[Bug sanitizer/78294] -fsanitize=thread broken

dvyukov at google dot com Thu, 10 Nov 2016 21:57:40 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78294


Dmitry Vyukov <dvyukov at google dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dvyukov at google dot com

--- Comment #1 from Dmitry Vyukov <dvyukov at google dot com> ---
Humm... This is puzzling.

Just in case, you set LD_LIBRARY_PATH to point to the new libtsan.so?

ScopedInterceptor already called cur_thread here:
#4  0x00007ffff6f43b90 in __tsan::ScopedInterceptor::ScopedInterceptor
and it did not crash.

But then 
#2  0x00007ffff6f8b00a in
__tsan::ScopedIgnoreInterceptors::ScopedIgnoreInterceptors
calls cur_thread again and it ends up in __tls_get_addr, which crashes...

I've just built gcc version 7.0.0 20161111 (experimental) (GCC), and your repro
works. Although, I have a different kernel and glibc.

However, __tsan::Initialize does not contain a call to __tls_get_addr to get
the address of cur_thread:

000000000006da60 <__tsan::Initialize(__tsan::ThreadState*)>:
   6da60:       80 3d 25 73 47 00 00    cmpb   $0x0,0x477325(%rip)        #
4e4d8c <__tsan::Initialize(__tsan::ThreadState*)::is_initialized>
   6da67:       74 07                   je     6da70
<__tsan::Initialize(__tsan::ThreadState*)+0x10>
   6da69:       f3 c3                   repz retq 
   6da6b:       0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
   6da70:       41 57                   push   %r15
   6da72:       41 56                   push   %r14
   6da74:       41 55                   push   %r13
   6da76:       41 54                   push   %r12
   6da78:       55                      push   %rbp
   6da79:       53                      push   %rbx
   6da7a:       48 83 ec 48             sub    $0x48,%rsp
   6da7e:       c6 05 07 73 47 00 01    movb   $0x1,0x477307(%rip)        #
4e4d8c <__tsan::Initialize(__tsan::ThreadState*)::is_initialized>
   6da85:       48 89 7c 24 18          mov    %rdi,0x18(%rsp)
   6da8a:       64 48 8b 04 25 00 00    mov    %fs:0x0,%rax
   6da91:       00 00 
   6da93:       48 03 05 fe 9e 26 00    add    0x269efe(%rip),%rax        #
2d7998 <_DYNAMIC+0xa10>
   6da9a:       48 8d 3d 6f ce 00 00    lea    0xce6f(%rip),%rdi        # 7a910
<__tsan::TsanCheckFailed(char const*, int, char const*, unsigned long long,
unsigned long long)>
   6daa1:       48 8d 0d 1c 09 04 00    lea    0x4091c(%rip),%rcx        #
ae3c4 <__tsan::MutexSet::kMaxSize+0x1024>
   6daa8:       83 80 98 02 02 00 01    addl   $0x1,0x20298(%rax)


The instructions are:

   6da8a:       64 48 8b 04 25 00 00    mov    %fs:0x0,%rax
   6da93:       48 03 05 fe 9e 26 00    add    0x269efe(%rip),%rax
   6daa8:       83 80 98 02 02 00 01    addl   $0x1,0x20298(%rax)

which is reasonable for initial_exec tls.

Please post disassembly of these frames and point to the exact call sites:

#2  0x00007ffff6f8b00a in
__tsan::ScopedIgnoreInterceptors::ScopedIgnoreInterceptors (this=<synthetic
pointer>) at ../../../../gcc/libsanitizer/tsan/tsan_rtl.h:549
#3  __tsan::Initialize (thr=thr@entry=0x7ffff6277780) at
../../../../gcc/libsanitizer/tsan/tsan_rtl.cc:331

[Bug sanitizer/78294] -fsanitize=thread broken

Reply via email to