[Bug sanitizer/114037] New: ASAN fork should ensure no unwind is in progress

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug sanitizer/114037] New: ASAN fork should ensure no unwind is in progress
@ 2024-02-21 16:40 fhsueh at roku dot com
  2024-02-24  6:09 ` [Bug sanitizer/114037] " xry111 at gcc dot gnu.org
  0 siblings, 1 reply; 2+ messages in thread
From: fhsueh at roku dot com @ 2024-02-21 16:40 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114037

            Bug ID: 114037
           Summary: ASAN fork should ensure no unwind is in progress
           Product: gcc
           Version: 12.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: fhsueh at roku dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
  Target Milestone: ---

On systems with slower unwind operations, multiple unwind can be in progress,
held up by _dl_iterate_phdr() being serialized. In this case, the process may
be fork()'ed while the mutex use by that function is in the locked state. When
the child process runs to where ASAN does the unwind operation, that mutex will
never be unlocked and no progress is made.

Stacktrace:
#0  __lll_lock_wait (futex=0x6956f544 <_rtld_local+1268>, private=0) at
lowlevellock.c:43
#1  0x62b9d920 in __GI___pthread_mutex_lock (mutex=0x6956f544
<_rtld_local+1268>) at pthread_mutex_lock.c:116
#2  0x6065e56c in __GI___dl_iterate_phdr (callback=0x6065f518
<__gnu_Unwind_Find_exidx+40>, data=0x6065e56c <__GI___dl_iterate_phdr+52>,
data@entry=0x50be5ddc) at dl-iteratephdr.c:41
#3  0x6065f518 in __gnu_Unwind_Find_exidx (pc=pc@entry=1761897354,
pcount=0x50be5e04, pcount@entry=0x50be5dfc) at ../sysdeps/arm/find_exidx.c:74
#4  0x606b1fb0 in get_eit_entry (ucbp=ucbp@entry=0x50be5e18,
return_address=1761897354) at gcc/libgcc/unwind-arm-common.inc:276
#5  0x606b2544 in __gnu_Unwind_Backtrace (trace=0x69046978
<__sanitizer::(anonymous namespace)::Unwind_Trace(_Unwind_Context*, void*)>,
trace_argument=0x50be60c0, entry_vrs=<optimized out>) at
gcc/libgcc/unwind-arm-common.inc:768
#6  0x606b2ef4 in _Unwind_Backtrace () at gcc/libgcc/config/arm/libunwind.S:360
#7  0x69046b8c in __sanitizer::BufferedStackTrace::UnwindSlow (this=0x50be6140,
pc=pc@entry=1761766388, max_depth=max_depth@entry=30) at
gcc/libsanitizer/sanitizer_common/sanitizer_unwind_linux_libcdep.cpp:130
#8  0x6903f6e4 in __sanitizer::BufferedStackTrace::Unwind
(this=this@entry=0x50be6140, max_depth=30, max_depth@entry=1761766436,
pc=pc@entry=1761766388, bp=bp@entry=1354655084, context=context@entry=0x0,
stack_top=stack_top@entry=1354662664, stack_bottom=1353617408,
request_fast_unwind=request_fast_unwind@entry=false) at
gcc/libsanitizer/sanitizer_common/sanitizer_stacktrace_libcdep.cpp:157
#9  0x6902eff4 in __sanitizer::BufferedStackTrace::UnwindImpl (this=0x50be6140,
pc=1761766388, bp=1354655084, context=0x0, request_fast=false, max_depth=30) at
gcc/libsanitizer/asan/asan_stack.cpp:77
#10 0x68fa6f58 in __sanitizer::BufferedStackTrace::Unwind
(this=this@entry=0x50be6140, pc=pc@entry=1761766388, bp=bp@entry=1354655084,
context=context@entry=0x0, request_fast=request_fast@entry=false, max_depth=30)
at gcc/libsanitizer/sanitizer_common/sanitizer_stacktrace.h:131
#11 0x69026c24 in __interceptor_free (ptr=0x5e327c30) at
gcc/libsanitizer/asan/asan_malloc_linux.cpp:52
#12 0x5fd8241a in ?? () from /lib/libmali.so.0
#13 0x605f5fa4 in __libc_fork () at ../sysdeps/nptl/fork.c:184
