From nobody Fri Feb 04 15:21:20 2022 X-Original-To: threads@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ABC319A59C4 for ; Fri, 4 Feb 2022 15:21:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JqzlN07kQz4rfb for ; Fri, 4 Feb 2022 15:21:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D974B5F25 for ; Fri, 4 Feb 2022 15:21:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 214FLJ2R017027 for ; Fri, 4 Feb 2022 15:21:19 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 214FLJJQ017026 for threads@FreeBSD.org; Fri, 4 Feb 2022 15:21:19 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: threads@FreeBSD.org Subject: [Bug 261713] ThreadSanitizer detects race in __catopen_l (via strerror_r) Date: Fri, 04 Feb 2022 15:21:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: threads X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: dim@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: threads@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Threading List-Archive: https://lists.freebsd.org/archives/freebsd-threads List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-threads@freebsd.org X-BeenThere: freebsd-threads@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643988080; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Fny9YsE9XKR4ko17vab8sXM37xdUPfdBkiFcp7o1tRI=; b=UsH6RP8dBMs9nCGCmqTy25fxi4htIwCqpBN5+gaIzIWJ+CYu8e+FPlad6S6PHINq6OaXr0 baIzazjWSSxvxJmRYVEyyHg7Te6di1OX814TkbNy4R85orIvS4l5kjnMfPeiay63HWfAcn 6J+SFQvEssZ1kd2TmtKobvLLnHXwuyJI1v8Os4IEUUUqAMdjqYwPnFtKzAfRtZQikCHrgf A+Ua8+Tk9Jw/skhNpWDeJiLdG/eIM94yoloh2i/TJq8Y+dba8x/RmCeXM/LpB+LMXlE2LF OxuHsxciuh2K3nbojcivKdtcIfotNnK/l2zC399YsixGwF299Bhl+7j6edS7Yg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643988080; a=rsa-sha256; cv=none; b=EgCL60sn610VFwEYNZz4xMUGojAWqHbtLXbDEtph28xAMo4GpGG/+s1ZbHWGoCkTBZEdoJ bvR8cUaD8pjlgDDebv8U6/WV63lWD17Gmn1n3Nt54yEEsNz5kRyLrkDeNlUihVkzbTZute 48U26JOubS6j5PisCObkMPDC9w81Fs+NZaAk3nni02WSz4P35fwcjoKsnhF/0JzeENBV66 Sgdkhe9UzzyxxoAqIkXvBcUYajc1rgqzZdsJyxPMsDuC+aEyP8iev6tZ0+Y+ZYQNlI8e5X SW0ziulMkhOm1dCLRd60jfRlpgOivYEGMcxL5HDyfUoHF5fZbdsJQIp5jAl9/A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D261713 Bug ID: 261713 Summary: ThreadSanitizer detects race in __catopen_l (via strerror_r) Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: threads Assignee: threads@FreeBSD.org Reporter: dim@FreeBSD.org Test case: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D #include #include #include #include #include #include #define NUM_THREADS 2 static void *thread_func(void *arg __attribute__((__unused__))) { char buf[256]; int error; usleep(1); error =3D strerror_r(ETIMEDOUT, buf, sizeof buf); if (error) errx(1, "strerror_r failed with error %d", error); return NULL; } int main(void) { pthread_t threads[NUM_THREADS]; int i, error; void *result; for (i =3D 0; i < NUM_THREADS; ++i) { error =3D pthread_create(&threads[i], NULL, thread_func, NULL); if (error) errx(1, "pthread_create failed with error %d", error); } for (i =3D 0; i < NUM_THREADS; ++i) { error =3D pthread_join(threads[i], &result); if (error) errx(1, "pthread_join failed with error %d", error); } return 0; } =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D % uname -v FreeBSD 14.0-CURRENT #2 main-n252774-fdf278410104: Sun Jan 30 21:44:57 CET = 2022 dim@vdim-fbsdhead-amd64:/usr/obj/usr/src/amd64.amd64/sys/GENERIC % cc -g fsanitize=3Dthread race-strerror.c -o race-strerror -lpthread % ./race-strerror =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D WARNING: ThreadSanitizer: data race (pid=3D3438) Read of size 1 at 0x7b0400000000 by thread T2: #0 strcmp /usr/src/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_co= mmon_interceptors.inc:457:3 (race-strerror+0x25fdcf) #1 __catopen_l /usr/src/lib/libc/nls/msgcat.c:163:8 (libc.so.7+0xfb2ad) #2 thread_func /share/dim/bugs/race-strerror/race-strerror.c:17:11 (race-strerror+0x2bac75) Previous write of size 1 at 0x7b0400000000 by thread T1: #0 memcpy /usr/src/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_co= mmon_interceptors.inc:827:5 (race-strerror+0x261b9b) #1 strdup /usr/src/lib/libc/string/strdup.c:51:2 (libc.so.7+0x1d39b6) #2 __catopen_l /usr/src/lib/libc/nls/msgcat.c:273:2 (libc.so.7+0xfb6a4) #3 