Skip to content

[tsan] Multiple TSAN assertions in tests with COMPILER_RT_DEBUG=ON #46204

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
arichardson opened this issue Jul 27, 2020 · 0 comments
Open

[tsan] Multiple TSAN assertions in tests with COMPILER_RT_DEBUG=ON #46204

arichardson opened this issue Jul 27, 2020 · 0 comments
Labels
bugzilla Issues migrated from bugzilla compiler-rt:tsan Thread sanitizer

Comments

@arichardson
Copy link
Member

Bugzilla Link 46860
Version unspecified
OS All

Extended Description

I am seeing the following test failures on Linux x86_64 (Ubuntu 18.04) with commit 1956cf1 from earlier today.

SanitizerCommon-tsan-x86_64-Linux :: Linux/allow_user_segv.cpp
SanitizerCommon-tsan-x86_64-Linux :: Linux/signal_line.cpp
SanitizerCommon-tsan-x86_64-Linux :: Posix/dedup_token_length_test.cpp
SanitizerCommon-tsan-x86_64-Linux :: Posix/illegal_read_test.cpp
SanitizerCommon-tsan-x86_64-Linux :: Posix/illegal_write_test.cpp
SanitizerCommon-tsan-x86_64-Linux :: Posix/sanitizer_set_report_fd_test.cpp

The backtraces are all similar:

SanitizerCommon-tsan-x86_64-Linux :: Linux/allow_user_segv.cpp
User sigaction installed
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (allow_user_segv.cpp.tmp+0x515b25)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (allow_user_segv.cpp.tmp+0x437fd3)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (allow_user_segv.cpp.tmp+0x4a475d)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (allow_user_segv.cpp.tmp+0x4f433e)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (allow_user_segv.cpp.tmp+0x4f433e)
#​5 __tsan::MemoryRead(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:742 (allow_user_segv.cpp.tmp+0x4f433e)
#​6 __tsan_read4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:29 (allow_user_segv.cpp.tmp+0x4f433e)
#​7 DoSEGV() /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Linux/allow_user_segv.cpp:51:10 (allow_user_segv.cpp.tmp+0x5253cb)
#​8 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Linux/allow_user_segv.cpp:72:10 (allow_user_segv.cpp.tmp+0x525581)
#​9 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​10 _start (allow_user_segv.cpp.tmp+0x41d479)

SanitizerCommon-tsan-x86_64-Linux :: Linux/signal_line.cpp
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (signal_line.cpp.tmp+0x515a05)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (signal_line.cpp.tmp+0x437eb3)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (signal_line.cpp.tmp+0x4a463d)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (signal_line.cpp.tmp+0x4fadde)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (signal_line.cpp.tmp+0x4fadde)
#​5 __tsan::MemoryWrite(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:747 (signal_line.cpp.tmp+0x4fadde)
#​6 __tsan_write4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:45 (signal_line.cpp.tmp+0x4fadde)
#​7 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Linux/signal_line.cpp:16:28 (signal_line.cpp.tmp+0x52515c)
#​8 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​9 _start (signal_line.cpp.tmp+0x41d359)

SanitizerCommon-tsan-x86_64-Linux :: Posix/dedup_token_length_test.cpp
env 'TSAN_OPTIONS=abort_on_error=0, dedup_token_length=1' /local/scratch/alr48/cheri/build/upstream-llvm-project-build/projects/compiler-rt/test/sanitizer_common/tsan-x86_64-Linux/Posix/Output/dedup_token_length_test.cpp.tmp
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (dedup_token_length_test.cpp.tmp+0x515a85)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (dedup_token_length_test.cpp.tmp+0x437f33)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (dedup_token_length_test.cpp.tmp+0x4a46bd)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (dedup_token_length_test.cpp.tmp+0x4fae5e)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (dedup_token_length_test.cpp.tmp+0x4fae5e)
#​5 __tsan::MemoryWrite(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:747 (dedup_token_length_test.cpp.tmp+0x4fae5e)
#​6 __tsan_write4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:45 (dedup_token_length_test.cpp.tmp+0x4fae5e)
#​7 void Xyz::Abc<int, int>() /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/dedup_token_length_test.cpp:17:11 (dedup_token_length_test.cpp.tmp+0x525279)
#​8 bar /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/dedup_token_length_test.cpp:22:3 (dedup_token_length_test.cpp.tmp+0x525181)
#​9 FOO() /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/dedup_token_length_test.cpp:26:3 (dedup_token_length_test.cpp.tmp+0x5251a5)
#​10 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/dedup_token_length_test.cpp:30:3 (dedup_token_length_test.cpp.tmp+0x5251fd)
#​11 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​12 _start (dedup_token_length_test.cpp.tmp+0x41d3d9)

