[Bug sanitizer/88791] New: ASAN deadlocks in threaded application

dominik.stras...@onespin-solutions.com Thu, 10 Jan 2019 03:24:10 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88791


            Bug ID: 88791
           Summary: ASAN deadlocks in threaded application
           Product: gcc
           Version: 7.4.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dominik.stras...@onespin-solutions.com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at 
gcc dot gnu.org
  Target Milestone: ---

I have a threaded application which shows random crashes with ASAN. This is
unfortunate but does not bother me too much. What is bothering me is that ASAN
deadlocks after crashes.

It looks like __asan::ReportDeadlySignal tries to acquire the
__asan::thread_registry_placeholder lock which is already held by 
__sanitizer::ThreadRegistry::FinishThread

Here are the two partial backtraces form my application:

This is the thread which crashes:
Thread 13 (Thread 0x7f35b94cc700 (LWP 53461)):
#0  atomic_exchange<__sanitizer::atomic_uint32_t>
(mo=__sanitizer::memory_order_acquire, v=2, a=0x7f35f05f8cb8
<__asan::thread_registry_placeholder+24>) at
../../../../gcc-7.4.0/libsanitizer/sanitizer_common/sanitizer_atomic_clang.h:66
#1  __sanitizer::BlockingMutex::Lock (this=0x7f35f05f8cb8
<__asan::thread_registry_placeholder+24>) at
../../../../gcc-7.4.0/libsanitizer/sanitizer_common/sanitizer_linux.cc:525
#2  0x00007f35f037bf76 in Lock (this=<optimized out>) at
../../../../gcc-7.4.0/libsanitizer/sanitizer_common/sanitizer_thread_registry.h:84
#3  StartReporting (this=0x7f35c13e0f5f) at
../../../../gcc-7.4.0/libsanitizer/asan/asan_report.cc:225
#4  __asan::ScopedInErrorReport::ScopedInErrorReport (this=0x7f35c13e0f5f,
fatal=<optimized out>) at
../../../../gcc-7.4.0/libsanitizer/asan/asan_report.cc:120
#5  0x00007f35f0378970 in __asan::ReportDeadlySignal (signo=signo@entry=11,
sig=...) at ../../../../gcc-7.4.0/libsanitizer/asan/asan_report.cc:251
#6  0x00007f35f0377b12 in __asan::AsanOnDeadlySignal (signo=11,
siginfo=0x7f35c13e1bf0, context=0x7f35c13e1ac0) at
../../../../gcc-7.4.0/libsanitizer/asan/asan_posix.cc:99
#7  <signal handler called>
#8  0x00007f35f0398e17 in __sanitizer::ThreadContextBase::ThreadContextBase
(this=0x7f35c469d000, tid=52) at
../../../../gcc-7.4.0/libsanitizer/sanitizer_common/sanitizer_thread_registry.cc:20
#9  0x00007f35f037f1a2 in AsanThreadContext (tid=52, this=<optimized out>) at
../../../../gcc-7.4.0/libsanitizer/asan/asan_thread.h:42
#10 __asan::GetAsanThreadContext (tid=52) at
../../../../gcc-7.4.0/libsanitizer/asan/asan_thread.cc:55
#11 0x00007f35f0399217 in __sanitizer::ThreadRegistry::CreateThread
(this=0x7f35f05f8ca0 <__asan::thread_registry_placeholder>, user_id=0,
detached=<optimized out>, parent_tid=41, arg=0x7f35ba4f7550) at
../../../../gcc-7.4.0/libsanitizer/sanitizer_common/sanitizer_thread_registry.cc:129
#12 0x00007f35f037f2f8 in __asan::AsanThread::Create
(start_routine=start_routine@entry=0x7f35d06f5785
<SYSTEM::DetachedThread_startInternal(void*)>, arg=arg@entry=0x6160000f0680,
parent_tid=41, stack=stack@entry=0x7f35ba4f75e0, detached=<optimized out>) at
../../../../gcc-7.4.0/libsanitizer/asan/asan_thread.cc:90
#13 0x00007f35f02cf2a4 in __interceptor_pthread_create (thread=0x6160000f07f0,
attr=<optimized out>, start_routine=0x7f35d06f5785
<SYSTEM::DetachedThread_startInternal(void*)>, arg=0x6160000f0680) at
../../../../gcc-7.4.0/libsanitizer/asan/asan_interceptors.cc:264
#14 0x00007f35d06f8453 in SYSTEM::DetachedThread::start (this=0x6160000f0680)
at mythread.C:491
#15 0x00007f35d06f7e8f in SYSTEM::DetachedThread::startAndWait (threads=...) at
mythread.C:427

This is another thread:
Thread 11 (Thread 0x7f35b9cf9700 (LWP 53463)):
#0  atomic_exchange<__sanitizer::atomic_uint32_t>
(mo=__sanitizer::memory_order_acquire, v=2, a=0x7f35f05f8cb8
<__asan::thread_registry_placeholder+24>) at
../../../../gcc-7.4.0/libsanitizer/sanitizer_common/sanitizer_atomic_clang.h:66
#1  __sanitizer::BlockingMutex::Lock (this=0x7f35f05f8cb8
<__asan::thread_registry_placeholder+24>) at
../../../../gcc-7.4.0/libsanitizer/sanitizer_common/sanitizer_linux.cc:525
#2  0x00007f35f03998b5 in GenericScopedLock (mu=0x7f35f05f8cb8
<__asan::thread_registry_placeholder+24>, this=<synthetic pointer>) at
../../../../gcc-7.4.0/libsanitizer/sanitizer_common/sanitizer_mutex.h:177
#3  __sanitizer::ThreadRegistry::FinishThread (this=0x7f35f05f8ca0
<__asan::thread_registry_placeholder>, tid=42) at
../../../../gcc-7.4.0/libsanitizer/sanitizer_common/sanitizer_thread_registry.cc:251
#4  0x00007f35f037f6f7 in __asan::AsanThread::Destroy (this=0x7f35b6d9d000) at
../../../../gcc-7.4.0/libsanitizer/asan/asan_thread.cc:109
#5  0x00007f35cf574c22 in __nptl_deallocate_tsd () from /lib64/libpthread.so.0
#6  0x00007f35cf574e33 in start_thread () from /lib64/libpthread.so.0
#7  0x00007f35ce0bbbad in clone () from /lib64/libc.so.6

So to me it looks like both threads try to lock
__asan::thread_registry_placeholder

[Bug sanitizer/88791] New: ASAN deadlocks in threaded application

Reply via email to