thread_func /share/dim/bugs/race-strerror/race-strerror.c:17:11 (race-strerror+0x2bac75) As if synchronized via sleep: #0 usleep /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_po= six.cpp:356:3 (race-strerror+0x257476) #1 thread_func /share/dim/bugs/race-strerror/race-strerror.c:15:3 (race-strerror+0x2bac5f) Location is heap block of size 5 at 0x7b0400000000 allocated by thread T1: #0 malloc /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_po= six.cpp:655:5 (race-strerror+0x2586fa) #1 strdup /usr/src/lib/libc/string/strdup.c:49:14 (libc.so.7+0x1d39a0) #2 __catopen_l /usr/src/lib/libc/nls/msgcat.c:273:2 (libc.so.7+0xfb6a4) #3 thread_func /share/dim/bugs/race-strerror/race-strerror.c:17:11 (race-strerror+0x2bac75) Thread T2 (tid=3D100539, running) created by main thread at: #0 pthread_create /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_po= six.cpp:977:3 (race-strerror+0x259c15) #1 main /share/dim/bugs/race-strerror/race-strerror.c:31:13 (race-strerror+0x2bab8d) Thread T1 (tid=3D100538, finished) created by main thread at: #0 pthread_create /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_po= six.cpp:977:3 (race-strerror+0x259c15) #1 main /share/dim/bugs/race-strerror/race-strerror.c:31:13 (race-strerror+0x2bab8d) SUMMARY: ThreadSanitizer: data race /usr/src/lib/libc/nls/msgcat.c:163:8 in __catopen_l =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D WARNING: ThreadSanitizer: data race (pid=3D3438) Read of size 1 at 0x7b0400000010 by thread T2: #0 strcmp /usr/src/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_co= mmon_interceptors.inc:457:3 (race-strerror+0x25fdcf) #1 __catopen_l /usr/src/lib/libc/nls/msgcat.c:165:7 (libc.so.7+0xfb2ca) #2 thread_func /share/dim/bugs/race-strerror/race-strerror.c:17:11 (race-strerror+0x2bac75) Previous write of size 8 at 0x7b0400000010 by thread T1: #0 malloc /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_po= six.cpp:655:5 (race-strerror+0x2586fa) #1 strdup /usr/src/lib/libc/string/strdup.c:49:14 (libc.so.7+0x1d39a0) #2 __catopen_l /usr/src/lib/libc/nls/msgcat.c:273:2 (libc.so.7+0xfb6c4) #3 thread_func /share/dim/bugs/race-strerror/race-strerror.c:17:11 (race-strerror+0x2bac75) As if synchronized via sleep: #0 usleep /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_po= six.cpp:356:3 (race-strerror+0x257476) #1 thread_func /share/dim/bugs/race-strerror/race-strerror.c:15:3 (race-strerror+0x2bac5f) Location is heap block of size 2 at 0x7b0400000010 allocated by thread T1: #0 malloc /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_po= six.cpp:655:5 (race-strerror+0x2586fa) #1 strdup /usr/src/lib/libc/string/strdup.c:49:14 (libc.so.7+0x1d39a0) #2 __catopen_l /usr/src/lib/libc/nls/msgcat.c:273:2 (libc.so.7+0xfb6c4) #3 thread_func /share/dim/bugs/race-strerror/race-strerror.c:17:11 (race-strerror+0x2bac75) Thread T2 (tid=3D100539, running) created by main thread at: #0 pthread_create /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_po= six.cpp:977:3 (race-strerror+0x259c15) #1 main /share/dim/bugs/race-strerror/race-strerror.c:31:13 (race-strerror+0x2bab8d) Thread T1 (tid=3D100538, finished) created by main thread at: #0 pthread_create /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_po= six.cpp:977:3 (race-strerror+0x259c15) #1 main /share/dim/bugs/race-strerror/race-strerror.c:31:13 (race-strerror+0x2bab8d) SUMMARY: ThreadSanitizer: data race /usr/src/lib/libc/nls/msgcat.c:165:7 in __catopen_l =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ThreadSanitizer: reported 2 warnings E.g. thread T2 is looping over the cache in lib/libc/nls/msgcat.c, line 163= :=20 160 /* Try to get it from the cache first */ 161 RLOCK(NLERR); 162 SLIST_FOREACH(np, &cache, list) { -> 163 if ((strcmp(np->name, name) =3D=3D 0) && 164 ((lang !=3D NULL && np->lang !=3D NULL && 165 strcmp(np->lang, lang) =3D=3D 0) || (np->lang = =3D=3D lang))) { while thread T1 is still allocating memory in the SAVEFAIL macro, line 273: 271 free(plang); 272 free(base); -> 273 SAVEFAIL(name, lang, ENOENT); 274 NLRETERR(ENOENT); 275 } But it's tricky to see what happens exactly, since SAVEFAIL does quite a lo= t of things. :) --=20 You are receiving this mail because: You are the assignee for the bug.=