-fsanitize=memory failing on an Arch Linux system
83 views
Skip to first unread message
Wink Saville
Sep 7, 2016, 7:03:01 PM9/7/16
to memory-sanitizer
I've posted to llvm-dev a problem I'm having using -fsanitize=memory, below
is a copy an paste of that post. I'm happy to do what I can to debug this, just
let me know.
-- Wink
I've compiled REALEASE_390/final but all "ninja check-msan" tests are failing (http://lists.llvm.org/pipermail/llvm-dev/2016-September/104609.html) I'm waiting for an account to be created to file a bug, but in the mean time I thought I'd take a look at it myself. My system is an Arch Linux system that is up to date as of this morning: $ uname -a Linux wink-desktop 4.7.2-1-ARCH #1 SMP PREEMPT Sat Aug 20 23:02:56 CEST 2016 x86_64 GNU/Linux The installed compilers are: $ pacman -Q clang clang-tools-extra gcc-multilib gcc-libs-multilib clang 3.8.1-1 clang-tools-extra 3.8.1-1 gcc-multilib 6.1.1-5 gcc-libs-multilib 6.1.1-5 Reid Kleckner (http://lists.llvm.org/pipermail/llvm-dev/2016-September/104610.html) speculates: "There is probably some environmental issue on your system that makes shadow memory allocation fail, or causes an early shadow memory access." I agree because I see similar startup errors on both clang 3.8.1 installed via arch linux and 3.9.0 I created. Here is the trivial test program: $ cat a.c int main() { return 0; } Here is the compilation: $ /home/wink/foss/llvm.3.9.0/build/bin/clang -fsanitize=memory -g -O0 -fno-omit-frame-pointer a.c -o a And here is running it with gdb: $ gdb a GNU gdb (GDB) 7.11.1 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from a...done. (gdb) run Starting program: /home/wink/foss/llvm.3.9.0/test-msan/a [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. __sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback>::AllocateBatch ( this=this at entry=0x21289a0 <__msan::allocator>, stat=stat at entry=0x2128970 <__msan::fallback_allocator_cache+109392>, c=c at entry=0x210de20 <__msan::fallback_allocator_cache>, class_id=class_id at entry=5) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:357 357 Batch *b = region->free_list.Pop(); (gdb) bt #0 __sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback>::AllocateBatch ( this=this at entry=0x21289a0 <__msan::allocator>, stat=stat at entry=0x2128970 <__msan::fallback_allocator_cache+109392>, c=c at entry=0x210de20 <__msan::fallback_allocator_cache>, class_id=class_id at entry=5) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:357 #1 0x0000000000443567 in __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >::Refill (this=this at entry=0x210de20 <__msan::fallback_allocator_cache>, allocator=allocator at entry=0x21289a0 <__msan::allocator>, class_id=class_id at entry=5) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:1003 #2 0x0000000000442af5 in __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >::Allocate (class_id=<optimized out>, allocator=0x21289a0 <__msan::allocator>, this=0x210de20 <__msan::fallback_allocator_cache>) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:952 #3 __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback>, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >, __sanitizer::LargeMmapAllocator<__msan::MsanMapUnmapCallback> >::Allocate (check_rss_limit=false, cleared=false, alignment=8, size=<optimized out>, cache=0x210de20 <__msan::fallback_allocator_cache>, this=0x21289a0 <__msan::allocator>) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:1324 #4 __msan::MsanAllocate (zeroise=false, alignment=8, size=73, stack=0x7fffffffcea0) at ../projects/compiler-rt/lib/msan/msan_allocator.cc:125 #5 __msan::MsanReallocate (stack=stack at entry=0x7fffffffcea0, old_p=old_p at entry=0x0, new_size=new_size at entry=73, alignment=alignment at entry=8, zeroise=zeroise at entry=false) at ../projects/compiler-rt/lib/msan/msan_allocator.cc:180 #6 0x000000000044475e in __interceptor_malloc (size=73) at ../projects/compiler-rt/lib/msan/msan_interceptors.cc:931 #7 0x00007ffff7de9161 in _dl_signal_error () from /lib64/ld-linux-x86-64.so.2 #8 0x00007ffff7de9323 in _dl_signal_cerror () from /lib64/ld-linux-x86-64.so.2 #9 0x00007ffff7de40be in _dl_lookup_symbol_x () from /lib64/ld-linux-x86-64.so.2 #10 0x00007ffff7016db1 in do_sym () from /usr/lib/libc.so.6 #11 0x00007ffff74ae014 in ?? () from /usr/lib/libdl.so.2 #12 0x00007ffff7de93a4 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #13 0x00007ffff74ae521 in ?? () from /usr/lib/libdl.so.2 #14 0x00007ffff74ae068 in dlsym () from /usr/lib/libdl.so.2 #15 0x00000000004193cc in __interception::GetRealFunctionAddress (func_name=func_name at entry=0x499bb8 "__isoc99_printf", func_addr=func_addr at entry=0x2b298d8 <__interception::real___isoc99_printf>, real=real at entry=4591392, wrapper=wrapper at entry=4591392) at ../projects/compiler-rt/lib/interception/interception_linux.cc:23 #16 0x0000000000476a5f in InitializeCommonInterceptors () at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_common_interceptors.inc:5902 #17 __msan::InitializeInterceptors () at ../projects/compiler-rt/lib/msan/msan_interceptors.cc:1471 #18 0x000000000043f4c5 in __msan_init () at ../projects/compiler-rt/lib/msan/msan.cc:386 #19 0x000000000048d586 in msan.module_ctor () #20 0x000000000048d5dd in __libc_csu_init () #21 0x00007ffff6f18220 in __libc_start_main () from /usr/lib/libc.so.6 #22 0x00000000004192da in _start () (gdb) When I compile it with clang 3.8.1 it fails in a different spot but still in __interception::GetRealFunctionAddress: $ clang -fsanitize=memory -g -O0 -fno-omit-frame-pointer a.c -o a wink at wink-desktop:~/foss/llvm.3.9.0/test-msan $ gdb a GNU gdb (GDB) 7.11.1 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from a...done. (gdb) run Starting program: /home/wink/foss/llvm.3.9.0/test-msan/a [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x000000000041e3b5 in __sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback>::AllocateBatch(__sanitizer::AllocatorStats*, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >*, unsigned long) () (gdb) bt #0 0x000000000041e3b5 in __sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback>::AllocateBatch(__sanitizer::AllocatorStats*, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >*, unsigned long) () #1 0x000000000041e477 in __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >::Refill(__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback>*, unsigned long) () #2 0x000000000041d9d1 in __msan::MsanReallocate(__sanitizer::StackTrace*, void*, unsigned long, unsigned long, bool) () #3 0x000000000041f8fe in malloc () #4 0x00007ffff7de9161 in _dl_signal_error () from /lib64/ld-linux-x86-64.so.2 #5 0x00007ffff7de9323 in _dl_signal_cerror () from /lib64/ld-linux-x86-64.so.2 #6 0x00007ffff7de40be in _dl_lookup_symbol_x () from /lib64/ld-linux-x86-64.so.2 #7 0x00007ffff7016db1 in do_sym () from /usr/lib/libc.so.6 #8 0x00007ffff74ae014 in ?? () from /usr/lib/libdl.so.2 #9 0x00007ffff7de93a4 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #10 0x00007ffff74ae521 in ?? () from /usr/lib/libdl.so.2 #11 0x00007ffff74ae068 in dlsym () from /usr/lib/libdl.so.2 #12 0x0000000000465c0c in __interception::GetRealFunctionAddress(char const*, unsigned long*, unsigned long, unsigned long) () #13 0x000000000044f5e5 in __msan::InitializeInterceptors() () #14 0x000000000041a305 in __msan_init () #15 0x0000000000485be6 in msan.module_ctor () #16 0x0000000000485c3d in __libc_csu_init () #17 0x00007ffff6f18220 in __libc_start_main () from /usr/lib/libc.so.6 #18 0x0000000000418b4a in _start () (gdb) Further more, there is a bug reported concerning a seg fault when using msan on Arch Linux (https://bugs.archlinux.org/task/50385) so I'm not the only person in the world have a problem. Any suggestions on what the problem might be?
Evgenii Stepanov
Sep 9, 2016, 5:28:06 PM9/9/16
to memory-s...@googlegroups.com
Hi,
sorry for the late response. I don't really have a better advice than
just "debug it". I think you mentioned elsewhere that this problem is
also present in 3.8 release? Did you try tip-of-tree?
> --
> You received this message because you are subscribed to the Google Groups
> "memory-sanitizer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to memory-sanitiz...@googlegroups.com.
> To post to this group, send email to memory-s...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/memory-sanitizer/9492b72e-a099-4627-a063-d12b732e5d02%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
sorry for the late response. I don't really have a better advice than
just "debug it". I think you mentioned elsewhere that this problem is
also present in 3.8 release? Did you try tip-of-tree?