SanitizerCommon-tsan-x86_64-Linux :: Posix/illegal_read_test.cpp
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (illegal_read_test.cpp.tmp+0x5159b5)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (illegal_read_test.cpp.tmp+0x437e63)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (illegal_read_test.cpp.tmp+0x4a45ed)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (illegal_read_test.cpp.tmp+0x4f41ce)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (illegal_read_test.cpp.tmp+0x4f41ce)
#​5 __tsan::MemoryRead(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:742 (illegal_read_test.cpp.tmp+0x4f41ce)
#​6 __tsan_read4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:29 (illegal_read_test.cpp.tmp+0x4f41ce)
#​7 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/illegal_read_test.cpp:11:7 (illegal_read_test.cpp.tmp+0x5250f8)
#​8 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​9 _start (illegal_read_test.cpp.tmp+0x41d309)

SanitizerCommon-tsan-x86_64-Linux :: Posix/illegal_write_test.cpp
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (illegal_write_test.cpp.tmp+0x5159b5)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (illegal_write_test.cpp.tmp+0x437e63)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (illegal_write_test.cpp.tmp+0x4a45ed)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (illegal_write_test.cpp.tmp+0x4fad8e)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (illegal_write_test.cpp.tmp+0x4fad8e)
#​5 __tsan::MemoryWrite(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:747 (illegal_write_test.cpp.tmp+0x4fad8e)
#​6 __tsan_write4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:45 (illegal_write_test.cpp.tmp+0x4fad8e)
#​7 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/illegal_write_test.cpp:10:9 (illegal_write_test.cpp.tmp+0x5250f8)
#​8 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​9 _start (illegal_write_test.cpp.tmp+0x41d309)

SanitizerCommon-tsan-x86_64-Linux :: Posix/sanitizer_set_report_fd_test.cpp
FATAL: ThreadSanitizer CHECK failed: /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798 "((IsAppMem(x))) != (0)" (0x0, 0x0)
#​0 __tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cpp:47:25 (sanitizer_set_report_fd_test.cpp.tmp+0x515ad5)
#​1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:78:5 (sanitizer_set_report_fd_test.cpp.tmp+0x437f83)
#​2 unsigned long __tsan::MemToShadowImpl<__tsan::Mapping>(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:798:3 (sanitizer_set_report_fd_test.cpp.tmp+0x4a470d)
#​3 __tsan::MemToShadow(unsigned long) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform.h:832:10 (sanitizer_set_report_fd_test.cpp.tmp+0x4faeae)
#​4 __tsan::MemoryAccess(__tsan::ThreadState*, unsigned long, unsigned long, int, bool, bool) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:830 (sanitizer_set_report_fd_test.cpp.tmp+0x4faeae)
#​5 __tsan::MemoryWrite(__tsan::ThreadState*, unsigned long, unsigned long, int) /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:747 (sanitizer_set_report_fd_test.cpp.tmp+0x4faeae)
#​6 __tsan_write4 /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interface_inl.h:45 (sanitizer_set_report_fd_test.cpp.tmp+0x4faeae)
#​7 main /local/scratch/alr48/cheri/upstream-llvm-project/compiler-rt/test/sanitizer_common/TestCases/Posix/sanitizer_set_report_fd_test.cpp:31:9 (sanitizer_set_report_fd_test.cpp.tmp+0x525238)
#​8 __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 (libc.so.6+0x21b96)
#​9 _start (sanitizer_set_report_fd_test.cpp.tmp+0x41d429)
@llvmbot llvmbot transferred this issue from llvm/llvm-bugzilla-archive Dec 10, 2021
This was referenced Mar 4, 2024
Merged
Merged
arichardson added a commit to arichardson/upstream-llvm-project that referenced this issue Mar 7, 2024
@arichardson
[tsan] Fix running check-ubsan with COMPILER_RT_DEBUG=ON
e6b4092 
TestCases/Misc/Linux/sigaction.cpp fails because dlsym() may call malloc
on failure. And then the wrapped malloc appears to access thread local
storage using global dynamic accesses, thus calling
___interceptor___tls_get_addr, before REAL(__tls_get_addr) has
been set, so we get a crash inside ___interceptor___tls_get_addr. For
example, this can happen when looking up __isoc23_scanf which might not
exist in some libcs.

