public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0)
@ 2022-01-11 15:14 contino at epigenesys dot com
2022-01-11 15:22 ` [Bug sanitizer/103978] " marxin at gcc dot gnu.org
` (10 more replies)
0 siblings, 11 replies; 12+ messages in thread
From: contino at epigenesys dot com @ 2022-01-11 15:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
Bug ID: 103978
Summary: AddressSanitizer CHECK failed
../../../../src/libsanitizer/asan/asan_thread.cpp:367
"((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0,
0x0)
Product: gcc
Version: 11.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: contino at epigenesys dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
Created attachment 52164
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52164&action=edit
This is the source file
On Debian Bookworm x86-64 with gcc 11.2.0.
Compiled with: gcc -o test test.c -fsanitize=address -pthread
This bug is triggered by the pthread_join() if nanosleep is called by a
function. With the optimization O3 there is no error.
The full code is in the attachment.
I have got the error:
=================================================================
==98391==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] ==
kCurrentStackFrameMagic)) != (0)" (0x0, 0x0)
#0 0x7feb0a48fe6b in AsanCheckFailed
../../../../src/libsanitizer/asan/asan_rtl.cpp:74
#1 0x7feb0a4ae84e in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:78
#2 0x7feb0a494864 in __asan::AsanThread::GetStackFrameAccessByAddr(unsigned
long, __asan::AsanThread::StackFrameAccess*)
../../../../src/libsanitizer/asan/asan_thread.cpp:367
#3 0x7feb0a406bdb in __asan::GetStackAddressInformation(unsigned long,
unsigned long, __asan::StackAddressDescription*)
../../../../src/libsanitizer/asan/asan_descriptions.cpp:203
#4 0x7feb0a407e98 in
__asan::AddressDescription::AddressDescription(unsigned long, unsigned long,
bool) ../../../../src/libsanitizer/asan/asan_descriptions.cpp:455
#5 0x7feb0a407e98 in
__asan::AddressDescription::AddressDescription(unsigned long, unsigned long,
bool) ../../../../src/libsanitizer/asan/asan_descriptions.cpp:439
#6 0x7feb0a40a3b4 in __asan::ErrorGeneric::ErrorGeneric(unsigned int,
unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned
long) ../../../../src/libsanitizer/asan/asan_errors.cpp:389
#7 0x7feb0a48f4c6 in __asan::ReportGenericError(unsigned long, unsigned
long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool)
../../../../src/libsanitizer/asan/asan_report.cpp:476
#8 0x7feb0a42b35b in __interceptor_sigaltstack
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:9986
#9 0x7feb0a4a35cd in __sanitizer::UnsetAlternateSignalStack()
../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:195
#10 0x7feb0a493dbc in __asan::AsanThread::Destroy()
../../../../src/libsanitizer/asan/asan_thread.cpp:104
#11 0x7feb0a3bff10 in __nptl_deallocate_tsd.part.0
(/lib/x86_64-linux-gnu/libpthread.so.0+0x7f10)
#12 0x7feb0a3c0da0 in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x8da0)
#13 0x7feb0a2ebb6e in clone (/lib/x86_64-linux-gnu/libc.so.6+0xfcb6e)
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug sanitizer/103978] AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0)
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
@ 2022-01-11 15:22 ` marxin at gcc dot gnu.org
2022-01-12 7:31 ` [Bug sanitizer/103978] [11/12 Regression] " pinskia at gcc dot gnu.org
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-01-11 15:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2022-01-11
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Confirmed. Also GCC 7 crashes:
gcc-7 pr103978.C -fsanitize=address -g && ./a.out
==2184==ERROR: AddressSanitizer failed to allocate 0x0 (0) bytes of
SetAlternateSignalStack (error code: 22)
==2184==Process memory map follows:
Note clang is fine.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug sanitizer/103978] [11/12 Regression] AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0)
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
2022-01-11 15:22 ` [Bug sanitizer/103978] " marxin at gcc dot gnu.org
@ 2022-01-12 7:31 ` pinskia at gcc dot gnu.org
2022-01-12 7:33 ` pinskia at gcc dot gnu.org
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-12 7:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to work| |10.1.0, 10.3.0, 7.1.0,
| |8.1.0, 9.1.0
Target Milestone|--- |11.3
Known to fail| |11.1.0, 11.2.0, 12.0
Summary|AddressSanitizer CHECK |[11/12 Regression]
|failed |AddressSanitizer CHECK
|../../../../src/libsanitize |failed
|r/asan/asan_thread.cpp:367 |../../../../src/libsanitize
|"((ptr[0] == |r/asan/asan_thread.cpp:367
|kCurrentStackFrameMagic)) |"((ptr[0] ==
|!= (0)" (0x0, 0x0) |kCurrentStackFrameMagic))
| |!= (0)" (0x0, 0x0)
--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Works for me with GCC 7.1.0.
