398028 – Assertion `cfsi_fits` failing in simple C program

Bug 398028 - Assertion `cfsi_fits` failing in simple C program

Summary: Assertion `cfsi_fits` failing in simple C program

Status:	RESOLVED FIXED

Alias:	None

Product:	valgrind
Classification:	Developer tools
Component:	general (other bugs)
Version First Reported In:	3.14 SVN
Platform:	unspecified Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Julian Seward

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-08-29 16:29 UTC by Kim
Modified:	2018-09-26 17:17 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
libopenblasp-r0.3.3.so from debian testing which causes a crash in valgrind (3.26 MB, application/octet-stream) 2018-09-19 09:55 UTC, Alexander	Details
Change cfsi_fits checking to accept holes in rx mappings, with no cfsi refering to holes (4.43 KB, text/plain) 2018-09-26 15:28 UTC, Philippe Waroquiers	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Kim 2018-08-29 16:29:39 UTC

Julia (https://julialang.org) is a scripting language that can be embedded into C. For reproduction, version 1.0 can be installed on Arch with `pacman -S julia`.

This simple program that only initializes Julia and sends an exit message to the garbage collector, cannot be inspected with Valgrind, as the error

> valgrind: m_debuginfo/debuginfo.c:737 (check_CFSI_related_invariants): Assertion 'cfsi_fits' failed.

is encountered:

#include <julia/julia.h>

int main() {
  jl_init();
  jl_atexit_hook(0);
}

It can be compiled with

$ gcc -c -DJULIA_ENABLE_THREADING=1 -fPIC src.c && gcc src.o -ljulia -o testing

I was unable to find out what CFSI stands for, so I can give no further details.

I have opened an issue at the Julia repository, but was informed that it is a Valgrind issue. The Docs for Julia (https://docs.julialang.org/en/stable/devdocs/valgrind/) advise certain steps to use Valgrind with Julia, but none of them have helped and I believe that those are only for free-standing Julia scripts, not C programs.

Here is the entire log: https://pastebin.com/raw/QtHtfvkb

My OS is Linux 4.18.5-arch1-1-ARCH x86_64 GNU/Linux

Thank you for your help!

Comment 1 Julian Seward 2018-09-03 09:53:56 UTC

I think this is now fixed in the trunk.  At least, I fixed something
that failed with the same assertion about a month back :-/

Try getting the source like this
git clone git://sourceware.org/git/valgrind.git valgrind
cd valgrind
./autogen.sh
Then configure and build as usual.  Does that work?

Comment 2 Kim 2018-09-03 12:45:31 UTC

Hm, I'm trying for an hour and I just get 

> valgrind: failed to start tool 'memcheck' for platform 'amd64-linux': No such file or directory

changing the install prefix didn't help, even though there exists

> /usr/lib/valgrind/memcheck-amd64-linux

Comment 3 Philippe Waroquiers 2018-09-03 21:45:36 UTC

Doing the below is supposed to always work :

./autogen.sh
./configure --prefix=`pwd`/Inst
make
make install


./Inst/bin/valgrind ....

Comment 4 Kim 2018-09-04 16:03:32 UTC

Okay, I redownloaded and followed your steps for a successful build. The cfsi_fits assertion failure still persists, though.

Comment 5 Philippe Waroquiers 2018-09-09 18:19:57 UTC

I tried with the last julia release, both with the pre-built 
and build from sources, problem does not reproduce.

(tried on an ubuntu 18.04)

We might maybe have an idea of what is happening if
you run vith -v -v -v -d -d -d and give
the last 50 lines of trace before the crash.

CFSI stands for Call Frame Summary Info
Call Frame Info is the unwind info generated by the compiler.
Valgrind builds a summary of this info : the mininum needed to unwind
to build a stacktrace.

Comment 6 Alexander 2018-09-18 12:32:00 UTC

I have the same problem in a large project which doesn't use julia. I also created a minimal reproducing test:

https://github.com/abrock/callgrind-test

First I thought it was a problem with OpenCV and I pinned it down to only hapening when I linked opencv_sfm but then I used ldd to find dependencies and it turns out that the most simple example I could come up with consists of a main.cpp file doing nothing. Link openblas and valgrind crashes immediately.

The git contains a crash log.