Fix this by marking the thread local variable accessed inside the
debug checks as "initial-exec", which does not require __tls_get_addr.

This is probably a better alternative to llvm#83886.

This fixes a different crash but is related to llvm#46204.

Backtrace:
```
#0 0x0000000000000000 in ?? ()
llvm#1 0x00007ffff6a9d89e in ___interceptor___tls_get_addr (arg=0x7ffff6b27be8) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:2759
llvm#2 0x00007ffff6a46bc6 in __sanitizer::CheckedMutex::LockImpl (this=0x7ffff6b27be8, pc=140737331846066) at /path/to/llvm/compiler-rt/lib/sanitizer_common/sanitizer_mutex.cpp:218
llvm#3 0x00007ffff6a448b2 in __sanitizer::CheckedMutex::Lock (this=0x7ffff6b27be8, this@entry=0x730000000580) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:129
llvm#4 __sanitizer::Mutex::Lock (this=0x7ffff6b27be8, this@entry=0x730000000580) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:167
llvm#5 0x00007ffff6abdbb2 in __sanitizer::GenericScopedLock<__sanitizer::Mutex>::GenericScopedLock (mu=0x730000000580, this=<optimized out>) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:383
llvm#6 __sanitizer::SizeClassAllocator64<__tsan::AP64>::GetFromAllocator (this=0x7ffff7487dc0 <__tsan::allocator_placeholder>, stat=stat@entry=0x7ffff570db68, class_id=11, chunks=chunks@entry=0x7ffff5702cc8, n_chunks=n_chunks@entry=128) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_primary64.h:207
llvm#7 0x00007ffff6abdaa0 in __sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64> >::Refill (this=<optimized out>, c=c@entry=0x7ffff5702cb8, allocator=<optimized out>, class_id=<optimized out>)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_local_cache.h:103
llvm#8 0x00007ffff6abd731 in __sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64> >::Allocate (this=0x7ffff6b27be8, allocator=0x7ffff5702cc8, class_id=140737311157448)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_local_cache.h:39
llvm#9 0x00007ffff6abc397 in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__tsan::AP64>, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::Allocate (this=0x7ffff5702cc8, cache=0x7ffff6b27be8, size=<optimized out>, size@entry=175, alignment=alignment@entry=16)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_combined.h:69
llvm#10 0x00007ffff6abaa6a in __tsan::user_alloc_internal (thr=0x7ffff7ebd980, pc=140737331499943, sz=sz@entry=175, align=align@entry=16, signal=true) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:198
llvm#11 0x00007ffff6abb0d1 in __tsan::user_alloc (thr=0x7ffff6b27be8, pc=140737331846066, sz=11, sz@entry=175) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:223
llvm#12 0x00007ffff6a693b5 in ___interceptor_malloc (size=175) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:666
llvm#13 0x00007ffff7fce7f2 in malloc (size=175) at ../include/rtld-malloc.h:56
llvm#14 __GI__dl_exception_create_format (exception=exception@entry=0x7fffffffd0d0, objname=0x7ffff7fc3550 "/path/to/llvm/compiler-rt/cmake-build-all-sanitizers/lib/linux/libclang_rt.tsan-x86_64.so",
 fmt=fmt@entry=0x7ffff7ff2db9 "undefined symbol: %s%s%s") at ./elf/dl-exception.c:157
llvm#15 0x00007ffff7fd50e8 in _dl_lookup_symbol_x (undef_name=0x7ffff6af868b "__isoc23_scanf", undef_map=<optimized out>, ref=0x7fffffffd148, symbol_scope=<optimized out>, version=<optimized out>, type_class=0, flags=2, skip_map=0x7ffff7fc35e0) at ./elf/dl-lookup.c:793
--Type <RET> for more, q to quit, c to continue without paging--
llvm#16 0x00007ffff656d6ed in do_sym (handle=<optimized out>, name=0x7ffff6af868b "__isoc23_scanf", who=0x7ffff6a3bb84 <__interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long)+36>, vers=vers@entry=0x0, flags=flags@entry=2) at ./elf/dl-sym.c:146
llvm#17 0x00007ffff656d9dd in _dl_sym (handle=<optimized out>, name=<optimized out>, who=<optimized out>) at ./elf/dl-sym.c:195
llvm#18 0x00007ffff64a2854 in dlsym_doit (a=a@entry=0x7fffffffd3b0) at ./dlfcn/dlsym.c:40
llvm#19 0x00007ffff7fcc489 in __GI__dl_catch_exception (exception=exception@entry=0x7fffffffd310, operate=0x7ffff64a2840 <dlsym_doit>, args=0x7fffffffd3b0) at ./elf/dl-catch.c:237
llvm#20 0x00007ffff7fcc5af in _dl_catch_error (objname=0x7fffffffd368, errstring=0x7fffffffd370, mallocedp=0x7fffffffd367, operate=<optimized out>, args=<optimized out>) at ./elf/dl-catch.c:256
llvm#21 0x00007ffff64a2257 in _dlerror_run (operate=operate@entry=0x7ffff64a2840 <dlsym_doit>, args=args@entry=0x7fffffffd3b0) at ./dlfcn/dlerror.c:138
llvm#22 0x00007ffff64a28e5 in dlsym_implementation (dl_caller=<optimized out>, name=<optimized out>, handle=<optimized out>) at ./dlfcn/dlsym.c:54
llvm#23 ___dlsym (handle=<optimized out>, name=<optimized out>) at ./dlfcn/dlsym.c:68
llvm#24 0x00007ffff6a3bb84 in __interception::GetFuncAddr (name=0x7ffff6af868b "__isoc23_scanf", trampoline=140737311157448) at /path/to/llvm/compiler-rt/lib/interception/interception_linux.cpp:42
llvm#25 __interception::InterceptFunction (name=0x7ffff6af868b "__isoc23_scanf", ptr_to_real=0x7ffff74850e8 <__interception::real___isoc23_scanf>, func=11, trampoline=140737311157448)
 at /path/to/llvm/compiler-rt/lib/interception/interception_linux.cpp:61
llvm#26 0x00007ffff6a9f2d9 in InitializeCommonInterceptors () at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_common_interceptors.inc:10315
```

