Re: toolchain/59189: leak sanitizer broken

To: gnats-bugs%netbsd.org@localhost
Subject: Re: toolchain/59189: leak sanitizer broken
From: Christos Zoulas <christos%zoulas.com@localhost>
Date: Thu, 20 Mar 2025 09:46:40 -0400

So it dies jumping to 0 when trying to call the real ataxit() from __interceptor_atexit() in the call ataxit(cleanup) from crt0.

(gdb) where
#0  0x0000000000000000 in ?? ()
#1  0x00007384ff3f44e2 in __interceptor_atexit (
    f=f@entry=0x7f7ff73384cf <_rtld_exit>)
    at /usr/src/external/gpl3/gcc/dist/libsanitizer/lsan/lsan_interceptors.cpp:381
#2  0x00000000004012e7 in ___start (cleanup=0x7f7ff73384cf <_rtld_exit>, 
    ps_strings=0x7f7fff70afe0) at /usr/src/lib/csu/common/crt0-common.c:321
#3  0x00007f7ff733ef58 in ?? () from /usr/libexec/ld.elf_so
#4  0x0000000000000001 in ?? ()
#5  0x00007f7fff70a410 in ?? ()
#6  0x0000000000000000 in ?? ()
(gdb) up
#1  0x00007384ff3f44e2 in __interceptor_atexit (
    f=f@entry=0x7f7ff73384cf <_rtld_exit>)
    at /usr/src/external/gpl3/gcc/dist/libsanitizer/lsan/lsan_interceptors.cpp:381
381       return REAL(__cxa_atexit)((void (*)(void *a))f, 0, 0);
Current language:  auto
The current source language is "auto; currently c++".
(gdb) disassemble
Dump of assembler code for function __interceptor_atexit(void (*)()):
   0x00007384ff3f44c4 <+0>:     push   %rbp
   0x00007384ff3f44c5 <+1>:     mov    %rsp,%rbp
   0x00007384ff3f44c8 <+4>:     push   %rbx
   0x00007384ff3f44c9 <+5>:     sub    $0x8,%rsp
   0x00007384ff3f44cd <+9>:     mov    %rdi,%rbx
   0x00007384ff3f44d0 <+12>:    call   0x7384ff3f9d53 <_ZN6__lsan19DisableInThisThreadEv>
   0x00007384ff3f44d5 <+17>:    xor    %edx,%edx
   0x00007384ff3f44d7 <+19>:    xor    %esi,%esi
   0x00007384ff3f44d9 <+21>:    mov    %rbx,%rdi
   0x00007384ff3f44dc <+24>:    call   *0x3bb3e(%rip)        # 0x7384ff430020 <_ZN14__interception17real___cxa_atexitE>
=> 0x00007384ff3f44e2 <+30>:    mov    %eax,%ebx
   0x00007384ff3f44e4 <+32>:    call   0x7384ff3f9d68 <_ZN6__lsan18EnableInThisThreadEv>
   0x00007384ff3f44e9 <+37>:    mov    %ebx,%eax
   0x00007384ff3f44eb <+39>:    add    $0x8,%rsp
   0x00007384ff3f44ef <+43>:    pop    %rbx
   0x00007384ff3f44f0 <+44>:    pop    %rbp
   0x00007384ff3f44f1 <+45>:    ret
End of assembler dump.
(gdb) info reg
rax            0xffffffffffffffe0  -32
rbx            0x7f7ff73384cf      140187584922831
rcx            0x4033b8            4207544
rdx            0x0                 0
rsi            0x0                 0
rdi            0x7f7ff73384cf      140187584922831
rbp            0x7f7fff709d50      0x7f7fff709d50
rsp            0x7f7fff709d40      0x7f7fff709d40
r8             0x10                16
r9             0x50654             329300
r10            0x7384ff984438      127015061046328
r11            0x246               582
r12            0x7f7fff70afe0      140187723149280
r13            0x403480            4207744
r14            0x7f7fff709d98      140187723144600
r15            0x104aa88           17083016
rip            0x7384ff3f44e2      0x7384ff3f44e2 <__interceptor_atexit(void (*)())+30>
eflags         0x10246             [ PF ZF IF RF ]
cs             0x47                71
ss             0x3f                63
ds             0x23                35
es             0x23                35
fs             0x0                 0
gs             0x0                 0
fs_base        <unavailable>
gs_base        <unavailable>
(gdb) print *(char **)(0x7384ff3f44e2+0x3bb3e)
$1 = 0x0

Something seems to be wrong with the relocation record of ataxit() but it is supposed to work
because the dynamic linking has finished. Adding -Wl,-z,now does not help either.