Comment 7 Alexander 2018-09-18 19:42:36 UTC

(In reply to Alexander from comment #6)

Additional info:

I'm using g++ (Debian 8.2.0-6) 8.2.0 on Debian testing, openblas 0.3.3+ds-1 and the latest git version of valgrind (97365bada64c27a40004c55793ff8988e59adf35)

I also tested valgrind on another project and it worked. Then I linked openblas and valgrind crashed.

Comment 8 Julian Seward 2018-09-19 06:50:00 UTC

(In reply to Alexander from comment #6)

> it turns out that the most simple example I could come up with consists
> of a main.cpp file doing nothing. Link openblas and valgrind crashes
> immediately.

In that case, what we need to diagnose this is a copy of the .so file
that Valgrind was reading debuginfo from, at the time of the crash.  If it
is open source then I assume you can just give us a copy (?)

Your can find out which file it is by re-running with the additional flag
"-v".  Then V will say something like "reading syms from /foo/bar/whatever.so"
and we need the relevant file that causes it to crash.

Comment 9 Alexander 2018-09-19 09:55:59 UTC

Created attachment 115095 [details]
libopenblasp-r0.3.3.so from debian testing which causes a crash in valgrind

(In reply to Julian Seward from comment #8)
> In that case, what we need to diagnose this is a copy of the .so file
> that Valgrind was reading debuginfo from, at the time of the crash.  If it
> is open source then I assume you can just give us a copy (?)

The file comes with the Debian testing package libopenblas-base. I used 7z to compress the file and attached it.

> Your can find out which file it is by re-running with the additional flag
> "-v".  Then V will say something like "reading syms from
> /foo/bar/whatever.so"
> and we need the relevant file that causes it to crash.

These are the relevant lines before the crash:

--15087-- Reading syms from /usr/lib/x86_64-linux-gnu/libopenblasp-r0.3.3.so
--15087--    svma 0x00000f8000, avma 0x000498b000
--15087--    object doesn't have a symbol table
--15087:1:hashtabl resizing table `di.storage.addStr.1' from 769 to 1543 (total elems 770)
--15087:1:hashtabl resizing table `di.storage.addStr.1' from 1543 to 3079 (total elems 1544)
--15087:1:hashtabl resizing table `di.storage.addStr.1' from 3079 to 6151 (total elems 3080)
--15087:1:hashtabl resizing table `di.storage.addStr.1' from 6151 to 12289 (total elems 6152)
--15087:1:hashtabl resizing table `di.storage.addStr.1' from 12289 to 24593 (total elems 12290)
--15087:1:mallocfr newSuperblock at 0x100346A000 (pszB 1314784) unsplittable owner VALGRIND/dinfo
--15087-- summarise_context(loc_start = 0x5): cannot summarise(why=1):   
0x14: [0]={ 0(r10) { u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0x14): cannot summarise(why=1):   
0x21: [0]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xbf9): cannot summarise(why=1):   
0xbfb: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xbfb): cannot summarise(why=1):   
0xbfd: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xbfd): cannot summarise(why=1):   
0xbff: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xbff): cannot summarise(why=1):   
0xc01: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc01): cannot summarise(why=1):   
0xc02: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc02): cannot summarise(why=1):   
0xc06: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0x5): cannot summarise(why=1):   
0x14: [0]={ 0(r10) { u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0x14): cannot summarise(why=1):   
0x21: [0]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc0f): cannot summarise(why=1):   
0xc11: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc11): cannot summarise(why=1):   
0xc13: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc13): cannot summarise(why=1):   
0xc15: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc15): cannot summarise(why=1):   
0xc17: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc17): cannot summarise(why=1):   
0xc18: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc18): cannot summarise(why=1):   
0xc1c: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0x5): cannot summarise(why=1):   
0x14: [0]={ 0(r10) { u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0x14): cannot summarise(why=1):   
0x21: [0]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xbff): cannot summarise(why=1):   
0xc01: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc01): cannot summarise(why=1):   
0xc03: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc03): cannot summarise(why=1):   
0xc05: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc05): cannot summarise(why=1):   
0xc07: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc07): cannot summarise(why=1):   
0xc08: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc08): cannot summarise(why=1):   
0xc0c: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0x5): cannot summarise(why=1):   
0x14: [0]={ 0(r10) { u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0x14): cannot summarise(why=1):   
0x21: [0]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc13): cannot summarise(why=1):   
0xc15: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc15): cannot summarise(why=1):   
0xc17: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc17): cannot summarise(why=1):   
0xc19: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc19): cannot summarise(why=1):   
0xc1b: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc1b): cannot summarise(why=1):   
0xc1c: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xc1c): cannot summarise(why=1):   
0xc20: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087:1:mallocfr newSuperblock at 0x10035AB000 (pszB 2625504) unsplittable owner VALGRIND/dinfo
--15087:1:mallocfr reclaimSuperblock at 0x100346A000 (pszB 1314784) unsplittable owner VALGRIND/dinfo
--15087-- summarise_context(loc_start = 0x5): cannot summarise(why=1):   
0xe: [0]={ 0(r10) { u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0xe): cannot summarise(why=1):   
0x1b: [0]={ 0(r10) { u  u  u  u  u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  u  u  u  u  c-8 u  u  u  }
--15087-- summarise_context(loc_start = 0x4c7): cannot summarise(why=1):   
0x4d4: [0]={ {*((dwr6)+(0xffffffffffffffd8))} { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  } [1]={ 0(r10) { u  u  u  ve{*((dwr6)+(0xffffffffffffffd0))} u  u  ve{*((dwr6)+(0x0))} u  u  u  u  u  ve{*((dwr6)+(0xffffffffffffffe0))} ve{*((dwr6)+(0xffffffffffffffe8))} ve{*((dwr6)+(0xfffffffffffffff0))} ve{*((dwr6)+(0xfffffffffffffff8))} c-8 u  u  u  }
--15087:1:mallocfr newSuperblock at 0x100589B000 (pszB 5246944) unsplittable owner VALGRIND/dinfo
--15087:1:mallocfr reclaimSuperblock at 0x10035AB000 (pszB 2625504) unsplittable owner VALGRIND/dinfo

