6 __tsan_read4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:29 (illegal_read_test.cpp.tmp+0x4f41ce)
#​7 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/illegal_read_test.cpp:11:7 (illegal_read_test.cpp.tmp+0x5250f8)
#​8 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​9 _start (illegal_read_test.cpp.tmp+0x41d309)

SanitizerCommon-tsan-x86_64-Linux :: Posix/illegal_write_test.cpp
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (illegal_write_test.cpp.tmp+0x5159b5)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (illegal_write_test.cpp.tmp+0x437e63)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (illegal_write_test.cpp.tmp+0x4a45ed)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (illegal_write_test.cpp.tmp+0x4fad8e)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (illegal_write_test.cpp.tmp+0x4fad8e)
#​5 __tsan::MemoryWrite(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:747 (illegal_write_test.cpp.tmp+0x4fad8e)
#​6 __tsan_write4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:45 (illegal_write_test.cpp.tmp+0x4fad8e)
#​7 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/illegal_write_test.cpp:10:9 (illegal_write_test.cpp.tmp+0x5250f8)
#​8 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​9 _start (illegal_write_test.cpp.tmp+0x41d309)

SanitizerCommon-tsan-x86_64-Linux :: Posix/sanitizer_set_report_fd_test.cpp
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (sanitizer_set_report_fd_test.cpp.tmp+0x515ad5)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (sanitizer_set_report_fd_test.cpp.tmp+0x437f83)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (sanitizer_set_report_fd_test.cpp.tmp+0x4a470d)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (sanitizer_set_report_fd_test.cpp.tmp+0x4faeae)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (sanitizer_set_report_fd_test.cpp.tmp+0x4faeae)
#​5 __tsan::MemoryWrite(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:747 (sanitizer_set_report_fd_test.cpp.tmp+0x4faeae)
#​6 __tsan_write4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:45 (sanitizer_set_report_fd_test.cpp.tmp+0x4faeae)
#​7 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_set_report_fd_test.cpp:31:9 (sanitizer_set_report_fd_test.cpp.tmp+0x525238)
#​8 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​9 _start (sanitizer_set_report_fd_test.cpp.tmp+0x41d429)
@llvmbot llvmbot transferred this issue from llvm/llvm-bugzilla-archive Dec 10, 2021
This was referenced Mar 4, 2024
Merged
Merged
arichardson added a commit to arichardson/upstream-llvm-project that referenced this issue Mar 7, 2024
@arichardson
[tsan] Fix running check-ubsan with COMPILER_RT_DEBUG=ON
e6b4092 
TestCases/Misc/Linux/sigaction.cpp fails because dlsym() may call malloc
on failure. And then the wrapped malloc appears to access thread local
storage using global dynamic accesses, thus calling
___interceptor___tls_get_addr, before REAL(__tls_get_addr) has
been set, so we get a crash inside ___interceptor___tls_get_addr. For
example, this can happen when looking up __isoc23_scanf which might not
exist in some libcs.

Fix this by marking the thread local variable accessed inside the
debug checks as "initial-exec", which does not require __tls_get_addr.

This is probably a better alternative to llvm#83886.

This fixes a different crash but is related to llvm#46204.

