From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-435787-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 32032 invoked by alias); 25 Nov 2013 15:13:43 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Received: (qmail 31918 invoked by uid 48); 25 Nov 2013 15:13:39 -0000
From: "Joost.VandeVondele at mat dot ethz.ch" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug sanitizer/59286] New: segfault in  __sanitizer::StackDepotGet
Date: Mon, 25 Nov 2013 15:13:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: sanitizer
X-Bugzilla-Version: 4.9.0
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: Joost.VandeVondele at mat dot ethz.ch
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc
Message-ID: <bug-59286-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2013-11/txt/msg02564.txt.bz2

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59286

            Bug ID: 59286
           Summary: segfault in  __sanitizer::StackDepotGet
           Product: gcc
           Version: 4.9.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: Joost.VandeVondele at mat dot ethz.ch
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org

Running our tsan instrumented code, I'm seeing a segfault in tsan. I have no
suitable testcase for this yet (short of building CP2K), so I'm posting the
backtrace here in case this rings a bell / triggers some suggestions on what
might be going on. I'll try to do some further testing.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4a27428 in __sanitizer::StackDepotGet (id=8388952,
size=0x7ffffffcb8f8) at
../../../../gcc/libsanitizer/sanitizer_common/sanitizer_stackdepot.cc:192
192          if (s->id == id) {
(gdb) bt
#0  0x00007ffff4a27428 in __sanitizer::StackDepotGet (id=8388952,
size=0x7ffffffcb8f8) at
../../../../gcc/libsanitizer/sanitizer_common/sanitizer_stackdepot.cc:192
#1  0x00007ffff4a1d9de in __tsan::ScopedReport::AddLocation (this=0x800158,
this@entry=0x7ffffffcb9f0, addr=140737488140536, addr@entry=137748196274048,
size=140737321271672, 
    size@entry=8) at ../../../../gcc/libsanitizer/tsan/tsan_rtl_report.cc:339
#2  0x00007ffff4a1ed30 in __tsan::ReportRace (thr=<optimized out>) at
../../../../gcc/libsanitizer/tsan/tsan_rtl_report.cc:697
#3  0x00007ffff4a21e02 in __tsan_report_race_thunk () at
../../../../gcc/libsanitizer/tsan/tsan_rtl_amd64.S:122
#4  0x00007ffff49ef9c8 in HandleRace (old=..., cur=..., shadow_mem=<optimized
out>, thr=<optimized out>) at ../../../../gcc/libsanitizer/tsan/tsan_rtl.cc:376
#5  MemoryAccessImpl (cur=..., shadow_mem=<optimized out>, kIsAtomic=<optimized
out>, kAccessIsWrite=<optimized out>, kAccessSizeLog=<optimized out>,
addr=<optimized out>, 
    thr=<optimized out>) at ../../../../gcc/libsanitizer/tsan/tsan_rtl.cc:460
#6  __tsan::MemoryAccess (thr=0x7ffff61f2780, pc=496049752, addr=82100428376,
kAccessSizeLog=8, kAccessIsWrite=true, kIsAtomic=true)
    at ../../../../gcc/libsanitizer/tsan/tsan_rtl.cc:531
#7  0x00007ffff67e62c0 in timings::timeset (routinen=<error reading variable:
Cannot access memory at address 0x3fe13824d8597625>, 
    handle=<error reading variable: Cannot access memory at address
0x3fe13824d8597005>, _routinen=<optimized out>) at
/data/vjoost/clean/cp2k/cp2k/src/../src/timings.F:254
(gdb) print s
$1 = (__sanitizer::StackDesc *) 0x4d634810890c558b
(gdb) print s->id
Cannot access memory at address 0x4d634810890c5593
(gdb) print id
$2 = 8388952
(gdb) list
187        CHECK_LT(idx, kTabSize);
188        atomic_uintptr_t *p = &depot.tab[idx];
189        uptr v = atomic_load(p, memory_order_consume);
190        StackDesc *s = (StackDesc*)(v & ~1);
191        for (; s; s = s->link) {
192          if (s->id == id) {
193            *size = s->size;
194            return s->stack;
195          }
196        }
(gdb) print idx
$3 = 4476
(gdb) print kTabSize
$5 = 1048576
(gdb) print depot.tab[idx]
$6 = {val_dont_use = 140737321271672}
(gdb) print depot