valgrind: m_debuginfo/debuginfo.c:738 (check_CFSI_related_invariants): Assertion 'cfsi_fits' failed.

Comment 10 Philippe Waroquiers 2018-09-19 22:05:25 UTC

I was able to reproduce the crash with the provided library, thanks.

Here is the analysis of the crash:
After loading the cfi information, we check that the range
[cfsi_minavma, cfsi_maxavma] is fully inside the union of all the r-x
mapping of the loaded debug info, which seems a reasonable invariant to check.
However, in the case of libopenblas, there are 2 r-x mappings,
but there is a 'hole' between these 2 r-x mappings.
This means that the cfsi_fits check fails, as we do not find
a r-x mapping to cover a part of the cfsi min/max range.

Here is the detailed data (with some more tracing added in
debuginfo.c to show the cfsi range and the uncovered part):

--11075-- cfsi range 0x58ca020-0x777c860
--11075-- Uncovered 0x58d1000-0x58d3fff

Valgrind debuginfo noted mappings of libopenblas
0x57dc000-0x791dfff r--
0x58ca000-0x58d0fff r-x               => sz 0x7000, i.e. 28672, corresponding to first r-x in objdump below
0x58d4000-0x777cfff r-x               => sz 0x1ea9000, i.e. 32149504, corresponding to second r-w in objdump below
0x777d000-0x78e9fff r--
0x78eb000-0x7907fff rw-

OS mapping /proc/xxxx/maps
057dc000-058ca000 r--p 00000000 08:16 1835432                            /home/philippe/valgrind/littleprogs/cfsi/libopenblasp-r0.3.3.so
058ca000-058d1000 r-xp 000ee000 08:16 1835432                            /home/philippe/valgrind/littleprogs/cfsi/libopenblasp-r0.3.3.so
058d1000-058d4000 ---p 000f5000 08:16 1835432                            /home/philippe/valgrind/littleprogs/cfsi/libopenblasp-r0.3.3.so
058d4000-0777d000 r-xp 000f5000 08:16 1835432                            /home/philippe/valgrind/littleprogs/cfsi/libopenblasp-r0.3.3.so
0777d000-078ea000 r--p 01f9e000 08:16 1835432                            /home/philippe/valgrind/littleprogs/cfsi/libopenblasp-r0.3.3.so
078ea000-078eb000 ---p 0210e000 08:16 1835432                            /home/philippe/valgrind/littleprogs/cfsi/libopenblasp-r0.3.3.so
078eb000-07908000 rw-p 0210b000 08:16 1835432                            /home/philippe/valgrind/littleprogs/cfsi/libopenblasp-r0.3.3.so
07908000-0791e000 r--p 0212c000 08:16 1835432                            /home/philippe/valgrind/littleprogs/cfsi/libopenblasp-r0.3.3.so