Backtrace:
```
#0 0x0000000000000000 in ?? ()
llvm#1 0x00007ffff6a9d89e in ___interceptor___tls_get_addr (arg=0x7ffff6b27be8) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:2759
llvm#2 0x00007ffff6a46bc6 in __sanitizer::CheckedMutex::LockImpl (this=0x7ffff6b27be8, pc=140737331846066) at /path/to/llvm/compiler-rt/lib/sanitizer_common/sanitizer_mutex.cpp:218
llvm#3 0x00007ffff6a448b2 in __sanitizer::CheckedMutex::Lock (this=0x7ffff6b27be8, this@entry=0x730000000580) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:129
llvm#4 __sanitizer::Mutex::Lock (this=0x7ffff6b27be8, this@entry=0x730000000580) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:167
llvm#5 0x00007ffff6abdbb2 in __sanitizer::GenericScopedLock<__sanitizer::Mutex>::GenericScopedLock (mu=0x730000000580, this=<optimized out>) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:383
llvm#6 __sanitizer::SizeClassAllocator64<__tsan::AP64>::GetFromAllocator (this=0x7ffff7487dc0 <__tsan::allocator_placeholder>, stat=stat@entry=0x7ffff570db68, class_id=11, chunks=chunks@entry=0x7ffff5702cc8, n_chunks=n_chunks@entry=128) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_primary64.h:207
llvm#7 0x00007ffff6abdaa0 in __sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64> >::Refill (this=<optimized out>, c=c@entry=0x7ffff5702cb8, allocator=<optimized out>, class_id=<optimized out>)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_local_cache.h:103
llvm#8 0x00007ffff6abd731 in __sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64> >::Allocate (this=0x7ffff6b27be8, allocator=0x7ffff5702cc8, class_id=140737311157448)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_local_cache.h:39
llvm#9 0x00007ffff6abc397 in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__tsan::AP64>, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::Allocate (this=0x7ffff5702cc8, cache=0x7ffff6b27be8, size=<optimized out>, size@entry=175, alignment=alignment@entry=16)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_combined.h:69
llvm#10 0x00007ffff6abaa6a in __tsan::user_alloc_internal (thr=0x7ffff7ebd980, pc=140737331499943, sz=sz@entry=175, align=align@entry=16, signal=true) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:198
llvm#11 0x00007ffff6abb0d1 in __tsan::user_alloc (thr=0x7ffff6b27be8, pc=140737331846066, sz=11, sz@entry=175) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:223
llvm#12 0x00007ffff6a693b5 in ___interceptor_malloc (size=175) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:666
llvm#13 0x00007ffff7fce7f2 in malloc (size=175) at ../include/rtld-malloc.h:56
llvm#14 __GI__dl_exception_create_format (exception=exception@entry=0x7fffffffd0d0, objname=0x7ffff7fc3550 "/path/to/llvm/compiler-rt/cmake-build-all-sanitizers/lib/linux/libclang_rt.tsan-x86_64.so",
 fmt=fmt@entry=0x7ffff7ff2db9 "undefined symbol: %s%s%s") at ./elf/dl-exception.c:157
llvm#15 0x00007ffff7fd50e8 in _dl_lookup_symbol_x (undef_name=0x7ffff6af868b "__isoc23_scanf", undef_map=<optimized out>, ref=0x7fffffffd148, symbol_scope=<optimized out>, version=<optimized out>, type_class=0, flags=2, skip_map=0x7ffff7fc35e0) at ./elf/dl-lookup.c:793
--Type <RET> for more, q to quit, c to continue without paging--
llvm#16 0x00007ffff656d6ed in do_sym (handle=<optimized out>, name=0x7ffff6af868b "__isoc23_scanf", who=0x7ffff6a3bb84 <__interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long)+36>, vers=vers@entry=0x0, flags=flags@entry=2) at ./elf/dl-sym.c:146
llvm#17 0x00007ffff656d9dd in _dl_sym (handle=<optimized out>, name=<optimized out>, who=<optimized out>) at ./elf/dl-sym.c:195
llvm#18 0x00007ffff64a2854 in dlsym_doit (a=a@entry=0x7fffffffd3b0) at ./dlfcn/dlsym.c:40
llvm#19 0x00007ffff7fcc489 in __GI__dl_catch_exception (exception=exception@entry=0x7fffffffd310, operate=0x7ffff64a2840 <dlsym_doit>, args=0x7fffffffd3b0) at ./elf/dl-catch.c:237
llvm#20 0x00007ffff7fcc5af in _dl_catch_error (objname=0x7fffffffd368, errstring=0x7fffffffd370, mallocedp=0x7fffffffd367, operate=<optimized out>, args=<optimized out>) at ./elf/dl-catch.c:256
llvm#21 0x00007ffff64a2257 in _dlerror_run (operate=operate@entry=0x7ffff64a2840 <dlsym_doit>, args=args@entry=0x7fffffffd3b0) at ./dlfcn/dlerror.c:138
llvm#22 0x00007ffff64a28e5 in dlsym_implementation (dl_caller=<optimized out>, name=<optimized out>, handle=<optimized out>) at ./dlfcn/dlsym.c:54
llvm#23 ___dlsym (handle=<optimized out>, name=<optimized out>) at ./dlfcn/dlsym.c:68
llvm#24 0x00007ffff6a3bb84 in __interception::GetFuncAddr (name=0x7ffff6af868b "__isoc23_scanf", trampoline=140737311157448) at /path/to/llvm/compiler-rt/lib/interception/interception_linux.cpp:42
llvm#25 __interception::InterceptFunction (name=0x7ffff6af868b "__isoc23_scanf", ptr_to_real=0x7ffff74850e8 <__interception::real___isoc23_scanf>, func=11, trampoline=140737311157448)
 at /path/to/llvm/compiler-rt/lib/interception/interception_linux.cpp:61
llvm#26 0x00007ffff6a9f2d9 in InitializeCommonInterceptors () at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_common_interceptors.inc:10315
```