#14 0x6061a214 in __spawni (pid=pid@entry=0x5f3077e0,
file=file@entry=0x606731f4 "<redacted>",
file_actions=file_actions@entry=0x50be6b84, attrp=attrp@entry=0x0,
argv=0x50be6b74, argv@entry=0x1f, envp=0x5e1005e0, envp@entry=0x68fd1b48
<PosixSpawnImpl<int(int*, char const*, void const*, void const*, char* const*,
char* const*)>(void *, int (*)(int *, const char *, const void *, const void *,
char * const *, char * const *), __sanitizer::pid_t *, const char *, const void
*, const void *, char * const *, char * const *)+1744>, xflags=xflags@entry=2)
at ../sysdeps/posix/spawni.c:108
#15 0x6065f570 in __posix_spawn_compat (pid=pid@entry=0x5f3077e0,
file=file@entry=0x606731f4 "<redacted>",
file_actions=file_actions@entry=0x50be6b84, attrp=attrp@entry=0x0,
argv=argv@entry=0x50be6b74, envp=envp@entry=0x5e1005e0) at spawn.c:43
#16 0x68fd1b48 in PosixSpawnImpl<int(int*, char const*, void const*, void
const*, char* const*, char* const*)>(void *, int (*)(int *, const char *, const
void *, const void *, char * const *, char * const *), __sanitizer::pid_t *,
const char *, const void *, const void *, char * const *, char * const *)
(ctx=0x50be6b14, ctx@entry=0x50be6b0c, real_posix_spawn=0x6065f54c
<__posix_spawn_compat>, pid=pid@entry=0x5f3077e0,
file_or_path=file_or_path@entry=0x606731f4 "<redacted>",
file_actions=file_actions@entry=0x50be6b84, attrp=attrp@entry=0x0,
argv=argv@entry=0x50be6b74, envp=envp@entry=0x5e1005e0) at
gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:2449
#17 0x68fd1d3c in __interceptor_posix_spawn (pid=0x5f3077e0, path=0x606731f4
"<redacted>", file_actions=0x50be6b84, attrp=0x0, argv=0x50be6b74,
envp=0x5e1005e0) at
gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:2460
#18 0x605b86c8 in spawn_process (child_pipe_fd=<optimized out>,
child_end=<optimized out>, parent_end=1354663776, pipe_fds=0x1, do_cloexec=0,
command=0x50be79e0 "<redacted>", fp=0x5f307740, fa=0x50be6b84) at iopopen.c:134
#19 _IO_new_proc_open (fp=fp@entry=0x5f307740, command=command@entry=0x50be79e0
"<redacted>", mode=<optimized out>, mode@entry=0x63f55b20 "w") at iopopen.c:258
#20 0x605b89c4 in _IO_new_popen (command=0x50be79e0 "<redacted>",
mode=0x63f55b20 "w") at iopopen.c:307
...

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Bug sanitizer/114037] ASAN fork should ensure no unwind is in progress
  2024-02-21 16:40 [Bug sanitizer/114037] New: ASAN fork should ensure no unwind is in progress fhsueh at roku dot com
@ 2024-02-24  6:09 ` xry111 at gcc dot gnu.org
  0 siblings, 0 replies; 2+ messages in thread
From: xry111 at gcc dot gnu.org @ 2024-02-24  6:09 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114037

Xi Ruoyao <xry111 at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
                 CC|                            |xry111 at gcc dot gnu.org
   Last reconfirmed|                            |2024-02-24
     Ever confirmed|0                           |1

--- Comment #1 from Xi Ruoyao <xry111 at gcc dot gnu.org> ---
IIUC this is an issue in libasan, not the compiler.  libasan is imported from
LLVM and you should report it to LLVM developers first.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-02-24  6:09 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-21 16:40 [Bug sanitizer/114037] New: ASAN fork should ensure no unwind is in progress fhsueh at roku dot com
2024-02-24  6:09 ` [Bug sanitizer/114037] " xry111 at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).