I didn't see any code different between GCC 10.3.0 and 11.1.0 even. So this has
to be a library issue.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug sanitizer/103978] [11/12 Regression] AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0)
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
2022-01-11 15:22 ` [Bug sanitizer/103978] " marxin at gcc dot gnu.org
2022-01-12 7:31 ` [Bug sanitizer/103978] [11/12 Regression] " pinskia at gcc dot gnu.org
@ 2022-01-12 7:33 ` pinskia at gcc dot gnu.org
2022-01-12 7:37 ` [Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+ pinskia at gcc dot gnu.org
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-12 7:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Note trunk gives:
=================================================================
==1==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7f2aac7fedf0
at pc 0x7f2aae9b28e1 bp 0x7f2aac7fedb0 sp 0x7f2aac7fe560
WRITE of size 24 at 0x7f2aac7fedf0 thread T-1
#0 0x7f2aae9b28e0
(/opt/compiler-explorer/gcc-snapshot/lib64/libasan.so.8+0x628e0)
#1 0x7f2aaea2916d
(/opt/compiler-explorer/gcc-snapshot/lib64/libasan.so.8+0xd916d)
#2 0x7f2aaea18e64
(/opt/compiler-explorer/gcc-snapshot/lib64/libasan.so.8+0xc8e64)
#3 0x7f2aae5a95a0 in __nptl_deallocate_tsd.part.0
(/lib/x86_64-linux-gnu/libpthread.so.0+0x85a0)
#4 0x7f2aae5aa629 in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x9629)
#5 0x7f2aae4cf292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
Address 0x7f2aac7fedf0 is a wild pointer inside of access range of size
0x000000000018.
SUMMARY: AddressSanitizer: stack-buffer-underflow
(/opt/compiler-explorer/gcc-snapshot/lib64/libasan.so.8+0x628e0)
Shadow bytes around the buggy address:
0x0fe5d58f7d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe5d58f7d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe5d58f7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe5d58f7d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe5d58f7da0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fe5d58f7db0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[f1]f1
0x0fe5d58f7dc0: f1 f1 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00
0x0fe5d58f7dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe5d58f7de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe5d58f7df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe5d58f7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1==ABORTING
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
` (2 preceding siblings ...)
2022-01-12 7:33 ` pinskia at gcc dot gnu.org
@ 2022-01-12 7:37 ` pinskia at gcc dot gnu.org
2022-01-12 7:40 ` pinskia at gcc dot gnu.org
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-12 7:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|11.3 |---
Known to fail|11.1.0, 11.2.0, 12.0 |
Summary|[11/12 Regression] |AddressSanitizer CHECK
|AddressSanitizer CHECK |failed with threads and
|failed |thread canceling with glibc
|../../../../src/libsanitize |2.28+
|r/asan/asan_thread.cpp:367 |
|"((ptr[0] == |
|kCurrentStackFrameMagic)) |
|!= (0)" (0x0, 0x0) |
Known to work|10.1.0, 10.3.0, 7.1.0, |
|8.1.0, 9.1.0 |
--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Maybe there is a glibc change here which is causing it.
glibc 2.27 works while 2.28 fails.