> You received this message because you are subscribed to the Google Groups
> "memory-sanitizer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to memory-sanitiz...@googlegroups.com.
> To post to this group, send email to memory-s...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/memory-sanitizer/9492b72e-a099-4627-a063-d12b732e5d02%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Wink Saville
Sep 9, 2016, 6:24:39 PM9/9/16
to memory-sanitizer
Yes, its in the standard 3.8.1 release.
I started to debug, but the first thing I tried from gdb was
printing out region but it was optimized out. See below,
my inputs are in bold. So even though I apparently did
a debug build msan is optimized.
So I'm thinking I should build msan without optimization.
Could you give me some guidance on what you think
should be my next step? (I haven't build ToT, but certainly
can/will if that what you'd recommend.)
-- wink
wink@wink-desktop:~/foss/llvm.3.9.0/test-msan
$ /home/wink/foss/llvm.3.9.0/build/bin/clang -fsanitize=memory -g -O0 -fno-omit-frame-pointer a.c -o a
wink@wink-desktop:~/foss/llvm.3.9.0/test-msan
$ gdb a
GNU gdb (GDB) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Â Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
Find the GDB manual and other documentation resources online at:
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from a...done.
(gdb) run
Starting program: /home/wink/foss/llvm.3.9.0/test-msan/aÂ
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback>::AllocateBatch (this=this@entry=0x21289a0 <__msan::allocator>,Â
  stat=stat@entry=0x2128970 <__msan::fallback_allocator_cache+109392>, c=c@entry=0x210de20 <__msan::fallback_allocator_cache>,Â
  class_id=class_id@entry=5) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:357
357 Â Â Batch *b = region->free_list.Pop();
(gdb) bt
#0 Â __sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback>::AllocateBatch (this=this@entry=0x21289a0 <__msan::allocator>,Â
  stat=stat@entry=0x2128970 <__msan::fallback_allocator_cache+109392>, c=c@entry=0x210de20 <__msan::fallback_allocator_cache>,Â
  class_id=class_id@entry=5) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:357
#1 Â 0x0000000000443567 in __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >::Refill (
  this=this@entry=0x210de20 <__msan::fallback_allocator_cache>, allocator=allocator@entry=0x21289a0 <__msan::allocator>,Â
  class_id=class_id@entry=5) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:1003
#2 Â 0x0000000000442af5 in __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >::Allocate (class_id=<optimized out>,Â
  allocator=0x21289a0 <__msan::allocator>, this=0x210de20 <__msan::fallback_allocator_cache>)
  at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:952
#3 Â __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback>, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >, __sanitizer::LargeMmapAllocator<__msan::MsanMapUnmapCallback> >::Allocate (check_rss_limit=false, cleared=false, alignment=8, size=<optimized out>,Â
  cache=0x210de20 <__msan::fallback_allocator_cache>, this=0x21289a0 <__msan::allocator>)
  at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:1324
#4 Â __msan::MsanAllocate (zeroise=false, alignment=8, size=73, stack=0x7fffffffcea0)
  at ../projects/compiler-rt/lib/msan/msan_allocator.cc:125
#5 Â __msan::MsanReallocate (stack=stack@entry=0x7fffffffcea0, old_p=old_p@entry=0x0, new_size=new_size@entry=73,Â
  alignment=alignment@entry=8, zeroise=zeroise@entry=false) at ../projects/compiler-rt/lib/msan/msan_allocator.cc:180
---Type <return> to continue, or q <return> to quit---
#6 Â 0x000000000044475e in __interceptor_malloc (size=73) at ../projects/compiler-rt/lib/msan/msan_interceptors.cc:931
#7 Â 0x00007ffff7de9161 in _dl_signal_error () from /lib64/ld-linux-x86-64.so.2
#8 Â 0x00007ffff7de9323 in _dl_signal_cerror () from /lib64/ld-linux-x86-64.so.2
#9 Â 0x00007ffff7de40be in _dl_lookup_symbol_x () from /lib64/ld-linux-x86-64.so.2
#10 0x00007ffff7016db1 in do_sym () from /usr/lib/libc.so.6
#11 0x00007ffff74ae014 in ?? () from /usr/lib/libdl.so.2
