public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "stsp at users dot sourceforge.net" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/101476] AddressSanitizer check failed, points out a (potentially) non-existing stack error Date: Tue, 18 Jan 2022 20:24:47 +0000 [thread overview] Message-ID: <bug-101476-4-JfrB0qJFQj@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-101476-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101476 --- Comment #5 from Stas Sergeev <stsp at users dot sourceforge.net> --- Another problem here seems to be that pthread_cancel() doesn't unpoison the cancelled thread's stack. This causes dtors to run on a randomly poisoned stack, depending on where the cancellation happened. That explains the "random" nature of a crash, and the fact that pthread_cancel() is in a test-case attached to that ticket, and in my program as well. So, the best diagnostic I can come up with, is that after pthread_cancel() we have this: --- #0 __sanitizer::UnsetAlternateSignalStack () at ../../../../libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:190 #1 0x00007ffff7672f0d in __asan::AsanThread::Destroy (this=0x7ffff358e000) at ../../../../libsanitizer/asan/asan_thread.cpp:104 #2 0x00007ffff69d2c61 in __GI___nptl_deallocate_tsd () at nptl_deallocate_tsd.c:74 #3 __GI___nptl_deallocate_tsd () at nptl_deallocate_tsd.c:23 #4 0x00007ffff69d5948 in start_thread (arg=<optimized out>) at pthread_create.c:446 #5 0x00007ffff6a5a640 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 --- And its running on a stack previously poisoned before pthread_cancel(). Then it detects the access to poisoned area and is trying to do a stack trace. But that fails too because the redzone canary is overwritten. So all we get is a crash.
next prev parent reply other threads:[~2022-01-18 20:24 UTC|newest] Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-07-16 19:43 [Bug sanitizer/101476] New: " franek.balcerak at o2 dot pl 2021-07-22 10:19 ` [Bug sanitizer/101476] " marxin at gcc dot gnu.org 2022-01-18 17:01 ` stsp at users dot sourceforge.net 2022-01-18 17:56 ` stsp at users dot sourceforge.net 2022-01-18 18:14 ` stsp at users dot sourceforge.net 2022-01-18 20:24 ` stsp at users dot sourceforge.net [this message] 2022-01-18 22:23 ` stsp at users dot sourceforge.net 2022-01-18 23:01 ` stsp at users dot sourceforge.net 2022-01-19 9:04 ` marxin at gcc dot gnu.org 2022-01-19 14:02 ` stsp at users dot sourceforge.net 2022-01-19 14:13 ` marxin at gcc dot gnu.org 2022-01-20 9:58 ` stsp at users dot sourceforge.net 2022-01-21 9:43 ` pinskia at gcc dot gnu.org 2022-01-25 10:35 ` [Bug sanitizer/101476] AddressSanitizer check failed, points out a (potentially) non-existing stack error and pthread_cancel stsp at users dot sourceforge.net 2022-01-25 11:25 ` marxin at gcc dot gnu.org 2022-01-25 11:31 ` stsp at users dot sourceforge.net 2022-01-25 18:28 ` stsp at users dot sourceforge.net 2022-02-11 12:45 ` stsp at users dot sourceforge.net 2022-10-18 18:03 ` stsp at users dot sourceforge.net 2023-03-19 16:58 ` pinskia at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-101476-4-JfrB0qJFQj@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).