I don't know why clang works though.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
` (3 preceding siblings ...)
2022-01-12 7:37 ` [Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+ pinskia at gcc dot gnu.org
@ 2022-01-12 7:40 ` pinskia at gcc dot gnu.org
2022-01-12 7:48 ` pinskia at gcc dot gnu.org
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-12 7:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
This is what the trunk gives with full debug info:
=================================================================
==1230123==ERROR: AddressSanitizer: stack-buffer-underflow on address
0x7f69725fedf0 at pc 0x7f69754d0581 bp 0x7f69725fedb0 sp 0x7f69725fe560
WRITE of size 24 at 0x7f69725fedf0 thread T-1
#0 0x7f69754d0580 in __interceptor_sigaltstack
/home/apinski/src/upstream-gcc-git/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:10168
#1 0x7f6975546e3d in __sanitizer::UnsetAlternateSignalStack()
/home/apinski/src/upstream-gcc-git/gcc/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:189
#2 0x7f6975536ae4 in __asan::AsanThread::Destroy()
/home/apinski/src/upstream-gcc-git/gcc/libsanitizer/asan/asan_thread.cpp:110
#3 0x7f69752543d0 in __nptl_deallocate_tsd.part.8
(/lib64/libpthread.so.0+0x73d0)
#4 0x7f697525516a in start_thread (/lib64/libpthread.so.0+0x816a)
#5 0x7f6974f86f22 in clone (/lib64/libc.so.6+0xfcf22)
Address 0x7f69725fedf0 is a wild pointer inside of access range of size
0x000000000018.
SUMMARY: AddressSanitizer: stack-buffer-underflow
/home/apinski/src/upstream-gcc-git/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:10168
in __interceptor_sigaltstack
Shadow bytes around the buggy address:
0x0fedae4b7d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fedae4b7d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fedae4b7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fedae4b7d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fedae4b7da0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fedae4b7db0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[f1]f1
0x0fedae4b7dc0: f1 f1 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00
0x0fedae4b7dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fedae4b7de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fedae4b7df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fedae4b7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1230123==ABORTING
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
` (4 preceding siblings ...)
2022-01-12 7:40 ` pinskia at gcc dot gnu.org
@ 2022-01-12 7:48 ` pinskia at gcc dot gnu.org
2022-01-12 7:51 ` pinskia at gcc dot gnu.org
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-12 7:48 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
--- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Could there be some ordering issues with pthread_key going on?
2.28 added C11 thread.h support which did touch pthread_key too.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
` (5 preceding siblings ...)
2022-01-12 7:48 ` pinskia at gcc dot gnu.org
@ 2022-01-12 7:51 ` pinskia at gcc dot gnu.org
2022-01-12 8:00 ` pinskia at gcc dot gnu.org
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-12 7:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
--- Comment #7 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Martin Liška from comment #1)
> Note clang is fine.
clang might be fine because it uses a static libasan.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
` (6 preceding siblings ...)
2022-01-12 7:51 ` pinskia at gcc dot gnu.org
@ 2022-01-12 8:00 ` pinskia at gcc dot gnu.org
2022-01-12 8:08 ` pinskia at gcc dot gnu.org
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-12 8:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
--- Comment #8 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Hmm, works with GCC 8.3.1 from redhat with glibc 2.28.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
` (7 preceding siblings ...)
2022-01-12 8:00 ` pinskia at gcc dot gnu.org
@ 2022-01-12 8:08 ` pinskia at gcc dot gnu.org
2022-01-12 15:37 ` hjl.tools at gmail dot com
2022-01-21 9:43 ` pinskia at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-12 8:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
--- Comment #9 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
here is the more interesting part, If I do -fexceptions with the C front-end,
it works. But with the C++ front-end, neither -fno-exceptions nor -fexceptions
work.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
` (8 preceding siblings ...)