Pull Request: llvm#83890
arichardson added a commit that referenced this issue Mar 9, 2024
@arichardson
[tsan] Fix running check-ubsan with COMPILER_RT_DEBUG=ON
6c76506 
TestCases/Misc/Linux/sigaction.cpp fails because dlsym() may call malloc
on failure. And then the wrapped malloc appears to access thread local
storage using global dynamic accesses, thus calling
___interceptor___tls_get_addr, before REAL(__tls_get_addr) has
been set, so we get a crash inside ___interceptor___tls_get_addr. For
example, this can happen when looking up __isoc23_scanf which might not
exist in some libcs.

Fix this by marking the thread local variable accessed inside the
debug checks as "initial-exec", which does not require __tls_get_addr.

This is probably a better alternative to #83886.

This fixes a different crash but is related to #46204.

Backtrace:
```
#0 0x0000000000000000 in ?? ()
#1 0x00007ffff6a9d89e in ___interceptor___tls_get_addr (arg=0x7ffff6b27be8) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:2759
#2 0x00007ffff6a46bc6 in __sanitizer::CheckedMutex::LockImpl (this=0x7ffff6b27be8, pc=140737331846066) at /path/to/llvm/compiler-rt/lib/sanitizer_common/sanitizer_mutex.cpp:218
#3 0x00007ffff6a448b2 in __sanitizer::CheckedMutex::Lock (this=0x7ffff6b27be8, this@entry=0x730000000580) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:129
#4 __sanitizer::Mutex::Lock (this=0x7ffff6b27be8, this@entry=0x730000000580) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:167
#5 0x00007ffff6abdbb2 in __sanitizer::GenericScopedLock<__sanitizer::Mutex>::GenericScopedLock (mu=0x730000000580, this=<optimized out>) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_mutex.h:383
#6 __sanitizer::SizeClassAllocator64<__tsan::AP64>::GetFromAllocator (this=0x7ffff7487dc0 <__tsan::allocator_placeholder>, stat=stat@entry=0x7ffff570db68, class_id=11, chunks=chunks@entry=0x7ffff5702cc8, n_chunks=n_chunks@entry=128) at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_primary64.h:207
#7 0x00007ffff6abdaa0 in __sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64> >::Refill (this=<optimized out>, c=c@entry=0x7ffff5702cb8, allocator=<optimized out>, class_id=<optimized out>)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_local_cache.h:103
#8 0x00007ffff6abd731 in __sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__tsan::AP64> >::Allocate (this=0x7ffff6b27be8, allocator=0x7ffff5702cc8, class_id=140737311157448)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_local_cache.h:39
#9 0x00007ffff6abc397 in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__tsan::AP64>, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::Allocate (this=0x7ffff5702cc8, cache=0x7ffff6b27be8, size=<optimized out>, size@entry=175, alignment=alignment@entry=16)
 at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_allocator_combined.h:69
#10 0x00007ffff6abaa6a in __tsan::user_alloc_internal (thr=0x7ffff7ebd980, pc=140737331499943, sz=sz@entry=175, align=align@entry=16, signal=true) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:198