#12 0x00007ffff7de93a4 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#13 0x00007ffff74ae521 in ?? () from /usr/lib/libdl.so.2
#14 0x00007ffff74ae068 in dlsym () from /usr/lib/libdl.so.2
#15 0x00000000004193cc in __interception::GetRealFunctionAddress (func_name=func_name@entry=0x499bb8 "__isoc99_printf",Â
  func_addr=func_addr@entry=0x2b298d8 <__interception::real___isoc99_printf>, real=real@entry=4591392, wrapper=wrapper@entry=4591392)
  at ../projects/compiler-rt/lib/interception/interception_linux.cc:23
#16 0x0000000000476a5f in InitializeCommonInterceptors ()
  at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_common_interceptors.inc:5902
#17 __msan::InitializeInterceptors () at ../projects/compiler-rt/lib/msan/msan_interceptors.cc:1471
#18 0x000000000043f4c5 in __msan_init () at ../projects/compiler-rt/lib/msan/msan.cc:386
#19 0x000000000048d586 in msan.module_ctor ()
#20 0x000000000048d5dd in __libc_csu_init ()
#21 0x00007ffff6f18220 in __libc_start_main () from /usr/lib/libc.so.6
#22 0x00000000004192da in _start ()
(gdb) print region
$1 = <optimized out>
(gdb)Â
Wink Saville
Sep 10, 2016, 12:02:06 AM9/10/16
to memory-sanitizer
I believe I successfully enabled debugging I modifed projects/compiler-rt/CMakeLists.txt
I then rebuilt 3.9.0 from scratch and rebuilt using ninja with no parameters:
changing COMPILER_RT_DEBUG from OFF to ON:
$ svn diff CMakeLists.txtÂ
Index: CMakeLists.txt
===================================================================
--- CMakeLists.txt (revision 280726)
+++ CMakeLists.txt (working copy)
@@ -123,7 +123,7 @@
  option(COMPILER_RT_CAN_EXECUTE_TESTS "Can we execute instrumented tests" OFF)
 endif()
Â
-option(COMPILER_RT_DEBUG "Build runtimes with full debug info" OFF)
+option(COMPILER_RT_DEBUG "Build runtimes with full debug info" ON)
 option(COMPILER_RT_EXTERNALIZE_DEBUGINFO
  "Generate dSYM files and strip executables and libraries (Darwin Only)" OFF)
 # COMPILER_RT_DEBUG_PYBOOL is used by lit.common.configured.in.
$ cmake -G Ninja .. -DCMAKE_INSTALL_PREFIX=/home/wink/opt/llvm
$ ninja
I recompiled "a.c" the trivial source and used gdb to execute it:
$Â /home/wink/foss/llvm.3.9.0/build/bin/clang -fsanitize=memory -g -O0 -fno-omit-frame-pointer a.c -o a
$ gdb a
GNU gdb (GDB) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Â Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
Find the GDB manual and other documentation resources online at:
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from a...done.
(gdb) run
Starting program: /home/wink/foss/test-msan/aÂ
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x0000000000448047 in __sanitizer::atomic_load<__sanitizer::atomic_uint64_t> (a=0x780000000298, mo=__sanitizer::memory_order_acquire) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_atomic_clang_x86.h:47
47 Â Â Â v = a->val_dont_use;
(gdb) bt
#0 Â 0x0000000000448047 in __sanitizer::atomic_load<__sanitizer::atomic_uint64_t> (a=0x780000000298, mo=__sanitizer::memory_order_acquire) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_atomic_clang_x86.h:47
#1 Â 0x00000000004478cd in __sanitizer::LFStack<__sanitizer::SizeClassMap<17ul, 128ul, 16ul>::TransferBatch>::Pop (this=0x780000000298) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_lfstack.h:49
#2 Â 0x000000000044776e in __sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback>::AllocateBatch (this=0x2138da0 <__msan::allocator>, stat=0x2353b90 <__msan::fallback_allocator_cache+109392>,Â
  c=0x2339040 <__msan::fallback_allocator_cache>, class_id=4) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:357
#3 Â 0x000000000044713e in __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >::Refill (this=0x2339040 <__msan::fallback_allocator_cache>, allocator=0x2138da0 <__msan::allocator>,Â
  class_id=4) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:1003
#4 Â 0x0000000000445e6b in __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >::Allocate (this=0x2339040 <__msan::fallback_allocator_cache>, allocator=0x2138da0 <__msan::allocator>,Â
