[Bug sanitizer/88791] ASAN deadlocks in threaded application

dominik.stras...@onespin-solutions.com Tue, 15 Jan 2019 06:54:12 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88791


--- Comment #14 from dominik.stras...@onespin-solutions.com ---
With the 9.0 version of libasan I also experience an additional crash which is
100% reproducible:
buffer points to non-accessible memory:
(gdb) p buffer
$1 = (__sanitizer::u64 *) 0x7fff49eff000
(gdb) p *buffer
Cannot access memory at address 0x7fff49eff000
log:
...
==56701==T7 TSDDtor
==56701==T7 exited
==56701==poisoning: 0x7fff38c62350 250
==56701==T5 TSDDtor
==56701==poisoning: 0x7fff38c71480 3c8
==56701==T5 exited
==56701==poisoning: 0x7fff38c76e10 128
[Thread 0x7fff21d46700 (LWP 63421) exited]

Thread 8 "TclShellThread" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff20d44700 (LWP 63444)]
0x00007ffff7360744 in
__sanitizer::SizeClassAllocator64<__asan::AP64>::PackedCounterArray<__sanitizer::SizeClassAllocator64<__asan::AP64>::MemoryMapper>::Inc
(this=0x7fff20d42cb0, i=662)
    at
../../../../gcc-git/libsanitizer/sanitizer_common/sanitizer_allocator_primary64.h:377
377           buffer[index] += 1ULL << bit_offset;
(gdb) where
#0  0x00007ffff7360744 in
__sanitizer::SizeClassAllocator64<__asan::AP64>::PackedCounterArray<__sanitizer::SizeClassAllocator64<__asan::AP64>::MemoryMapper>::Inc
(this=0x7fff20d42cb0, i=662)
    at
../../../../gcc-git/libsanitizer/sanitizer_common/sanitizer_allocator_primary64.h:377
#1  0x00007ffff735fb93 in
__sanitizer::SizeClassAllocator64<__asan::AP64>::ReleaseFreeMemoryToOS<__sanitizer::SizeClassAllocator64<__asan::AP64>::MemoryMapper>
(free_array=0x604e00000000, 
    free_array_count=68304, chunk_size=64, allocated_pages_count=3872,
memory_mapper=0x7fff20d42db0) at
../../../../gcc-git/libsanitizer/sanitizer_common/sanitizer_allocator_primary64.h:498
#2  0x00007ffff735ea5e in
__sanitizer::SizeClassAllocator64<__asan::AP64>::MaybeReleaseToOS
(this=0x7ffff7534ea0 <__asan::instance>, class_id=4, force=false)
    at
../../../../gcc-git/libsanitizer/sanitizer_common/sanitizer_allocator_primary64.h:840
#3  0x00007ffff735f289 in
__sanitizer::SizeClassAllocator64<__asan::AP64>::ReturnToAllocator
(this=0x7ffff7534ea0 <__asan::instance>, stat=0x7fff31ac8c40, class_id=4,
chunks=0x7fff31abc130, 
    n_chunks=126) at
../../../../gcc-git/libsanitizer/sanitizer_common/sanitizer_allocator_primary64.h:130
#4  0x00007ffff735e06c in
__sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64>
>::Drain (this=0x7fff31abb0e0, c=0x7fff31abc120, 
    allocator=0x7ffff7534ea0 <__asan::instance>, class_id=4, count=126) at
../../../../gcc-git/libsanitizer/sanitizer_common/sanitizer_allocator_local_cache.h:120
#5  0x00007ffff735d764 in
__sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64>
>::Drain (this=0x7fff31abb0e0, allocator=0x7ffff7534ea0 <__asan::instance>)
    at
../../../../gcc-git/libsanitizer/sanitizer_common/sanitizer_allocator_local_cache.h:74
#6  0x00007ffff735ba03 in
__sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__asan::AP64>,
__sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64>
>, __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback,
__sanitizer::LargeMmapAllocatorPtrArrayDynamic> >::SwallowCache
(this=0x7ffff7534ea0 <__asan::instance>, cache=0x7fff31abb0e0)
    at
../../../../gcc-git/libsanitizer/sanitizer_common/sanitizer_allocator_combined.h:159
#7  0x00007ffff735a8c1 in __asan::Allocator::CommitBack (this=0x7ffff7534ea0
<__asan::instance>, ms=0x7fff31abb060, stack=0x7fff20d42fb0) at
../../../../gcc-git/libsanitizer/asan/asan_allocator.cc:698
#8  0x00007ffff73560bd in __asan::AsanThreadLocalMallocStorage::CommitBack
(this=0x7fff31abb060) at
../../../../gcc-git/libsanitizer/asan/asan_allocator.cc:857
#9  0x00007ffff74af6a2 in __asan::AsanThread::Destroy (this=0x7fff31abb000) at
../../../../gcc-git/libsanitizer/asan/asan_thread.cc:102
#10 0x00007ffff74af647 in __asan::AsanThread::TSDDtor (tsd=0x7fff5d292460) at
../../../../gcc-git/libsanitizer/asan/asan_thread.cc:95
#11 0x00007ffff74a6dba in __asan::PlatformTSDDtor (tsd=0x7fff5d292460) at
../../../../gcc-git/libsanitizer/asan/asan_posix.cc:66
#12 0x00007fff5d07ac22 in __nptl_deallocate_tsd () from /lib64/libpthread.so.0
#13 0x00007fff5d07ae33 in start_thread () from /lib64/libpthread.so.0
#14 0x00007fff59f8dbad in clone () from /lib64/libc.so.6

[Bug sanitizer/88791] ASAN deadlocks in threaded application

Reply via email to