[Bug 267768] Simple OpenMP example crashes with thread sanitizer (-fsanitize=thread)

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 17 Nov 2022 14:04:23 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267768

Dimitry Andric <dim@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |emaste@freebsd.org

--- Comment #1 from Dimitry Andric <dim@FreeBSD.org> ---
Yeah, it looks like the combination of openmp and ThreadSaniziter is not
well-tested or supported, even. If you do:

export TSAN_OPTIONS='ignore_noninstrumented_modules=1'

as it recommends, the debugging session seems to work with some suppressed
warnings:

(gdb) r
Starting program: /home/dim/tmp/foo
warning: Could not load shared library symbols for [vdso].
Do you need "set solib-search-path" or "set sysroot"?
[New LWP 888651 of process 49234]
[New LWP 888652 of process 49234]
[New LWP 888653 of process 49234]
[New LWP 888654 of process 49234]
ThreadSanitizer: thread T2  finished with ignores enabled, created at:
ThreadSanitizer: thread T1  finished with ignores enabled, created at:
ThreadSanitizer: thread T3  finished with ignores enabled, created at:
[Detaching after fork from child process 49235]
    #0 pthread_create
/usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1022:3
(foo+0x265a15)
    #1 __kmp_create_worker
/usr/src/contrib/llvm-project/openmp/runtime/src/z_Linux_util.cpp:803:7
(libomp.so+0xce0c8)

  One of the following ignores was not ended (in order of probability)
[LWP 888652 of process 49234 exited]
[LWP 886429 of process 49234 exited]
[LWP 888651 of process 49234 exited]
[LWP 888654 of process 49234 exited]
[Inferior 1 (process 49234) exited with code 0102]

And if you let it core dump outside a debugger, you can see that it's becuase
of ASLR:

Core was generated by `./foo'.
Program terminated with signal SIGSEGV, Segmentation fault.
Address not mapped to object.
#0  0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00000000002845ad in __interceptor_strlcpy (dst=0x8206c6570 "",
src=0x8206ca578 "/home/dim/tmp/foo", size=1024) at
/usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors.h:40
#2  0x0000000824a3eadd in _elf_aux_info (aux=<optimized out>, buf=0x8206c6570,
buflen=1024) at /usr/src/lib/libc/gen/auxv.c:287
#3  0x000000000024e2a4 in __sanitizer::ReExec () at
/usr/src/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:909
#4  0x000000000024d0e2 in __sanitizer::CheckASLR () at
/usr/src/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp:2198
#5  0x00000000002b43df in __tsan::Initialize (thr=thr@entry=0x8267071c0) at
/usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:646
#6  0x0000000000262e00 in __tsan::LazyInitialize (thr=0x8267071c0) at
/usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:637
#7  __tsan::ScopedInterceptor::ScopedInterceptor (this=this@entry=0x8206c6e38,
thr=thr@entry=0x8267071c0, fname=<optimized out>, pc=34975452123) at
/usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:249
#8  0x0000000000284288 in __interceptor_readlink (path=0x8249eeaaa
"/etc/malloc.conf", buf=buf@entry=0x8206c8990 "hEl!\b",
bufsiz=bufsiz@entry=1024) at
/usr/src/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:7353
#9  0x0000000824b30bdb in obtain_malloc_conf (which_source=2, buf=0x8206c8990
"hEl!\b") at jemalloc_jemalloc.c:984
#10 malloc_conf_init_helper (sc_data=sc_data@entry=0x0,
bin_shard_sizes=bin_shard_sizes@entry=0x0, initial_call=false,
opts_cache=opts_cache@entry=0x8206c8da0, buf=buf@entry=0x8206c8990 "hEl!\b") at
jemalloc_jemalloc.c:1042
#11 0x0000000824b307ed in malloc_conf_init (sc_data=0x8206c6fe0,
bin_shard_sizes=0x8206c6f50) at jemalloc_jemalloc.c:1449
#12 malloc_init_hard_a0_locked () at jemalloc_jemalloc.c:1509
#13 0x0000000824b32aef in malloc_init_hard () at jemalloc_jemalloc.c:1754
#14 0x000037671ef0a02d in objlist_call_init (list=list@entry=0x8206c9dc8,
lockstate=lockstate@entry=0x8206c9bd8) at /usr/src/libexec/rtld-elf/rtld.c:3140
#15 0x000037671ef0862a in _rtld (sp=<optimized out>, exit_proc=0x8206c9e40,
objp=0x8206c9e48) at /usr/src/libexec/rtld-elf/rtld.c:981
#16 0x000037671ef05fd9 in rtld_start () at
/usr/src/libexec/rtld-elf/amd64/rtld_start.S:39
#17 0x0000000000000000 in ?? ()

E.g. what happens here is that Ed's magic code that attempts to auto-restart
the process without ASLR is causing some sort of issue. It might fare better if
ASLR is disabled globally, or just for the program itself.

-- 
You are receiving this mail because:
You are the assignee for the bug.