Pull Request: llvm#83890
arichardson added a commit that referenced this issue Mar 9, 2024
@arichardson
[tsan] Fix running check-ubsan with COMPILER_RT_DEBUG=ON
6c76506 
TestCases/Misc/Linux/sigaction.cpp fails because dlsym() may call malloc
on failure. And then the wrapped malloc appears to access thread local
storage using global dynamic accesses, thus calling
___interceptor___tls_get_addr, before REAL(__tls_get_addr) has
been set, so we get a crash inside ___interceptor___tls_get_addr. For
example, this can happen when looking up __isoc23_scanf which might not
exist in some libcs.

Fix this by marking the thread local variable accessed inside the
debug checks as "initial-exec", which does not require __tls_get_addr.

This is probably a better alternative to #83886.

This fixes a different crash but is related to #46204.

Backtrace:
```
#0 0x0000000000000000 in ?? ()
#1 0x00007ffff6a9d89e in ___interceptor___tls_get_addr (arg=0x7ffff6b27be8) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:2759
#2 0x00007ffff6a46bc6 in __sanitizer::CheckedMutex::LockImpl (this=0x7ffff6b27be8, pc=140737331846066) at /path/to/llvm/compiler-rt/lib/sanitizer_common/sanitizer_mutex.cpp:218
#3 0x00007ffff6a448b2 in __sanitizer::CheckedMutex::Lock (this=0x7ffff6b27be8, this@entry=0x730000000580) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:129
#4 __sanitizer::Mutex::Lock (this=0x7ffff6b27be8, this@entry=0x730000000580) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:167
#5 0x00007ffff6abdbb2 in __sanitizer::GenericScopedLock<__sanitizer::Mutex>::GenericScopedLock (mu=0x730000000580, this=<optimized out>) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:383
#6 __sanitizer::SizeClassAllocator64<__tsan::AP64>::GetFromAllocator (this=0x7ffff7487dc0 <__tsan::allocator_placeholder>, stat=stat@entry=0x7ffff570db68, class_id=11, chunks=chunks@entry=0x7ffff5702cc8, n_chunks=n_chunks@entry=128) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_primary64.h:207
#7 0x00007ffff6abdaa0 in __sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64> >::Refill (this=<optimized out>, c=c@entry=0x7ffff5702cb8, allocator=<optimized out>, class_id=<optimized out>)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_local_cache.h:103
#8 0x00007ffff6abd731 in __sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64> >::Allocate (this=0x7ffff6b27be8, allocator=0x7ffff5702cc8, class_id=140737311157448)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_local_cache.h:39
#9 0x00007ffff6abc397 in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__tsan::AP64>, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::Allocate (this=0x7ffff5702cc8, cache=0x7ffff6b27be8, size=<optimized out>, size@entry=175, alignment=alignment@entry=16)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_combined.h:69
#10 0x00007ffff6abaa6a in __tsan::user_alloc_internal (thr=0x7ffff7ebd980, pc=140737331499943, sz=sz@entry=175, align=align@entry=16, signal=true) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:198