valgrind aspacemgr of libopenblas
--15252:0: aspacem (9,544,12) /home/philippe/valgrind/littleprogs/cfsi/libopenblasp-r0.3.3.so
...
--15252:0: aspacem  34: file 00057dc000-00058c9fff  974848 r---- d=0x816 i=1835432 o=0       (9,544)
--15252:0: aspacem  35: file 00058ca000-00058d0fff   28672 r-x-- d=0x816 i=1835432 o=974848  (9,544)
--15252:0: aspacem  36: file 00058d1000-00058d3fff   12288 ----- d=0x816 i=1835432 o=1003520 (9,544)
--15252:0: aspacem  37: file 00058d4000-000777cfff     30m r-x-- d=0x816 i=1835432 o=1003520 (9,544)
--15252:0: aspacem  38: file 000777d000-00078e9fff 1495040 r---- d=0x816 i=1835432 o=33153024 (9,544)
--15252:0: aspacem  39: file 00078ea000-00078eafff    4096 ----- d=0x816 i=1835432 o=34660352 (9,544)
--15252:0: aspacem  40: file 00078eb000-0007907fff  118784 rw--- d=0x816 i=1835432 o=34648064 (9,544)
--15252:0: aspacem  41: file 0007908000-000791dfff   90112 r---- d=0x816 i=1835432 o=34783232 (9,544)


objdump program header:
...
    LOAD off    0x00000000000ee000 vaddr 0x00000000000ee000 paddr 0x00000000000ee000 align 2**12
         filesz 0x0000000000006e90 memsz 0x0000000000006e90 flags r-x
    LOAD off    0x00000000000f5000 vaddr 0x00000000000f8000 paddr 0x00000000000f8000 align 2**12
         filesz 0x0000000001ea886d memsz 0x0000000001ea886d flags r-x
...

All the above is consistent.

I have checked in the cfsi trace, and there is no cfi information that is valid for the r-x hole.

So, as far as I can see, the invariant check that fails is (still) too strong :
Julian did a change the 17 of August in this invariant.
Before, it was checking that the cfsi range was fully inside a single r-x mapping.
After the change, the check verifies that the range is inside the union of all r-x mapping,
but in the case of libopenblas, we have a hole between the 2 r-x mappings,
but there is no cfsi information in this hole.

The search in cfsi information is I believe not really depending that
there is no overlap between different cfsi_min/max avma range:
as long as no cfsi is referencing the hole in the r-x mapping,
a 'cfsi hole' will be inserted by  ML_(finish_CFSI_arrays):
a search for an IP in the r-x hole will then lead to the cfsi_hole,
which makes the search fail, and so the next di info (that have possibly
filled the r-x hole with another mapping) will then succeed :
find_DiCfSI does not do a dichotomic search on the cfsi array
when the searched ip is outside of cfsi_min/max avma.
But when the search ip is in this cfsi range, but the dichotomic
search fails, the search continues in the next debug info list entry.

So, in summary, I think we need to check that all cfsi entries
are inside the union of r-x mapping (which might be expensive to check?).
We should not check that the full cfsi range is inside the union
of r-x mapping, due to such r-x hole in which we have no cfsi info.

It would be nice to understand how to generate a (small) shared lib
that contains such a r-x hole.

Comment 11 Philippe Waroquiers 2018-09-26 15:28:04 UTC

Created attachment 115250 [details]
Change cfsi_fits checking to accept holes in rx mappings, with no cfsi refering to holes

Comment 12 Philippe Waroquiers 2018-09-26 16:09:06 UTC

Should be fixed in 9dd4af5c78c2b8094fcb5015b0992c6cb54980c8.
I have verified that libopenblas library can be loaded correctly
(but could not verify the behaviour with julia, as I could not reproduce
the problem).

Please report/re-open if it still fails with the last git version.

Comment 13 Alexander 2018-09-26 17:17:03 UTC

(In reply to Philippe Waroquiers from comment #12)
> Should be fixed in 9dd4af5c78c2b8094fcb5015b0992c6cb54980c8.
> I have verified that libopenblas library can be loaded correctly
> (but could not verify the behaviour with julia, as I could not reproduce
> the problem).
> 
> Please report/re-open if it still fails with the last git version.

I tried your patch and later the latest git version, both version work as expected. Thank you all very much for the quick responses.