  class_id=4) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:952
#5 Â 0x000000000044594d in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback>, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<123145302310912ul, 8796093022208ul, 8ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __msan::MsanMapUnmapCallback> >, __sanitizer::LargeMmapAllocator<__msan::MsanMapUnmapCallback> >::Allocate (this=0x2138da0 <__msan::allocator>, cache=0x2339040 <__msan::fallback_allocator_cache>, size=62, alignment=8, cleared=false, check_rss_limit=false)
  at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_allocator.h:1324
#6 Â 0x0000000000444e8c in __msan::MsanAllocate (stack=0x7fffffffce60, size=62, alignment=8, zeroise=false) at ../projects/compiler-rt/lib/msan/msan_allocator.cc:125
#7 Â 0x00000000004451c6 in __msan::MsanReallocate (stack=0x7fffffffce60, old_p=0x0, new_size=62, alignment=8, zeroise=false) at ../projects/compiler-rt/lib/msan/msan_allocator.cc:180
#8 Â 0x0000000000450277 in __interceptor_malloc (size=62) at ../projects/compiler-rt/lib/msan/msan_interceptors.cc:931
#9 Â 0x00007ffff7de9161 in _dl_signal_error () from /lib64/ld-linux-x86-64.so.2
#10 0x00007ffff7de9323 in _dl_signal_cerror () from /lib64/ld-linux-x86-64.so.2
#11 0x00007ffff7de40be in _dl_lookup_symbol_x () from /lib64/ld-linux-x86-64.so.2
#12 0x00007ffff7016db1 in do_sym () from /usr/lib/libc.so.6
#13 0x00007ffff74ae014 in ?? () from /usr/lib/libdl.so.2
#14 0x00007ffff7de93a4 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#15 0x00007ffff74ae521 in ?? () from /usr/lib/libdl.so.2
#16 0x00007ffff74ae068 in dlsym () from /usr/lib/libdl.so.2
#17 0x0000000000419341 in __interception::GetRealFunctionAddress (func_name=0x4bffb1 "__isoc99_printf", func_addr=0x2b546b0 <__interception::real___isoc99_printf>, real=4572751, wrapper=4572751) at ../projects/compiler-rt/lib/interception/interception_linux.cc:23
#18 0x0000000000496bd1 in InitializeCommonInterceptors () at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_common_interceptors.inc:5902
#19 0x00000000004abd02 in __msan::InitializeInterceptors () at ../projects/compiler-rt/lib/msan/msan_interceptors.cc:1471
#20 0x0000000000443936 in __msan_init () at ../projects/compiler-rt/lib/msan/msan.cc:386
#21 0x00000000004b1166 in msan.module_ctor ()
#22 0x00000000004b11bd in __libc_csu_init ()
#23 0x00007ffff6f18220 in __libc_start_main () from /usr/lib/libc.so.6
#24 0x000000000041924a in _start ()
(gdb) print a
$1 = (const volatile __sanitizer::atomic_uint64_t *) 0x780000000298
(gdb) print *a
Cannot access memory at address 0x780000000298
(gdb) frame 1
#1 Â 0x00000000004478cd in __sanitizer::LFStack<__sanitizer::SizeClassMap<17ul, 128ul, 16ul>::TransferBatch>::Pop (this=0x780000000298) at ../projects/compiler-rt/lib/msan/../sanitizer_common/sanitizer_lfstack.h:49
49 Â Â u64 cmp = atomic_load(&head_, memory_order_acquire);
(gdb)Â
So the &head is BAD and "Cannot access memory at address 0x780000000298"
Where to from here, does this help narrow down the problem? Is there logging that can be enabled?
Can I use "printf" style debugging? ....
-- Wink
Wink Saville
Sep 12, 2016, 9:57:26 PM9/12/16
to memory-sanitizer
We have found a "fix" for the segment fault, see this thread for more information.
In the arch liunx bug is a patch for arch linux glibc package. The short answer
is there was a change to glibc which used malloc when loading dynamic library symbols
under an error condition.
The fix for glibc, reverts a couple other recent changes, wasn't ideal and
is not in glibc master. I seems they prefer a fix on the msan side.
Hopefully a permanent solution can be agreed upon quickly.
Evgenii Stepanov
Sep 13, 2016, 5:54:51 PM9/13/16
to memory-s...@googlegroups.com, Kostya Serebryany
So it sounds like this problem should be reproducible on ToT glibc,
and it should affect other sanitizers as well.
> https://groups.google.com/d/msgid/memory-sanitizer/030ba3c1-eab3-4687-affa-4e650d1ab9c9%40googlegroups.com.
and it should affect other sanitizers as well.
Reply all
Reply to author
Forward
0 new messages