[Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+
hjl.tools at gmail dot com
gcc-bugzilla@gcc.gnu.org
Wed Jan 12 15:37:33 GMT 2022
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hjl.tools at gmail dot com
--- Comment #10 from H.J. Lu <hjl.tools at gmail dot com> ---
I got this with GCC 12:
[hjl@gnu-tgl-3 tmp]$ /usr/gcc-12.0.0-x32/bin/gcc -fsanitize=address -pthread
x.c -Wl,-R,/usr/gcc-12.0.0-x32/lib64
[hjl@gnu-tgl-3 tmp]$ ldd a.out
linux-vdso.so.1 (0x00007fff71bf2000)
libasan.so.8 => /usr/gcc-12.0.0-x32/lib64/libasan.so.8
(0x00007fcc73b56000)
libc.so.6 => /lib64/libc.so.6 (0x00007fcc73936000)
libstdc++.so.6 => /usr/gcc-12.0.0-x32/lib/../lib64/libstdc++.so.6
(0x00007fcc7371c000)
libm.so.6 => /lib64/libm.so.6 (0x00007fcc73640000)
libgcc_s.so.1 => /usr/gcc-12.0.0-x32/lib/../lib64/libgcc_s.so.1
(0x00007fcc7361e000)
/lib64/ld-linux-x86-64.so.2 (0x00007fcc749fd000)
[hjl@gnu-tgl-3 tmp]$ ./a.out
=================================================================
==1360021==ERROR: AddressSanitizer: stack-buffer-underflow on address
0x7f4a9b4fed50 at pc 0x7f4a9ce81a01 bp 0x7f4a9b4fed10 sp 0x7f4a9b4fe4c0
WRITE of size 24 at 0x7f4a9b4fed50 thread T-1
#0 0x7f4a9ce81a00 (/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0x63a00)
#1 0x7f4a9cef8367 (/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0xda367)
#2 0x7f4a9cee8004 (/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0xca004)
#3 0x7f4a9cc88d20 in __nptl_deallocate_tsd (/lib64/libc.so.6+0x8ad20)
#4 0x7f4a9cc8ba51 in start_thread (/lib64/libc.so.6+0x8da51)
#5 0x7f4a9cd106df in __GI___clone3 (/lib64/libc.so.6+0x1126df)
Address 0x7f4a9b4fed50 is a wild pointer inside of access range of size
0x000000000018.
SUMMARY: AddressSanitizer: stack-buffer-underflow
(/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0x63a00)
Shadow bytes around the buggy address:
0x0fe9d3697d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fe9d3697da0: 00 00 00 00 00 00 00 00 00 00[f1]f1 f1 f1 00 00
0x0fe9d3697db0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe9d3697df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1360021==ABORTING
[hjl@gnu-tgl-3 tmp]$
More information about the Gcc-bugs
mailing list