#11 0x00007ffff6abb0d1 in __tsan::user_alloc (thr=0x7ffff6b27be8, pc=140737331846066, sz=11, sz@entry=175) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:223
#12 0x00007ffff6a693b5 in ___interceptor_malloc (size=175) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:666
#13 0x00007ffff7fce7f2 in malloc (size=175) at ../include/rtld-malloc.h:56
#14 __GI__dl_exception_create_format (exception=exception@entry=0x7fffffffd0d0, objname=0x7ffff7fc3550 "/path/to/llvm/compiler-rt/cmake-build-all-sanitizers/lib/linux/libclang_rt.tsan-x86_64.so",
 fmt=fmt@entry=0x7ffff7ff2db9 "undefined symbol: %s%s%s") at ./elf/dl-exception.c:157
#15 0x00007ffff7fd50e8 in _dl_lookup_symbol_x (undef_name=0x7ffff6af868b "__isoc23_scanf", undef_map=<optimized out>, ref=0x7fffffffd148, symbol_scope=<optimized out>, version=<optimized out>, type_class=0, flags=2, skip_map=0x7ffff7fc35e0) at ./elf/dl-lookup.c:793
--Type <RET> for more, q to quit, c to continue without paging--
#16 0x00007ffff656d6ed in do_sym (handle=<optimized out>, name=0x7ffff6af868b "__isoc23_scanf", who=0x7ffff6a3bb84 <__interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long)+36>, vers=vers@entry=0x0, flags=flags@entry=2) at ./elf/dl-sym.c:146
#17 0x00007ffff656d9dd in _dl_sym (handle=<optimized out>, name=<optimized out>, who=<optimized out>) at ./elf/dl-sym.c:195
#18 0x00007ffff64a2854 in dlsym_doit (a=a@entry=0x7fffffffd3b0) at ./dlfcn/dlsym.c:40
#19 0x00007ffff7fcc489 in __GI__dl_catch_exception (exception=exception@entry=0x7fffffffd310, operate=0x7ffff64a2840 <dlsym_doit>, args=0x7fffffffd3b0) at ./elf/dl-catch.c:237
#20 0x00007ffff7fcc5af in _dl_catch_error (objname=0x7fffffffd368, errstring=0x7fffffffd370, mallocedp=0x7fffffffd367, operate=<optimized out>, args=<optimized out>) at ./elf/dl-catch.c:256
#21 0x00007ffff64a2257 in _dlerror_run (operate=operate@entry=0x7ffff64a2840 <dlsym_doit>, args=args@entry=0x7fffffffd3b0) at ./dlfcn/dlerror.c:138
#22 0x00007ffff64a28e5 in dlsym_implementation (dl_caller=<optimized out>, name=<optimized out>, handle=<optimized out>) at ./dlfcn/dlsym.c:54
#23 ___dlsym (handle=<optimized out>, name=<optimized out>) at ./dlfcn/dlsym.c:68
#24 0x00007ffff6a3bb84 in __interception::GetFuncAddr (name=0x7ffff6af868b "__isoc23_scanf", trampoline=140737311157448) at /path/to/llvm/compiler-rt/lib/interception/interception_linux.cpp:42
#25 __interception::InterceptFunction (name=0x7ffff6af868b "__isoc23_scanf", ptr_to_real=0x7ffff74850e8 <__interception::real___isoc23_scanf>, func=11, trampoline=140737311157448)
 at /path/to/llvm/compiler-rt/lib/interception/interception_linux.cpp:61
#26 0x00007ffff6a9f2d9 in InitializeCommonInterceptors () at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_common_interceptors.inc:10315
```

Reviewed By: vitalybuka, MaskRay

Pull Request: #83890
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bugzilla Issues migrated from bugzilla compiler-rt:tsan Thread sanitizer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@arichardson