Bug 32247 - [gdb] ThreadSanitizer: data race gdbserver/tracepoint.cc:7165 in gdb_agent_helper_thread
Summary: [gdb] ThreadSanitizer: data race gdbserver/tracepoint.cc:7165 in gdb_agent_he...
Status: NEW
Alias: None
Product: gdb
Classification: Unclassified
Component: server (show other bugs)
Version: HEAD
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-10-07 04:04 UTC by Tom de Vries
Modified: 2024-10-07 08:46 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
gdb.log (1.60 KB, text/x-log)
2024-10-07 04:04 UTC, Tom de Vries 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tom de Vries 2024-10-07 04:04:51 UTC 
Created attachment 15734 [details]
gdb.log

I build gdb with -O2, -fsanitize=thread and gcc 13, and ran into a data race in test-case gdb.trace/basic-libipa.exp:
...
WARNING: ThreadSanitizer: data race (pid=16416)
  Write of size 4 at 0x7ffff7fc7a90 by thread T1:
    #0 gdb_agent_helper_thread /data/vries/gdb/src/gdbserver/tracepoint.cc:7165 (libinproctrace.so+0x148e5) (BuildId: 6c13e370f9e1c8cc0c77b4dabce7a7863681e412)
    #1 <null> <null> (libtsan.so.2+0x3a9a9) (BuildId: c214510b223ec7832bd9e42f5d3d7a068e0cc5ae)

  Previous read of size 4 at 0x7ffff7fc7a90 by main thread:
    #0 gdb_agent_init /data/vries/gdb/src/gdbserver/tracepoint.cc:7296 (libinproctrace.so+0x58f1) (BuildId: 6c13e370f9e1c8cc0c77b4dabce7a7863681e412)
    #1 initialize_tracepoint_ftlib /data/vries/gdb/src/gdbserver/tracepoint.cc:7333 (libinproctrace.so+0x5944) (BuildId: 6c13e370f9e1c8cc0c77b4dabce7a7863681e412)
    #2 call_init /usr/src/debug/glibc-2.31-150300.86.3.x86_64/elf/dl-init.c:72 (ld-linux-x86-64.so.2+0x115e9) (BuildId: 06cbd3d888bf0102f92e9b87f8a1847c5fb4ae47)

  Location is global 'gdb_agent_helper_thread_id' of size 4 at 0x7ffff7fc7a90 (libinproctrace.so+0x23a90)

  Thread T1 (tid=16420, running) created by main thread at:
    #0 pthread_create <null> (libtsan.so.2+0x40356) (BuildId: c214510b223ec7832bd9e42f5d3d7a068e0cc5ae)
    #1 gdb_agent_init /data/vries/gdb/src/gdbserver/tracepoint.cc:7287 (libinproctrace.so+0x58c3) (BuildId: 6c13e370f9e1c8cc0c77b4dabce7a7863681e412)
    #2 initialize_tracepoint_ftlib /data/vries/gdb/src/gdbserver/tracepoint.cc:7333 (libinproctrace.so+0x5944) (BuildId: 6c13e370f9e1c8cc0c77b4dabce7a7863681e412)
    #3 call_init /usr/src/debug/glibc-2.31-150300.86.3.x86_64/elf/dl-init.c:72 (ld-linux-x86-64.so.2+0x115e9) (BuildId: 06cbd3d888bf0102f92e9b87f8a1847c5fb4ae47)

SUMMARY: ThreadSanitizer: data race /data/vries/gdb/src/gdbserver/tracepoint.cc:7165 in gdb_agent_helper_thread
==================
...

Todo: reproduce with -O0.
Comment 1 Tom de Vries 2024-10-07 05:15:36 UTC 
(In reply to Tom de Vries from comment #0)
> Todo: reproduce with -O0.

Confirmed, also reproduces with gcc 13, -fsanitize=thread and -O0.
Comment 2 Tom de Vries 2024-10-07 08:46:33 UTC 
The race on helper_thread_id is this:
...
gdb_agent_helper_thread (void *arg)
  ...
      if (helper_thread_id == 0)
	helper_thread_id = syscall (SYS_gettid);
...
vs:
...
gdb_agent_init (void)
  ...
  while (helper_thread_id == 0)
    usleep (1);
...

Using a pthread barrier instead of a busy wait works fine, but not reliably with -fsanitize=thread, presumably because it messes with signals.

Perhaps part of the problem is that there are two processes being sanitized in parallel: gdb, and libipa which is linked into the inferior.