2022-01-12 8:08 ` pinskia at gcc dot gnu.org
@ 2022-01-12 15:37 ` hjl.tools at gmail dot com
2022-01-21 9:43 ` pinskia at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: hjl.tools at gmail dot com @ 2022-01-12 15:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hjl.tools at gmail dot com
--- Comment #10 from H.J. Lu <hjl.tools at gmail dot com> ---
I got this with GCC 12:
[hjl@gnu-tgl-3 tmp]$ /usr/gcc-12.0.0-x32/bin/gcc -fsanitize=address -pthread
x.c -Wl,-R,/usr/gcc-12.0.0-x32/lib64
[hjl@gnu-tgl-3 tmp]$ ldd a.out
linux-vdso.so.1 (0x00007fff71bf2000)
libasan.so.8 => /usr/gcc-12.0.0-x32/lib64/libasan.so.8
(0x00007fcc73b56000)
libc.so.6 => /lib64/libc.so.6 (0x00007fcc73936000)
libstdc++.so.6 => /usr/gcc-12.0.0-x32/lib/../lib64/libstdc++.so.6
(0x00007fcc7371c000)
libm.so.6 => /lib64/libm.so.6 (0x00007fcc73640000)
libgcc_s.so.1 => /usr/gcc-12.0.0-x32/lib/../lib64/libgcc_s.so.1
(0x00007fcc7361e000)
/lib64/ld-linux-x86-64.so.2 (0x00007fcc749fd000)
[hjl@gnu-tgl-3 tmp]$ ./a.out
=================================================================
==1360021==ERROR: AddressSanitizer: stack-buffer-underflow on address
0x7f4a9b4fed50 at pc 0x7f4a9ce81a01 bp 0x7f4a9b4fed10 sp 0x7f4a9b4fe4c0
WRITE of size 24 at 0x7f4a9b4fed50 thread T-1
#0 0x7f4a9ce81a00 (/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0x63a00)
#1 0x7f4a9cef8367 (/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0xda367)
#2 0x7f4a9cee8004 (/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0xca004)
#3 0x7f4a9cc88d20 in __nptl_deallocate_tsd (/lib64/libc.so.6+0x8ad20)
#4 0x7f4a9cc8ba51 in start_thread (/lib64/libc.so.6+0x8da51)
#5 0x7f4a9cd106df in __GI___clone3 (/lib64/libc.so.6+0x1126df)
Address 0x7f4a9b4fed50 is a wild pointer inside of access range of size
0x000000000018.
SUMMARY: AddressSanitizer: stack-buffer-underflow
(/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0x63a00)
Shadow bytes around the buggy address:
0x0fe9d3697d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fe9d3697da0: 00 00 00 00 00 00 00 00 00 00[f1]f1 f1 f1 00 00
0x0fe9d3697db0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1360021==ABORTING
[hjl@gnu-tgl-3 tmp]$
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
` (9 preceding siblings ...)
2022-01-12 15:37 ` hjl.tools at gmail dot com
@ 2022-01-21 9:43 ` pinskia at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-21 9:43 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #11 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Dup of bug 101476.
*** This bug has been marked as a duplicate of bug 101476 ***
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2022-01-21 9:43 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-11 15:14 [Bug sanitizer/103978] New: AddressSanitizer CHECK failed ../../../../src/libsanitizer/asan/asan_thread.cpp:367 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) contino at epigenesys dot com
2022-01-11 15:22 ` [Bug sanitizer/103978] " marxin at gcc dot gnu.org
2022-01-12 7:31 ` [Bug sanitizer/103978] [11/12 Regression] " pinskia at gcc dot gnu.org
2022-01-12 7:33 ` pinskia at gcc dot gnu.org
2022-01-12 7:37 ` [Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+ pinskia at gcc dot gnu.org
2022-01-12 7:40 ` pinskia at gcc dot gnu.org
2022-01-12 7:48 ` pinskia at gcc dot gnu.org
2022-01-12 7:51 ` pinskia at gcc dot gnu.org
2022-01-12 8:00 ` pinskia at gcc dot gnu.org
2022-01-12 8:08 ` pinskia at gcc dot gnu.org
2022-01-12 15:37 ` hjl.tools at gmail dot com
2022-01-21 9:43 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).