TSan deadlock detection crashes when sending large numbers of ports
Categories
(Core :: Sanitizers, defect)
Tracking
()
People
(Reporter: nika, Unassigned)
References
Details
When our IPC code needs to send ports attached to a message to another process, it needs to lock the mutexes of every port in the message simultaneously to change their states atomically. This is done using the PortLocker type to ensure that no deadlocks occur by locking ports in a globally consistent order (https://searchfox.org/mozilla-central/rev/ea1234192518e01694a88eac8ff090e4cadf5ca4/ipc/chromium/src/mojo/core/ports/node.cc#1279). An arbitrarily large number of ports can be attached to a single message, meaning that we can attempt to lock an arbitrarily large number of mutexes simultaneously on a single thread.
Unfortunately, TSan's deadlock detector has a hard limit of at most 64 mutexes being locked simultaneously per-thread (https://github.com/llvm/llvm-project/blob/70f13bd752f00cdb41b7a8f2bdd690fa90375e02/compiler-rt/lib/sanitizer_common/sanitizer_deadlock_detector.h#L67), and will crash if that number is exceeded, producing an error message like:
ThreadSanitizer: CHECK failed: sanitizer_deadlock_detector.h:67 "((n_all_locks_)) < (((sizeof(all_locks_with_contexts_)/sizeof((all_locks_with_contexts_)[0]))))" (0x40, 0x40) (tid=???)
There appears to be no way to bypass the deadlock detector for a specific mutex, so until that time, we may need to disable tests which end up sending a large number of ports in a single message when running under TSan.
|
||
Comment 1•2 years ago
|
||
The severity field is not set for this bug.
:decoder, could you have a look please?
For more information, please visit auto_nag documentation.
|
||
Updated•2 months ago
|
Description
•