Trying to compile statically does not work at all because we are missing libsanitizer.spec:

[9:41am] 182>gcc -static -fsanitize=leak -g -O3 lsan.c
gcc: fatal error: cannot read spec file 'libsanitizer.spec': No such file or directory
compilation terminated.

Providing libsanitizer.spec in /usr/lib containing:

[9:42am] 156#cat /usr/lib/libsanitizer.spec 
# This spec file is read by gcc when linking.  It is used to specify the
# standard libraries we need in order to link with various sanitizer libs.

*link_libasan: -lrt -lpthread -lm

*link_libhwasan: -lrt -lpthread -lm

*link_libtsan: -lrt -lpthread -lm

*link_libubsan: -lrt -lpthread -lm

*link_liblsan: -lrt -lpthread -lm

We get link errors:
[9:43am] 184>gcc -static -fsanitize=leak -g -O3 lsan.c
ld: /usr/lib/libpthread.a(libpthread.a.o): in function `__libc_thr_create':
(.text+0x589e): multiple definition of `pthread_create'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x35b): first defined here
ld: /usr/lib/libpthread.a(libpthread.a.o): in function `pthread_detach':
(.text+0x6050): multiple definition of `pthread_detach'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x1b7): first defined here
ld: /usr/lib/libpthread.a(libpthread.a.o): in function `pthread_join':
(.text+0x5e56): multiple definition of `pthread_join'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x129): first defined here
ld: /usr/lib/libc.a(atexit.o): in function `__cxa_atexit':
atexit.c:(.text+0xe4): multiple definition of `__cxa_atexit'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x56): first defined here
ld: /usr/lib/libc.a(atexit.o): in function `atexit':
atexit.c:(.text+0x290): multiple definition of `atexit'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x94): first defined here
ld: /usr/lib/libc.a(jemalloc.o): in function `malloc':
jemalloc.c:(.text+0x921f): multiple definition of `malloc'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x1e08): first defined here
ld: /usr/lib/libc.a(jemalloc.o): in function `posix_memalign':
jemalloc.c:(.text+0x92f1): multiple definition of `posix_memalign'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x7bb): first defined here
ld: /usr/lib/libc.a(jemalloc.o): in function `aligned_alloc':
jemalloc.c:(.text+0x997a): multiple definition of `aligned_alloc'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x5bb): first defined here
ld: /usr/lib/libc.a(jemalloc.o): in function `calloc':
jemalloc.c:(.text+0x9fa0): multiple definition of `calloc'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x19b3): first defined here
ld: /usr/lib/libc.a(jemalloc.o): in function `free':
jemalloc.c:(.text+0xabd0): multiple definition of `free'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x18d9): first defined here
ld: /usr/lib/libc.a(jemalloc.o): in function `valloc':
jemalloc.c:(.text+0xac86): multiple definition of `valloc'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x4c3): first defined here
ld: /usr/lib/libc.a(jemalloc.o): in function `realloc':
jemalloc.c:(.text+0xc53f): multiple definition of `realloc'; /usr/lib/liblsan.a(lsan_interceptors.o):lsan_interceptors.cpp:(.text+0x1b2d): first defined here
Exit 1

Should we fix them (by putting the methods in separate files? I don't think that it will work if we do.
Should we provide libsanitizer.spec?

christos

Attachment: signature.asc
Description: Message signed with OpenPGP

References:
- toolchain/59189: leak sanitizer broken
  - From: wiz

Prev by Date: Re: install/59195: Hashes missing in gzimg directories in FTP tree
Next by Date: Re: toolchain/59189: leak sanitizer broken
Previous by Thread: toolchain/59189: leak sanitizer broken
Next by Thread: Re: toolchain/59189: leak sanitizer broken
Indexes:

Home | Main Index | Thread Index | Old Index