[Bug sanitizer/103978] AddressSanitizer CHECK failed with threads and thread canceling with glibc 2.28+

Wed, 12 Jan 2022 07:37:40 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103978

H.J. Lu <hjl.tools at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |hjl.tools at gmail dot com

--- Comment #10 from H.J. Lu <hjl.tools at gmail dot com> ---
I got this with GCC 12:

[hjl@gnu-tgl-3 tmp]$ /usr/gcc-12.0.0-x32/bin/gcc -fsanitize=address -pthread
x.c -Wl,-R,/usr/gcc-12.0.0-x32/lib64
[hjl@gnu-tgl-3 tmp]$ ldd a.out 
        linux-vdso.so.1 (0x00007fff71bf2000)
        libasan.so.8 => /usr/gcc-12.0.0-x32/lib64/libasan.so.8
(0x00007fcc73b56000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fcc73936000)
        libstdc++.so.6 => /usr/gcc-12.0.0-x32/lib/../lib64/libstdc++.so.6
(0x00007fcc7371c000)
        libm.so.6 => /lib64/libm.so.6 (0x00007fcc73640000)
        libgcc_s.so.1 => /usr/gcc-12.0.0-x32/lib/../lib64/libgcc_s.so.1
(0x00007fcc7361e000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fcc749fd000)
[hjl@gnu-tgl-3 tmp]$ ./a.out 
=================================================================
==1360021==ERROR: AddressSanitizer: stack-buffer-underflow on address
0x7f4a9b4fed50 at pc 0x7f4a9ce81a01 bp 0x7f4a9b4fed10 sp 0x7f4a9b4fe4c0
WRITE of size 24 at 0x7f4a9b4fed50 thread T-1
    #0 0x7f4a9ce81a00  (/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0x63a00)
    #1 0x7f4a9cef8367  (/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0xda367)
    #2 0x7f4a9cee8004  (/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0xca004)
    #3 0x7f4a9cc88d20 in __nptl_deallocate_tsd (/lib64/libc.so.6+0x8ad20)
    #4 0x7f4a9cc8ba51 in start_thread (/lib64/libc.so.6+0x8da51)
    #5 0x7f4a9cd106df in __GI___clone3 (/lib64/libc.so.6+0x1126df)

Address 0x7f4a9b4fed50 is a wild pointer inside of access range of size
0x000000000018.
SUMMARY: AddressSanitizer: stack-buffer-underflow
(/usr/gcc-12.0.0-x32/lib64/libasan.so.8+0x63a00) 
Shadow bytes around the buggy address:
  0x0fe9d3697d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9d3697d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9d3697d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9d3697d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9d3697d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fe9d3697da0: 00 00 00 00 00 00 00 00 00 00[f1]f1 f1 f1 00 00
  0x0fe9d3697db0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9d3697dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9d3697dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9d3697de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9d3697df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1360021==ABORTING
[hjl@gnu-tgl-3 tmp]$

Reply via email to