[Bug sanitizer/114037] New: ASAN fork should ensure no unwind is in progress

Wed, 21 Feb 2024 08:40:58 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114037

            Bug ID: 114037
           Summary: ASAN fork should ensure no unwind is in progress
           Product: gcc
           Version: 12.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: fhsueh at roku dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
  Target Milestone: ---

On systems with slower unwind operations, multiple unwind can be in progress,
held up by _dl_iterate_phdr() being serialized. In this case, the process may
be fork()'ed while the mutex use by that function is in the locked state. When
the child process runs to where ASAN does the unwind operation, that mutex will
never be unlocked and no progress is made.

Stacktrace:
#0  __lll_lock_wait (futex=0x6956f544 <_rtld_local+1268>, private=0) at
lowlevellock.c:43
#1  0x62b9d920 in __GI___pthread_mutex_lock (mutex=0x6956f544
<_rtld_local+1268>) at pthread_mutex_lock.c:116
#2  0x6065e56c in __GI___dl_iterate_phdr (callback=0x6065f518
<__gnu_Unwind_Find_exidx+40>, data=0x6065e56c <__GI___dl_iterate_phdr+52>,
data@entry=0x50be5ddc) at dl-iteratephdr.c:41
#3  0x6065f518 in __gnu_Unwind_Find_exidx (pc=pc@entry=1761897354,
pcount=0x50be5e04, pcount@entry=0x50be5dfc) at ../sysdeps/arm/find_exidx.c:74
#4  0x606b1fb0 in get_eit_entry (ucbp=ucbp@entry=0x50be5e18,
return_address=1761897354) at gcc/libgcc/unwind-arm-common.inc:276
#5  0x606b2544 in __gnu_Unwind_Backtrace (trace=0x69046978
<__sanitizer::(anonymous namespace)::Unwind_Trace(_Unwind_Context*, void*)>,
trace_argument=0x50be60c0, entry_vrs=<optimized out>) at
gcc/libgcc/unwind-arm-common.inc:768
#6  0x606b2ef4 in _Unwind_Backtrace () at gcc/libgcc/config/arm/libunwind.S:360
#7  0x69046b8c in __sanitizer::BufferedStackTrace::UnwindSlow (this=0x50be6140,
pc=pc@entry=1761766388, max_depth=max_depth@entry=30) at
gcc/libsanitizer/sanitizer_common/sanitizer_unwind_linux_libcdep.cpp:130
#8  0x6903f6e4 in __sanitizer::BufferedStackTrace::Unwind
(this=this@entry=0x50be6140, max_depth=30, max_depth@entry=1761766436,
pc=pc@entry=1761766388, bp=bp@entry=1354655084, context=context@entry=0x0,
stack_top=stack_top@entry=1354662664, stack_bottom=1353617408,
request_fast_unwind=request_fast_unwind@entry=false) at
gcc/libsanitizer/sanitizer_common/sanitizer_stacktrace_libcdep.cpp:157
#9  0x6902eff4 in __sanitizer::BufferedStackTrace::UnwindImpl (this=0x50be6140,
pc=1761766388, bp=1354655084, context=0x0, request_fast=false, max_depth=30) at
gcc/libsanitizer/asan/asan_stack.cpp:77
#10 0x68fa6f58 in __sanitizer::BufferedStackTrace::Unwind
(this=this@entry=0x50be6140, pc=pc@entry=1761766388, bp=bp@entry=1354655084,
context=context@entry=0x0, request_fast=request_fast@entry=false, max_depth=30)
at gcc/libsanitizer/sanitizer_common/sanitizer_stacktrace.h:131
#11 0x69026c24 in __interceptor_free (ptr=0x5e327c30) at
gcc/libsanitizer/asan/asan_malloc_linux.cpp:52
#12 0x5fd8241a in ?? () from /lib/libmali.so.0
#13 0x605f5fa4 in __libc_fork () at ../sysdeps/nptl/fork.c:184
#14 0x6061a214 in __spawni (pid=pid@entry=0x5f3077e0,
file=file@entry=0x606731f4 "<redacted>",
file_actions=file_actions@entry=0x50be6b84, attrp=attrp@entry=0x0,
argv=0x50be6b74, argv@entry=0x1f, envp=0x5e1005e0, envp@entry=0x68fd1b48
<PosixSpawnImpl<int(int*, char const*, void const*, void const*, char* const*,
char* const*)>(void *, int (*)(int *, const char *, const void *, const void *,
char * const *, char * const *), __sanitizer::pid_t *, const char *, const void
*, const void *, char * const *, char * const *)+1744>, xflags=xflags@entry=2)
at ../sysdeps/posix/spawni.c:108
#15 0x6065f570 in __posix_spawn_compat (pid=pid@entry=0x5f3077e0,
file=file@entry=0x606731f4 "<redacted>",
file_actions=file_actions@entry=0x50be6b84, attrp=attrp@entry=0x0,
argv=argv@entry=0x50be6b74, envp=envp@entry=0x5e1005e0) at spawn.c:43
#16 0x68fd1b48 in PosixSpawnImpl<int(int*, char const*, void const*, void
const*, char* const*, char* const*)>(void *, int (*)(int *, const char *, const
void *, const void *, char * const *, char * const *), __sanitizer::pid_t *,
const char *, const void *, const void *, char * const *, char * const *)
(ctx=0x50be6b14, ctx@entry=0x50be6b0c, real_posix_spawn=0x6065f54c
<__posix_spawn_compat>, pid=pid@entry=0x5f3077e0,
file_or_path=file_or_path@entry=0x606731f4 "<redacted>",
file_actions=file_actions@entry=0x50be6b84, attrp=attrp@entry=0x0,
argv=argv@entry=0x50be6b74, envp=envp@entry=0x5e1005e0) at
gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:2449
#17 0x68fd1d3c in __interceptor_posix_spawn (pid=0x5f3077e0, path=0x606731f4
"<redacted>", file_actions=0x50be6b84, attrp=0x0, argv=0x50be6b74,
envp=0x5e1005e0) at
gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:2460
#18 0x605b86c8 in spawn_process (child_pipe_fd=<optimized out>,
child_end=<optimized out>, parent_end=1354663776, pipe_fds=0x1, do_cloexec=0,
command=0x50be79e0 "<redacted>", fp=0x5f307740, fa=0x50be6b84) at iopopen.c:134
#19 _IO_new_proc_open (fp=fp@entry=0x5f307740, command=command@entry=0x50be79e0
"<redacted>", mode=<optimized out>, mode@entry=0x63f55b20 "w") at iopopen.c:258
#20 0x605b89c4 in _IO_new_popen (command=0x50be79e0 "<redacted>",
mode=0x63f55b20 "w") at iopopen.c:307
...

Reply via email to