#11 0x00007ffff6abb0d1 in __tsan::user_alloc (thr=0x7ffff6b27be8, pc=140737331846066, sz=11, sz@entry=175) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_mman.cpp:223
#12 0x00007ffff6a693b5 in ___interceptor_malloc (size=175) at /path/to/llvm/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:666
#13 0x00007ffff7fce7f2 in malloc (size=175) at ../include/rtld-malloc.h:56
#14 __GI__dl_exception_create_format (exception=exception@entry=0x7fffffffd0d0, objname=0x7ffff7fc3550 "/path/to/llvm/compiler-rt/cmake-build-all-sanitizers/lib/linux/libclang_rt.tsan-x86_64.so",
 fmt=fmt@entry=0x7ffff7ff2db9 "undefined symbol: %s%s%s") at ./elf/dl-exception.c:157
#15 0x00007ffff7fd50e8 in _dl_lookup_symbol_x (undef_name=0x7ffff6af868b "__isoc23_scanf", undef_map=<optimized out>, ref=0x7fffffffd148, symbol_scope=<optimized out>, version=<optimized out>, type_class=0, flags=2, skip_map=0x7ffff7fc35e0) at ./elf/dl-lookup.c:793
--Type <RET> for more, q to quit, c to continue without paging--
#16 0x00007ffff656d6ed in do_sym (handle=<optimized out>, name=0x7ffff6af868b "__isoc23_scanf", who=0x7ffff6a3bb84 <__interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long)+36>, vers=vers@entry=0x0, flags=flags@entry=2) at ./elf/dl-sym.c:146
#17 0x00007ffff656d9dd in _dl_sym (handle=<optimized out>, name=<optimized out>, who=<optimized out>) at ./elf/dl-sym.c:195
#18 0x00007ffff64a2854 in dlsym_doit (a=a@entry=0x7fffffffd3b0) at ./dlfcn/dlsym.c:40
#19 0x00007ffff7fcc489 in __GI__dl_catch_exception (exception=exception@entry=0x7fffffffd310, operate=0x7ffff64a2840 <dlsym_doit>, args=0x7fffffffd3b0) at ./elf/dl-catch.c:237
#20 0x00007ffff7fcc5af in _dl_catch_error (objname=0x7fffffffd368, errstring=0x7fffffffd370, mallocedp=0x7fffffffd367, operate=<optimized out>, args=<optimized out>) at ./elf/dl-catch.c:256
#21 0x00007ffff64a2257 in _dlerror_run (operate=operate@entry=0x7ffff64a2840 <dlsym_doit>, args=args@entry=0x7fffffffd3b0) at ./dlfcn/dlerror.c:138
#22 0x00007ffff64a28e5 in dlsym_implementation (dl_caller=<optimized out>, name=<optimized out>, handle=<optimized out>) at ./dlfcn/dlsym.c:54
#23 ___dlsym (handle=<optimized out>, name=<optimized out>) at ./dlfcn/dlsym.c:68
#24 0x00007ffff6a3bb84 in __interception::GetFuncAddr (name=0x7ffff6af868b "__isoc23_scanf", trampoline=140737311157448) at /path/to/llvm/compiler-rt/lib/interception/interception_linux.cpp:42
#25 __interception::InterceptFunction (name=0x7ffff6af868b "__isoc23_scanf", ptr_to_real=0x7ffff74850e8 <__interception::real___isoc23_scanf>, func=11, trampoline=140737311157448)
 at /path/to/llvm/compiler-rt/lib/interception/interception_linux.cpp:61
#26 0x00007ffff6a9f2d9 in InitializeCommonInterceptors () at /path/to/llvm/compiler-rt/lib/tsan/rtl/../../sanitizer_common/sanitizer_common_interceptors.inc:10315
```

Reviewed By: vitalybuka, MaskRay

Pull Request: #83890
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bugzilla Issues migrated from bugzilla compiler-rt:tsan Thread sanitizer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@arichardson